Privacy Policy

The following information details how we handle your personal data when you use our website. Personal data refers to any data that can be used to identify you personally. Your data is protected in accordance with legal regulations, particularly the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Below, you will find information on what data is collected during your visit to our homepage and how it is used:

1.1 The controller for data processing on this website, as defined by the General Data Protection Regulation (GDPR), is

Kartoffel-Center München Nord GmbH
Untere Grabenwiese 1
85716 Unterschleißheim
Represented by: Mr. Martin Schmid
Phone: +49 (0) 89 / 37 40 516
Email: info@kcmn.de

The complete imprint can be found at the following link:
The controller for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.2 The controller has not appointed a data protection officer for their company.
The contact person for data protection in our company is:

Ms. Cornelia Obermeier
Phone: +49 (0) 89 / 37 40 51 73
Email: cobermeier@kcmn.de

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), we use SSL or TLS encryption on our website. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser’s address bar.

If you visit our website without registering or otherwise providing us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the individual web pages to you:

• The individual pages of our website (URL)
• Date and time of access
• Amount of data sent in bytes
• Source/reference from which you accessed the page
• Browser used
• Operating system used
• IP address used

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. However, we reserve the right to retrospectively check the server log files if there are concrete indications of unlawful use. Non-anonymized server log files are automatically deleted after 30 days at the latest.

Our website is hosted by a service provider who provides us with infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services. We have concluded a data processing agreement with this provider. Data processing is carried out for the purpose of ensuring the operational readiness of our website, in which we have a legitimate interest, Art. 6 para. 1 lit. f GDPR.

In addition, server log file data is also collected by third-party providers (see below).

We use so-called cookies on our website. These are small text files that are stored on your end device. If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data as well as IP address values. In some cases, cookies serve to simplify the ordering process by storing settings (e.g., remembering the content of a virtual shopping cart for a later visit to the website).

The session cookies set by us are deleted after the end of the browser session, i.e., after you close your browser.

If personal data is also processed by individual cookies implemented by us, the processing takes place either in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

Please note that you can set your browser to inform you about the setting of cookies and to decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally. Each browser differs in how it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

• Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
• Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
• Safari: https://support.apple.com/kb/ph21411?locale=de_DE
• Opera: http://help.opera.com/Windows/10.20/de/cookies.html

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.

In the event of your electronic contact with us (e.g., via email), personal data will be collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. Without this mandatory information, we cannot process your request. All other information is voluntary.

The legal basis for the processing of data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. For your voluntary information, the legal basis is Art. 6 para. 1 lit. a GDPR.

Your data will be deleted after your request has been fully processed. This is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

For the execution of our email communication, we have commissioned a service provider who provides us with infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services. We have concluded a data processing agreement with this provider. Data processing is carried out for the purpose of ensuring the operational readiness of our email communication, in which we have a legitimate interest, Art. 6 para. 1 lit. f GDPR.

Type and purpose of processing:
To display our content correctly and graphically appealing across browsers, we use “Google Web Fonts” from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) on this website for the display of fonts.
You can find the privacy policy of the library operator Google here: https://www.google.com/policies/privacy/

Legal basis:
The legal basis for the integration of Google Webfonts and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a GDPR).

Recipient:
Calling up script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible – although currently unclear whether and for what purposes – that the operator, in this case Google, collects data.

Storage period:
We do not collect any personal data through the integration of Google Webfonts. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy.

Third country transfer:
Google processes your data in the USA and has submitted to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Provision required or necessary:
The provision of personal data is neither legally nor contractually required. However, the correct display of content may not be possible with standard fonts.

Withdrawal of consent:
The programming language JavaScript is regularly used to display content. You can therefore object to data processing by deactivating the execution of JavaScript in your browser or installing a JavaScript blocker. Please note that this may lead to functional restrictions on the website.

• Confirmation of data processing: You have the right to request confirmation from us as to whether your personal data is being processed. The conditions for this can be found in Art. 15 GDPR;
• Information: You have the right to request information about your personal data processed by us. The conditions for this can be found in Art. 15 GDPR;
• Rectification: You have the right to demand the immediate rectification of inaccurate personal data concerning you. The conditions for this can be found in Art. 16 GDPR;
• Erasure: You have the right to demand the immediate erasure of personal data concerning you. The conditions for this can be found in Art. 17 GDPR;
• Restriction of processing: You have the right to demand the restriction of the processing of your personal data. The conditions for this can be found in Art. 18 GDPR;
• Data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Furthermore, you have the right to have this data transmitted by us to another controller. The conditions for this can be found in Art. 20 GDPR;
• Withdrawal of consent: You have the right to withdraw your given consent at any time if the processing is based on Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR. The data processing until the withdrawal remains lawful. The withdrawal is only valid for the future. The conditions for this can be found in Art. 7 (3) GDPR;
• Complaint: You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. The conditions for this can be found in Art. 77 GDPR.

YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH WE PROCESS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST (ART. 6 (1) LIT. E OR F GDPR), WITH EFFECT FOR THE FUTURE. THE CONDITIONS FOR THIS CAN BE FOUND IN ART. 21 GDPR.

Unless a different storage period is specified above, we store the data as long as it is necessary for its intended purpose and legal retention obligations exist. According to legal requirements, data is retained for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, booking vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, booking vouchers, commercial and business letters, documents relevant for taxation, etc.).

After the retention period has expired, the corresponding data is routinely deleted, provided it is no longer required for contract fulfillment or initiation and/or we no longer have a legitimate interest in continued storage.

This privacy policy is currently valid and was last updated in May 2018.

Due to the further development of our website and its offerings or due to changed legal or official requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on the website under  KCMN Privacy Policy can be accessed and printed by you.