GET IN TOUCH

ADDRESS
E & M Kremer GmbH
Von-Hünefeld-Str. 11
50829 Köln
GERMANY
E-MAIL
PHONE
WHATSAPP
OPENING HOURS
Monday - Thursday
7:30 AM - 5:00 PM

Friday
7:30 AM - 3:00 PM

Saturday - Sunday
closed

PRIVACY NOTICE

We, E & M Kremer GmbH (hereinafter: “the Company,” “we,” or “us”) take the protection of your personal data seriously and would like to inform you about data protection within our company.

With the implementation of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”), additional obligations have been imposed on us to ensure the protection of personal data of individuals affected by data processing (we also refer to you as the “customer,” “user,” “you,” “your,” or “data subject”).

As we either independently or jointly decide on the purposes and means of data processing, this primarily involves the duty to inform you transparently about the nature, scope, purpose, duration, and legal basis of the processing (cf. Article 13 and 14 GDPR). This declaration (hereinafter: “Privacy Notice”) informs you about the manner in which your personal data are processed by us.

1 General Information

1.1 Definitions

The following definitions are based on Article 4 of the GDPR:

“Personal data”
(Article 4(1) GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is considered identifiable if they can be identified directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, or an online identifier, or by reference to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity. Identifiability can also result from the combination of such information or other additional knowledge. The form or medium of the information is irrelevant (photos, videos, or audio recordings may also contain personal data).

“Processing”
(Article 4(2) GDPR) is any operation or set of operations performed on personal data, whether by automated means or not. This includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data, as well as changing a purpose of processing that was originally intended.

“Controller”
(Article 4(7) GDPR) is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Third party”
(Article 4(10) GDPR) is any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this includes other entities within a corporate group.

“Processor”
(Article 4(8) GDPR) is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller, particularly according to its instructions (e.g., IT service providers). In the legal sense, a processor is not considered a third party.

“Consent”
(Article 4(11) GDPR) of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

1.2 Name and Address of the Controller

The controller responsible for the processing of your personal data according to Article 4(7) GDPR is:

E & M Kremer GmbH
Von-Hünefeld-Straße 11
50829 Cologne, Germany
info@kremer-racing.com
+49 221 917 448 0

For further information about our company, please refer to the legal notice on our website.

1.3 Contact Details of the Data Protection Officer

For all questions and as a contact for data protection at our company, our company’s Data Protection Officer is available to you at any time. Their contact details are: Daniel Neus, dn@kremer-racing.com.

1.4 Legal Basis for Data Processing

By law, the processing of personal data is prohibited unless it is legally permitted under one of the following grounds:

Article 6(1)(a) GDPR (“Consent”): If the data subject has given consent to the processing of their personal data for one or more specific purposes;

Article 6(1)(b) GDPR: If processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;

Article 6(1)(c) GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a statutory retention obligation);

Article 6(1)(d) GDPR: If processing is necessary in order to protect the vital interests of the data subject or of another natural person;

Article 6(1)(e) GDPR: If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

Article 6(1)(f) GDPR (“Legitimate Interests”): If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (particularly if the data subject is a minor).

The storage of information on the user’s device or the access to information already stored on the device is only permitted if it is covered by one of the following legal grounds:

§ 25(1) TDDDG: If the end user has consented based on clear and comprehensive information. Consent must be given in accordance with Article 6(1)(a) GDPR;

§ 25(2)(1) TDDDG: If the sole purpose is to carry out the transmission of a message over a public telecommunications network;

§ 25(2)(2) TDDDG: If storage or access is strictly necessary to provide a service requested by the user.

For each processing activity we undertake, we state the applicable legal basis below. Processing may be based on multiple legal grounds.

1.5 Data Deletion and Storage Duration


For each processing activity, we specify how long the data is stored and when it is deleted or blocked. If no specific storage duration is stated below, your personal data is deleted or blocked as soon as the purpose or legal basis for the storage ceases. Your data is generally stored only on our servers in Germany, subject to any further disclosure in accordance with sections 1.7 and 1.8.

Storage may extend beyond the stated duration in the event of (pending) legal disputes with you or any other legal proceedings, or if storage is required by legal provisions to which we as the controller are subject (e.g., § 257 HGB, § 147 AO). When the legal retention period expires, the personal data is blocked or deleted unless further storage is necessary and there is a legal basis for it.

1.6 Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties (e.g., TLS encryption for our website), taking into account the state of the art, implementation costs, and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data breach (including its likelihood and impact) for the data subject. Our security measures are continuously improved according to technological development.

We are happy to provide more detailed information upon request. Please contact our Data Protection Officer (see section 1.3).

1.7 Cooperation with Processors

Like any company, we use external domestic and international service providers (e.g., for IT, logistics, telecommunications, sales, and marketing). These act only under our instructions and are contractually obliged to comply with data protection regulations under Article 28 GDPR.

If personal data is transferred by us to our subsidiaries or by our subsidiaries to us (e.g., for advertising purposes), this is done based on existing processing agreements.

1.8 Conditions for the Transfer of Personal Data to Third Countries

As part of our business relationships, your personal data may be transferred to or disclosed to third parties. These may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship with us (legal basis is Article 6(1)(b) or (f) each in conjunction with Article 44 et seq. GDPR). We inform you of the specific details of the transfer at the relevant points.

Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard (a list of these countries and copies of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). In other third countries, where personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. In such cases, we ensure that data protection is adequately guaranteed. This can be achieved through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data under Article 46(1) and Article 46(2)(c) GDPR (the standard contractual clauses of 2021 are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914&locale-en), certifications, or recognized codes of conduct. Please contact our Data Protection Officer (see section 1.3) for further details on this.

1.9 No Automated Decision Making (Including Profiling)


We do not intend to use any personal data collected from you for any automated decision making process (including profiling) which produces legal effects concerning you or similarly significantly affects you.

1.10 No Obligation to Provide Personal Data

We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, you are generally not legally or contractually obliged to provide us with your personal data; however, it may be that we can only provide certain offers in a limited manner or not at all if you do not provide the necessary data. If this is exceptionally the case in the context of the products we offer as presented below, you will be specifically informed.

1.11 Legal Obligation to Transmit Certain Data


We may be subject to a special legal or statutory obligation to provide lawfully processed personal data to third parties, particularly public authorities (Article 6(1)(c) GDPR).

1.12 Your Rights


Every affected person has:

The right to withdraw consent at any time with effect for the future
The right of access according to Article 15 GDPR
The right to rectification according to Article 16 GDPR
The right to erasure according to Article 17 GDPR
The right to restriction of processing according to Article 18 GDPR
The right to object to processing according to Article 21 GDPR

Additionally, there may be:

The right to data portability according to Article 20 GDPR
The right to proper and transparent processing (including information on this) in case of automated decision-making (Article 22 GDPR)
The right to lodge a complaint with a supervisory authority (Article 77 GDPR).
According to Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data in our company, for example, with the data protection supervisory authority responsible for us:

The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Phone: +49 211 384 24 0
Fax: +49 211 384 24 10
Email: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de

2. Visiting the Websites

2.1 Explanation of the Function


You can find information about our company and the services we offer especially at www.kremer-automotive.com and its subpages (hereinafter collectively: “websites”). When you visit our websites, personal data may be processed.

2.2 Processed Personal Data


During the informational use of the websites, the following categories of personal data are collected, stored, and processed by us:

“Log Data”: When you visit our websites, a so-called log data record (so-called server log files) is temporarily and anonymously stored on our web server. This consists of:

The page from which the page was requested (so-called referrer URL)
The name and URL of the requested page
The date and time of the request
The description of the type, language, and version of the used web browser
The IP address of the requesting computer, shortened so that a personal reference can no longer be established
The transmitted data volume
The operating system
The message whether the request was successful (access status/HTTP status code)
The GMT time zone difference

“Contact Form Data”: When using contact forms, the data transmitted through them is processed (e.g., gender, first and last name, address, company, email address, and the time of transmission).

Besides the purely informational use of our website, we offer a subscription to our newsletter, with which we inform you about current developments in business law and events. If you subscribe to our newsletter, the following “Newsletter Data” is collected, stored, and processed by us:

The page from which the page was requested (so-called referrer URL)
The date and time of the request
The description of the type of used web browser
The IP address of the requesting computer, shortened so that a personal reference can no longer be established
The email address
The date and time of registration and confirmation

We point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your email address and an individual ID. Links included in the newsletter also contain this ID. The data is collected exclusively in a pseudonymized manner, meaning the IDs are not linked with your other personal data, excluding direct personal reference.

2.3 Purpose and Legal Basis of Data Processing


We process the aforementioned personal data in accordance with the provisions of the GDPR, other relevant data protection regulations, and only to the necessary extent. As far as the processing of personal data is based on Article 6(1)(f) GDPR, the stated purposes also represent our legitimate interests.

The processing of log data serves statistical purposes and the improvement of the quality of our website, particularly the stability and security of the connection (legal basis is Article 6(1)(a) of (f) GDPR).
The processing of contact form data is carried out to handle customer inquiries (legal basis is Article 6(1)(b) of (f) GDPR).
The processing of newsletter data is carried out for the purpose of sending the newsletter. When you register for our newsletter, you consent to the processing of your personal data (legal basis is Article 6(1)(a) GDPR). We use the so-called double-opt-in procedure for newsletter registration. This means that after your registration, we send an email to the specified email address in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to verify your registration and, if necessary, clarify a possible misuse of your personal data. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. The revocation can be declared by clicking on the link provided in every newsletter email, by email to [company's email address], or by a message to the contact details provided in the imprint.
If the processing of the data requires the storage of information on your end device or access to information already stored on the end device (legal basis is Article 25(1) and (2) TTDSG).

2.4 Duration of Data Processing


Your data will only be processed as long as necessary to achieve the aforementioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly. Regarding the use and storage duration of cookies, please refer to point 1.5 and the cookie policy [link to the cookie policy]. Third parties we use will store your data on their systems for as long as necessary in connection with the provision of services for us according to the respective order. Further information on the storage duration can also be found under point 1.5.

2.5 Transfer of Personal Data to Third Parties; Justification Basis


The following categories of recipients, typically processors (see point 1.7), may have access to your personal data:

Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g., for data center services, payment processing, IT security). The legal basis for the transfer is then Article 6(1)(b) or (f) GDPR, as far as they are not processors;
State authorities/agencies, as far as this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Article 6(1)(c) GDPR;
Persons employed in the conduct of our business operations (e.g., auditors, tax advisors, banks, insurers, legal advisors, supervisory authorities, parties involved in company acquisitions or the formation of joint ventures). The legal basis for the transfer is then Article 6(1)(b) or (f) GDPR.
Regarding the guarantees for an adequate level of data protection when transferring data to third countries, see point 1.8. Additionally, we only transfer your personal data to third parties if you have given explicit consent for this according to Article 6(1)(a) GDPR.

2.6 Use of Cookies, Plugins, and Other Services on Our Website

2.6.1 Cookie Policy


Information about cookies, which cookies we use, and how you can manage your cookie settings and disable certain types of tracking can be found in our cookie policy.

2.6.2 Social Media Plugins


We do not use social media plugins on our websites. If our websites contain icons of social media providers (e.g. Instagram, Facebook or Youtube), we use them solely for passive linking to the pages of the respective providers.

Last updated: May 2024