Data Privacy Statement

I. Introduction

The following is intended to provide you, as the data subject, with an overview of personal data processed by JoCos GmbH and your rights under data protection laws. Our website can generally be used without entering personal data. If you wish to use special services offered by our company on our website, it may be necessary to process personal data. However, you can also choose to transmit personal data to us using alternative methods, for instance by telephone or by post.

II. Controller

The controller as defined by the GDPR is:

JoCos GmbH
Prinz-Ludwig-Straße 17
93055 Regensburg
Germany
Email: info@keralock.de
Tel.: (+49) 941 463 703 0

III. Data protection officer

You can contact the data protection officer at:

Niklas Hanitsch
c/o secjur GmbH
Steinhöft 9
20459 Hamburg
+49 40 228 599 520
dsb@secjur.com

Please feel free to contact our data protection officer directly for any questions or suggestions you may have pertaining to data privacy.

IV. Log files

When merely using our website for informational purposes, we only collect the data your browser transmits to our server (in so-called “server log files”). Our website collects a series of general data and information every time you or an automated system accesses the website. This general data and information are stored in the log files of the server. The following may be collected:

  • the browser type and version used,
  • the operating system used by the accessing system,
  • the web page from which an accessing system reaches our web page (so-called referrer),
  • the date and time of accessing the web page,
  • an Internet Protocol Address (IP address),
  • the host name of the accessing computer.

We do not draw any conclusions that allow us to identify you as a person when using the general data and information. Rather, this information is required to properly deliver the contents of our website, to ensure the permanent functionality of our IT systems and the technology of our website as well as to provide law enforcement authorities with the necessary information in the event of a cyber attack. We therefore analyse this collected data and information with the objective of increasing data protection and data security at our company to ultimately ensure an ideal level of protection for the personal data we process. The data from the server log files is stored separate from all personal data provided by a data subject. The retention period is two months. The legal basis for data processing is Article 6 (1) (f) of the GDPR. Our legitimate interest results from the purposes stated above. The website is hosted by the domainfactory GmbH.

V. Cookies

We use cookies on our website. Cookies are data that your browser automatically creates which are stored on your IT system (laptop, tablet, smartphone etc.) when you are visiting our website. Within a cookie, information is archived, which stem from the specific relation with the used device. That, however, does not mean that we immediately receive notice on your identity through that process.

We use cookies on our website which are technically imperative for the usage of our website in order to make it user-friendly. The legal basis for technically imperative cookies, which we required in order to provide a properly functioning website, is our legitimate interest, as defined in Article 6 (1) (f) of the GDPR.

Furthermore, we use cookies for analysis and statistical evaluation. That serves the purpose of improving our website in order to optimize our offers for you. As soon as you visit our website repeatedly, it is automatically recognized that you have visited us before. These technically non-imperative cookies are based on your approval, as described in Article 6 (1) (f) of the GDPR, which you have provided to us by opting in through the cookie banner.

VI. Our website content

1. Establishing contact

Personal data is processed in line with your contacting us (e.g. by phone or email). This data is solely stored and used for the purpose of responding to your request or to contact you and the technical administration associated with that. The legal basis for data processing is our legitimate interest in responding to your request in accordance with Article 6 (1) (f) of the GDPR. Your data resulting from your enquiry will be erased once your enquiry has been conclusively processed. This is the case when circumstances indicate the respective matter has been conclusively resolved and no statutory retention periods conflict with deletion. If you contact us with the objective of concluding a contract or if said contract results in a contractual relationship, Article 6 sec. 1 p. 1 lit. b) of the GDPR can also be relevant for processing. We then store your personal data in our CRM.

2. Application management / job portal

We collect and process the personal data of applicants for application process purposes. Data can also be processed electronically. This particularly applies if an applicant submits corresponding application documents to us electronically, e.g. sends them to us via email. The legal basis for data processing is Article 6 sec. 1 p. 1 lit. b) of the GDPR in conjunction with Article 88 of the GDPR in conjunction with § 26 of the German Data Protection Act (BDSG). If the person is hired, the data is placed into the personnel file and stored there. If you are not hired, we delete your application documents 6 months from the rejectionn Until then, the data is processed according to Article 6 (1) (f) of the GDPR based on our legitimate interest (AGG – General Act on Equal Treatment). If we would like to include you in our pool of applicants, we will get your separate consent for this purpose in accordance with Article 6 (1) (a) of the GDPR. In this case it is then stored for one year.

VII. Sending newsletters

1. Sending newsletters to existing customers

If you are our customer, we keep you informed about our latest, similar products and current topics via email. We do not require any separate consent from you according to § 7 sec. 3 of the Act Against Unfair Competition (UWG). In this respect, data processing takes place solely based on our legitimate interest in personalized direct advertising according to Article 6 sec. 1 lit. f) of the GDPR. You can unsubscribe from the newsletter at any time. In connection with the newsletter, we use the third-party provider GetResponse (see 2.)

2. Advertising newsletter

On our website, you have the option of subscribing to our company’s newsletter. It provides you with our latest news and special offers at regular intervals. We require your email address for this purpose.

The newsletter has tracking mechanisms embedded in the emails and they provide us with statistical analyses on the success or failure of our newsletter. In this connection, usage activities, the IP address, your location and data are processed via the web browser. We do not link this data to any of your other personal data. Our objective behind this analysis is optimizing the sending of our newsletter and being able to adjust content better. We use the help of GetResponse Sp.z o. o., Gdansk (80-387), Arkonska 6, A3, Poland to send the newsletter and for the analysis. We transmit the data you provide us with when subscribing to the newsletter to this company. This transmission takes place in line with data processing by GetResponse. In the process, your data is processed in the EU or if outside the EU, an appropriate level of protection is ensured. We have a data processing agreement with GetResponse. You can get more information about GetResponse here: https://www.getresponse.de/legal/datenschutz

Furthermore, when subscribing to the newsletter we also store your IP address, the computer system used at the time it was subscribed as well as the date and time it was subscribed. Collecting this data is necessary to be able to track a (possible) misuse of your email address at a later point in time. This collection takes place based on Article 6 (1) (f) of the GDPR.

The legal basis of data processing for the purpose of sending the newsletter and the analysis is Article 6 (1) (a) of the GDPR, your consent. This consent can be withdrawn at any time and without stating reasons. Each newsletter includes a link to unsubscribe from the newsletter, which, when used, equals the withdrawal of consent. If you would like to object to the data analysis for statistical analysis purposes, you must unsubscribe from the newsletter.

VIII. Our activities in social networks

In order to be able to communicate with you in social networks and inform you about our services, we also have our own pages there. When you visit one of our social network pages, it is possible that we are joint controllers with the provider of the respective social medial platform in terms of Article 26 of the GDPR regarding initiated processing operations that pertain to personal data. In this case, we are not the original provider of these pages but merely use these within the framework of the options offered by the respective provider. For reasons of precaution, we therefore point out that your data may possibly be processed outside the EU or the EEA. Consequently, the use of such pages can pose data protection risks to you because the protection of your rights, e.g. of access, to erasure, to object, etc. can become more difficult and the processing of data in social networks is frequently carried out for the direct purpose of advertising or to analyze user behaviour by the provider without us being able to influence these processes in any way. If the provider creates user profiles, cookies are often used or usage behaviour is directly linked to your own member profile on the social networks (if you are logged on there).

Our legal basis for operating the fan page is article 6 (1) (f) of the GDPR, our legitimate interest in being able to communicate with you in a contemporary manner or to inform you about our products. If you have to give the respective providers your consent to data processing as a user, the legal basis refers to article 6 (1) (a) of the GDPR in conjunction with Article 7 of the GDPR.

Given that we do not have any access to the providers’ data files, we would like to point out that it is best if you exercise your rights (e.g. of access, to rectification, to erasure, etc.) directly with the respective provider. We listed further information regarding the processing of your data in the social networks and the option of exercising your right to object or revoke (so-called opt-out) for the respective social network providers we use:

  • Facebook: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Privacy Policy: https://www.facebook.com/about/privacy
  • Instagram: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Privacy Policy: http://instagram.com/legal/privacy/

We do not use any social media plugins on our website. We merely provide a link. Therefore, no personal data is sent to the social media network when accessing the page.

IX. Shop pages

1. Amazon Marketplace

In order to be able to offer you our products, we use the Amazon Marketplace of the Amazon Europe S.à r.l, 38 avenue John F. Kennedy, L-1855 Luxembourg. Amazon makes the platform available to us, so we can present our products to you.

If you order one of our products on Amazon, Amazon processes your personal data required for contract conclusion and implementation and transmits this data to us.

We process this data in our systems and transmit the data from your order and required for shipment to our online shop warehouse in the form of a packing slip, which takes over compilation and delivery to you for us using a transport company.

We do not receive your payment data. Payment processing is solely carried out by Amazon.

The legal basis for the processing of your personal data in line with order processing is Article 6 sec. 1 p. 1 lit. b) of the GDPR. Processing takes place for the purpose of contract performance or to take pre-contractual measures with you. Your data is stored according to the statutory retention periods. Provided the processing of your data is no longer required, we will delete this data.

Furthermore, we would like to point out that Amazon provides us with statistics if you call up our products, which refer to our products and their being called up, orders, etc. We cannot derive any precise identities from these statistics. Moreover, we do not have any influence on the collection of this data.

You can find more information on the processing of your data and on settings you can make in Amazon’s privacy policy:
https://www.amazon.de/gp/help/customer/display.html?nodeId=3312401

2. Ebay

We also use the Ebay platform to be able to offer you our products. This platform belongs to the eBay GmbH, Albert-Einstein-Ring 2-6, 14532 Kleinmachnow, Germany.

If you order one of our products on Ebay, Ebay processes your personal data required for contract conclusion and implementation and transmits this data to us.

We process this data in our systems and transmit the data from your order and required for shipment to our online shop warehouse in the form of a packing slip, which takes over compilation and delivery to you for us using a transport company.

We do not receive your payment data. Payment processing is solely carried out by Ebay. Here, particularly by the eBay S.à r.l., 22-24 Boulevard Royal, 2449 Luxembourg.

The legal basis for the processing of your personal data in line with order processing is Article 6 sec. 1 p. 1 lit. b) of the GDPR. Processing takes place for the purpose of contract performance or to take pre-contractual measures with you. Your data is stored according to the statutory retention periods. Provided the processing of your data is no longer required, we will delete this data.

Furthermore, we would like to point out that Ebay provides us with statistics if you call up our products, which refer to our products and their being called up, orders, etc. We cannot derive any precise identities from these statistics. Moreover, we do not have any influence on the collection of this data.

You can find more information on the processing of your data and on settings you can make in Ebay’s privacy policy:
https://www.ebay.de/help/policies/member-behavior-policies/datenschutzerklrung?id=4260

X. Plug-ins and other services

1. Google Maps

We did not integrate Google Maps into our website but merely provide a link, which is included in the photo of the map. Therefore, Google does not automatically receive your data when accessing our website. Your data is not transmitted to the Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland until you actively click on the link. A transmission and storage of your data on servers of the Google LLC in the USA can result when accessing Google Maps, irrespective of whether you have a Google user account that you are logged on to or not. You can find more information about Google Maps here:
https://www.google.de/intl/de/policies/privacy/

2. Google Fonts

We use fonts from the Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. At the same time, we exercised extreme care, to ensure that no personal data is transmitted to Google. We still want to give you the option of informing yourself about the handling of personal data in Google’s Privacy Policy : https://www.google.com/policies/privacy/

3. Google Tag Manager

This website uses the Google Tag Manager, a cookie-less domain that does not collect any personal data but helps us organize and control website tags. Nevertheless, we would like to make you aware of Google Tag Manager being used. This tool triggers a tag which may collect data on your end (e.g. Google Analytics). The Google Tag Manger does not access this data itself.

4. Google Search Console

We use the Google Search Console. We use this console to monitor and manage how our website is listed in the Google search results for optimisation purposes and, if necessary, to be able to detect and rectify errors. However, data collection only takes place on the Google pages, not on ours. Further information can be found here: https://support.google.com/webmasters/answer/9128668?hl=de

5. Google Analytics

We use Google Analytics, a web analysis service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie on your use of this website such as

  • browser type/version,
  • operating system used,
  • referrer URL (the website previously visited),
  • host name of the accessing computer (IP address),
  • time of the server enquiry,

is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of our website. This information may also be transmitted to third parties. Under no circumstances is your IP address merged with other Google data. The IP addresses are anonymized to ensure it cannot be matched with an individual (IP masking). These processing procedures are solely conducted after receiving explicit consent in accordance with Article 6 (1) (a) of the GDPR.

Furthermore, you can prevent the data on your use of the website from being collected and processed by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

You can find more information on data privacy related to Google Analytics on the Google Analytics help page (https://support.google.com/analytics/answer/6004245?hl=de).

XI. Your rights as a data subject

  • Right to confirmation: You have the right to request a confirmation from us on whether or not your personal data is being processed.
  • Right of access Article 15 GDPR: You have the right to receive free information about the personal data we store in regard to you at any time as well as to receive a copy of this data in compliance with the legal provisions.
  • Right to rectification Article 16 GDPR: You have the right to request the rectification of your incorrect personal data. You further have the right to request that incomplete personal data is completed, taking the purposes of processing into account.
  • Erasure Article 17 GDPR: You have the right to request us to immediately erase your personal data, provided that one of the legally intended reasons applies and insofar as processing or storage is not required.
  • Restriction of processing Article 18 GDPR: You have the right to request us to immediately erase your personal data if one of the legally intended reasons applies.
  • Data portability Article 20 GDPR: You have the right to receive your personal data you provided us with in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller without obstruction by us, who were provided with the personal data, provided that processing is based on consent in accordance with Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or on a contract in accordance with Article 6 (1) (b) of the GDPR and processing is conducted with the help of automated processes, provided that processing is not required to perform a task which is in the public interest or in exercising public authority we were assigned. In exercising your right to data portability, you also have the right to have the personal data directly transmitted from one data controller to another controller in accordance with Article 20 (1) of the GDPR where technically feasible and provided that this does not affect the rights and freedoms of other persons.
  • Objection Article 21 GDPR: You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data, which is based on Article 6 (1) (e) (data processing in public interest) or (f) (data processing based on balanced interests) of the GDPR.
    This also applies to profiling based on these provisions in terms of Article 4 (4) of the GDPR.
    If you exercise your right to object, we will no longer process your personal data unless we are able to demonstrate compelling and legitimate reasons for this processing, which override your interests, rights and freedoms, or if processing serves to assert, exercise or defend legal claims.
    In individual cases, we process personal data for purposes of direct advertising. You can object to the processing of personal data for purposes of such advertising at any time. This also applies to profiling, provided that it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
    Furthermore, you have the right, for reasons resulting from your special situation, to object to the processing of your personal data that we conduct for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, unless such processing is required to fulfil a task, which is in the public interest.
    Irrespective of Directive 2002/58/EC, you have the option, in connection with the use of information society services, of exercising your right to object using automated procedures that use technical specifications.
  • Withdrawal of consent pertaining to data privacy: You are entitled to withdraw your consent given for the processing of personal data at any time in the future. You can address your withdrawal to the following email address at our company: info@keralock.de
  • Lodging a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority for data protection in connection with our processing of personal data. The authority responsible for us in all cases is the Bavarian State Office for Data Protection Supervision (LDA Bayern).

XII. Up-to-dateness and amendments to the Privacy Policy

This Privacy Policy is currently valid and was last updated in: May 2021.

It may become necessary to alter this Privacy Policy based on the further development of our website and offers or due to changes in legal or official requirements. You can access and print out the latest version of the Privacy Policy on the website at “https://keralock.de/datenschutz.html”.