The Katz Group / Data privacy

Data Privacy

KATZ GMBH & Co. KG aims to enhance users’ trust in the Internet by clearly disclosing how it makes use of personal data. Please read on to find out what information we collect, why we collect it, and how we make use of it.This Privacy Policy contains specific information for job applicants as well as general information which is applicable to both job applicants and any other visitors to our websites and online platforms.We take our responsibilities very seriously when it comes to protecting your data and ensuring it is handled confidentially. We would therefore ask that you only send us serious job applications and carefully scan any attached files for viruses etc. before forwarding them to us.

  1. This Privacy Policy describes how we process personal data collected on our websites and online platforms and through our associated webpages, functions and content (hereinafter referred to as the “Websites”) and describes the scope and purpose of these activities. This Privacy Policy applies to all situations, regardless of which domain, system, platform or device (e.g. desktop or mobile) the Websites are accessed on.
  2. The provider of the Websites, and the party responsible for data protection and privacy issues in regard to the Websites, is the company KATZ GMBH & Co. KG, Hauptstrasse 2, D-76599 Weisenbach, Germany; e-mail: office@thekatzgroup.com (hereinafter referred to as “we”, “us” and “our”). Please consult our legal notice for more information on the representatives of our company and who to contact: Legal info.
  3. You can contact our Data Protection Officer by sending an email to datenschutz@koehlerpaper.com.
  4. The following used term “User” used hereinafter refers to both job applicants and all other visitors to our Websites. We consider all the terms we use, such as job applicant, to be gender-neutral.

 

  1. All the personal User data we collect is processed in accordance with the relevant data protection regulations. That means we only process User data where this is permitted by law. This applies, in particular, if data processing is required or prescribed by law in order to furnish our contractual services (e.g. to process orders) and provide online services, or if the User has provided their consent, or if it is for the purposes of our legitimate interests (i.e. our interest in analysing, optimising and running our Websites in a secure and commercially viable manner within the meaning of Art. 6 (1) (f) of the General Data Protection Regulation (GDPR)) particularly in terms of measuring reach, creating profiles for advertising and marketing purposes, collecting access data, and using third-party services.
  2. In regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR), please note that the legal basis for the data subject giving consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing data in order to perform our contractual services and discharge our contractual obligations is Art. 6 (1) (b) GDPR, the legal basis for processing data in order to comply with our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing data for the purposes of our legitimate interests is Art. 6 (1) (f) GDPR.

 

  1. We apply state-of-the-art organisational, contractual and technical security measures to ensure compliance with the provisions of data protection legislation and thereby to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
  2. These security measures include, in particular, the encrypted transmission of data between your browser and our server.

 

  1. Data is only forwarded to third parties to the extent permitted by law. We only forward User data to third parties if this is necessary e.g. for billing purposes, or for other purposes if the User data is required to perform a contract to which the data subject is party.
  2. In cases where we employ subcontractors to furnish our services, we ensure appropriate legal safeguards are in place and take appropriate technical and organisational steps to ensure that personal data is protected in compliance with applicable statutory requirements.
  3. Insofar as content, tools or any other resources from other providers (hereinafter referred to as “third-party providers”) are employed within the scope of this Privacy Policy and said third-party providers have their registered headquarters in a third country, it should be assumed that data will be transferred to the country of domicile of the third-party provider.
  4. The term third country refers to countries in which the GDPR does not constitute directly applicable legislation, i.e. essentially countries outside the EU or the European Economic Area.
  5. Data shall be transferred to third countries if an adequate level of data protection is in place, if the User has provided their consent, or if this transfer is permitted by law in any other way.

 

  1. We only process data on job applicants for the purpose of, and in the context of, the application process, and this processing is carried out in compliance with statutory requirements. We process applicant data to perform our contractual obligations and for the purposes of our legitimate interests, as well as the interest of applicants in benefiting from a fast and efficient application process.
  2. The application process requires applicants to share their applicant data with us. The details we require from applicants are indicated as such on our online form. They include details of the applicant’s name, postal and contact addresses and documents that form part of an application such as a cover letter, curriculum vitae and references. In addition, applicants can also voluntarily choose to send additional information. By transferring their application to us, applicants are providing their consent for us to process their data for the purposes of the application process in the manner and scope outlined in this Privacy Policy.

 

  1. We do not forward applicant data to third parties. Within the context of the application process, we may, however, obtain support from external service providers or other companies within our Group. In this case, applicants data may also be processed by these service providers. These service providers only process applicant data on our behalf and on the basis of contractual obligations that require them to comply with agreed organisational and technical measures.
  2. Applicant data may also be forwarded if a job has been expressly posted by multiple companies within our Group of companies, i.e. if an application process is conducted by multiple companies.
  3. In all other cases, we ask the applicant for their consent before forwarding their data.

 

  1. Applicants can send us their applications using the contact form on our website. The data is transmitted to us using state-of-the-art encryption.
  2. Alternatively, applicants may send us their applications by email, though we would like to point out that emails are not encrypted when they are sent. We are therefore unable to accept any liability for the transmission route between the sender and the receipt of the application on our server; we therefore recommend that applicants use the online form.
  3. Instead of applying via the online form or email, applicants also have the option of sending us their application by post.

 

  1. In the event of a successful application, we may further process the data provided by applicants for the purposes of the employment relationship.
  2. Otherwise, if the application for a post is unsuccessful, the applicant data is deleted. Applicant data is also deleted if an application is withdrawn, something which applicants are entitled to do at any time.
  3. Provided that the applicant withdraws the application in a legitimate manner, the data shall be deleted after a period of six months, which is the time required to ensure that we can answer any follow-up questions on the application and fulfil our contractual obligations on record-keeping as stipulated in Germany’s General Act on Equal Treatment (AGG).

 

  1. If a user gets in touch with us (via contact form, email, trade fair contact, or similar) we process the user’s details in order to respond to and deal with the query or request.
  2. Users’ details may be stored in our customer relationship management (CRM) system or a comparable enquiry system and must then be retained for six years in line with statutory requirements regarding business correspondence or ten years if they have any legally mandated relevance for tax purposes.

 

  1. Log file information is collected by the provider solely for monitoring purposes.
  2. For security reasons – for example to help detect improper use or fraud – log file information is held directly for a period of 24 hours and then archived for 30 days before being deleted. Data that is to be retained as evidence shall be excluded from deletion until the relevant case has been finalised.

 

  1. Cookies are data packets that are transferred from our web server or third parties’ web servers to the User’s web browser and stored there for later retrieval. Cookies may comprise small files or any other kinds of information storage. This Privacy Policy explains to Users how we use cookies in a pseudonymised manner to measure reach.
  2. If the User does not wish cookies to be stored on their computer, we hereby request that they disable the relevant option in their browser settings. Stored cookies can be deleted in the browser settings at any time. Disabling cookies may prevent you from enjoying the full functionality of these Websites.
  3. You can block cookies that are used for tracking and online advertising by visiting the opt-out page of the network advertising initiative (http://optout.networkadvertising.org/) and also by managing your preferences on the U.S. website http://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/uk/your-ad-choices/.

 

  1. For the purposes of our legitimate interests (i.e. our interest in analysing, optimising and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) (f) of the General Data Protection Regulation (GDPR), we use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google uses cookies. The information generated by cookies concerning the use of the Websites by the User will generally be transmitted to and stored by Google on servers in the USA.
  2. Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
  3. Google will use this information on our behalf for the purpose of evaluating use of our Websites by the User, compiling reports on activity on the Websites, and providing us with other services relating to the use of the Websites and use of the Internet. This process may involve creating pseudonymised usage profiles of Users from the processed data.
  4. We only use Google Analytics with IP anonymisation enabled. That means Google truncates the User’s IP address within Member States of the European Union and in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
  5. The IP address transmitted by the User’s browser is not associated with any other data held by Google. Users can prevent cookies from being installed on their computer by adjusting their browser settings accordingly. Users can also prevent Google from collecting data generated by cookies concerning their use of the Websites and can prevent Google from processing this data by downloading and installing a browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
  6. For more information on how Google uses data and how to opt out, please refer to Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“How Google uses data when you use our partners’ sites or apps”), http://www.google.com/policies/technologies/ads (“How Google uses data in advertising”), http://www.google.com/settings/ads (“Control the information Google uses to show you ads”).

 

  1. For the purposes of our legitimate interests (i.e. our interest in analysing, optimising and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) (f) of the GDPR), we use the marketing and remarketing services (hereinafter referred to as “Google marketing services”) provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
  2. Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
  3. Google marketing services enable us to display ads for and on our website in a more targeted fashion, helping us to only show ads to Users that are potentially of interest to them. The method we use, known as remarketing, involves, for example, showing Users ads for products in which they have already shown an interest on other websites. For this purpose, our Websites – and other websites on which Google marketing services are active – contain a snippet of code, which is executed directly by Google. This integrates what are known as (re)marketing tags in the website (invisible image files or code, also known as web beacons). With the help of these tags, an individual cookie, i.e. a small file, is saved on the User’s device (comparable technologies may also be used instead). These cookies may be set from a few different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file notes which sites the User visits, which content interests the User, and which offers he or she clicked, as well as technical information on the browser and operating system, referring websites, visit duration and other data on the use of the Websites. The User’s IP address is also recorded, though we wish to make it clear that, within the context of Google Analytics, the IP address is truncated within European Union Member States and in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to the US-based Google server and truncated there. The IP address is not merged with User data within other Google offerings or services. The information referred to above may also be linked to comparable information from other sources. If the User subsequently visits other websites, they may be presented with ads tailored to them according to their interests.
  4. User data is processed in a pseudonymised manner within the context of Google marketing services, i.e. Google does not store and process details such as the name or email address of the User, but instead processes the relevant data within pseudonymised usage profiles based on cookies. This means that, from Google’s perspective, the ads are not managed for and displayed to a named or otherwise identifiable person, but rather for and to the cookie holder, regardless of who this cookie holder is. That is not, however, the case if a User has expressly granted Google permission to process their data in a non-pseudonymised manner. Information collected on Users by Google marketing services is transmitted to Google and stored on Google’s servers in the USA.
  5. One of the Google marketing services we use is the online advertising service “Google AdWords”. In the case of Google AdWords, each AdWords client receives a different “conversion cookie”. Thus, cookies cannot be tracked across the websites of AdWords clients. The information collected by the conversion cookies is used to provide aggregate conversion statistics for AdWord clients who have opted in to conversion tracking. AdWords clients are informed of the total number of users who clicked on the ad and were forwarded to a conversion tracking tag page. However, they do not receive any information that would enable them to identify users personally.
  6. Our Websites may contain third-party ads from the Google marketing service DoubleClick. DoubleClick uses cookies that enable Google and its partner websites to display ads based on User visits to this website and/or other websites on the Internet.
  7. We may also use the Google Tag Manager to incorporate and manage Google analysis and marketing services in our Websites.
  8. You can find more information on how Google uses data for marketing purposes at https://www.google.com/policies/technologies/ads. Google’s privacy policy is available at https://www.google.com/policies/privacy.
  9. If you wish to opt out of personalised advertising by Google marketing services, you can adjust your preferences and opt-out settings by visiting the following page: http://www.google.com/ads/preferences.

 

  1. The links and buttons provided for social networks and platforms (hereinafter referred to as “social media”) on our Websites only establish contact between social networks and Users if Users click on the links/buttons and the respective networks or their websites are loaded. This function operates on the same principle as a regular online link.
  2. The list below provides an overview of linked social media providers as well as links to their privacy policies, which contain further information on data processing and opt-out mechanisms, some of which have already been discussed here:

    Facebook, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, Privacy Policy: http://de-de.facebook.com/policy.php, Opt-Out: http://www.facebook.com/settings.

    YouTube, Google Inc., Gordon House, Barrow Street, Dublin 4, Ireland, Privacy Policy: https://policies.google.com/privacy#infochoices, Opt-Out: https://www.google.com/settings/ads/.

    Xing / kununu, New Work SE, Am Strandkai 1, 20457 Hamburg, Germany, Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

    Instagram, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, Privacy Policy: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

    LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Policy: https://www.linkedin.com/legal/privacy-policy

  1. For the purposes of our legitimate interests (i.e. our interest in analysing, optimising and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) (f) of the GDPR), we use third-party content and service delivery services on our Websites in order to incorporate content and services such as videos and fonts, for example (hereinafter jointly referred to as “content”). The third-party provider of this content always requires the User’s IP address in order to send the content to the browser of the respective User. In other words, the IP address is required to display this content. We endeavour only to use such content where the respective provider uses the IP address exclusively to deliver said content. Third-party providers may additionally use “pixel tags” (invisible image files, also known as web beacons) for statistical or marketing purposes. Pixel tags can be used to analyse information such as the number of visitors accessing the pages of this website. The pseudonymised information may additionally be stored on User devices in the form of cookies. This information includes technical information on the browser and operating system, referring websites, time spent on the website, and further details on how Users make use of our Websites, plus it can also be combined with comparable information from other sources.
  2. The list below provides an overview of third-party providers and their content as well as links to their privacy policies, which contain further information on data processing and opt-out mechanisms, some of which have already been discussed here:

 

  1. Users have the right to obtain information free of charge on the personal data we have collected about them.
    In addition, Users have the right to correct any inaccurate data, restrict the processing of their personal data or delete it, and, where applicable, assert their right to data portability. Users also have the right to submit a complaint to the relevant supervisory authorities (the Baden-Württemberg Data Protection Commissioner, Königstrasse 10a, 70025 Stuttgart, Germany) if they suspect that data has been processed unlawfully.
  2. Equally, users are entitled to withdraw any consent they have previously given without stating a reason. Such a revocation of consent shall have future effect only.

 

  1. The data stored by us is deleted once it is no longer required for the designated purpose and provided that we have no statutory obligation to retain said data. In the event User data is not deleted because it is required for other purposes permitted by law, then its processing shall be restricted accordingly, i.e. the data shall be blocked and no longer processed for other purposes. This applies, for example to User data that must be retained due to commercial or tax requirements.
  2. According to statutory regulations, documents must be retained for six years as per § 257 (1) of the German Commercial Code (HGB) (accounting ledgers, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) and for 10 years as per § 147 (1) of the German Fiscal Code (AO) (accounts and records, situation reports, accounting records, trade and business letters, other documents of relevance for taxation, etc.).

 

Users can choose to opt out of the future processing of their personal data at any time in accordance with statutory provisions without giving reasons. This right to object applies in particular to the processing of data for the purposes of direct advertising.

  1. We reserve the right to amend this Privacy Policy at any time to reflect changes in the legal situation or changes relating to the service or data processing. This only applies to declarations concerning data processing, however. If Users’ consent is required or if the Privacy Policy contains provisions for the contractual relationship with the Users, the changes shall only be made with the consent of the Users.
  2. Users are requested to check the Privacy Policy on a regular basis to keep up-to-date with its content.

Last updated: December 2018