• engineering firm with consulting expertise
    kumkeo is an engineering firm known for its consulting expertise. We help companies become strong innovators who are ready for the future.
  • developing embedded software and systems
    We program embedded software and systems, and develop customer-specific units, prototypes, and hardware components.
  • software test and system tests
    We conduct complex software and system tests for all defined standards and norms.

Clients from the semiconductor, defense and automotive industries, as well as the fields of aerospace and aviation, laboratory and medical technologies and renewable energies value our expertise.

privacy

Thank you for your interest in our company and out services. Protecting your personal data is an issue we take very seriously. We keep your personal data confidential in compliance with all data protection regulations and this Data Protection Policy.

We would like to point out that there can be security gaps in all online data transmissions (e.g. e-mail communication). It is impossible to completely protect all data from unauthorized third-party access.

 

Just a few quick points before we begin:

  • If you have any data protection issues, it’s easiest to contact us by sending an e-mail to datenschutzbeauftragter@kumkeo.de
  • Your rights are listed in detail under point VIII.
  • The General Data Protection Regulation refers to (EU) 2016/679, which took effect May 25, 2018.
  • Legal data protection regulations are usually intended to protect natural persons, not legal entities. Please do not hesitate contact us if you wish to assert the rights for a legal entity.
  • Please note that we are required to provide a comprehensive data protection policy that encompasses all types of cases that may never or only rarely occur with our company.
  • Usually, we will only collect personal data if you establish contact with us, e.g. via e-mail. When you visit our website, we use Google Analytics with anonymization. Only your IP address is saved for the duration of the site visit.

I.           Name and Address of Controller

The controller as defined in the General Data Protection Regulation, other national data protection policies of EU member states and miscellaneous data protection stipulations is:

 

kumkeo GmbH

Heidenkampsweg 82a

20097 Hamburg

Germany

Tel.: +49 40 2846761 0

E-Mail: datenschutzbeauftragter@kumkeo.de

Website: www.kumkeo.de

 

II.        General Data Processing Information

1.     Scope of personal data processed

We only process personal data if this is necessary to ensure the full functionality of our website, or to provide our content and services. We usually only process the personal data of our users once we have received their consent. An exception applies in cases in which it is not possible to obtain consent for practical reasons and legal regulations allow for the processing of data.

2.     Legal basis for the processing of personal data

Provided we receive consent from the data subject, Art. 6 para. 1 lit. a EU-General Data Processing Regulation (GDPR) provides the legal basis for the processing of personal data.

If it is necessary to process personal data to fulfil a contract and the data subject is party to that contract, Art. 6 para. 1 lit. b) GDPR provides the legal basis. This also applies to any processing operations necessary to fulfil pre-contract measures.

If the processing of personal data is required to fulfill a legal obligation on the part of the company, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If it is necessary to process data to protect a legitimate interest of our company or a third party, and the interests, basic interests and basic freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3.     Erasure of data and storage duration

Personal data is erased and blocked once it is no longer required for its designated purpose. Data can also be saved if it is deemed necessary in line with European or national legislators in Union-specific regulations, laws or other ordinances the responsible party is required to observe. Data is also blocked or erased if the legally prescribed storage period has been exceeded, unless it is necessary to fulfil or sign a contract.

 

III.     Website Availability and Log File Creation

1.     Description and scope of data processing

Each time someone accesses our website, the system automatically collects data and information from the operating system of that corresponding computer.

The following data is collected:
(1)    Information about the browser type and version used

(2)    User’s operating system

(3)    User’s internet service provider

(4)    User’s IP address

(5)    Data and time of access

(6)    Websites from which the user’s system accesses our website

(7)    Websites that the user’s system accesses from our website

2.     Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3.     Purpose of data processing

It is necessary for the system to temporarily store the IP address in order to display the website on the user’s computer. The user’s IP address must be saved for the entire duration of the website use.

The storage of data in log files ensures that the website functions properly. We also use the data to optimize our website and guarantee the security of our IT systems. Data is not evaluated for marketing purposes in this context.

Our legitimate interest in data processing exists for these purposes in accordance with Art. 6 para. 1 lit. f GDPR.

4.     Storage duration

Personal data is deleted and blocked once it is no longer required for its designated purpose. If the data is collected for the purposes of website availability, it will be deleted once the corresponding session is finished.

If the data is saved in log files, it is deleted within three days at the latest.

5.     Objection and erasure options

Collecting data for the purposes of website availability and storing data in log files are essential to ensure the proper functioning of the website. The user has no right to object to this data collection.

 

IV.       Use of Cookies

a) Description and scope of data processing

Our website uses cookies. These are small text files that are saved to the user’s computer system in or by the internet browser. If a user accesses a website, it is possible that a cookie will be saved to the user’s operating system. This cookie contains a characteristic string that clearly identifies the browser if the website is called up again.

We use cookies to make our website more user-friendly. Several elements on our website need to be able to identify the browser accessing it, even after a new page is called up.

In the process, data pertaining to language settings is saved and transmitted in the cookies.

We also use cookies on our website that make it possible for us to analyze how the user uses our site. We use Google Analytics, for more information, see VII. Web Analysis by Google Analytics.

When the user accesses our website, he/she will be notified of the use of cookies for the purpose of analysis, and prompted to provide his/her consent to process the personal data used in this context. A reference to this Data Protection Policy is also included at this point.

b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR

The legal basis for the processing of personal data using cookies required for technical reasons is Art. 6 para. 1 lit. f GDPR.

The legal basis for using cookies to process personal data for analytics purposes with your prior consent is Art. 6 para. 1 lit. a GDPR.

c) Purpose of data processing

Cookies required for technical reasons make the website easier for people to use. Without cookies, it is impossible to offer several of the functionalities of our website. These require the browser to be recognized even after switching to a different page.

We need cookies for the following applications: apply language settings.

We use analysis cookies to improve the quality of our website and its content. Analysis cookies tell us how people use the website, which helps us constantly improve our site.

The purpose of Google Analytics components is to analyze the flow of visitors on our website. Google uses this data and information to evaluate how people use our website in order to compile online reports that show the activity on our websites, and to perform other services for us related to website and internet use.

Herein also lies our legitimate interest in processing personal data in accordance with Art 6 para. 1 lit f GDPR.

e) Storage duration, objection and erasure options

Cookies are saved on the user’s computer and transmitted from this to our website. As the user, you also have complete control over how cookies are used. It is possible to deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Already saved cookies can be erased at any time, and this can also be done automatically. If cookies are deactivated for our website, you may not be able to use all of the functionalities of our website to their fullest extent.

 

V.       Contact Form and E-mail Contact

1.        Description and scope of data processing

We give you the option of contacting us via e-mail. In this case, the user’s personal data transmitted along with the e-mail is saved.

This data is not transmitted to third parties in this context. It is only used for the purpose of processing the conversation.

Data protection for e-mail applications

The controller responsible for processing collects and processes the personal data from applicants as part of the application procedure. The application can also be processed electronically. This is especially the case if an applicant submits his/her application documents electronically, e.g. via e-mail or using a form on the website. If the application results in the signing of an employment contract, the data provided for the purposes of organizing the employment relationship is saved under observation of the relevant legal requirements. If the applicant is not offered an employment contract, the application documents are automatically erased two months following notification of this rejection, provided there is no other legitimate interest on the part of the controller responsible of processing keeping the data from being erased. Other legitimate interest in this case could be providing evidence in proceedings in accordance with the General Equal Treatment Act (AGG).

2.     Legal basis for data processing

The legal basis for processing data with the user’s consent is Art. 6 para. 1 lit. a GDPR.

The legal foundation for processing data provided in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact involves signing a contract, the additional legal basis for processing this data is Art. 6 para. 1 lit. b GDPR.

3.     Purpose of data processing

There is a necessary legitimate interest in processing data if e-mail contact has been made with the company.

4.     Storage duration

Personal data is erased once it is no longer required for its designated purpose. The personal data as well as any data sent via e-mail is erased once the corresponding conversation with the user has been completed. The conversation is considered completed when circumstances can allow one to assume that the situation in question has been resolved.

5.     Objection and erasure options

The user has the right to revoke his/her consent to process his/her personal data at any time. If the user contacted us via e-mail, he/she can revoke the storage of his/her personal data at any time. In this case, it will not be possible to continue the conversation.

The user can revoke his/her consent and object to the storage of data by sending an e-mail.

In this case, we will erase all personal data saved in the course of making this e-mail contact.

 

VI.       Newsletters

1.        Description, scope, purpose and legal basis for data processing

We only collect and record your e-mail address, first and last name to send our newsletter – details which you have already provided us in individual personal contact via e-mail, phone or in person. Saving the user’s e-mail address is done for the sole purpose of delivering the newsletter.

The newsletter is sent via an e-mail sending platform, “Newsletter2Go”, operated by Newsletter2Go GmbH, Köpenicker Strasse 126, 10179 Berlin, Germany. Your personal data as described above will be sent to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and using it for any other purpose than sending the newsletters. Newsletter2Go is a certified German provider selected due to its compliance with the requirements of the General Data Protection Regulation and the German Federal Data Protection Act.

For more information, please see: https://www.newsletter2go.de/informationen-newsletter-empfaenger/

The Newsletter2Go data protection statement is available here: https://www.newsletter2go.de/datenschutz/

Data protection measures are always subject to technical updates. For this reason, we ask you to review them in our data protection statement from time to time.

The legal basis for the processing of data with the user’s consent once the user has registered for the newsletter is Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time.

The newsletter may be sent as the result of the sale of services.

The legal basis for the sending of the newsletter as the result of the sale of services is § 7 para. 3 UWG (German Fair Trade Practices Act).

2.        Duration of storage, opportunity to object and erase data

The data is deleted once it is no longer required for the purposes for which it was originally collected. If you no longer wish to receive the newsletter, you can unsubscribe by clicking the corresponding link in the newsletter. The user’s e-mail address is only saved if the user has an active newsletter subscription.

 

VII.       Web Analysis by Google Analytics

Data protection terms on the deployment and use of Google Analytics (with anonymization)

The controller responsible for data processing has integrated Google Analytics (with anonymization) functions on this website. Google Analytics is a web analysis service. Web analysis refers to the collection, compilation and evaluation of data on user behavior on websites. A web analysis service collects information regarding the website from which the data subject accesses a website (so-called referrer), which subpages of the website a user accesses, or how often and for how long a user views a subpage. Web analysis is primarily used to optimize a website and conduct a cost-benefit analysis of online advertising.

The operating company of the Google Analytics components is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The controller responsible for processing uses the code extension “_gat._anonymizeIp” for web analysis by Google Analytics. If this extension is used, Google abbreviates the IP address of the data subject, provided the website is accessed from a European Union member state or another framework member state within the European Economic Area.

The purpose of Google Analytics components is to analyze the flow of visitors on our website. Google uses this data and information to evaluate how people use our website in order to compile online reports that show the activity on our websites, and to perform other services for us related to website and internet use.

Google Analytics sets a cookie on the user’s IT system. A definition of cookies is provided earlier in the document. By setting these cookies, Google makes it possible to analyze how our website is used. Each time one of the pages of this website featuring an integrated Google Analytics component is accessed, the corresponding Google Analytics component triggers the internet browser on the user’s computer system to send data to Google for the purposes of online analysis. Google receives personal data in the scope of this technical process, including the user’s IP address. Google uses this information to establish the origin of the visitor and clicks, which is necessary to calculate commissions.

Cookies are used to save personal information, such as the time of access, location from which the site was accessed, and frequency of visits to our website by the user. This personal data, including the user’s IP address, is sent to Google in the United States of America with every visit to our website. Google in the United States of America then saves this personal data. Google may pass on the personal data collected in this technical process to third parties.

The data subject can permanently prevent our website from storing cookies on their system as explained above by making the corresponding setting in the used internet browser. Activating this setting in the used internet browser would also prevent Google from saving a cookie on the user’s computer system. It is also possible to delete a cookie already stored by Google Analytics at any time using the internet browser or other software programs.

The data subject also has the option to object to the collection of the data generated by Google Analytics pertaining to the use of this website, as well as the processing of this data by Google, and to prevent this from occurring. To do this, the data subject needs to download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on notifies Google Analytics via JavaScript that no data or information from the website use may be transferred to Google Analytics. Google considers the installation of the browser add-on as an appeal. If the data subject’s IT system is deleted, formatted or newly installed at any later point in time, the data subject needs to install the browser add-on once again in order to deactivate Google Analytics. If the browser add-on is deinstalled or deactivated by the data subject or another person with the corresponding authority, it is possible to reinstall or reactivate the browser add-on.

For additional information and to access Google’s currently valid data privacy, please see https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in greater detail here https://www.google.com/intl/de_de/analytics/.

 

VIII.    Rights of the Data Subject

If your personal data is processed, you are considered a data subject in accordance with the GDRP, and you have the following rights with respect to the responsible controller:

1.     Right to information

You can request that the controller provide confirmation that we have processed your personal data.

If we have processed your personal data, you can request details from the controller on the following information:

(1)
the purposes for which the personal data was processed;
(2)
the categories of personal data processed;
(3)
the recipient or categories of recipients to which your corresponding personal data may have been or will be disclosed;
(4)
the planned storage duration of your personal data or, if it is not possible to provide specific information on this, the criteria by which the storage duration are determined;
(5)
the existence of the right to rectify or erase your personal data, the right to restrict processing by the controller, or the right to object to this processing;
(6)
the existence of the right to complain to a supervisory authority;
(7)
all available information regarding the origin of the data, if the personal data was not collected from the data subject;
(8)
the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the involved logic, the scope and intended effects of this type of processing for the data subject.

You have the right to request information concerning whether or not your personal data has been transmitted to a third country or an international organization. In this context, you can request to be notified of the appropriate safeguards involved with the transfer in line with Art. 46 GDPR.

2.     Right to rectification

You have the right to rectification and/or completion from the controller, provided your processed personal data is incorrect or incomplete. The controller is to rectify the data without undue delay.

3.     Right to restriction of processing

The data subject has the right to obtain the restriction of processing of personal data if one of the following applies:

(1)
if you contest the accuracy of your personal data for a period of time to allow the controller to verify the accuracy of the personal data;
(2)
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3)
the controller no longer needs the personal data for the purposes of processing, but you need this data for the establishment, exercise or defense of legal claims, or
(4)
if you have objected to processing pursuant to Art. 21 para. 1 GDPR pending verification whether or not the legitimate grounds of the controller override yours.

If the processing of your personal data has been restricted, this data – with the exception of storage – may only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person for reasons of important public interest of the Union or of a Member State.

If processing has been restricted for one of the reasons stated above, the data controller will notify you before this restriction is lifted.

4.     Right to erasure

a)    Erasure obligation

You can demand that the controller immediately erase your personal data. In this case, the controller is obligated to erase this data promptly, provided one of the following reasons applies:

(1)
Your personal data is no longer required for the purposes for which it was collected or processed.
(2)
You revoke the consent to processing as stated in line with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for processing.
(3)
You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
(4)
Your personal data has been unlawfully processed.
(5)
Your personal data is to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6)
Your personal data was collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

b)    Information to third parties

If the controller has made your personal data public and is obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, the controller shall take reasonable steps, including technical measures (in consideration of available technology and implementation costs), to inform controllers who are processing the personal data that you as the data subject have requested the erasure of any links to, or copies or replications of, this personal data by these controllers.

c)     Exceptions

The user has no right to erase his/her personal data if processing is necessary

(1)
to exercise the right to freedom of expression and information;
(2)
to fulfill a legal obligation which requires processing by Union or Member State law to which the controller is subject, or to perform a duty in the public interest, or in the exercise of official authority vested in the controller;
(3)
for public interest reasons involving public health, in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 DSGVO;
(4)
for archival purposes in the public interest, for the purpose of scientific or historic research, or for statistical purposes in accordance with Art. 89 para. 1 GDPR, to the extent that the right stated in paragraph a) would likely make it impossible to achieve the goals of this processing, or would seriously impair this effort, or
(5)
for the establishment, exercise or defense of legal claims.

5.     Right to information

If you have asserted your right to rectify, erase or restrict the processing of your data, the controller is required to notify all recipients of personal data pertaining to you of the rectification, erasure or restriction of data, unless this proves to be impossible or involving an unreasonable amount of effort.

You have the right to be notified of these recipients.

6.     Right to data portability

You have the right to receive the personal data you have provided to the controller in a conventional, structured, machine-readable format. You also have the right to send this data to another controller without any obstruction on the part of the controller to whom the personal data was originally sent, provided

(1)
the processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or a contract in accordance with Art. 6 para. 1 lit. b GDPR and
(2)
the processing is done using an automated process.

In exercising this right, you also have the right to have your personal data sent directly from one controller to another, provided this is technically feasible. The freedoms and rights of other people may not be affected in this process.

The right to data portability does not apply to the processing of personal data necessary to perform a duty in the public interest or in the exercise of official authority vested in the controller.

7.     Right to object

You have the right to object to the processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR at any time on grounds relating to your individual situation; this also includes profiling based on these provisions.

The controller will no longer process your personal data unless the controller can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for the purposes of such marketing at any time; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for the purposes of direct marketing, your personal data will no longer be processed for such purposes.

In the context of the use of information society services – notwithstanding Directive 2002/58/EG – you have the right to object by automated means using technical specifications.

8.     Right to revoke data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. Revoking your consent will not affect the legality of the processing that has taken place until the point in time at which this consent was revoked.

9.     Automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly impacts you negatively. This does not apply if the decision

(1)
is necessary for entering into, or performance of, a contract between you and the controller,
(2)
is authorized by Union or Member State law to which the controller is subject and which also establishes suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3)
is based on your express consent.

These decisions may not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and suitable measures are taken to safeguard your rights and freedoms and legitimate interests.

In terms of the cases referred to in (1) and (3), the controller will take suitable measures to protect your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and contest the decision.

10.     Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to submit a complaint to a supervisory authority, in particular in the Member State in which you have your residence, place of work or the place of the alleged infringement if you feel that the processing of your personal data violates the GDPR.

The supervisory authority with which this complaint is filed will inform the person filing the complaint of the status and results of the complaint with the possibility of a judicial remedy pursuant to Art. 78 GDPR.

 

IX.   Social Media and Google Maps

You can also access our XING and LinkedIn pages from the corresponding links on our website. You can also find and display our exact address using the link to Google Maps. No personal data is transmitted in the process, provided you are not logged in to one of the platforms at the same time. Please consult the data privacy policies on the corresponding platforms for more information.

© 2016 kumkeo GmbH

kumkeo auf LinkedIn kumkeo auf XING