Privacy policy
Welcome to our website and thank you for your interest in our company.
In connection with your visit to our website, the confidentiality and integrity of your personal data, i.e. information, which is related to an identified or identifiable natural person, is very important to us and we set great store by the trustful business relationship with our customers and interested parties.
To a degree, we require personal data in order to perform our services. It is not our aim to collect, process or use personal data beyond the degree necessary. In particular, we do not sell data to third parties.
With this data protection note, we wish to give you as a visitor to our website, a customer or user, an overview about when we collect and process personal data, when we disclose such data to third parties for a specific purpose and how we use personal data.
We shall be happy to answer further questions you may have about data protection. Please use our contact details below in section 1 for this purpose.
I. Name and contact data of the data controller responsible for the processing
Data controller within the meaning of the General Data Protection Regulation and other national laws as well as other data protection regulations is
KMS TEAM GmbH
Gabrielenstrasse 9
80636 Munich
Germany
Phone: +49 89 490 411-0
Data Protection Representative: Tobias Damasko
Email: datenschutz@kms-team.com
II. General information about data processing
1. Processing of personal data
We generally process personal data of our users only to the extent that we require these data to provide a functional website (Internet page) as well as our content and services. As a rule, personal data are only processed after the user has given his consent. An exception to this are cases in which it is not possible to obtain prior consent for factual reasons, and when processing of the data is necessary or permitted in accordance with statutory requirements.
2. Purpose of processing and type of processed data
Data are processed in order to make our website available online with its functions, content and services. We want your visit to our website to be as pleasant and convenient as possible. You should have the opportunity of getting an overview about us and our range of services and of being able to communicate with us. We want to be able to answer your queries and maintain contact with you. To this end, the data serve to optimize our website and the convenience while you are using it. The data also serve to ensure the functional efficiency of our website and to ensure the security of our information technology systems and their stability. To achieve and fulfil these goals, we collect the required data for this purpose. Apart from user and communication data, which are automatically recorded by our system, these are also contact data such as email addresses to the extent you wish to disclose these data to us voluntarily.
3. Legal basis for the processing of personal data
When we seek to obtain the consent of the data subject for the processing procedure of personal data, the legal basis for this is Art. 6 (1) lit. a) EU General Data Protection Regulation (GDPR).
Insofar as the processing of personal data is required for fulfilling an agreement with the data subject, the legal basis is Art. 6 (1) lit. b) GDPR. This also applies for processing procedures necessary to carry out pre-contractual measures, as well as to respond to inquiries.
Art. 6 (1) lit. c) GDPR serves as the legal basis for processing personal data required to fulfil a legal obligation of our company.
Art. 6 (1) lit. d) GDPR serves as the legal basis if the vital interests of the data subject or of another natural person make it necessary to process personal data.
Art. 6 (1) lit. f) GDPR serves as the legal basis for processing data if this is required to protect a legitimate interest of our company or a third party, and if such legitimate interest overrides the interests and fundamental rights and freedoms of the data subject.
4. Storage period and erasure of data
As soon as the purpose for the storage no longer exists, personal data of the data subject shall be erased or blocked. If we as data controllers are subject to legal provisions and other regulations which stipulate such, storage of data may be required beyond this point. Erasure or blocking of data shall also take place if a legally prescribed storage period and one that applies to us expires, unless further storage is necessary to conclude or fulfil an agreement.
5. Order processing and disclosure of data to third parties
We only grant to others such as order processors or other third parties access to personal data based on legal permission (e.g. if you have given your consent, if a legal obligation exists, if such obligation is necessary to fulfil a contract, or a legitimate interest exists, such as laid down in Art. 6 (1) lit. f) GDPR, e.g. when using web hosts for secure provisioning of our website).
If we engage third parties to process personal data, this shall take place based on an order processing agreement on the basis of Art. 28 GDPR.
In addition, we advise you within the scope of the following information:
III. Website – Provision and server log files
1. Type and extent of data processing:
When visiting or logging in to our website www.kms-team.com, data will automatically be sent to us or our hosting providers from your terminal or its browser to ensure stable and secure functioning of our website; this information will be stored temporarily in what are known as server log files. Amongst other things, the following information will be stored in these server log files: the operating system of your device, type and version of your Internet browser, the website from which you accessed our website, our website and the subpages which you visit, time of each access, and the IP address of the device you use or the Internet connection from which the use of our website takes place.
Storage of these data together with other personal data or merging of these data with data from other sources shall not take place in this respect.
2. Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. Temporary storage of data in log files takes place to ensure the functionality of our website and to ensure the safety of our information technology systems and their stability, as well as to detect or trace abuse or fraudulent activities as the case may be. An evaluation of the data for marketing purposes does not take place in this context.
3. Legal basis for data processing
The legal basis for the processing and temporary storage of data and log files is Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in securing and improving the functionality and security of our website and arises from the above-mentioned purposes for data processing.
4. Storage duration
As soon as the data are no longer required for fulfilling the purpose they were collected for, they will be erased. When storing data in log files, the data will be stored for a period of 7 days due to security reasons. After this, they will be erased. If storage should be necessary in individual cases beyond this period for purposes of clarifying cases of abuse or fraudulent activities, the data will be erased following clarification of the relevant issues or incident.
IV. Newsletter
You shall receive our newsletter only if you have agreed to this or where legal permission exists. We shall inform you about the content described in our newsletter when you have registered. Otherwise, our newsletters contain information about us, our services and our projects, we issue invitations and give tips about events, and we inform you about topics related to marketing, brands and design.
1. Registration process, data processing
If you would like to receive our newsletter as offered on our website, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you consent to receiving the newsletter. To this end, your consent will be obtained in the course of the registration process and reference will be made to further information in this data protection statement. Following registration you will receive an email requesting confirmation of successful registration. In this way, abusive use of your email address is to be prevented. The registration process will be recorded and together with the time and confirmation of registration, the IP address of the requesting computer shall be stored so that you are able to furnish proof of your registration and consent in accordance with the legal requirements. We do not require any further data and they will not be collected. We only use this data to send the newsletter and do not pass them on to third parties.
2. Purpose of data processing, legal basis and duration of storage
The email address will be required in order to send the newsletter. The processing of data when and after registering to receive the newsletter and the evaluation related to the sending take place when consent has been given based on your consent pursuant to Art. 6 (1) lit. a) GDPR. Provided there is no necessity for consent, the sending will take place based on Art. 6 lit. f) GDPR and our legitimate interest in implementing marketing measures. A logging of the procedure based on the registration shall take place pursuant to Art. 6 (1) lit. f) GDPR with our legitimate interest in a secure and user-friendly procedure of sending the newsletter, linked with the possibility of providing proof of consent. Data collected will be erased as soon as they are no longer required for achieving the purpose for which they were collected. The data collected in the course of registration such as the email address, the time and confirmation of registration, IP address, may be stored for up to three years after you cancel our newsletter and revoke the consent needed for the newsletter, so that the consent required up to the time of its revocation can be proven.
3. Cancellation, revocation
You may cancel the receipt of our newsletter at any time and thus revoke the consent granted for the storage of data, the email address, as well as its use for sending the newsletter, for example via an appropriate link, which you will find in each newsletter or simply by writing an informal email. The lawfulness of the processing based on the consent you have given shall remain unaffected up to the time your revocation is received.
4. Newsletter distribution via Brevo (formerly sendinblue)
We use the Brevo e-mail distribution service to send our newsletter. This service is provided by Sendinblue GmbH, Köpenicker Strasse 126, 10179 Berlin, Germany. We hired Sendinblue on the basis of a contract for order processing (Art. 28 para. 3 S. 1 GDPR). Our legitimate interest follows the purpose of the hire, which ensures the technical handling and organisation of all related processes.
The newsletters we send with Sendinblue or Brevo allow us to analyse recipient behaviour. It is possible to track whether and when recipients have opened each newsletter, and which link users click. We are not, however, analysing this information for specific users. As such, this tracking is completely anonymous. In other words, we are tracking user behaviour, but not connecting this to you or your personal data.
We only conduct this tracking on the basis of your provided consent in accordance with Art. 6 para. 1lit a GDPR and based on our legitimate interest in optimising the content of our newsletter in accordance with Art. 6 para. 1 lit f GDPR.
If you do not consent to tracking, we ask that you refrain from subscribing to the newsletter or cancel your subscription.
Sendinblue only receives and saves the data you provided when registering for the newsletter, your IP address and the time of registration. Sendinblue saves this data on servers in Germany. It will be deleted no later than two years following the conclusion of our contractual arrangement with Sendinblue.
You can read Sendinblue’s privacy policy at https://www.brevo.com/de/legal....
V. Applications / “Join us”
If you’re interested in a position and would like to submit your application, we ask that you use the option provided on our website. Our current service provider, Personio SE & Co. KG, Seidlstraße 3, 80335 München, is responsible for processing these materials in line with all applicable laws. This simplifies handling for us and ensures that only those employees responsible for processing applications for us can access and view the corresponding documents.
Calling up the “Join us” page on our website automatically takes you to the careers and application portal operated for us by our service provider. The service provider also uses no cookies on this portal. When accessing the careers and application portal, please note any specific data privacy information that may be provided here.
If we receive unsolicited applications or ones for an advertised position, these data will be deleted no later than six months following the completion of the application process, provided there is no other reason to store this material for a longer period of time, e.g. which could be the case if the candidate is hired. The legal basis for processing data for the purposes of employment, in the context of a decision regarding the grounds for employment, or afterwards, for its continuation or termination, is § 26 BDSG (German Federal Data Protection Act) in connection with Art. 6 (1) lit. b GDPR. If you provide your consent, Art. 6 (1) 1 lit. a GDPR also applies, as well as Art. 6 (1) lit. f GDPR to safeguard our legitimate interests or those of a third party.
With your express consent, we can retain your data for use beyond a specific job application or once the application process has been completed. In this case, we would include your data in our “pool of candidates” provided you do not object to this storage or revoke your consent. This makes it possible for us to initially look at the applicants in the “pool of candidates” if we have job openings or intend to hire in the following two years. Even if you provide your consent and do not revoke it, we will delete your data after three years. This period of time starts at the end of the year in which you have submitted your data. We will not delete your data if there is a need for us to retail it, which could be the case if, for example, you enter into an employment relationship with us.
Right to erasure: You have the right to have your personal data erased and can request the deletion of your data with an e-mail to join-us@kms-team.com under the conditions outlined in Article 17 of the GDPR.
VI. Cookies
We do not use cookies.
VII. Social media plugins and external links
When visiting our website, we dispense with the use of social media plugins, which may be associated under certain circumstances with direct transfer of data.
In some cases, we offer you the possibility on our website of getting to the relevant pages via an external link.
At the same time, we would like to point out that, as is the usual case, you will reach an external website using a link and we have no influence on when or which data are collected on the external website. You will receive information about this from the relevant website operator on its website.
VIII. Rights of the data subject
You have the following rights vis-à-vis the data controller with respect to the personal data that concerns you:
- Right of access to information pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to rectification and erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to object to the collection, processing and/or use pursuant to Art. 21 GDPR;
- Right to data portability pursuant to Art. 20 GDPR
If the processing of your personal data takes places based on your consent (Art. 6 (1) lit. a) GDPR), you may withdraw your consent for the relevant purpose at any time. The lawfulness of the processing based on the consent you have given shall remain unaffected up to the time your revocation is received.
IX. Security
We use SSL (Secure Socket Layer) encryption technology or the TLS procedure (Transport Layer Security) to increase the security and protection when transferring confidential content on our website. You may see in the closed display of the key and/or lock symbol on the status bar of your browser whether a single page of our website is transferred encoded. Aside from this, we use appropriate technical and organizational security measures to protect your data from incidental or deliberate loss or destruction (in part or in whole) and against unauthorized access by third parties. Our security measures shall be continuously improved in line with technological progress. One hundred percent protection against unauthorized access is not achievable for transfers via the Internet or via websites or emails, but we try to guarantee the relevant protection within the scope of what is technically possible and at reasonable effort and expense.
X Amendments to this data protection notice
Through the further development of our website and offers or due to changes in statutory and official requirements, it may become necessary to amend or supplement this data protection information. You are able to access the current data protection information on our website at all times at https:/kms-team.com/en/privacy-policy and print it out. This current data protection statement applies as of May 2021.