Privacy policy

We appreciate your interests on our company. Privacy protection has a high significance for the management of KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH. In general the usage of the websites of KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH is possible without providing any personal data. If an affected person (data subject) wants to use special services offered by our company, a processing of personal data might be required. In case the processing of personal data is mandatory and if there is no legal basis, we will always obtain an agreement of the affected person.
The processing of personal data, e.g. the Name, the address, the e-mail address or the phone number of an affected person, is always done according to the General Data Protection Regulation and applied country specific privacy regulations.
By providing this privacy policy, our company would like to inform the public on type, range and purpose of the personal data which is raised, used and processed by us. Further affected persons are explained about their vested rights.
As responsible for the processing the KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH implemented manifold technical and organisational procedures for ensuring an as possible all-over protection of the personal data processed by this website. Though internet based data communication can always have security vulnerabilities so that an absolute protection cannot be guaranteed. For this reason every affected person is free to communicate personal data to us by using alternative methods, e.g. via phone.

1. Definition of used terms

The privacy policy of KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH is based on terms which have been used by the European Regulators when releasing the General Data Protection Regulation (GDPR). Our privacy policy shall be easily read- and understandable by the public, but also by our customers and business partners. For ensuring this, we want to describe some terms in advance.

Within this privacy policy we are using these terms amongst others:
  • personal data
    Personal data is all information, which is related to any identified or identifiable natural person (below "data subject"). A natural person is considered as identifiable, if it can be identified directly or indirectly—particularly by assigning an identifier like a name, an id number, localisation data, or one or more special attributes, which describe the physical, physiological, genetic, psychic, economic, cultural or social identity of that natural person.
  • data subject
    A data subject (affected person) is any identified or identifiable natural person, whose personal data is processed by the responsible.
  • processing
    Processing is any procedure or procedure queue related to personal data—regardless whether it is automated or not. This can be e.g. raising, organising, sorting, saving, modifying, reading, using, revealing by transmitting, distributing or any other kind of providing, comparing or linking, limiting, deleting or terminating of personal data.
  • limitation of processing
    The limitation of the processing is the marking of saved personal data with the target to limit future processing.
  • profiling
    Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • pseudonymisation
    Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
  • controller or responsible for processing
    Controller (responsible for processing) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • processor
    Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • recipient
    Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  • third party
    Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • consent
    Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

Responsible in the manner of GDPR, privacy laws of members of the european union and directives with data privacy character is the:
KIMA Gesellschaft Echtzeitsysteme und Prozessautomation mbH
Güstener Str. 72
52428 Jülich
GERMANY

3. Data protection supervisor

Contact details of the data protection officer of the controller are:
Maximilian Kindshofer
m.kindshofer@eu-con.net
Every data subject may contact the data protection officer regarding questions and comments related to data privacy at any time.

4. Contact details of the controlling institution for privacy:

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf

Phone: +49 211/38424-0
Fax: +49 211/38424-10
E-Mail: poststelle@ldi.nrw.de

5. Cookies

The web sites of KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH currently are not using cookies.
Cookies are text files, which are placed and stored on a computer system via internet browser. Several web sites and servers are using cookies. Many cookies contain a so called cookie id. A cookie id is a unique identifier of the cookie. It contains of a character sequence, which can be used to assign web sites and servers to a concrete internet browser, in which the cookie was stored. This enables the web sites and servers to separate between the individual browser from other browsers with other cookies. A certain browser can be recognised and identified using the distinct cookie id.

6. Raising of general data and information

By opening the web site of KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH by a data subject or an automated system several general data and information is raised. This general data and information is stored in log files on the server. Raised can be:
(1) used browser type and version,
(2) operating system informatino of the accessing system,
(3) the web page, where the accessing system was referred from (referral),
(4) the sub pages that are requested by the accessing system,
(5) the date and time of accesses on the web site,
(6) an Internet Protocoll Address (IP address),
(7) the Internet Service Provider (ISP) of the accessing system and
(8) other similar data and information, that are useful for avoiding, protecting or defending our informationtechnological systems in cases of attacks.

By using this general data and information, the KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH does not make conclusions onto the data subject. This information is rather used for
(1) correctly delivering the contents of our web site,
(2) ensuring a persistent functionality of our IT systems and the web site
(3) providing necessary information to law enforcement angencies for procecution purposes.
This anonymously raised data and information is therefore raised statistically and further with the target to improve our data protection and data privacy, in order to finally ensure an optimum protection level for the processed personal data in our company. The anomymous data of the server log files is stored separately from any personal data provided by the data subject.

7. Contact options via web site

The web site of KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH contains information based on legal regulations, which allow a fast electronic contacting to our company as well as a direct communication with us, which contains a general address for the electronic mail (e-mail address). In case a data subject is contacting the controller via e-mail or contact form, the transmitted personal data provided by the data subject are automatically stored. Such on voluntary basis transmitted personal data are stored for the purpose of processing and contacting the data subject. The personal data is not passed to any third party.

8. Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the time rage, which is required to reach the purpose of the storing, or if it is forced by the European Regulator or any other lawgiver in laws and regulations, which are applied to the controller. If the purpose for storing is no longer applicable, or if a given deadline for storing by the European Regulator or any other lawgiver is reached, the personal data will be routinely blocked or deleted according to the legal directions.

9. Rights of the data subject

  • Right of confirmation
    Every data subject has the conceded right by the European Regulator to receive a confirmation by the controller, whether personal data of this data subject are being processed. If a data subject demands this confirmation right it can contact the data protection supervisor or any other staff of the controller at any time.
  • Right of access by the data subject
    Each data subject has the conceded right by the European Regulator to demand information on its stored personal data by the controller and to receive a copy—free of charge. Further the the European Regulator conceded the providing of the following information to the data subject:
    • the purpose of processing
    • the categories of personal data, that are processed
    • the recipient or categories of recipients where the personal data is or will be revealed to, particularly in case of recipients in foreign countries or international organisations
    • if possible, the planned duration for storing the personal data, or, if that is not possible, the criteria for defining this duration
    • existance of a right for correction or deletion of the related personal data, or for limitation of processing by the controller or a right for objection on this processing
    • existance of a right for an appeal at a controlling institution
    • if the personal data is not raised at the data subject: all information on source of the data
    • existance of a right for an automated decision making including profiling according to art. 22 part 1 and 4 GDPR and at least in these cases meaningful information on the used logics and impact and the targeted effects of such a processing for the data subject
    Further the data subject has a right to get the information, whether personal data is transmitted into a foreign country or an international organisation. If this is the case, the data subject got the right to get information on the guarantees related to this transmission.
    If a data subject wants to apply this right, it may contact our data protection officer or any other staff of the controller at any time.
  • Right of rectification
    Each data subject has the conceded right by the European Regulator that wrong personal data of this data subject shall be corrected immediately. Further the data subject has the right, respecting the purposes of the processing, to demand a completion of incomplete personal data via additional explanation.
    If a data subject wants to apply this rectification right, it may contact our data protection officer or any other staff of the controller at any time.
  • Right of deletion
    Each data subject has the conceded right by the European Regulator to demand an immediate deletion of its personal data by the controller, if one of the following reasons applies and if the processing is not mandatory:
    • The personal data has been raised for purposes or have been processed otherwise, which is/are not required anymore.
    • The data subject cancels its consent on which the processing according to art. 6 part 1 a GDPR or art. 9 part 2 a GDPR was based on, and another legal basis is not existant for processing the personal data.
    • The data subject raises objection according to art. 21 part 1 GDPR against the processing, and there are no preferential legitimate reasons for the processing, or the data subject raises cancellation according to art. 21 part 2 GDPR against this processing.
    • The personal data was processed illegitimately.
    • The deletion of personal data is required to fulfill a legal commitment according to the law of the European Unior or member states, which can be applied to the controller.
    • The personal data was raised in relation to offered services in the information society according to art. 8 part 1 GDPR.
    If one of the above reasons applies and if a data subject demands the deletion of personal data, which is stored at the KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH, it may contact our data protection officer or any other staff of the controller at any time.
    The data protection officier or another employee will take care, that the deletion request will be met as fast as possible.
    In case the perosnal data was made public by the KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH, and if our company is the controller according to art. 17 part 1 GDPR and therefore responsible for deleting these personal data, we will perform adequate actions required respecting the available technologies and implementation costs in order to notify other controllers which are processing the public personal data about the deletion of all links, copies and replications of/to the personal data request by the data subject, unless the processing is mandatory. The data protection officer or another employee will take care of the actions required for the individual case.
  • Right of limitating the processing
    Each data subject has the conceded right by the European Regulator to demand the restriction and limitation of the processing, if one of the following conditions is fulfilled:
    • The correctness is fought by the data subject—for a duration that allowes the controller to verify the personal data.
    • The processing is illegal, but the data subject does not want its personal data to be deleted and instead demands the limitation of the usage of the personal data.
    • The controller does not need the the perosnal data anymore for the purpose it was raised / processed, but the data subject still needs it for enforcement or defense in the manner of legal claims.
    • The data subject placed objection against the processing according to art. 21 part 1 GDPR and it is still not clear whether the eligible arguments of the controller are prevailing those of the data subject.
    If one of the above criteria mathces and if a data subject demands the restriction / limitation of personal data, which is stored at the KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH, it may contact our data protection officer or any other staff of the controller at any time. The data protection officer or another employee will take care of the actions required for the individual case.
  • Right for data being transferable
    Each data subject has the conceded right by the European Regulator to receive its personal data, which has been provided by the data subject to the controller, in a structurised and common machine-readable form. Further it has the right, to send this data to another controller without cumbering by the controller to which the personal data was provided, if the processing is based on a consent according to art. 6 part 1 a GDPR or art. 9 part 2 a GDPR or based on a contract according to art. 6 part 1 b GDPR while the processing is based on an automated process, but not if the processing is mandatory to fulfill a task which is in the public interest or required for applying a public force, which the controller is in charge for.
    While applying its right for data being transferable according to art. 20 part 1 GDPR the data subject has to effect that the personal data will be transferred automatically from one controller to another, if it is technically possible and if no rights of other persons are harmed.
    In order to apply the right for data being transferable the data subject may contact our data protection officer or any other staff of the controller at any time.
  • Right for objection
    Each data subject has the conceded right by the European Regulator to raise objection against the processing of its personal data based on art. 6 part 1 e-f GDPR due to reasons that are derived from its special situation. This also applies to a profiling based on these definitions.
    In case of an objection KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH no longer processes the personal data, unless we can prove to have coercible protection-worth reasons which prevail the interests and rights of the data subject, or the processing serves the appliance or defense of legal claims.
    In case KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH processes personal data for directly advertising, the data subject has got the right to raise objection against this processing (with impact for the future) of personal data with the purpose of such advertisements. That also applies for profiling as far as it is related to such direct advertisements. In case of an objection against the processing with the purpose for direct advertisements KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbHno longer processes the personal data for this purpose.
    Further the data subject has the right to raise objection against the processing of its personal data at the KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH with the purpose of scientific, historical or statistical evaluation according to art 89 part 1 GDPR, based reasons derived from its special situation, unless the processing is mandatory to fulfill a task which is in the public interest.
    In order to apply the right for objection the data subject may contact our data protection officer or any other staff of the controller at any time. Further, the data subject may apply its right for objection based on automated processes, where technical specifications are used, related to the usage of IT services&mdasH;regardless of the guide line 2002/58/EG.
  • Automated decision in the individual case, including profiling
    Each data subject has the conceded right by the European Regulator to be not only a subject of automated processing, including profiling, which has a judicial impact or is otherwise siginificantly limiting the data subject, if the decision:
    (1) is not required for creating or fulfilling a contract between the data subject and the controller, or
    (2) is legitimately based on a law by the Union or a member state, which the data subject is underlying to, and this law contains adequate actions for ensuring the rights as well as legitimate interests of the data subject, or
    (3) is done with explicit consent by the data subject.
    In case the decision
    (1) is required for applying a contract between the data subject and the controller, or
    (2) is done with explicit consent by the data subject,
    KIMA Gesellschaft für Echtzeitsysteme und Prozessautomation mbH will take adequate actions to save the rights and the legitimate interests of the data subject, including the right for interferring of a person on side of the controller, for self explaining and for fighting the decision
    If the data subject wants to apply rights related to an automated decision, it may contact the data protection officer or any staff of the controller at any time.
  • Right of cancellation of a consent
    Each data subject has the conceded right by the European Regulator to cancel a consent for processing personal data at any time.
    If the data subject wants to apply this right, it may contact the data protection officer or any staff of the controller at any time.

10. Legal basis of the processing

Our company uses art. 6 I lit. a GDPR as legal basis for processing steps, where a consent for a particular processing purpose is obtained. If the processing of personal data is required to fulfill a contract, where the contract party is the data subject, e.g. purchase orders, the processing is based on art. 6 I lit. b GDPR. The same applies to steps that are required for processing pre-contract actions, e.g. requests for quotations and questions to our products. If our company is enforced to process the personal data on a legal basis, e.g. for tax purposes, the processing is based on art. 6 I lit. c GDPR. In rare cases the processing of personal data might become necessary in order to protect essential interests of the data subject or another natural person. For example this would be the case, if a visitor gets injured in our office, and therefore we communicate his name, age and heal insurance data or other essential information to a doctor, a hospital, or other third parties. For this scenario, the processing would be based on art. 6 I lit. d GDPR. Finally processing steps can be based on art. 6 I lit f GDPR. All processing steps that are not yet coverd by any of above legal basis, are based on this, if the ensuring of legitimate interests of our company or a third party is required, and if the interests and rights of the data subject are not significant. Such processing steps are allowed particularly because they are explicitly listed by the European Regulator. He opined that there is a legitimate interest, if the data subject is a customer of the controller.

11. Legitimate interests on the processing which are tracked by the controller or third parties

If the processing of personal data is based on art. 6 I lit. f GDPR, our legitimate interest is the execution of our business tasks in all characteristics.

12. Duration for storing personal data

The criterium for storing personal data is the individual legal period for preserving. If the deadline is reached, the related data is deleted routinely, unless they are still required for fulfilling or preparing contracts.

13. Legal or contract based rules for providing personal data; Requirement for the conclusion of a contract; Enforcement to provide personal data to the data subject; Possible consequences for not providing

Herewith we clarify that we are partially enforced to provide personal data due to law (e.g. tax related) or the provision is derived from the contract (e.g. information on the contract partner). It is possible, that a data subject provides personal data, which will be processed by us, in order to conclude a contract. The data subject is e.g. enforced to provide personal data, if our company concludes a contract with it. Not providing this personal data would result in the impossibility to conclude the contract with the data subject.
Prior providing personal data by the data subject, the data subject may contact our data protection officer. Our data protection officer will clarify individually whether the provision of personal data is enforced by a contract or for concluding the contract, or whether there is a legal enforcement to provide the personal data, and what consequences not providing the personal data would have.