An overview of data protection
1. Data Controller
This website and the services provided thereon are operated by:
Kappa Ingredients GmbH
Friesenweg 4 | Building 13
Represented by Jörg Büttinghaus
Telephone: +49 40 6094087 0
2. General Information
We have developed our website in such a way that as few personal data as possible are collected. In general, it is possible to visit our website without disclosing any personal data. Only when you decide to use certain services (e.g. our contact form) will it be necessary to process your personal data. However, we always make sure that we process your personal data exclusively in compliance with a legal basis or any consent given by you. We adhere to the provisions of the General Data Protection Regulation (GDPR), which has been applicable since 25 May 2018, as well as to the applicable national provisions, such as the Federal Data Protection Act, the Telemedia Act or other more specific laws on data protection.
3. Purpose of Use and Legal Basis for the Processing of Personal Data
We always process your data for a specific purpose. Below we have summarised the purposes for which we process your personal data:
a) To be able to take care of the request with regard to which you contacted us
b) To make our download centre available
c) For the technical realisation of our website and to be able to provide you with the contents of our website (e.g. IP address, cookies, browser information)
d) To be able to accept and take care of an application you submitted to us with regard to one of our job openings
The specific purposes are described with regard to the types of processing illustrated here (e.g. contact form, product information).
As regards the legal basis for the processing of your personal data, the following applies:
Personal data which are necessary for the establishment, performance or execution of our range of services are processed on the legal basis of Art. 6 Sec. 1 lit. b GDPR. If we ask for your consent to the processing of your personal data, the legal basis for the processing of personal data is formed by Art. 6 Sec. 1 lit. a GDPR. The processing of your data is also permissible if it occurs for the safeguarding of our legitimate interests, provided that they are not outweighed by your interests or fundamental rights and freedoms with regard to the processing of personal data. Insofar as we use external service providers within the framework of contract data processing, the processing is carried out on the legal basis of Art. 28 GDPR.
4. The Types of Personal Data That We Collect and Process
Within the scope of our website, we collect and process certain personal data. You are able to tell what types of data are being processed by the information you are required to submit when filling out any forms on the website (e.g. our contact form) and by the information provided with regard to the data which are being processed within the framework of the processing operations described herein.
Below we have summarised the personal data we collect and process via our website:
When using our contact form:
- E-Mail address
- Message contents
When registering in our download centre:
- E-Mail address
5. Personal Data Collected During Your Visit to Our Website
When you visit our website for merely informative purposes, i.e. when you do not register anywhere nor submit any information, we only collect the personal data your browser transfers to our server. If you want to browse our website, we collect the data listed below. This is necessary from a technical point of view in order to ensure that you can properly view our website and to guarantee stability and security (the legal basis is formed by Art. 6 Sec. 1 S. 1 lit. f GDPR):
- Your IP address
- The date and time of the request
- The time difference from Greenwich Mean Time (GMT)
- The content of the request (specific page)
- Your access status / HTTP status code
- The data quantity transferred in each case
- The website from which the request is coming
- Your browser
- Your operating system and its interface
- The language and version of your browser software
6. Embedding of Third-Party Services
Our website uses contents, services and offers from third-party providers. Such services may include, for instance, statistical analyses with regard to the use and visit of our website or the embedding of videos from video platforms (such as YouTube). In order for the user's browser to be able to call up and display these data, it is absolutely necessary that the user's IP address be transferred to this third-party provider.
Our website uses so-called browser cookies for the collection and storage of information. Cookies are small text files which are stored on your data carrier. They store the specific settings and data relating to the exchange between our system and your browser. Generally, a cookie contains the name of the domain from which the cookie data were sent as well as information on the cookie's age and an alphanumerical identification code.
Cookies allow our systems to recognise the device of the user and to make his/her default settings immediately available. As soon as the platform is accessed by a user, a cookie is transmitted to his/her computer's hard drive. Cookies assist us in the improvement of our website and in being able to offer you better and even more customised services. They help us recognise your computer and/or (mobile) device when you revisit our website, which makes it possible to…
- …store information with regard to your preferred activities on our website, which allow us to customise it to your specific interests.
- …accelerate the speed at which we can process your requests.
We work with third-party service providers which assist us in making our website more interesting for you. That is why cookies from these partner companies (third-party providers) will be stored on your hard drive, too. These are cookies which are deleted automatically after a specified period of time.
1. Types of Cookies
A session cookie, which does not usually store any personal data but only assigns a session ID which is used to assign several sessions to a user, is created for the duration of your visit to our website. Session cookies are either deleted automatically when you close your browser or lose their validity as soon as your session has expired.
b. Permanent or Persistent-Cookies
A permanent or persistent cookie stores a file containing your data and settings in order to make them available to you during your next visit. This results in a quicker and more comfortable access which you can control. On the one hand, you can select your browser settings in such a way that these cookies are enabled or blocked; on the other hand, these cookies will be deleted when you clear your browser data, irrespective of whether this process occurs automatically or manually.
2. Overview of the Cookies We Use
Please refer to the table below to get an overview of the cookies we use:
If you object to the use of any browser cookies, you can change your browser settings so that the storage of cookies will be blocked. Please note that, in this case, you will not be able to use part or all of the functionalities of our website. If you want to enable our own cookies, but not those of our service providers and partners, you can select the “block third-party cookies” setting in your browser. We assume no responsibility for the use of third-party cookies.
8. Getting in Touch (Contact Forms)
You can contact us by email or via our contact form. In this case, we store the personal data submitted by you in order to take care of your request and get in touch with you for its processing. As regards the information we ask you to disclose via our contact form, the fields which are mandatory for getting in touch are marked accordingly (asterisk). The information you may provide in the optional fields is used to concretise your request and to handle it in a better way. The requested data are submitted by you on a purely voluntary basis.
Depending on the nature of your request, the legal basis for the processing is either Art. 6 Sec. 1 lit. b GDPR, if you submit the request within the framework of a pre-contractual measure, or Art. 6 Sec. 1 S. 1 lit. f GDPR for any other kind of request. Our legitimate interest is based on the purposes set out in Sec. 3 a). If we ask you to disclose personal data which are required neither for the fulfilment of the contract nor for the safeguarding of any legitimate interests, the submission takes place on the basis of your consent according to Art. 6 Sec. 1 lit. a GDPR.
9. Job Application Process
Job openings for which you can apply by email are published on our website. If you decide to apply for a job opening, we will process the personal data you disclosed and submitted to us in the course of this procedure exclusively for the purpose of implementing the application process.
If your application is rejected, we will erase your data immediately upon expiry of the 6-month retention period mandated by employment law. This period begins with the sending of the rejection letter. Provided that you have given your explicit consent to the storage of your data for the purpose of our getting in touch with you at a later point in time should there be any job openings you might find interesting, we will continue to store your data according to your consent. Unless you have given your explicit consent or unless there is a legal basis that allows us to do so, we will not transmit your personal data to third parties which are not involved in the specific application process.
No details with regard to the so-called “special categories of personal data” need to be disclosed in order for us to assess a job application. Special category data are personal data revealing the data subject's racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, as well as genetic data, biometric data for identifying natural persons, health-related data or data concerning the sex life or sexual orientation of natural persons. You are strongly advised against disclosing any of the aforementioned details. If your application nevertheless includes any such data, we cannot process your application unless we receive your explicit consent to the storage of special category personal data. Such consent would have to be obtained separately, which would delay the application process.
Please note that applications which are emailed to us are transmitted in an unencrypted form.
Hence, there is a risk that unauthorised third parties could intercept and use your data.
The legal basis for the processing of your personal data within the framework of the application process is formed by § 26 Sec. 1 in conjunction with Sec. 2 BDSG (Federal Data Protection Act).
10. The Use of YouTube
Our website uses plug-ins from YouTube, a website operated by Google, for the embedding and display of video contents. The video portal is provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
As soon as you call up a page with an embedded YouTube plug-in, a connection to the YouTube servers will be established. This involves telling the YouTube server which of our sites you have visited. When logged into your YouTube account, you allow YouTube to relate your surfing behaviour directly to your personal profile. You can prevent this from happening by logging out of your YouTube account.
We use YouTube because we attach importance to an appealing presentation of our website, which constitutes a legitimate interest according to Art. 6 Sec. 1 lit. f GDPR.
11. General Information About Our Social Media Presence
In order for us to be able to present our company in the best possible way, to communicate with you -the user, customer or interested party -and to inform you about the services we offer, we use social media.
The use of social media involves the processing of data outside of the European Union (EU) and the European Economic Area (EEA). It is not possible to ensure that the level of data protection in all non-EU countries is equivalent to the EU's level of data protection.
In light of this, you, as a user, are exposed to risks whenever the submitted data are processed in so-called third countries with an inappropriate level of data protection.
This impedes the enforcement of the well-known user rights. Apart from that, the provider in the third country might not process your data in your interest.
Providers from the USA which are certified within the so-called Privacy Shield Framework -an agreement on the protection of data reached between the USA and the EU -are obliged to comply with the EU data protection requirements.
The purposes for which your data are processed in social media usually deviate from ours. For the most part, the personal data collected in social media are used for the purposes of market research, advertising and the creation of user profiles for personalised advertising.
12. Information to Be Provided to Applicants Pursuant to Section 13 and 14 GDPR
1. Who is responsible for the processing of your data?
Persons within our company who are responsible for all incoming applications:
Mrs Nadine Bökemeier or Mrs Karolina Sandberg
Telephone: +49 40 6094087 0
2. Where do we get the collected data from?
We collect and process exclusively those personal data which you submit to us within the framework of the application process. These include the following types of data:
Personal details: Name, address and other contact details, date and place of birth, nationality
Health-related data: Information about disabilities or severe disabilities
Documents which prove your qualifications: Certificates, evaluations and similar proofs of training
3. For what purposes do we process the collected data (legal basis)?
The processing is carried out in consideration of and in compliance with the applicable General Data Protection Regulation (GDPR), the new Federal Data Protection Act (“BDSG-new”) and certain area-specific data protection standards in the context of the application process, such as the Social Security Code, the Telecommunications Act and the Works Constitution Act.
3.1. Processing related to the weighing of interests
If required, we will process your data for the safeguarding of our legitimate interests or those of third parties. Examples of such cases include the assertion of legal claims and defence in case of legal disputes, or business management and development measures.
3.2. Processing on the basis of your consent
Provided that you have given your consent to the processing of personal data, for example to the data's possible transmission to other eligible companies, the legal basis for the collection and processing of your personal data is formed by your consent. You can always revoke your consent. Such revocation cannot be retroactive, but applies from the point in time at which it is made. If you revoke your consent to the processing of your personal data, the purpose for which they were collected can no longer be fulfilled and/or implemented.
4. To whom will your personal data be transmitted?
The collected data will be transmitted to those persons within our company (including any principal companies, if need be) who have been entrusted with the handling of the application procedure and need these data for the fulfilment of statutory obligations. Processors who cooperate with our company may also receive your data for the aforementioned purposes. Apart from group-internal companies, such processors may also be IT companies and recruitment agencies. We would like to point out that, whenever your data are disclosed to third parties under the aforementioned circumstances, all data protection regulations are taken into account and complied with.
The transfer of your data occurs solely on the basis of statutory provisions, the consent we received from you or our entitlement to be given access to them. Such data recipients include, for example, affiliated companies (application processes for other job openings) to which your personal data may be transferred due to your explicit consent.
5. For how long will the personal data collected during the application process be stored?
Your personal data will be processed and stored, if required, for the duration of the application process. They will be deleted immediately, but at the latest 6 months, after the purpose has been fulfilled. Where it is no longer required to store your data for the purposes of the application process, or in the absence of any legal retention period and/or consent which justifies a longer retention period, your data will be erased immediately.
6. Will your data be transferred to third countries?
As an international company, our human resources management operates on a global scale, which is why authorised employees may access your data from every country in which our company is active. Within the framework of the application process, your application details may be transmitted to a department responsible within our group of companies which is not located in your home country or in the country where the job opening is offered. We have developed a uniform standard for data protection in order to ensure the secure transfer of data to third countries.
7. What rights can I assert?
Within the scope of the statutory provisions under the General Data Protection Regulation and the new Federal Data Protection Act, every data subject has the right to receive information on the processing of his/her personal data, the right to rectification, erasure and restriction of his/her data, the right to object to the processing of his/her data and the right to data portability. When exercising the right to receive information and the right to erasure, the restrictions under §§ 33, 34 BDSG-new are to be taken into account. Pursuant to Art. 77 GDPR in conjunction with § 19 BDSG-new, the data subject also has the right to file a complaint with the responsible data protection authority.
8. Are you required to disclose any data?
You are not required to provide any data other than those necessary for the application process. You have no obligation whatsoever to disclose any data to us. However, if you choose not to disclose the necessary data, it is usually impossible to properly implement the application process.
9. To what extent do we use automatic decision-making mechanisms?
When it comes to the establishment and execution of our application process, we do not use your personal data for profile creations.
10. Do we use the collected data for profile creations (scoring)?
When it comes to the establishment and execution of our application process, we do not use your personal data for profile creations.
13. Data Subject Rights
You have the following rights:
Provided that you are a data subject pursuant to Art. 4 Sec. 1 GDPR, the GDPR stipulates that you have the following rights with regard to the processing of your personal data. The legal text of the rights listed below can be found at:
- Pursuant to Art. 15 GDPR, you have the right to obtain informationas to which of your personal data are being processed by us. In particular, you have the right to obtain information about the processing purposes, the category of personal data, the categories of recipients to which your data have been or will be disclosed, the planned duration of storage, the existence of the right to the data's rectification or erasure, the right to restriction of processing or the right of objection, the existence of the right to file a complaint, the origin of your data -provided that they were not collected by us -as well as information about the use of any automatic decision-making procedures including profiling and, where appropriate, conclusive information about the details related thereto;
- Pursuant to Art. 16 GDPR, you have the right to obtain from us, without undue delay, the rectification inaccurate as well as the completionof any incomplete personal data concerning you;
- Pursuant to Art. 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you, unless the processing is necessary for exercising our right to freedom of expression and information, for meeting any legal obligations, for reasons of public interest or for asserting, exercising or defending any legal claims;
- Pursuant to Art. 18 GDPR, you have the right to request us to restrict the processingof your personal data, provided that the accuracy of the personal data is contested by you, the processing is unlawful but you reject the erasure of the data, we no longer need the data, but they are required by you for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR;
- Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Furthermore, you have the right to have those data transmitted to another controller (data portability);
- Pursuant to Art. 7 Sec. 3 GDPR, you have the right to withdraw your consent at any time. As a result thereof, we are obliged to stop the data processing which had been based on your consent;
- Pursuant to Art. 77 GDPR, you have the right to file a complaint with the competent supervisory authority. Usually, you can get in touch with the supervisory authority responsible for your place of residence, your place of employment or our registered office.
- Right to object: Where the processing of your personal data is based on legitimate interests pursuant to Art. 6 Sec. 1 S. 1 lit. f GDPR, Art. 21 GDPR stipulates that you have the right to object to the processing of your personal data, provided that there are grounds relating to your particular situation or that the objection is directed at direct advertising. In the latter case, you have a general right of objection whose exercise does not require the existence of a particular situation.
If you would like to exercise your right of revocation or objection, all you have to do is email us at firstname.lastname@example.org.
14. Transmission of Your Personal Data
Your personal data are transferred as described below.
Our website is hosted by an external service provider in Germany. We ensure that the data processing is carried out exclusively in Germany. While this type of processing is required for the operation of the website as well as for the establishment, performance and execution of the existing licence agreement, it is also permissible without your consent.
We also transmit your data when we are entitled or obliged to do so due to statutory provisions and/or administrative or judicial orders. Such incidents might include, in particular, the provision of information for law enforcement and hazard prevention purposes or the enforcement of intellectual property rights.
Insofar as we transmit the respectively required data to third-party service providers, these service providers may not access your personal data beyond what is necessary in order for them to be able to fulfil their tasks. These service providers are obliged to treat your personal data in compliance with the applicable data protection laws, and, in particular, the General Data Protection Regulation.
Unless you have given your explicit consent, your data will not be transmitted to third parties under any conditions other than those these referred to above. In particular, we do not transmit any personal data to third-country entities or international organisations.
15. Data Security
Unfortunately, the transmission of information via the internet is never 100% secure, which is why we cannot ensure the security of the data transferred to our website via the internet.
However, we use technical and organisational measures to protect our website in such a way that your data are protected against loss, destruction, access, modification or distribution by unauthorised persons.
In particular, we ensure that your personal data are transmitted in encrypted form. This is done by using the SSL/TLS (Secure Sockets Layer / Transport Layer Security) encoding system. Our safety measures are continuously improved in line with the technological developments.
16. Retention Periods for Personal Data
We will erase your personal data when it is no longer required to store them for fulfilling the original purpose and as soon as the legal retention periods have expired. The legal retention periods ultimately constitute the criterion for the personal data's final duration of storage. Upon expiry of the period, the respective data will be routinely erased. If retention periods exist, the processing will be restricted, i.e. that the data will be blocked.
17. References and Links
Third-party service providers may have differing and individual regulations when it comes to the handling, collection, processing and use of personal data. That is why we recommend that you read the privacy policies published on such third-party websites before submitting any personal data.
19. Data Protection Officer
We have appointed a Data Protection Officer.
Office: +49 40 6094087 0
Version as of: 30 November 2019