Data Protection

A. Simple Privacy Policy

Thank you for your visit to our website and for your interest in our company and products. We want you to feel secure and comfortable when visiting our website and we take the protection and confidential handling of your personal data very seriously.

The following simple Privacy Policy provides an overview of the collection and processing of your data in accordance with the applicable data protection regulations. Full and detailed information on data protection can be found in our extensive Privacy Policy.

1. What data do we collect from you?

1.1 Technical information

We collect your computer’s domain name or IP address, the client (browser) request to our web server and its response, and the website from which you are visiting us. In addition, we store the date and time of the request, information about the browser type and version used as well as your operating system and the internet service provider you use. All data will be deleted after 7 days.

1.2 Session cookies (essential)

We use cookies on our website, small text files that are temporarily stored on your computer and saved by your browser to enable you to log in or use our website more easily, for example. These cookies will be deleted at the end of your web session (or when closing the browser).

1.3 Tracking cookies and user profiles

We use tracking services and cookies to process usage profiles under a pseudonym. This kind of usage profile contains information about a visitor's behaviour on websites. It is not possible to draw any direct conclusions about you from this information.

You need to actively consent to the use of this type of cookies. You do this via our cookie banner where you can choose the type of cookies you accept to be used.

Change your cookie preferences here.

2. How and for what purpose are your data collected and processed?

We automatically collect data when you visit our website. We collect the data only on the basis of the information you enter on our website (for example in the contact form) or through the use of cookies.

We need this data in order to operate and administer the website, to detect abuse and to rectify any faults. We also need it to improve our offer on the website and to create pseudonymous user profiles, which we use for advertising and market research purposes – provided you give your consent.

In some cases, we also use other service providers that support us as a processor to the extent legally permissible.

3. What are your data protection rights?

You have the right to access your personal data, as well as the right to correct it, erase it or restrict its processing, as well as the right to data portability and to object to processing of personal data in specific cases as well as the right to lodge complaints with a supervisory authority.

To do so, you may contact our Service Centre: datenschutz@knoell.com

4. More information about other data processing

If you need further information that you are unable to find here, please request this in confidence from your contact partner or our Service Centre.

B. Detailed Privacy Policy

With the following information, we would like to give you an overview of the collection, use and processing of your personal data by us and your rights under the data protection regulations. If you wish to use special services of our company through our website, it is necessary to process your personal data. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.
The processing of personal data, such as your name, address or email address, is always in accordance with the General Data Protection Regulation (GDPR) and in accordance with the applicable data protection law.

1. Name and address of the controller

The controller, as defined by the law, is:

Cyton Biosciences Ltd.
68 Macrae Road
Bristol, BS20 0DD
United Kingdom

2. Contact details

If you have any questions or suggestions regarding data protection, please feel free to contact us at datenschutz@knoell.com.

3. Technique

This site uses an SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the operator. An encrypted connection can be recognized by the fact that the address bar of the browser contains an "https: //" instead of an "http: //" and the lock symbol in your browser bar.
If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

4. Data processing when accessing the website

4.1 Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user's system is accessing our website
  • Websites that are accessed by the user's system through our website

The log files contain IP addresses or other data that can be attributed to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website which the user switches to contains personal data. This data are stored in our system’s log files. They are not stored together with other personal data of the user.

4.2 Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 Para. 1(f) GDPR.

4.3 Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the provision of the website to the user’s computer. To do this, the user's IP address must be stored for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our information technology systems. No data are analysed for marketing purposes in this context. Our legitimate interest in data processing also lies in these purposes pursuant to Art. 6 Para. 1(f) GDPR.

4.4 Period of storage

Data are erased once they are no longer necessary for the purpose for which they were collected. If data have been collected for the provision of the website, they are erased when the respective session is concluded. When data are stored in log files, they are erased after not more than seven (7) days. It is possible to store the data beyond that time. In this case, the user’s IP addresses will be erased or altered so that the accessing client can no longer be attributed to that user.

4.5 Option to object and remove

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. As such, the user has no option to object.

5. Use of cookies

This website uses cookies. Cookies are text files that are filed and stored on a computer system through an internet browser.

Many websites and servers use cookies. Many cookies contain a cookie ID. A cookie ID is a unique code identifying the cookie. It consists of a string through which websites and servers can be assigned to the specific web browser in which the cookie was stored. This allows websites and servers that have been visited to distinguish the individual's browser from other web browsers that contain other cookies. A particular web browser can be recognised and identified by the unique cookie ID.

Cookies are stored on the user’s computer and sent to us from there. This means that, as a user, you have full control over the use of cookies. By changing your browser’s settings, you can restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time through a web browser or other software programs. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all of the features of our website.

5.1 Technically necessary cookies

We use cookies (session cookies) to make our website more user-friendly, e.g. in order to identify that you already visited individual pages of our website or save your language settings. When leaving our site, these cookies will be automatically deleted. The processing of your personal data for this purpose is based on our legitimate interest to provide you with the full functionalities of our website (Art. 6 Para. 1 (f) GDPR).

We also use cookies to comply with our legal obligation pursuant to GDPR to create proof of – if applicable – your consent to use of tracking cookies. These cookies are automatically deleted from your browser. The legal basis for this processing activity is our legal obligation to lawfully process personal data and to demonstrate our compliance with this requirement (Art. 6 Para. 1 (c) GDPR in combination with Art. 5 Para. 1 (a), Para. 2 GDPR). 

5.2 Tracking cookies

In addition, we use cookies to record the use of our website statistically, to evaluate it for the purpose of optimising our offer for you. We also use cookies to place ads that are relevant to your interests. These cookies enable us to automatically recognise that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time.

When accessing our website, users are informed about the use of cookies for analysis purposes and their consent is obtained to process the personal data used in this context. The legal basis for this processing activity is Art. 6 Para. 1 (a) GDPR.

Users are also linked to this Privacy Policy. For further information on our use of tracking cookies please see details below and Section 5.2.1 and 5.2.2.

You can change your cookies settings or revoke your previously given consent in the section below.

5.2.1 Google Analytics (with anonymisation function)

The controller has integrated the Google Analytics component (with anonymisation function) into this website. Google Analytics is a web analysis service. Web analysis is the surveying, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data on the website from which a person has accessed a website (so-called ‘referrer’) and how (device/browser including IP address), which sub-pages of the website were accessed or how often, as well as when and for what length of time a sub-page was viewed. In addition to that Google geographical data, unique layer appearance, search terms entered, language settings and performed actions on a page (e.g. newsletter sign-up) and general surfing behaviour may be processed.

Web analytics is primarily used to optimise a website and provide a cost-benefit analysis of web advertising.

The company operating Google Analytics components is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The controller uses the recommended add-on for web analytics via Google Analytics in order to allow the data subject’s IP address for their internet connection to be truncated and anonymised by Google if they access our website from a Member State of the European Union or from another country which is a signatory to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us that show activity on our website and to provide other services related to the use of our website. This information may also be sent to third parties if this is legally required or if third parties process this data on behalf of Google.

Google Analytics places a cookie on the data subject’s information technology system. Cookies have already been explained above. The placement of this cookie enables Google to analyse the usage of our website. Each time someone opens an individual page of this website which is run by the controller responsible for processing and on which a Google Analytics component is integrated, the Google Analytics component in question will trigger the browser on the data subject’s information technology system to automatically send data to Google for the purpose of online analysis. As part of this technical process, Google receives information about personal data, such as the data subject’s IP address, which, among other things, enables Google to track the origin of visitors and clicks, and subsequently charge commission.

The data processing by Google partly takes place outside of the EU/EEA. Google has joined Privacy Shield, which means that Google guarantees compliance with EU data protection standards (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

These processing operations only take place if express consent is granted in accordance with Article 6 Para. 1(a) GDPR.

As mentioned above, the data subject can also prevent the cookies being placed by our website at any time by adjusting their web browser’s settings accordingly. In addition, a cookie already placed by Google Analytics can be deleted at any time through a web browser or other software programs.

Furthermore, the data subject has the option of preventing the collection of the data generated by Google Analytics relating to the use of this website and the processing of these data by Google. To do this, the data subject must download and install a browser add-on at https://tools.google.com/dlpage/gaoptout.

This browser add-on informs Google Analytics via JavaScript that no data or information about website visits may be transmitted to Google Analytics. If the data subject's information technology system is later deleted, formatted or reinstalled, the data subject must re-install the browser add-on. If the browser add-on is uninstalled or disabled by the data subject or any other person authorised to do so within the data subject’s sphere of control, it is possible to reinstall or reactivate the browser add-on.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent detection by Google Analytics by clicking on the following link: Deactivate Google Analytics.

A cookie will be set that will prevent the future collection of your data when you visit this website. This cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set this cookie again.

Additional information and Google's Privacy Policy can be found at https://www.google.com/intl/gb/policies/privacy/ and at http://www.google.com/analytics/terms/gb.html.

Google Analytics is explained in more detail at https://www.google.com/intl/en_gb/analytics/.

5.2.2 Google (Re)marketing

We have integrated Google Remarketing services on this website. Google Remarketing is a feature that enables a company to display advertisements to Internet users who have previously been on the company's website. The integration of Google Remarketing therefore allows a company to create user-related advertisements and consequently to display advertisements of interest to the Internet user via the Google advertising network or on other websites.

Google Remarketing places a cookie on the IT system of the data subject. By setting the cookie, Google is able to recognise the visitor to our website who subsequently visits websites that are also members of the Google advertising network. Each time you visit a website on which the Google Remarketing service has been integrated, your Internet browser automatically identifies itself to Google. As part of this technical process, Google obtains knowledge of personal data such as your IP address or surfing behaviour, which Google uses, among other things, to display advertisements of interest.

In addition, we use Google AdWords. Each AdWords customer receives a different "conversion cookie". Therefore conversion cookies cannot be tracked across websites. The information collected through the cookie is used to compile conversion statistics for AdWords customers who have opted in to conversion tracking. AdWords advertisers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. A conversion cookie expires after 30 days and is not used to identify you.

Google (Re)marketing services are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The data processing by Google partly takes place outside of the EU/EEA. Google has joined Privacy Shield, which means that Google guarantees compliance with EU data protection standards (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)

These processing operations only take place if express consent is granted in accordance with Article 6 Para. 1(a) GDPR.

As stated above, you can prevent cookies being placed by our website at any time by adjusting your web browsers settings to permanently refuse cookies. Adjusting the browser settings in this way would also prevent Google from placing a cookie on your IT system. In addition, a cookie already placed by Google Analytics or Google AdWords can be deleted at any time through a web browser or other software programmes.

You also have the option to object to Google's interest-based advertising. To do this, you must visit www.google.com/settings/ads from each of the web browsers you use and adjust the settings there as desired.

Further information on the use of data for marketing purposes by Google can be found on the overview page: https://www.google.com/policies/technologies/ads.

Google's data protection declaration can be found at https://www.google.com/policies/privacy.

6. Newsletter

6.1 Newsletter for regular customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular emails with offers on products or services from our collection similar to those you have already purchased. We do not require your specific consent for such purposes as per Art. 7 Para. 3 of the UWG (Unfair Competition Act). The sole basis for the data processing is our legitimate interest in personalised direct marketing in line with Art. 6 Para. 1(f) GDPR. We will not send you any emails should you expressly object to the use of your email address for that purpose. You are entitled to object to the use of your email address for the aforementioned purpose at any time with immediate effect by notifying the data controllers listed in the opening of this statement. By taking this action, you will incur submission fees only in line with basic rates. After receipt of your objection, your email address will immediately be removed for marketing purposes.

6.2 Marketing newsletter

You can subscribe to newsletters via our website. The input screen determines which personal data are shared with us when subscribing to the newsletter.

At regular intervals, we use our newsletter to inform our customers and business partners about our training courses and events. These newsletters address, amongst other things, regulatory developments and data requirements, e.g. in the area of authorisation and transport of chemicals, biocides, plant protection products and medical devices. The newsletter is sent out 4 times a year minimum. Special newsletters can be sent out for high priority topics.

You can, therefore, only receive our company’s newsletter if

  1. you have a valid email address and
  2. have registered for the newsletter

For legal reasons, as part of the double opt-in procedure a confirmation email will be sent to the email address you provided when registering for the newsletter. This confirmation email is sent to check if you are the holder of the email address and have authorised the newsletter.

When you register for the newsletter we also save the IP address used by your IT system at the time of registration, which is issued by your Internet Service Provider (ISP) as well as the date and time of registration. We must collect this data to investigate any (possible) misuse of your email address at a later stage and it is therefore lawful for the purposes of our security.

The personal data collected during registration are used solely for sending our newsletter unless you have actively agreed to additional individual contact by e-mail or telephone. Furthermore, subscribers to the newsletter may receive information via email if this is required in order to administer the newsletter service for registration purposes, which may be the case if our newsletter is amended or technical circumstances change. Personal data collected for our newsletter service are not shared with third parties. You may terminate your subscription to our newsletter at any time. You can at any time withdraw your consent to the storage of the personal data you shared during registration. A link is provided in each newsletter to allow you to withdraw your consent. It is also possible to unsubscribe from our newsletter directly through the website or to contact us in another manner.

The legal basis for data processing for the purposes of sending a newsletter is Art. 6 Para. 1(a) GDPR.

6.3 CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service which enables the management and analysis of newsletters. The data you have provided for the newsletter (e.g. email address) are saved on CleverReach servers in Germany and/or Ireland.

We can analyse the behaviour of newsletter recipients by sending newsletters through CleverReach. Examples of analyses include determining how many recipients have opened the newsletter email and how often they have clicked on certain links contained within the newsletter. Conversion Tracking can also be used to analyse if clicking on the link led to a pre-determined action (e.g. if a product was purchased on our website). For further information on data analysis through the CleverReach newsletter service, see https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

The legal basis for data processing is your consent (Art. 6 Para. 1(a) GDPR). You can withdraw your consent at any time by unsubscribing from the newsletter. Withdrawal of consent does not affect the legality of data processing carried out previously.

If you do not want CleverReach to perform the data analysis, you must unsubscribe from the newsletter. We provide a link for this in each newsletter. You can also unsubscribe from the newsletter directly on our website.

We will store your personal data which we retain for the purposes of sending the newsletter. They will be blocked for further use after you unsubscribed from the newsletter. If you would like to have your data deleted from our servers and the CleverReach servers after you have unsubscribed from the newsletter, please contact our Service Centre. Data we retain for other purposes (e.g. email addresses for the members’ area) shall remain unaffected.

For further information on the terms and conditions of data privacy at CleverReach, see https://www.cleverreach.com/en/privacy-policy/.

 

7. Forms, individual contact via phone and/or email, participation in training courses, agreements on the provisions of services

7.1 Description and scope of date processing

Forms are provided on our website which can be used to engage in electronic contact and to actively request further information via phone and/or email. It is also possible to register for our training courses via our website.

If a user avails themselves of one of these options, the data entered in the respective input mask are transmitted to us and stored.  Personal data transmitted in this process are as specified in the respective form and include in particular:

  • Name
  • Email address
  • Address
  • Telephone number
  • Country
  • Company

The following data are also stored at the time a message is sent via a form:

  • The user's IP address
  • Date and time of registration

You may also contact us via email addresses, telephone and fax numbers and addresses provided on our websites. In this case, the user’s personal data transmitted with the email are stored, same as the personal data communicated by the caller or sender.

7.2 Recipients of data

In context of the above-mentioned purposes, the data will be processed internally by us but may also be transferred to our cooperation partners, vicarious agents and service providers (including tax consultants, IT service providers, processors such as hosting service providers) and within the context of training courses in particular to external instructors. Within the scope of our legal obligations, we also transfer data to authorities or courts.

Depending on the training course you registered for or the service that your request relates to, your personal data may be transferred to third countries (non-EU/EEA). In principle, a worldwide transmission is possible, but of particular relevance are the knoell sites in Brazil, Taiwan, China, Thailand, the United States of America, Japan, Korea and Switzerland.

In order to ensure legitimacy of the personal data transfer to third countries, EU standard contractual clauses with appropriate technical and organisational measures on site are used within the knoell group, unless the transfer is permitted on the basis of adequacy decisions by the Commission.

Adequacy decisions by the Commission exist for the knoell sites in Japan ((EU) 2019/419) and Switzerland (2000/518/EC). All adequacy decisions are available on the European Commission's website (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de).

Further information on the implemented transmission mechanism pursuant to Art. 44 ssq. GDPR can be obtained by sending an informal request to our Service Centre.

7.3 Legal basis for data processing

The legal basis for the data processing activities mentioned above is Art. 6 Para. 1 (f) GDPR, if the contact is not aimed at concluding a contract with you as a data subject (e.g. participation in a training course or request for services as a company representative).

If the purpose of the contact is to conclude a contract with you as a data subject (e.g. in case of participation in one of our training courses or request of services), the legal basis for the processing is Article 6 Para. (1) (b) GDPR.

7.4 Purpose of data processing

The processing of personal data as described above serves the following purposes, which - to the extent that the processing is not aimed at the conclusion of a contract with you as a data subject - also represent our legitimate interests in the processing:

  • Contacting via forms/e-mail/telephone/fax/letter: Processing the contact you wish to make.
  • Registration for training courses: Organisation and implementation of the training courses for which you have registered (preparation, participant lists, name badges, attendance list, certificates), issuing of offers or invoices as well as optional maintenance of a waiting list)
  • Requests for the conclusion of contracts: The establishment and execution of contracts for services (preparation and execution of the order, storage of contact data in an internal database to ensure communication with the customer, mentioning contact persons in contracts, letters, emails, invoices etc.)
  • Collection of technical data (IP address, date and time of registration): The personal data processed during sending of a form is used to prevent misuse of the forms and to ensure the security of our information technology systems.

7.5 Period of storage

Data are deleted as soon as they are no longer necessary for the purpose for which they were collected. This is the case when the respective conversation with the user has ended and as soon as the statutory retention periods under commercial and tax law have expired. The conversation shall be deemed to have ended when it can be concluded from the circumstances that the matter in question has been conclusively clarified. The legal retention periods can be up to ten years after the end of the year of communication.

8. Social media presence

Our company uses presences within social networks and/or platforms in order to be able to communicate up-to-date with customers, interested parties and users active within these networks and/or platforms and to inform them about our services, offers and current topics.

Your data may be processed within the framework of the use of these networks and/or platforms by the relevant providers outside the territory of the European Union. This can result in certain risks for you as a user. For example, the enforcement of your rights as a data subject may be more difficult. A processing of your data by the platform provider usually takes place for market research and advertising purposes. User profiles can be created from your usage behaviour (of the respective network) and the resulting interests. For example these profiles can be used to place advertisements inside and outside the platforms that match your interests.

For network and/or platform providers from the USA certified according to the Privacy Shield, there is an obligation to comply with the data protection standards of the EU.

The basic legal basis for the processing of your personal data is Art. 6 Para. 1 (f) GDPR. Our legitimate interests are based on effective user information and modern communication with you. Insofar as the network and/or platform providers obtain consent for the aforementioned data processing, the legal basis of Art. 6 Para. 1 (a) in conjunction with Art. 7 GDPR.

8.1 Twitter

We are present on Twitter. Responsible for data processing within Europe is: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

Further information on Twitter's privacy policy can be found at: https://twitter.com/en/privacy.

For information about your data please refer to https://twitter.com/settings/your_twitter_data. Opt-out and advertising settings can be found here: https://twitter.com/personalization.

Twitter has joined the EU-U.S. Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).

8.2 LinkedIn

We maintain an online presence at the LinkedIn network. LinkedIn is operated by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For privacy matters outside the United States, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Further information can be found in LinkedIn's Privacy Policy at: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the above privacy shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0=a2zt0000000L0UZAA0.

8.3 Your rights as data subject / user

The assertion of your rights as a user of the networks and/or platforms is most effective vis-à-vis the respective providers. Only they have access to your data and can take and implement appropriate measures and provide information. Of course you can also contact us for questions and help.

9. Social media plugins

9.1 LinkedIn

We have integrated LinkedIn components on this website. LinkedIn is a web-based social network that enables users to connect to existing business contacts and to make new business contacts.

LinkedIn is operated by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For privacy matters outside the United States, LinkedIn Ireland, Wilton Place, Dublin 2, Ireland, is responsible.

Each time you visit our website this component causes the browser you are using to download a corresponding depiction of the component from LinkedIn. More information on the LinkedIn plugins can be found at https://developer.linkedin.com/plugins. If you are logged in to LinkedIn when visiting our website, LinkedIn will recognise which specific page you are visiting for the entire duration of your stay on our website. This information is collected by the LinkedIn component and allocated to your LinkedIn account by LinkedIn.

The use of the LinkedIn component allows us to show personalised ads on LinkedIn. It also provides us with the ability to create anonymous reports on ad performance and website interaction information.

LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

We use the conversion tracking technology and the retargeting function on basis of your consent in accordance with Art. 6 Para. 1 (a) GDPR.

If you do not want the information mentioned above to be transferred to LinkedIn, you can also prevent this by logging out of your LinkedIn account before visiting our website.

You can unsubscribe from LinkedIn email messages, SMS messages and targeted ads and manage your ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. You can reject these cookies by visiting https://www.linkedin.com/legal/cookie-policy. LinkedIn's current Privacy Policy can be found at https://www.linkedin.com/legal/privacy-policy. LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

10. Google Fonts

Our website uses web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for consistent font representation. When you visit a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
To do this, the browser you use must connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR.

US-based Google LLC is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's Privacy Policy: https://www.google.com/policies/privacy/.

11. Application management / Job portal

We process the personal data of applicants for the purpose of processing the application. Unless stated otherwise below, this is done on basis of § 26 Para. 1 sentence 1 Federal Data Protection Act (BDSG). The provision of the data is necessary to establish an employment relationship.

The processing can be done electronically via our career portal or when an applicant sends us the relevant application documents by email.

Recipients of the data are the job portal provider and, within the knoell group, our HR employees, the managing directors, business unit managers, group leaders and, if applicable, other interview partners of the department of the knoell company to which the application refers and who are involved in the application process and the conclusion of an employment contract.

If the application is made for a position in a knoell company outside the EU/EEA or from a country outside the EU/EEA to a position within the EU/EEA, the personal data of the applicant may be transferred to a third country. Naturally, this primarily affects the knoell group's sites in Brazil, Taiwan, China, Thailand, the United States of America, Japan, Korea and Switzerland.

In order to ensure legitimacy of the personal data transfer to third countries, EU standard contractual clauses with appropriate technical and organisational measures on site are used within the knoell group, unless the transfer is permitted on the basis of adequacy decisions by the Commission.

Adequacy decisions by the Commission exist for the knoell sites in Japan ((EU) 2019/419) and Switzerland (2000/518/EC). All adequacy decisions are available on the European Commission's website (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de).

Further information on the implemented transmission mechanism pursuant to Art. 44 ssq. GDPR can be obtained by sending an informal request to our Service Centre.

If we enter into an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part stand in the way of deletion. Such other legitimate interests include, for example, an obligation to provide evidence in a litigation under the General Equal Treatment Act (AGG). On the basis of our legitimate interest, the data will be stored for a period of six months from the date of notification of the cancellation decision. After this, the data will be deleted, unless we have entered into a litigation under the AGG.

In this respect, data processing is carried out solely on the basis of our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR.

12. Rights of the data subject

If your personal data are being processed, you are the 'data subject' as defined by the GDPR, and you are entitled to the following rights with respect to us as the controller. You may exercise your rights by contacting our data protection officer or the service centre staff, indicating your concerns.

12.1 Right to confirmation

As the data subject, you have the right to ask us for confirmation of your personal data being processed.

12.2 Right to information Art. 15 GDPR

As the data subject, you have the right to receive free information from us at any time about the personal data stored about you as well as a copy of this data.

12.3 Right to correction Art. 16 GDPR

Any data subject affected by the processing of personal data has the right to request the immediate correction of any incorrect personal data that relates to them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including through a supplementary declaration, taking into account the purposes of the processing.

12.4 Right to erasure Art.17 GDPR

Any data subject affected by the processing of personal data has the right to request that the personal data regarding the data subject be erased if and insofar as one of the reasons stipulated in Art. 17 Para. 1 GDPR applies.

12.5 Right to restriction of processing Art. 18 GDPR

Any data subject affected by the processing of personal data has the right to request the controller immediately restricts processing if the conditions stipulated by Art. 18 Para. 1 GDPR are met.

12.6 Right to data portability Art. 20 GDPR

Any data subject affected by the processing of personal data has the right obtain personal data relating to the data subject and provided by the same to the controller in a structured, commonly used and machine-readable format. They also have the right to transfer these data to another controller without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 Para. 1(a) GDPR or Art. 9 Para. 2(a) GDPR or on a contract pursuant to Art. 6 Para. 1(b) GDPR, and the data are processed using automated procedures.

12.7 Right to Object Art. 21 GDPR

Any data subject affected by the processing of personal data has the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Article 6 Para. 1(e) or (f) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, the company will longer process the personal data unless we can demonstrate compelling and legitimate reasons for such processing that outweigh the interests, rights and freedoms of the data subject, or where processing serves the assertion, exercise or defence of legal claims.

If the company processes personal data in order to run a direct mail campaign, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling where this is connected to this kind of direct marketing. Should the data subject object to the processing of their data for direct marketing purposes, we will no longer process their personal data for this purpose.

13. Revocation of a data protection consent

You have the right to revoke your consent to the processing of personal data at any time with future effect.

14. Deletion of data and period of storage

The data subject’s personal data are erased or blocked as soon as the purpose of the storage no longer applies. The data may continue to be stored if this is stipulated by European or national legislation in EU regulations, laws or other provisions to which the controller is subject. Data are also blocked or erased upon the expiry of a storage deadline stipulated by the standards mentioned above, unless further storage of the data is necessary to conclude or fulfil a contract.

15. Updating and changing the Privacy Policy

This Privacy Policy is currently valid and has the status: 23 June 2020.
Due to further development of our websites and offers or due to changed legal or official requirements, it may be necessary to change this Privacy Policy. The current Privacy Policy can be viewed and printed on the website at any time.