We would like to hereby inform you about the processing of your personal data collected and processed when you visit this website and use the “K2 Base” design software as well as the claims and rights to which you are entitled inthis inaccordance with the data protection regulations.
A. Who is responsible for processing the data and who can i contact (data protection officer)?
The responsible party is
K2 Systems GmbH (hereinafter referred to as “we”)
Haldenstraße 1
71272 Renningen-Malmsheim
Germany
Fax: +49 (0) 71 59 42 059 177
Managing Director: Katharina David, Willem Haag
You can contact our company Data Protection Officer at
K2 Systems GmbH
Data Protection Officer
Haldenstraße 1, 71272 Renningen-Malmsheim
Germany
data-protection@k2-systems.com
1. Which personal data from you do we process?
a) When calling up this website:
- The server log files (IP address, date and time of your enquiry, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), operating system and its access status/HTTP status code; data volume transmitted, website the request came from (“referrer URL”), browser, language and version of the browser software (“user agent”), IP address (anonymised as standard). This data is not attributable to specific persons especially due to the anonymisation of the IP addresses.
- The identification of cookies used including third-party requests (in particular Google services). See further informatio on this below in section B.
b) When registering for K2 Base:
Mandatory information is the company name, fi rst name, surname, email address, password, country, address, postcode and language. Voluntary information is the telephone number and region (provided they appear).
c) When using K2 Base:
The additional data required and requested for the calculation of the technical design of the mounting systems offered, mandatory information is the location data (address) as well as all technical project data (building data, module data etc.), without which a static proof of the assembly system cannot be calculated; as voluntary data: Project name, processor, customer name, contact person.
2. For what purpose and based on what legal grounds do we process your data?
a) When calling up this website:
- The server log files are part of the so-called access data that we collect when calling up this website. We process this data so that we can take suitable technical measures in the case of an attack or disruption to our website or IT infrastructure, thus ensuring the operation of the website. None of this data is merged with other data sources and thi data is only accessed if there is reasonable suspicion of attacks on our infrastructure or for troubleshooting purposes. In this case, we reserve the right to temporarily disable the anonymisation of the IP addresses. The legal basis for this is Art. 6, para. 1 f) of the EU General Data Protection Regulation (GDPR)
- With the help of the cookie identifi er, we also receive information on the user behaviour and search queries and can adapt the offers to the interests of the user for any future visits. Further information on this can be found below inadapt insection B. The legal basis for this is Art. 6, para. 1 f) of the GDPR.
b) When registering for K2 Base:
We process the mandatory data provided by you to create your user account. We process the data collected in this respect on the basis of Art. 6 Para. 1 lit. b) and f) DSGVO, on the one hand to create your profile and to identify you each time you log in, and on the other hand to compare and link your data with the data we have in our CRM system. Depending on the service and function you use on K2 Base, further data may be collectedD and subsequently linked to your existing profile data (e.g. order data if you purchase products from us).
As part of your registration, you also have the option of providing further information on a voluntary basis (telephone number and/or region). These details are not required for registration and the creation of the user account. However, if you do not provide this data, we may not be able to fully comply with your wishes when using the user account. If you provide such voluntary information, the processing of this data is based on our legitimate interests in the administration and maintenance of our customer relationships and in the optimisation of our online services. The legal basis in this respect is Art. 6 para. 1 of our 1lit. f) DSGVO.
We will also process the contact data provided by you as part of your registration in order to inform you about other comparable and possibly interesting products or services from our range. In this respect, the data processing is based on our legitimate interests in the marketing of our products within the meaning of Art. 6 (1) lit. f) DSGVO. You can object to the use of your contact data for this purpose at any time as described in more detail in section 8 below.
c) When using K2 Base:
We use the additional data requested for the use of K2 Base for calculating the technical design of the mounting systems offered. The legal basis for this is Art. 6, para 1 b) of the GDPR.
In addition, the non-personal information requested for the project calculation to be made are stored by us and analysed inIn inpseudomised form. This is done for the purposes of product development and optimisation as well as for the optimisation of the software for the user. The stored data is not disclosed to third parties. The legal basis for this is Art. 6, para 1 f) of the GDPR.
3. Cooperation with order processors and third parties – to whom do we disclose your data?
Cooperation with order processors and third parties
If we disclose or transmit data to order processors or third parties or grant them access to your data by other means, this is done only on the basis of legal permission (e.g. if the transmission of the data to third parties is required to fulfil a contract, Art. 6, para. 1 lit. b of the GDPR), you have given your consent (Art. 6, para. 1 a) of the GDPR, a legal obligationcontract, obligationrequires this (Art. 6, para. 1 c) of the GDPR or on the basis of our legitimate interests (e.g. when using agents, web hosting companies etc.) in accordance with Art. 6, para. 1 f) of the GDPR. If we entrust third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 of the GDPR.
We use the following companies as order processors – in addition to the Google ser-vices listed in section B – who areWe arebound by an order processing contract in accordance with Art. 28 of the GDPR and strictly committed to comply with thebound thedata protection regulations. In particular, these companies are prohibited from disclosing your person-al data to thirddata thirdparties outside of this contract or using it for their own purposes:
- MessengerPeople, Herzog-Heinrich-Straße 9, 80336 Munich, Germany, messenger services
- Userpilot, Inc., 2035 Sunset Lake Road, Newark, Delaware 19702, USA, usability optimisation
With regard to the personal data collected and processed when visiting this website and using the design software “K2 Base”, the hosting takes place on servers of STRATO AG with server location in Germany.
4. Do we disclose personal data in so-called third countries (countries outside the EU/EEA)?
The hosting with regard to the personal data collected and processed when visiting this website and using the “K2 Base”design software is done on STRATO AG servers with the server location in Germany, i.e. data is not transmitted to thirddesign thirdcountries in this regard.
With regard to the use of Google Analytics as well as other Google services (more on this below in section B), the information generated by the appropriate cookie on the use of the online services is usually transmitted to a Google server in the USA and stored there. Google is certified under the Privacy Shield agreement and therefore provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Activehttps://Active). However, we use Google Analytics as well as the other Google services only with IP anonymisation enabled if this is technically possible. This means that the IP address of the users is truncated by Google within the member states of the European Union or in other states in the European Economic Area party to the agreement. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with any other Google data.
5. How long do we store your data?
a) The server log files are deleted automatically after a maximum of 30 days. Details on the cookies, the length of time the are stored and how you delete them can be found below in section B.
b) We store the personal data requested when registering for K2 Base and the additional information requested when using K2 Base until the user deletes the account. The user account of users who have not logged into their account for twelve years and therefore also the above-mentioned personal data are deleted automatically after prior notification by e-mail.
6. Is it obligatory to provide personal data?
There is no obligation to provide the data. However, it is not possible to register for K2 Base or use the full functionality of K2 Base if you do not provide the data.
7. Do we use so-called profiling?
We do not use automated decision-making including profiling within the scope of operating this website and using the K2 Base software in accordance with Art. 22 of the GDPR.
8. What rights do you have?
You have the right at any time to request a confirmation on whether we are processing your personal data and the right to receive information on this personal data (Art. 15 of the GDPR). In addition, you have the right to rectification (Art. 16 of the GDPR), deletion (Art. 17 of the GDPR), restriction of processing (Art. 18 of the GDPR) as well as the right to data portabililty (Art. 20 of the GDPR).
__________________________________________________________________________________
Information on your right to object in accordance with Article 21 of the GDPR
You have the right on grounds relating to your personal situation to fi le an objection to the processing of personal data pertaining to you on the basis of Art. 6, para. 1 e) of the GDPR (data processing in the public interest) or Art. 6, para. 1 f) of the GDPR (data processing on the basis of a balance of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
This right of objection applies in particular to the processing of data collected when accessing this website and the data collected in the context of the use of Google Analytics and the other Google services.
Data You can assert all rights against us by e-mail via data-protection@k2-systems.com or via the contact details given in the section “Person responsible”.
__________________________________________________________________________________
In addition, you have the right to contact the competent data protection supervisory authority in the case of complaints in accordance with Art. 77 of the GDPR. The competent supervisory authority for us is the State Officer for Data Protection and Freedom of Information (Landesbeauftragte für den Datenschutz und die Informationsfreiheit) in Baden-Württemberg, and Königstrasse 10a, 70173 Stuttgart, Germany. In general, you can also contact the competent data protection supervisory authority for your usual place of residence.
B. Use of cookies and Google Analytics as well as Google Maps and Google Tag Manager – opportunities for revocation and objection
The website uses the tracking tool Google Analytics, where cookies are used and your IP address is collected, amongst other things. Tracking tools analyse the origin of the visitors, which areas of a website are visited and how often and for how long the various subpages and categories are viewed. The use of tracking tools is used to analyse user behaviour in order to be able to adapt the online services to the interests of the visitor and to find out how our services are used. The legal basis for this is Art. 6, para 1 f) of the GDPR.
In addition, Google Maps is used on the website to enable satellite-based planning of the project. For example, the geographic coordinates are needed to determine the snow and wind loads. The legal basis for this is Art. 6, para 1 b) of the GDPR. Information on the use of our website (such as your IP address) is already transmitted to Google servers in the USA and stored there when you call up the subpages with Google Maps integrated into them. Google will transmit this information to third parties if necessary, provided this is required by law or third parties process this information on behalf of Google. Google specifies that the user’s IP address must not be combined with any other Google data. Nonetheless, it would be technically possible for Google to use the user data acquired by Google Maps to identify the users, to use it to create personal user profiles or to process and use it for other purposes, which K2 Systems GmbH has and can have no influence on.
Google’s Terms of Service can be viewed at http://www.google.de/intl/de/policies/terms/regional.html. The additional Terms of Service for Google Maps can be viewed at https://www.google.com/intl/en_US/help/terms_maps.html. Detailed information on data protection in connection with the use of Google Maps can be found on Google’s website (“Googleinformation GooglePrivacy Policy”): http://www.google.de/intl/en/policies/privacy/
If you do not agree with the future transmission of your data to Google within the scope of using Google Maps, it is possible to completely disable the web services of Google Maps by switching off the JavaScript application in its browser. Google Maps and therefore also the map screen on our website cannot then be used. Likewise, the necessary calculations can also not be made, i.e. ultimately, the services that we offer cannot be used meaningfully without Google Maps.
The following section provides you with details on the provider, the operating principle as well as the details on how you can object to the processing of your personal data with regard to our website and/or delete the personal data collected here.
1. Deletion of cookies and the Do-Not-Track setting
You can delete individual cookies or all cookies through your browser settings. In addition, you can obtain information and instructions on how you can delete these cookies or block their storage in advance depending on your browser provider using the following links:
You can also individually manage the cookies of many companies and functions used for advertising purposes. Use the appropriate tools for this, available at aboutads.info choices or Your Online Choices.
Most browsers also offer a “Do-not-track” function where you can specify that you do not want to be “followed” by websites. If this function is enabled, the respective browser informs advertising networks, websites and applications that you do not want to be followed for the purpose of behaviour-based advertising and the like. You can obtain information and instructions on how you can edit this function depending on your browser provider, using the following links:
2. Informationen über Cookies
- Name: laravel_session
- Provider:: K2
- Purpose: Session Cookie
- Expiry date: 12 hours
- Name: XSRF-TOKEN
- Provider: K2
- Purpose: Defence against cross-site request forgery attacks
- Expiry date: 12 hours
- Name: WHATSNEW_xxx
- Provider: K2
- Purpose: “What is new in version X.X.X”-dialogue is hidden
- Expiry date: 1 year
- Name: remember_web_xxx
- Provider: K2
- Purpose: “Remember me” after login
- Expiry date: 5 years (if the user activates the “stay logged in” function)
- Name: COOKIEBAR_1
- Provider: K2
- Purpose: Cookie reference is hidden
- Expiry date: 1 year
- Name: laravel_session
- Provider: K2
- Purpose: Session Cookie
- Expiry date: 12 hours
- Name: XSRF-TOKEN
- Provider: K2
- Purpose: Defence against cross-site request forgery attacks
- Expiry date: 12 hours
- Name: WHATSNEW_xxx
- Provider: K2
- Purpose: “What is new in version X.X.X”-dialogue is hidden
- Expiry date: 1 year
- Name: remember_web_xxx
- Provider: K2
- Purpose: “Remember me” after login
- Expiry date: 5 years
- Name: COOKIEBAR_1
- Provider: K2
- Purpose: Cookie reference is hidden
- Expiry date: 1 year
- Name: PHPSESSID
- Provider: K2
- Purpose: Visitor’s PHP session and defence against cross-site request forgery attacks
- Expiry date: Immediately after closing the webpage
- Name: COOKIEBAR_X
- Provider: K2
- Purpose: Switching off the cookie hint; X is the internal language ID
- Expiry date: 1 year
- Name: __gads
- Provider: Google
- Purpose: Website statistics with Google Analytics
- Expiry date: 1,5 years
- Name: __utma
- Provider: Google
- Purpose: Website statistics with Google Analytics
- Expiry date: 1,5 years
- Name: __utmc
- Provider: Google
- Purpose: Website statistics with Google Analytics
- Expiry date: Immediately after closing the webpage
- Name: __utmzzses
- Provider: Google
- Purpose: Website statistics with Google Analytics
- Expiry date: Immediately after closing the webpage
- Name: _ga
- Provider: Twitter und Google
- Purpose: Google Analytics for the use of free scripts
- Expiry date: 2 years
- Name: _ga
- Provider: Google
- Purpose: Website statistics with Google Analytics
- Expiry date: 2 years
- Name: _gid
- Provider: Google
- Purpose: Website statistics with Google Analytics
- Expiry date: 1 year
- Name: _twitter_sess
- Provider: Twitter
- Purpose: Statistics from Twitter on the use of free scripts
- Expiry date: Immediately after closing the webpage
- Name: ajs_anonymous_id
- Provider: K2
- Purpose: For used Javascripts
- Expiry date: 3 months
- Name: ajs_group_id
- Provider: K2
- Purpose: For used Javascripts
- Expiry date: 3 months
- Name: ajs_user_id
- Provider: K2
- Purpose: For used Javascripts
- Expiry date: 3 months
- Name: eMagHostID
- Provider: K2
- Purpose: For use of the online catalogue
- Expiry date: 1 week
- Name: eu_cn
- Provider: Twitter
- Purpose: Website function
- Expiry date: 1 week
- Name: external_referer
- Provider: K2
- Purpose: Website function
- Expiry date: 1 week
- Name: ga-disable-UA-21720432-2
- Provider: Google
- Purpose: Website statistics with Google Analytics
- Expiry date: 80 years
- Name: guest_id
- Provider: Twitter
- Purpose: Statistics from Twitter on the use of free scripts
- Expiry date: 1 year
- Name: initialTrafficSource
- Provider: K2
- Purpose: Website function
- Expiry date: 1,5 years
- Name: personalization_id
- Provider: Twitter
- Purpose: Statistics from Twitter on the use of free scripts
- Expiry date: 1 year
- Name: tfw_exp
- Provider: Twitter
- Purpose: Statistics from Twitter on the use of free scripts
- Expiry date: 14 Tage
- Name: STARTTOUR_xxx
- Provider: K2
- Purpose: Save the status of the help tour through Base
- Expiry date: 1 year
3. Opt-out of web tracking (web analytics)
The following section describes how you can prevent the use of the tracking technology used by us for the purpose of webThe webanalytics and therefore opt out of the data pro-cessing.
Application and explanationApplication explanation
Google Analytics is a web analytics tool. “Google” uses cookies to analyse the use of our website by visitors on our behalf and compiles reports for us on the website activities.
We use Google Analytics with the so-called “AnomizeIP” add-on, whereby your IP ad-dress is truncated when you call up our website. This means that it contains no personal references.
Provider
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
DatenschutzhinweiseDatenschutzhinweise
We have concluded a contract on order processing with Google.
You can find more information under the following links:
Opt-Out
Install browser add-on to disable Google Analytics or click here:
deactivate Google Analytics
Further informationFurther information
Your trust is important to us. Therefore we are happy to talk to you at any time and answer questions relating to the processing of your personal data. If you have any questions that were not answered by this privacy statement or you wish to receive more detailed information on any aspect of it, please contact our Data Protection Officer at any time, using the contact details indicated above.
Version 1.2 (dated: 12-2021)