Personal data, such as the name, contact details, and position of the person in question, is required for communication, provision of information and services, as well as for purposes associated with the relationship.
This is performed in accordance with the legal provisions, internal regulations, and the personal rights of the person(s) affected.
1. What data do we process?
The following data categories can be collected and processed:
a. Identification data, such as name, gender, company, vehicle number plate (visitors), special rights/permissions (truck driver), video and image data (when visiting monitored areas)
b. Addresses and contact details, such as postal address(es), e-mail address(es), telephone number(s), organization details such as company/organization, department, job title
c. Permissions and their use
d. Time logging, for example time spent on the premises of GKD or for provision of services
e. Video/image data, for example used to monitor both publicly accessible areas and special areas on the company premises. Insofar as any areas beyond the boundaries of our company premises are monitored using video surveillance, these are blurred and rendered unidentifiable.
2. For what purpose is data collected and used?
Personal data can generally be used for:
a. Communication, for example to clarify questions, exchange information or make appointments
b. Documentation, for example of meetings, events, and agreements
With regard to GKD business partners, such as suppliers, customers, contractors, contractual partners, or service providers, personal data can also be used for:
c. Processing transactions, for example payment, billing, and contract management
d. Logistics, such as transport
e. Authorization and identity management for electronic services, including technical support and troubleshooting
f. Administrative communication, for example sales promotion or product development
g. Monitoring and controls
To comply with existing export and payment restrictions – for example when companies and persons are on various governmental lists – business partner data can be checked against these lists. In addition to this, an investigation and, if necessary, provision of data and documentation on the respective case and the persons in question may be necessary in cases of suspicion, during investigations by public authorities, and for defending against claims. The internal regulations, legal provisions, and personal rights of those affected apply in all cases.
With regard to visitors and prospective clients, personal data can be used for:
h. Identification and access authorization
i. Making contact and providing requested information following trade fairs
j. Provision of information and of requested services (e.g. newsletters)
k. Monitoring, property protection, security checks
3. What legal principle is this based on?
The legal bases for the processing of your personal data are as follows:
In addition to this, we use your personal data only insofar as you have given your consent for this. We will always request your consent in advance in cases such as this.
4. Data security and processing principles
Appropriate technical and organizational data security measures are guaranteed through internal provisions and – if the data is processed by an external service provider – through corresponding contractual agreements.
Various methods are used to secure both data protection and our IT security in the face of various threats (malware, hacker attacks, spam, spying and theft of intellectual property). For example, transmitted data is checked for viruses and connection data is analyzed for any anomalies. In cases of suspicion, relevant documents and connection data are analyzed.
5. Is your data shared with others?
In accordance with the legal provisions and existing internal regulations, the data required for the respective purpose can be shared with other internal and external parties in the following cases:
6. How long is your data saved for?
Personal data is only stored for as long as necessary to fulfill the respective purpose and to fulfill official requirements, generally for the duration of the respective contractual relationship, including any statutory safekeeping period.
For business partners, data is generally deleted 10 years after the last contact, while for other persons such as visitors or subscribers of information/newsletters it is deleted 5 years after the last contact or on request.
Recorded video data is generally deleted after 72 hours, although after 10 days at the very latest.
7. Your rights as a “person affected”
You have the right to information on the personal data we process from you. When requesting information, we ask for your understanding that we may need you to provide proof that you are the person you are claiming to be. Furthermore, you have a right to rectification and deletion or restriction of the processing, insofar as statutory legislation provides for this. Within the scope of legal stipulations, you have a right to object to the processing, the right to data portability, and the right of appeal at a responsible supervisory authority.
The responsible authority for the collection, processing, and use of your personal data in the sense of the GDPR (EU General Data Protection Regulation) is
GKD – Gebr. Kufferath AG
T: +49 2421 803-0
Should you have any questions or issues relating to data protection (for example rectification, deletion, or requesting information), please contact our data protection officer:
GKD – Gebr. Kufferath AG
– Data protection officer –