Data privacy is important to our company. We therefore guarantee our customers, business partners and users of our websites to protect their personal rights.
We guarantee to collect, store and use personal data only within the framework of the rules and regulations on data protection. Your data, which are collected on our websites to the technically necessary extent, will not be sold to any third party and will only be circulated on judicial order for prosecution purposes.
To give you security and peace of mind in this point, we would like to inform you about kind, scope and purpose of the collection and use of personal data. You can call up this information on our websites at any time.
Notes on handling of your personal data and your respective rights
(Information according to Articles 13, 14 and 21 of the General Data Protection Regulation GDPR)
This Data Privacy Notice includes terms and definitions, which are also used in the General Data Protection Regulation (hereinafter GDPR). As our aim is to be transparent and clear in this regard we would like to explain the terms used in our Data Protection Notice as they can also be found in Article 4 of the GDPR (‘Definitions’).
- Personal data
‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transfer, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of processing
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
‘Controller’ means a natural or legal person, public authority or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
- Third party
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Nolte Küchen GmbH und Co. KG
32584 Löhne, Deutschland
Authorised to represent:
Legally represented by phG, Nolte Geschäftsführungsgesellschaft mbH,
which is on its part represented by their managing directors
Marc Hogrebe, Eckhard Wefing and Manfred Wippermann
Data Protection Officer (DPO):
Stephanie Neitzel (Lawyer)
Websites are to some extent using what is also referred to as cookies. Cookies do not harm your computer and do not contain any viruses. The purpose of cookies is to make our offer more user-friendly, effective and safe. Cookies are small text files, which are filed on your computer and stored by your browser.
Most of the cookies we use are so-called ‘session cookies’. They are automatically deleted at the end of your session. Other cookies remain stored on your end device until you delete them. Such cookies allow us to recognize your browser when you visit our website the next time.
You can set your browser in a way that you are notified whenever cookies are set and such cookies are only allowed in certain individual cases; you can exclude the acceptance of cookies for individual cases or generally and such cookies are automatically deleted when the browser is closed. The functionality of this website might be impaired, though, if cookies are disabled.
4. Collection of access data /server log files
The supply and representation of contents via our website technically calls for the collection of certain data. Whenever you access our website, these so-called server log files are collected by the respective provider which is hosting the web service (Nolte Küchen GmbH & Co. KG or a processor in compliance with Article 28 GDPR). No conclusions to individual persons can be drawn based on these log files.
The respective information consists of the name of the website, the file, the current date, the amount of data, the web browser along with its version, the operating system used, the domain name of your internet provider, the referrer URL as site from which you have changed to our page, and the respective IP address.
We use this data to represent and supply our contents on and to your end device as well as for statistical purposes. This information supports the provision and permanent improvement of our services. We do not merge the data of the server log files with any other data. We reserve the right to check the data in the server log files at a later stage if there is probable cause for illegal use of our website.
5. Encryption of data transfer
Our website uses SSL/TLS encryption technology. Thus, all data of forms and similar input masks relating to the user are safely transmitted.
Since 22 January 2019, Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, Ireland, is legally responsible for users of Google services in the European Economic Area (EEA) and in Switzerland.
6.1. Google Analytics
This website uses the functions of Google Analytics. This web analytics service uses so-called ’cookies’ (see above). The information regarding your usage behaviour of this website generated by the cookie is usually sent to a Google server in the US and is stored there.
If IP anonymisation is enabled on this website your IP address will, however, be shortened by Google within member states of the European Union or in other signatories of the agreement regarding the European Economic Area. Only in exceptional cases, the full IP address will be sent to a Google server in the US and then shortened there. On behalf of the operator of this website, Google will use this information to evaluate your website usage, to compose reports concerning the website activities and to provide more services in connection with the website and internet usage to the website operator. The IP address sent from your browser within Google Analytics will not be merged with the other data of Google.
You can prevent the collection of data generated by the cookie concerning your usage of our website (incl. your IP-address) along with the transfer to Google as well as the processing of these data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
6.2. Google AdWords
For our marketing activities, we use Google AdWords. Conversion tracking is used in this process. With this tool, Google AdWords sets a cookie on your PC whenever you visit our website via a Google ad. The cookie automatically expires after 30 days and its purpose is not to trace back any personal data. If you visit our website and the cookie is still valid, Google and our company can see that you have clicked the respective ad and have been forwarded to our website. Every Google AdWords customer receives another cookie, meaning that cookies cannot be traced back over the websites of AdWords customers that way.
The data collected by the conversion cookies are used to generate conversion statistics for AdWords customers. We, as a customer, thus get to know the total number of users who have seen and responded to our ad and have then been forwarded to a website which has been provided with a conversion tracking tag. In this process, we do not receive any information that enables us to identify you personally as our user.
If you deny the tracking process, the cookie of Google’s conversion tracking can be disabled via your internet browser. If necessary, use the ‘Help’ function of your browser for further information. More information regarding the data protection regulations of Google can be found under http://www.google.de/policies/privacy/.
6.3. Google Maps Plugin
Our website uses a Google Maps plugin.
Whenever you use Google Maps on our website, information concerning your usage of this website and your IP address will be sent to a Google server in the US and will also be stored there. We have neither any knowledge about the exact contents of sent data nor about their usage by Google. In this regard, the company clearly denies the linking of data with information emanating from other Google services and the collection of personal data. However, Google is allowed to send information to third parties.
By using our website, you agree with the described collection and processing of information by Google Inc..
7. Handling of personal data
We collect personal data in the framework of data avoidance and data minimization to such an extent and for such a period as it is required for the use of our website and the services offered there or as long as prescribed by the legislator. We take the privacy of your personal data very serious and strictly abide to the respective legal regulations and to this data privacy notice when it comes to the collection and processing of personal data. If the purpose of data collection ceases to apply or if the maximum storage period has expired the collected data will be blocked or erased.
Our website can regularly be used without the circulation of personal data. When we collect personal data – such as your name, your address or your email-address – these data are collected on an optional basis. Such data will not be circulated to any third party without your explicitly given consent.
Please note that, in general, data are not always safely circulated in the internet. Especially when it comes to email correspondence, a full protection during data exchange cannot be guaranteed.
8. Purpose of processing
The processing of personal data is carried out in accordance with the regulations of the European General Data Protection Regulation (GDPR) and the German Bundesdatenschutzgesetz (BDSG):
- Due to your consent (Article 6, para. 1a GDPR)
The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- For the performance of a contract (Article 6, para. 1b GDPR)
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Due to compliance with legal obligation (Article 6, para. 1c GDPR)
Processing is necessary for compliance with a legal obligation to which the controller is subject.
- For the purpose of legitimate interest (Article 6, para. 1f GDPR)
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
9. Withdrawal of given consent
According to Article 7, para. 3 GDPR, the data subject shall have the right to completely withdraw or change his or her consent regarding the processing of personal data for one or more specific purposes at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If not offered via special functions, you can send us your withdrawal either by post, email or by using our contact form on our website. There will be no other costs for you than the postal charges or the transfer costs in compliance with the currently valid basic tariffs.
10. Data collection at third parties
If, in connection with our brand, our product or our company, personal data are collected, stored, processed at third parties and are circulated to us for a certain purpose, the transfer of such data to us is especially subject to the lawfulness of the respective collector. If data is sent to us (e.g. in connection with brochures of our company ordered on kitchen information platforms on the internet), we assume consent of the data subject regarding the circulation to and processing by our company. Hereby, however, we only accept data transfers and process them if they come from authorized sources known to us due to active business relationships.
11. Circulation of data
For the purpose of fulfilment of our contractual and statutory obligations or also services required by the user, business partners assigned by our company – such as a processor (Article 28 GDPR) will be granted access to your data.
Should a data subject explicitly request the communication of contact data between this data subject and a business partner of our company due to initial approaches of a purchase contract, such business partner receives the personal data of the data subject in line with the framework information concerning the intended purchase. Should you request the erasure of your data we will forward your request to the previous recipient for its information with the request to evaluate the lawfulness of a continued storage of data on its part.
12. Transfer of data into a third-party country or to an international organisation
There will only be a transfer of data into third-party countries if this is necessary for order fulfilment or statutory or if the data subject has given his or her consent.
13. Maximum storage period of data
If necessary, we process and store your personal data for the period required for the fulfilment of the respective purpose for which consent to data processing has been given.
Apart from that, we are subject to certain retention and documentation obligations resulting from the German Commercial Code (HGB), amongst others. The maximum retention or documentation periods respectively indicated there are two to ten years.
14. Contact form
If you send us your enquiry via our contact form, your data of the enquiry form plus the contact data entered there will be stored in order to process your enquiry and in case of later enquiries. These data will not be given to any third party without your consent.
15. Ordering of information material
On our website, prospective buyers of a kitchen have the possibility to request brochures and advertising material via a respective order form. We interpret every use of this form within the relevant meaning for marketing and sales. If you trigger this order for information material by filling in and sending the form, your details from the order form including the contact data specified there will be stored and processed in digital and/or printed form to handle your material order and to follow-up your data for advertising and/or sales-related purposes. We will ask for your explicit consent for both cases within the form sending process and you can withdraw this consent at any time. Your data will not be circulated to any third party without your consent.
16. Newsletter data
If you would like to subscribe to a newsletter offered on the website, this is directly linked to the use of a user account in ‘My kitchen’ (see below). You can also unsubscribe from the newsletter in this user account.
17. Online kitchen planner
Our website offers an online kitchen planner and it might also appear on websites of our business partners as an integrated function. The online kitchen planner helps prospective buyers of one of our kitchens to prepare their planning process and to send them to one or more business partners to finalize the planning and to purchase the kitchen. The planning itself can be carried out completely anonymously without specification of any personal data and without having to log into the user management system. However, the storage, transfer of planning to the user’s own email address and the forwarding to business partner(s) requires to log into the user management system ‘My kitchen’ and calls for a valid user account (see ‘My kitchen’).
18. User-Management-System ‘My kitchen’
As a sub-system of our website, the user management system ‘My kitchen’ is the central platform for our company’s end customers, which can be used by a data subject to manage their personal data stored here as well as other data relevant for marketing purposes. The latter includes the subscription to newsletters, online kitchen planning or the registration of kitchens purchased at our company to receive technical documentations on it (e.g. kitchen-specific cleaning and assembly instructions).
To be able to use this system, data subjects have to generate a respective user account based on personal data (especially sex, first name, last name, country and language). The user account can both be created on the website itself or in linked sub-systems (such as the online kitchen planner).
The creation and activation of this function requires the data subjects’ explicit consent to the storage, processing and (only after specific inducement by the user) also transfer of personal data. In this course, the data subject also gives his or her consent that we are allowed to contact him or her in digital or analogue form for promotional purposes. This may apply to the concrete marketing of products of our company or automated follow-ups at the user subject to previous user activities (e.g. later automated offer of contact to another dealer upon user’s request of advertising material).
The above described user account has to be protected by the user by double entry of a password given out upon identity check and such password cannot be seen by the system operator. The account will generally only be activated upon authorization by the data subject by clicking a specific link that has been sent to an email address relevant for the user account. One email address can only be used to create one single user account and thus clearly identifies such account.
Should the user forget the password, he can request an email with a web link sent to the address lodged in the user account. This web link can be used to choose a new password. This is to make sure that only the owner of the user account has the valid access data for a user account.
The afore-mentioned functions concerning the creation and activation of the user account in ‘My kitchen’ are both available via the website and in form of integrated dialogues in other sub-systems (e.g. the online kitchen planner).
Apart from that, ‘My kitchen’ gives the user the opportunity in the website front-end to change, modify and/or reduce the made available personal data and the account can also be irrevocably erased. By erasing the user account, all user data required for login processes on the ‘My kitchen’ platform are irrevocably erased. Erasing the account also results in the fact that all information stored in ‘My kitchen’ referring to personal data are completely anonymized so that none of the previously triggered platform functions can be allocated to the data subject or allow to draw conclusions to the data subject. (Guarantee of ‘Right to be forgotten’ according to Article 17 GDPR).
We will not store any emails required in connection with the functions of ‘My kitchen’.
We take care of the hosting of the data given to use in the course of the registration. For system-administrative reasons it cannot be avoided that our processor, that only supports us in technical terms, has access to the data. To protect these data against manipulation, loss and destruction or against access of unauthorized parties we have implemented technical and organizational measures together with our processor, which are specified in a processing contract according to Article 28 GDPR.
19. Visitor management with the scope of Nolte Küchen show events
Nolte Küchen show events have the particular purpose of informing customers, suppliers as well as the media about new products and services as well as of engaging in dialogue with a view to continuing and shaping business cooperation. Furthermore, Nolte Küchen show events also have the purpose of initiating new business relationships, in particular with customers, suppliers as well as media. As such, these events to a significant extent serve promotional purposes and underpin business development at Nolte Küchen.
This dialogue with existing as well as with potential new business partners must take place through the relevant members of staff of the companies concerned, from which Nolte Küchen derives the legitimate interest pursuant to Article 6 (1) f of the GDPR to store and process personal data of such persons exclusively in the required scope for the designated purpose and for the duration of preparing, holding and following up the particular show event. This includes the storage and processing of data of such persons with which no active business relationship exists at the time of being invited to the show.
The online registration and accreditation process this involves in advance of the show event has the purpose of simplifying the making on contact between visitor and the relavent Nolte Küchen contact persons as well as of ensuring the enforcement of Nolte Küchen's domiciliary rights in such form that a personalised admission ticket is sent to the registering visitors through which Nolte Küchen, within the scope of checking admissions to the show event, can establish who is present on the premises of Nolte Küchen.
In this context, the systemic handling of visitor management by Nolte Küchen takes place with the support of a processor (see above). Personal data recorded and stored in connection with Nolte Küchen show events will not be made accessible to third parties.
20. Still and motion pictures with the scope of Nolte Küchen show events
To reinforce the promotional impact as well as document show presentations vis-à-vis consumers, retail partners, media, suppliers, staff and proprietors, still photographs and video footage are taken at Nolte Küchen show events whereupon they are processed, stored and published on external communications channels (e.g. website, Facebook, YouTube). Within the scope of show events, Nolte Küchen reserves the right to take, process and disseminate still photographs and motion pictures of guests for purposes of public relations insofar as show visitors do not object to such in the form of a personal remark to the photographer or film crew on location at the show event. Attention will be drawn to the fact that photographs and videos will be taken on the admission ticket as well as in a clearly visible place at the entrance to the show event. The legal basis for this is Art 6 (1) f of the GDPR. Our legitimate interest lies in informing business partners, interested consumers, proprietors as well as Nolte Küchen staff about the event in conjunction with the above-mentioned communication purposes within the scope of our PR activities.
21. Your online application
Nolte Küchen GmbH & Co. KG is happy about your visit on our career page and about your interest in our company. The protection of your privacy during the processing of personal data is very important to us and we consider it in all our business processes.
Personal data which we only need to process your application and to correspond with you, such as master data (name, address), telecommunication data (phone number, email), personal data profiles with picture, CV and certificates will only be stored when you enter these data voluntarily in line with your application. Your personal information and data will be collected, stored and only used for the dedicated purpose with utmost diligence and integrity. In this process, we only collect data that are mandatorily necessary for your application at Nolte Küchen GmbH & Co. KG.
You agree with the processing and transfer of your data exclusively for the purpose of the application process. You guarantee that all details specified are true and correct.
Apart from that, you are aware of the fact that false details might result in termination of a possible employment contract.
Upon entry and transfer of your data, an encrypted connection will be used to directly sent your data to the server of our external provider, rexx systems GmbH, based in Hamburg. With this service provider, Nolte Küchen GmbH & Co. KG has signed an order processing contract in accordance with Article 28 GDPR that substantiates the mutual obligations regarding data protection.
All data will be encrypted by way of TLS encryption technology. Whenever you log in with the provided user data following your registration, the TLS encryption technology is used here as well. Any unencrypted access to your applicant data is excluded. Your data will be erased six months after completion of the application process. You can withdraw your consent to the storage and usage of your data in writing at any time.
In the course of order processing your data will be hosted at the service provider. Both Nolte Küchen GmbH & Co. KG and the provider take technical and organizational safety measures to protect your collected data against random or intentional manipulation, loss, destruction or against access of unauthorized persons. Our safety measures are constantly improved in compliance with the technological development. Within our company, only the responsible employees are allowed to access your applicant data.
Should your application not be fruitful, we will – upon you have given your consent – store your personal data which you have given us in the course of the entire application process beyond the end of the concrete application process. We will use your data in accordance with your consent in order to contact you and to continue the application process, should you come into consideration for another position.
22. Explanations regarding the data subjects’ rights
As a user of our website, the data subject is entitled – upon proof of their identity – at any time and free of charge to access the data stored about the data subject and for the purpose of storage (Article 15 GDPR). Apart from that, the data subject has the right to rectification (Article 16 GDPR), right to erasure (Article 17 GDPR), right to restriction of processing (Article 18 GDPR) or right to data portability (Article 20 GDPR). Please feel free to contact us or our Data Protection Officer, lawyer Stephanie Neitzel in writing. In case of an assumed infringement against data privacy rights, the data subject also has the right to lodge a complaint with a supervisory authority (Article 77 GDPR i.c.w. § 19 of the Federal Data Protection Act). The supervisory authority responsible for Nolte Küchen GmbH & Co. KG is the data protection authority of North Rhine-Westphalia.
23. Right to object
According to Article 21 GDPR, the data subject shall have the right to object at any time to processing of personal data concerning him or her which is based on Article 6, para. 1f GDPR (data processing for the purpose of legitimate interest). Full or partial objection can be sent to Nolte Küchen GmbH & Co. KG together with a respective message (per mail or email).
If there are no longer mandatory reasons requiring protection for processing outweighing your interests, rights or freedoms or if the processing serves for the enforcement, exercising or defending of legitimate claims, your personal data will no longer be processed if you object to processing.
24. Objection to email marketing
The usage of contact data published within the framework of imprint obligation for the purpose of providing not specifically requested advertisements and information is herewith objected to. The website operators explicitly reserve all legal steps if advertising material, e.g. spam emails, are sent unrequested.
25. Topicality of this Data Privacy Statement
We may amend this data privacy statement to reflect changes in functionalities or legal situations. Therefore we recommend that you check our data privacy notice at regular intervals. Insofar as your consent is required or parts of the data privacy statement contain provisions of the contractual relationship with you, amendments will only be made with your approval. Below you get a short overview of the latest changes we have made:
- Adding sections 21 and 22
- Adaptation to the requirements of the General Data Protection Regulation of the EU
- Since 22.01.2019 Google Ireland Limited is legally responsible for the Google services.