Data Protection

The purpose of this Data Protection Policy is to provide you with information about the type of data we collect from you when you use our website and its functions and features. First, we offer a quick overview of data processing (“Quick Overview”). We provide details of specific data processing activities carried out when you use our website and its various functions and features under the section “Detailed Information on Data Protection".

1. Who is the controller responsible for data processing on this website?
The controller responsible for the processing of personal data through the website “paul-koester.de” is Paul Köster GmbH, Kolpingstraße 1, 59964 Medebach, Germany.

2. What type of data do we collect from website visitors?
When you visit our website, your web browser sends various data sets to our servers, which are technically necessary to display the content of the website and to ensure its stability and security. These data sets are stored in so-called log files, which also include the IP address.

3. Do we use cookies on our website?
Yes, we use various types of cookies (analysis cookies) on our website. For detailed information on how to delete these cookies or to prevent them from being stored, please refer to the sections “Cookies” and “Web Analysis”.

4. Do we use analysis tools on our website?
Yes, we work together with (a) provider(s) to improve our website and our offers and to optimize them continuously. Detailed information about these service provider(s), how the analysis tool(s) work and how you can switch off this function can also be found in the Cookies and Web Analysis section.

5. Do we transmit personal data to third parties?
No. We do not transmit your data to third parties.

6. Who can you contact if you have any questions?
If you have any questions about data protection, please contact dtnschtzpl-kstrd, or the controller specified above.

A. General information on data protection

1. Scope

1.1 This Data Protection Policy covers information we are required to provide under Article 13 of the General Data Protection Regulation (GDPR) on the processing of data relating to the use of and access to our website “paul-koester.de” and the services and functions made available through the website.

1.2 Where we offer links to third party websites, please note that we have no influence or control over the linked content or the data protection policies of these websites. We recommend that you to check the data protection policies on these websites to determine whether and to what extent these websites collect, process or use personal data or make such data available to third parties. To enhance readability, the masculine gender is used to refer to all genders male/female/other.

2. Name and contact details of the controller and the data protection officer

2.1 Paul Köster GmbH, Kolpingstraße 1, 59964 Medebach, Germany, is the controller responsible for data protection on this website. You can contact us by telephone at +49 (2982) 92 11-0, or by email at nfpl-kstrd.

2.2 You can contact our data protection officer, Mr. Andreas Pohl, via Pohl Consulting Team GmbH, Mengeringhäuser Str. 15, 34454 Bad Arolsen, Germany, email dtnschtzpl-kstrd.

B. Data processing when visiting our website

1. Creation of so-called log files

1.1 Subject matter and purpose of data processing
a) When you visit the website, we collect so-called access data and store it in a log file. This access data also includes the IP address. Furthermore, we also store in the log file the name of the website and the file you accessed, the date and time of access, information about the amount of data transferred, notification of successful access, the browser type and version, the operating system, the so-called referrer URL (the previously visited page) and the accessing provider.
b) We collect such technical information to ensure that our website is displayed correctly, to identify the causes of any technical problems, to optimize the technical content of our website and to safeguard our computer systems and networks. Our legitimate interest also lies in the processing of data for these purposes in accordance with Article 6 (1) (f) GDPR.

1.2 Recipients and duration of data processing
a) We do not pass on the aforementioned data to unauthorized third parties. Our web server is hosted by domainfactory GmbH in Germany.
b) The log files, including the IP address contained therein, are automatically deleted no later than two months after collection. While the provision of the aforementioned personal data is not a statutory or contractual requirement, without the data, we may not be able to guarantee the functionality of our website and some services or functions may not be available at all or only to a limited extent.

2. Cookies

2.1 Data processing with the aid of "technically necessary cookies" is carried out on the basis of Article 6 (1) (f) GDPR, as otherwise it is not possible to call up the website, or basic functions of the website are restricted. The use of so-called analysis cookies requires your consent and is therefore based on Article 6 (1) (a) GDPR.
This website uses the following types of cookies:

2.2 Duration of data storage
a) You can use your browser settings to delete individual cookies or all of the cookies. In addition, depending on the provider of your browser, you can find information and instructions on how to delete cookies or block their storage in advance under the following links: Mozilla Firefox │ Internet Explorer │ Google Chrome │ Opera │Safari.
b) You can also prevent the loading of so-called scripts by default. NoScript allows JavaScript, Java and other plug-ins to run only on trusted domains of your choice. Information and instructions on how to use this feature can be obtained from the provider of your browser (e.g. for Mozilla Firefox).

3. Web Analysis

3.1 Subject and purpose of data processing
With the help of these tools, we can examine how and from where visitors come to our site, which areas on a website are visited particularly often, and how often and for how long which sub-pages and categories are viewed. The aim is to be able to design our offers and our website in a user-friendly way with the help of the knowledge gained in this way.

If you have given your consent, Google Analytics 4, a web analytics service provided by Google LLC, is used on this website. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

3.2 Nature and purpose of processing
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

3.3 Purposes of processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your pseudonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.

3.4 Recipients
Recipients of the data are/may be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

3.5 Third Country Transfer
For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example, Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.
The maximum lifetime of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached takes place automatically once a month.

3.6 Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO and § 25 para. 1 p.1 TTDSG.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to refuse all cookies, you may experience limitations in functionality on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by

• not giving your consent to the setting of the cookie or
• downloading and installing the browser add-on to disable Google Analytics HERE.

3.8 Data protection of the provider
For more information on the terms of use of Google Analytics and data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de .

4. Use of emojis and smileys
a) Our website occasionally uses graphic emojis, i.e. small graphic files that express emotions, which are obtained from external servers. In this instance, the providers of the servers collect the IP addresses of the users. The emojis are delivered through (CDN) JSDelivr, an open-source content delivery network, developed by Prospect One, Dmitriy Akulov. A CDN is a service that enables us to deliver the contents of our online services, such as graphics or scripts, more quickly with the help of regionally distributed servers connected via the internet. To the best of our knowledge, user data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.
b) For further details and the privacy policy, please refer to https://www.jsdelivr.com/privacy-policy-jsdelivr-com. The server domain used is cdn.jsdelivr.net. The use of emojis is based on our legitimate interests, i.e. our interest in having an appealing website in accordance with Article 6 (1) (f) GDPR.

5. Web fonts from fast.fonts.net or fonts.com
a) To ensure the fonts we use on our website are uniform, we use web fonts provided by Monotype GmbH (fonts.com or fast.fonts.net). When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, your browser has to connect to the servers of fonts.com. As a result, fonts.com will learn that your IP address has accessed our website. We use web fonts to ensure a consistent and appealing presentation of our website content. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) GDPR.

b) If your browser does not support web fonts, your computer will use the standard font. For more information about these web fonts, please refer to https://www.fonts.com/info/legal and the privacy policy of fonts.com: https://www.fonts.com/info/legal/privacy/ and the privacy policy of https://www.monotype.com/legal/privacy-policy/.

6. Map services
a) We include geographical maps on parts of our website to display contact details and directions. We use the JavaScript library “Leaflet” (Leaflets.com - “open-source JavaScript library for mobile-friendly interactive maps”) by Vladimir Agafonkin and maps from OpenStreetMap contributors (“OpenStreetMap contributors”). The map data is available under the Open Database License and the cartography is licensed under CC BY-SA. For more information about licenses, please visit https://github.com/Leaflet/Leaflet/blob/master/LICENSE and https://www.openstreetmap.org/copyright.
b) For the interactive display and usability of the maps, it is technically necessary to exchange data with the following servers: maps.wikimedia.org (for map sections) and unpkg.com (for loading the leaflet files). Through this exchange, it is possible that information about your visit to our website (including your IP address) will be transmitted to the specified servers and stored there. Any other personal information will not be exchanged with the Leaflet service. Due to the execution of the Leaflet JavaScript library directly in your browser (“client-side” execution), no data concerning the accessed map sections is stored on the Sustainability Council's server. The Leaflet library is temporarily stored in the memory of your browser software (the “browser cache”). You have the option of deactivating Leaflet's services and thus preventing the transfer of data to third parties by deactivating JavaScript in your browser. Please note that if you do this, you may not be able to use all the map-related features of this website. We use Openstreetmap to enhance the appeal of our website. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
c) For more information about OpenStreetMap, please refer to https://www.openstreetmap.de. For more information about the API Leaflet uses, see https://www.leafletjs.com.

C. Social media and fan pages

a) Paul Köster GmbH is active on several online and social media platforms in order to interact with potential and existing customers, to communicate with users and prospective customers, and to advertise offers and services. This includes the following providers:

b) We operate our appearances in so-called joint (data protection) responsibility with the providers. Data that you directly share or publish via the online platforms and networks (e.g. via comment and chat functions) is processed by us as the responsible party in order to interact with you or to exchange information with you. Within the scope of this interaction, we may also receive statistical data from the platform operators on the use of our "channels and fan pages". This includes, for example, information about interactions, likes, comments or summarized information and statistics (e.g. IP address; origin of followers), which help us to learn something about the interactions with our site. The legal basis for data processing in our area of responsibility is Article 6 (1) S. 1 lit. f) GDPR.
c) However, the aforementioned providers also process data on their own responsibility. We have no influence on data that is processed by the provider on his own responsibility according to his own terms of use and data protection. We would like to point out that when the aforementioned providers are called up, further data (e.g. from your usage and "surfing behaviour") may be collected and, if necessary, transmitted to the provider. Please also note that in the case of interaction via the aforementioned media, data may also be processed outside the area of the European Union, whereby the providers have committed to comply with the EU data protection standards. Furthermore, user data is generally processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. More detailed information on this can be found in the data protection information of the respective providers.

If we receive personal data from you in connection with the use of the online platforms and networks, please address your concerns to us. Should you wish to assert any further rights against a particular provider, please contact the person responsible.

D. Careers

For information about the nature and scope of data processing when you submit a job application through our website, please refer to the “Careers” section of our website.

E. Newsletter

This website uses EVALANCHE to send newsletters. The provider is SC-NETWORKS GMBH, Enzianstr. 2, 82319 Starnberg, Germany.
EVALANCHE is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of receiving newsletters is stored on Evalanche's servers in Germany.

If you do not want Evalanche to analyze your data, you can unsubscribe from the newsletter at any time. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website.

Data analysis by EVALANCHE
With the help of EVALANCHE, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.
In addition, we can see whether certain previously defined actions were performed after opening/clicking (conversion rate). We can thus recognize, for example, whether you have visited a website after clicking on the newsletter.
Evalanche also allows us to subdivide ("cluster") newsletter recipients based on various categories. For detailed information on the functions of Evalanche, please refer to the following link:
https://www.sc-networks.com/solutions/enterprise/

Legal basis
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period
The data you have provided us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Evalanche after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for inquiries) remain unaffected by this.
For more details, please refer to Evalanche's privacy policy at: https://www.sc-networks.com/data-protection/.

Conclusion of a contract for data processing
We have concluded a contract with SC-Networks GmbH / Evalanche in which we oblige Evalanche to protect our customers' data and not to pass it on to third parties. You can request this contract from us by sending a written request to dtnschtzpl-kstrd.

F. Your rights

1. You have the right to request, at any time, confirmation as to whether we process personal data, as well as the right to information about this personal data. Furthermore, you have the right to rectification and erasure of data, the right to restrict data processing, the right to object, at any time, to the processing of personal data, the right, at any time, to withdraw your consent to data processing, and the right to data portability.

2. Any requests for information, queries, withdrawals or objections to data processing should be sent by email to dtnschtzpl-kstrd, or directly to our data protection officer, Mr. Andreas Pohl, (Pohl Consulting Team GmbH, Mengeringhäuser Str. 15, 34454 Bad Arolsen, Germany), email: dtnschtzpl-kstrd. In addition, you have the right to lodge a complaint with a supervisory authority in the event of a data breach.
 
Information about your right to object
In accordance with Article 21 GDPR, you have the right, at any time and on grounds relating to your particular situation, to object to the processing of personal data concerning you which is based on Article 6 (1) (e) or (f) GDPR. We will stop processing your personal data unless we can prove compelling reasons for continuing the processing of your data that are worthy of protection and that outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
If you wish to object to the use of your personal data or if you wish to withdraw your consent, please send an email to dtnschtzpl-kstrd.

Status: 2024/03/25