Privacy

for the utilisation of our website www.druckhaus-kaufmann.de
Protecting your data and maintaining your privacy is very important to us. Therefore, we are collecting, processing, and storing your personal data exclusively in accordance with German data protection law. Below, we are explaining which information we collect during your visit to our website and how this information is being used.

Our data protection officer, Mr Stefan Czech, is looking forward to helping you if you have any questions regarding the topic of data protection. Please, send him an e-mail or give him a call.

Stefan Czech
Data Protection Officer
T +49 (0)7821 945-118
datenschutz@druckhaus-kaufmann.de

Personal data
Personal data is individual information regarding the personal circumstances or factual affairs of a natural person. This includes information such as your name, your address, your telephone number, and your date of birth. Information that cannot directly be linked to your true identity, such as bookmarked web pages or the number of users of a page, are not personal data.

Collecting and processing of personal data
When you visit our website www.druckhaus-kaufmann.de, our web server by default temporarily stores, for system security purposes, the connection data of the inquiring computer (IP address), the web pages that you visited at our site, the date, time, and duration of the access, the pages called up during the visit, the identifying data of the browser and operating system type used, as well as the website from which you visited us. Personal data above and beyond this, such as your name, your address, your telephone number, or your e-mail address are not being collected, unless you voluntarily provide this information, e.g. in the context of a registration, to execute a contract, or perform an informational inquiry.

Utilisation and passing-on of the personal data
We use the personal data provided by you exclusively for the purpose of the technical administration of the website and to fulfil your wishes and requests, i.e., typically to execute the contract entered into with you, or to respond to your inquiry.
Only then, when you have previously granted us your permission and/or if you – to the extent that there are statutory provisions for this – have not objected, we use this data also for product-related advertising by mail.
A passing-on, sale, or other transfer of your personal data to third parties does not take place unless this is required for the purposes of executing the contract or if you have expressly consented to it.

Security measures
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to data, as well as access to, input of, disclosure of, assurance of availability of, and segregation of data. We have also established procedures to ensure the exercise of data subjects’ rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
SSL encryption (https): To protect your data transmitted via our online site, we use SSL encryption. You can recognise such encrypted connections by the prefix https:// in the address bar of your browser.

Use of cookies
Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. The primary purpose of a cookie is to store information about a user during or after their visit within an online site. Stored information may include language settings on a website, login status, a shopping cart, or where a video was watched. The term cookies also includes other technologies that perform the same functions as cookies (e.g. when user information is stored using pseudonymous online identifiers, also known as “user IDs”)
The following cookie types and functions are distinguished:
Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online site and closed the browser.
Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for reach measurement or marketing purposes may be stored in such a cookie.
First-party cookies: First-party cookies are set by us.
Third-party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
Necessary (also: essential) cookies: On the one hand, cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user inputs or for security reasons).
Statistic, marketing and personalisation cookies: Furthermore, cookies are generally also used in the context of range measurement and when a user’s interests or behaviour (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This process is also known as “tracking”, i.e., following the potential interests of users. Insofar as we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.
Notes regarding the legal basis: The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is your declared consent. Otherwise, the data processed with the aid of cookies will be processed on the basis of our legitimate interests (e.g. to operate and improve our online site) or if the use of cookies is necessary to fulfil our contractual obligations.
Duration of storage: If we do not provide you with explicit information on the duration of storage of permanent cookies (e.g. in the context of a so-called cookie opt-in), please assume that the duration of storage can be up to two years.
General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent given or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection through your browser settings, e.g. by deactivating the use of cookies (which may also restrict the functionality of our online site). An objection to the use of cookies for online marketing purposes can also be made through a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further instructions on how to object in the context of the information on the service providers and cookies used.
Processing of cookie data on the basis of consent: We use a cookie consent management procedure in which the consent of users to the use of cookies, or to the processing and providers mentioned in the cookie consent management procedure, can be obtained and managed and revoked by users. In this context, the declaration of consent is stored to avoid having to repeat the query and to be able to prove the consent in accordance with the legal obligation. Data can be stored on the server and/or in a cookie (so-called opt-in cookie or comparable technologies), in order to be able to assign the consent to a user or a user’s device. Subject to individual information on cookie management service providers, the following information applies: The consent can be stored up to two years. In the process, a pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used.
Types of data processed: usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: users (e.g. website visitors, users of online services).
Legal basis: consent (Art. 6 para. 1 (1) (a) GDPR), legitimate interests (Art. 6 para. 1 (1) (f) GDPR).
Services used and service providers:
Klaro!: Cookie consent management; service provider: KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin, Germany;
website: https://kiprotect.com/klaro;
privacy policy: https://kiprotect.com/de/ressourcen/datenschutz.

Provision of the online site and web hosting
In order to be able to provide our online site securely and efficiently, we utilise the services of one or more web hosting providers from whose servers (or servers managed by them) the online site can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed in the context of the provision of the hosting service may include all information relating to the users of our online service which is collected in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the content of online sites to browsers, and all entries made within our online site or web pages.
Collection of access data and log files: We ourselves (or our web hosting provider) collect data with every access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously) and, as a rule, IP addresses and the requesting provider.
The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and also to ensure the utilisation of the servers and their stability.
Types of data processed: content data (e.g. entries in online forms), usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online site and user-friendliness.
Legal basis: legitimate interests (Art. 6 (1) (f) GDPR).
Services used and service providers:
Amazon Web Services (AWS): Services in the field of provision of information technology infrastructure and related services (e.g. storage space and/or computing capacity); service providers: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA;
website: https://aws.amazon.com/de/;
privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr.

Contact
When contacting us (e.g. via contact form, e-mail or telephone), the data of the requesting persons is processed as far as this is necessary to answer the contact requests and take any requested measures.
Responding to contact requests in the context of contractual or pre-contractual relations serves to fulfil our contractual obligations or to answer (pre)contractual requests and is carried out on the basis of the legitimate interests in responding to the requests.
Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, phone numbers), content data (e.g. entries in online forms), usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: communication partners.
Purposes of processing: contact requests and communication.
Legal basis: Contract performance and pre-contractual requests (Art. 6 (1) (b) GDPR), legitimate Interests (Art. 6 (1) (f) GDPR).

Web analytics, monitoring and optimisation
Web analytics (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online site and may include behaviour, interests, or demographic information about visitors such as age or gender as pseudonymous values. With the help of reach analytics, we can identify e.g. at which time our online site or its functions or content are used most frequently or invite to re-use. Likewise, we can understand which areas need optimisation. In addition to web analytics, we may also use testing procedures, e.g. to test and optimise different versions of our online site or its components.
For these purposes, so-called user profiles may be created and stored in a file (so-called “cookie”) or similar procedures may be used with the same purpose. This information may include e.g. content viewed, web pages visited and elements used on them and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider.
User IP addresses are also stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. Generally, in the context of web analytics, A/B testing and optimisation, no clear user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual user’s identity, but only the information stored in user profiles for the purposes of the respective procedures.
Notes regarding the legal basis: Where we ask users to consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information regarding the use of cookies in this privacy policy.
Types of data processed: usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: users (e.g. website visitors, users of online services).
Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors), profiles with user-related information (creation of user profiles).
Security measures: IP masking (pseudonymisation of IP addresses).
Legal basis: consent (Art. 6 para. 1 (1) (a) GDPR), legitimate interests (Art. 6 para. 1 (1) (f) GDPR).
Services used and service providers:
Google Analytics: reach measurement and web analytics; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
website: https://marketingplatform.google.com/intl/de/about/analytics/;
privacy policy: https://policies.google.com/privacy.

Online marketing
We process personal data for online marketing purposes, which may include in particular marketing advertising space or displaying promotional and other content (collectively referred to as “content”) based on users’ potential interests and measuring its effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used to store the user data relevant for the presentation of the aforementioned content. This information may include e.g. content viewed, web pages visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed.
User IP addresses are also stored. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. Generally, in the context of online marketing no clear user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the online marketing procedures, do not know the actual user’s identity, but only the information stored in the profiles.
The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can later generally be read on other websites that use the same online marketing method and analysed for the purpose of displaying content as well as supplemented with additional data and stored on the server of the provider of the online marketing procedure.
In exceptional cases, clear data can be assigned to profiles. This is the case e.g. if the users are members of a social network whose online marketing methods we use and the network links users profiles to the aforementioned information. Please note that users can make additional agreements with the providers, e.g. by giving their consent as part of the registration process.
We generally only receive access to aggregate information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. Conversion measurement is used solely to analyse the success of our marketing efforts.
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.
Notes regarding the legal basis: Where we ask users to consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information regarding the use of cookies in this privacy policy.
Types of data processed: usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: users (e.g. website visitors, users of online services).
Purposes of processing: marketing, profiles with user-related information (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures).
Security measures: IP masking (pseudonymisation of IP addresses).
Legal basis: consent (Art. 6 para. 1 (1) (a) GDPR), legitimate interests (Art. 6 para. 1 (1) (f) GDPR).
Possibility of objection (opt-out): we refer to the privacy policies of the respective providers and the objection options given for the providers (so-called “opt-out”). If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may limit the functions of our online site. We therefore recommend the following additional opt-out options, which are offered in summary form for the respective areas:
a) Europe: https://www.youronlinechoices.eu
b) Canada: https://www.youradchoices.ca/choices
c) USA: https://www.aboutads.info/choices
d) Across areas: https://optout.aboutads.info
Services used and service providers:
Google Analytics: online marketing and web analytics; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
website: https://marketingplatform.google.com/intl/de/about/analytics/;
privacy policy: https://policies.google.com/privacy;
objection (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de,
settings for the display of advertisements: https://adssettings.google.com/authenticated.
Google Ads and conversion measurement: We use the online marketing tool “Google Ads” to place ads on the Google advertising network (e.g. in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. Furthermore, we measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a so-called “conversion tracking tag”. However, we ourselves do not receive any information suitable for identifying users. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
website: https://marketingplatform.google.com;
privacy policy: https://policies.google.com/privacy.
Google Ad Manager: We use the “Google Marketing Platform” (and services such as “Google Ad Manager”) to place ads in the Google advertising network (e.g. in search results, in videos, on web pages, etc.). The Google Marketing Platform is characterised by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to display ads for and within our online site in a more targeted manner to only present users with ads that potentially match their interests. If, for example, a user is shown ads for products in which said user has shown interest on other online sites, this is referred to as “remarketing”. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
website: https://marketingplatform.google.com;
privacy policy: https://policies.google.com/privacy.
Google Search Console: We use Google Search Console. The resulting search analysis shows how often our website appears in Google search results. We can use it to filter and group the data, e.g. by categories such as search query, date or device. The results are therefore only used by us to optimise the search performance of our website. You acknowledge and agree that Google’s privacy policy (available at http://www.google.de/privacy.html) applies and that by using the service, you agree to Google’s use of your personal information in accordance with its privacy policy.

Plugins and embedded functions as well as content
We integrate functional and content elements into our online site that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). This may include, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).
The integration always requires that the third-party providers of this content process the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of these contents or functions. We endeavour to use only such content whose respective providers use the IP address only for the delivery of the content.
Third-party vendors may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring web pages, time of visit and other information about the use of our online service, as well as be linked to such information from other sources.
Notes regarding the legal basis: Where we ask users to consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information regarding the use of cookies in this privacy policy.
Types of data processed: usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), contact data (e.g. e-mail, phone numbers), content data (e.g. entries in online forms).
Data subjects: users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online site and user-friendliness, provision of contractual services and customer service.
Legal basis: legitimate interests (Art. 6 (1) (f) GDPR), consent (Art. 6 (1) (a) GDPR), contract performance and pre-contractual requests (Art. 6 (1) (b) GDPR).
Services used and service providers:
Google Fonts: This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. Google Fonts are installed locally. A connection to Google servers does not take place. For more information about Google web fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy: https://policies.google.com/privacy?hl=de.
YouTube videos: video content; service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
website: https://www.youtube.com;
privacy policy: https://policies.google.com/privacy;
objection (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de,
settings for the display of advertisements: https://adssettings.google.com/authenticated.
Polylang: To provide our website in multiple languages, we use the program Polylang. Polylang is a product of WP SYNTEX, 28, rue Jean Sebastien Bach, 38090 Villefontaine, France. We write posts, pages and create categories and publish tags as usual and then define the language for each of them. Cookies by Polylang are only set to recognise and record the language used or chosen by the user. These cookies remain stored for one year and are then deleted. Find more information regarding data protection compliance: https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/

Information to be provided, rectification, restriction and erasure of data
You have, at any time, the right to be provided – free of charge –with information about your stored data as well as the right to rectification, erasure and/or restriction. Please contact us if you so desire. For contact information, see our Impressum.

In case you do not agree with our data processing policy, you have the right to file a complaint with a competent data protection authority.
The competent authority for data protection in our case is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
[The State Officer for Data Protection and Freedom of Information]
Baden-Württemberg
Postfach 10 29 32
70025 Stuttgart