Privacy Policy

Thank you for visiting our website and for your interest in our services.

1. Subject matter and scope of the privacy statement

The protection of your data is important to us! For this reason, we would like to provide you with comprehensive, transparent and understandable information on how fka GmbH (hereinafter “fka”) handles personal data in the following explanations. With the help of our privacy policy, you can find out for what purposes, to what extent and in what way we process personal data about you and what rights you are entitled to as a person affected by data processing.

is data protection declaration also fulfils our information obligations under Articles 13 and 14 of the General Data Protection Regulation (GDPR).

Specific information on data processing regarding the use of our website and the functions provided by us can be found under Sections 4 and 5 below. “Our website” within the terms of this data protection declaration refers to the main page available at www.fka.de as well as all sub-websites without externally linked websites of third parties over whose content we have no influence.

Furthermore, we refer to this privacy policy in the context of numerous processing situations. In a separate section, we present information on the processing of your data in connection with establishing contact and communication (Section 5), as an applicant (Section 6), and on the processing of business card data and the use of personal data for marketing purposes (Section 7).

You can find detailed information on your rights as a data subject and on the general principles governing how we process your personal data under Sections 8 and 9. The information contained therein also supplements – even without express reference – the information on the processing of personal data in the cases specified in Sections 4 to 7.

Within the scope of this privacy policy, we use the definitions defined in Article 4 of the GDPR by the European legislator to the extent possible.

2. Name and contact details of the controller

In accordance with the data protection law, i.e. the body which alone or jointly with others decides on the purposes and means of processing personal data, the “Controller” is, in this case,

fka GmbH
Steinbachstraße 7
52074 Aachen
Germany

Telephone: +49 241 8861 0
Fax: +49 241 8861 110
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.fka.de

For the purposes of this privacy policy, “we” always refers to fka GmbH.

You will find further information about our company, details of the authorized representatives and other contact details in our legal notice on our website: https://www.fka.de/en/imprint.

3. Contact data of the data protection officer

We have appointed the following data protection officer:

Mr Harald Krischke, Krischke IT Service

The easiest way to contact our data protection officer is via

Steinbachstraße 7
52074 Aachen
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

If you have any questions or other concerns regarding data protection, please do not hesitate to contact our data protection officer at any time using the contact details given above.

4. Data processing within the scope of use of our website

In this section, we would like to inform you in detail about which personal data we process and for which purposes when you visit our website and use the functions provided.

For security reasons and to protect your personal data and other confidential content, your data is transmitted in encrypted form when you use the website. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

4.1. Provision of the website and creation of log files

If you do not use any of the registration functions provided or otherwise provide us with information, we only collect the technical information that your browser transmits to our server each time you visit the website. The following information can be collected:

  • (1) Information about the accessing device: operating system, browser and version;
  • (2) The website from which our website was redirected (referrer information), as the case may be;
  • (3) Date and time of access;
  • (4) IP (Internet Protocol) address of the device used to access our website; and
  • (5) File request.

The information is stored on our servers as part of an automatically generated log file. We do not draw any conclusions about the identity of the visitor from the information collected.

We need this information in order to optimally deliver our website and requested files to your computer or internet browser. In the event of a hacker attack on our website, data may be made available to the law enforcement authorities to the necessary extent.

The legal basis for processing the information includes the following:

(1) Processing to safeguard legitimate interests (Article 6 para. 1 lit. f of the GDPR): legitimate interests are the provision of a website and the assertion or defense of legal claims in connection with the improper use of our website;

(2) Fulfilment of a legal obligation (Article 6 para. 1 lit. c of the GDPR), as far as we are obliged to surrender the data to criminal prosecution or regulatory authorities or on a civil law basis.

External recipients of the data may be criminal prosecution or regulatory authorities or similar bodies in order to defend against and prevent misuse of our Internet presence.

Providing this information to such authorities is not required by law or by contract, nor is it necessary to conclude a contract, and there is no obligation to provide personal data. Please note, however, that information is collected automatically when you visit our website. If you prevent – for example with the help of appropriate tools – the provision of data (e.g. the transmission of the screen size, the device used or the browser used), certain functions of our Internet presence can no longer be displayed or used correctly.

Log files are automatically deleted after seven days, unless a longer storage period is required in the event of violations to clarify and enforce claims and for criminal prosecution.

Subject to the conditions specified in more detail, you are entitled to the rights of the data subjects referred to in Section 8.

4.2. Cookies and web analytics

On our webpages so-called “session cookies” can be used in order to enable or facilitate your use of our web pages. Cookies are small text files that are only stored on your hard disk for the duration of your visit to our website: They are deleted automatically after 30 minutes of inactivity or after closing the browser, depending on your browser settings.

Cookies do not affect your PC or the data stored on it. Cookies do not allow access to the contents of your hard disk.

The provision of the information is not required by law or contract and there is no obligation to provide personal data. If you do not wish cookies to be used, you can make use of your Internet browser's option to disable cookies and thus permanently object to their use. You can delete cookies that have already been saved at any time using the corresponding option in your Internet browser or with the help of other software programs.

As a precaution, we point out that not all functions of our website may be available if you make use of the option to disable cookies.

If we process personal data with the help of cookies, this is done to protect the above-mentioned legitimate interests in accordance with Article 6 para. 1 lit. f of the GDPR.

Subject to the conditions described in more detail, you are entitled to the rights of the data subjects referred to in Section 8.

4.3. Matomo

On this website we use the open source web analysis service "Matomo" (www.matomo.org). This service collects and stores data on the basis of our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes in accordance with Art. 6 para. 1 lit. f of the GDPR. This data can be used to create and evaluate anonymous user profiles for the same purpose.

Cookies can be used for this purpose, which, among other things, enable our server to recognize your internet browser. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor of this website and is not merged with personal data about the bearer of the pseudonym. When this data is collected, the IP address is anonymized (e.g. 192.168.xxx.xxx).

The data collected using Matomo technology (including your anonymous IP address) is processed on our servers and stored in visitor logs for 90 days. Old data will be deleted after one week.

If you do not agree with the storage and evaluation of this data from your visit, you can object to their storage and use at any time by clicking on the following link. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie will also be deleted and you may have to reactivate it.

4.4 Integration of third party services and content

We integrate third party services and content on our website to improve our services.

4.4.1. Integration of OpenStreetMap map material

On some pages we include map material from OpenStreetMap (OSM). OSM is a free project that collects and structures freely usable geodata and stores it in a database for use by anyone under a free license. The integrated map material is not hosted via our servers, but is provided by the OSM server via a frame. The processing of data is the sole responsibility of OSM and the data’s use is subject to OSM's privacy policy, which can be found at https://wiki.osmfoundation.org/wiki/Privacy_Policy. The presented map data is delivered by carto.com, whose privacy policy you can find under https://carto.com/privacy/.

4.4.2. YouTube

On some of our webpages we have included videos from the provider YouTube, which are stored at https://www.youtube.com/ and can be accessed directly from our website. We have integrated all videos in the “extended data protection mode” so that no data about you as a user will be transferred to YouTube if you do not play the videos. If you click on the video, your IP address will be transmitted to YouTube and YouTube will know that you have viewed the video. If you are logged in to YouTube, this information will also be associated with your account. We have no control over this data transfer. However, you can prevent this by logging out of YouTube with your user account before viewing the video.

For more information, please refer to YouTube's privacy policy at www.google.de/intl/de/policies/privacy/. In addition, we refer you to our general presentation in this data protection declaration for the general handling and deactivation of cookies.

4.4.3 Social media

On certain pages within our website we have included links to the social media channels of Twitter (www.twitter.com), Facebook (www.facebook.com), Xing (www.xing.de), LinkedIn (www.linkedin.de) and kununu (www.kununu.com). If you simply look at the pages we provide, no personal data will be transferred to the providers of these services. If you click on the links provided, the providers may store cookies on your computer or your IP address. We have no influence on this. Further information can be found in the data protection information of the respective social media channels:

Xing and kununu (kununu is a service provided by Xing: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

Twitter: https://twitter.com/de/privacy

Facebook (https://www.facebook.com/policy.php)

5. Contact and communication with fka

If you want to contact us,you can do so in the ways described below.

If you use the contact form provided on our website, we will process the following data or data categories:

(1)Entered name,
(2) Email address,
(3) Content data (e.g. your question) and
(4) Data stored within the scope of the log files (see section 4.1).

In addition, you can contact us by email, fax, telephone or post. If you make use of these possibilities, we will collect the data you provide. In particular, the following data or data categories can be considered:

(1) User-related data (e.g. name, address),
(2) Contact details (e.g. email, telephone/fax number),
(3) Content data (e.g. text input, photographs, videos),
(4) Usage data (e.g. date and time of contact),
(5) Contract data (e.g. subject matter of contract, duration, customer category) and
(6) Payment data (e.g. bank details).

The aforementioned data and data categories can also be processed if you communicate with us, for example, within the framework of ongoing projects.

We process your data generally for the execution of a contract or for pre-contractual measures in accordance with Article 6 (1) (a) of the GDPR if the information is communicated on the occasion of a contract or a contract initiation (for example, a concrete inquiry for sending an offer or an email notification with reference to a concrete project).

Otherwise, your data will be processed to safeguard legitimate interests in accordance with Article 6 (1) (f) of the GDPR if no other legal basis can be considered. Our legitimate interest lies in processing the enquiry or concrete request by providing an appropriate service and possibly expanding our customer base.

We only process your data within our company and pass it on to third parties only in exceptional cases and within the legally permissible framework.

Your request will be forwarded to the appropriate department within our company. Depending on the request, this can be the persons responsible for the project, Accounting, Controlling, Human Relations, IT, or PR/media. Within our company, only those persons have access to your data who need it to properly handle your inquiry.

The provision of the information is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. There is also no obligation to provide information. If you do not provide us with certain information, we may not be able to process your request or can only do so to a limited extent. Exceptionally, for legal reasons, it may be necessary for you to provide us with certain information in order for us to process declarations with legally binding effect, for example for the conclusion or execution of a contract.

The data collected in the course of establishing contact or communication will be stored for as long as it is necessary to process request or execute the contract. If statutory retention periods provide for longer storage (e.g. emails as business letters in accordance with sec. 257 of the German Commercial Code, and sec. 147 of the German Tax Code) or if further storage is necessary for the assertion, exercise or defense of legal claims, deletion is not possible. You are entitled to the data subject rights mentioned in and under the conditions described in more detail in Section 8 below .

6. Information for Applicants

In our career portal on our website, we provide you with information about fka as an employer, tips on the application process and specific vacancies under the heading “Career” (https://ww.fka.de/de/career.html).

When you apply for one of our vacancies or on your own initiative, you can find information on the processing of your personal data in the respective vacancy or under the following link:

https://www.fka.de/images/templates/fka_Transparenzinformationen_f%C3%BCr_Bewerber_der_fka.pdf

With regard to the mere informative use of the career pages, we refer to the information provided under Section 4.1.

7. Processing of business card data and use of personal data for marketing purposes

If you give us or our employees a business card as part of a personal contact (e.g. at events or trade fairs), we store the data provided on it, in particular

(1) Name,
(2) Address,
(3) Company,
(4) Email address and
(5) Telephone and fax numbers

to contact you, for example, in order to initiate business transactions, to maintain existing business relationships or to send you information about services, products or events.

We process the data on the basis of Article 6 (1) (a) of the GDPR insofar as it serves to initiate or execute a contract. If no other legal basis is relevant, we process your data in accordance with Article 6 para. (1) (a) of the GDPR on the basis of a weighing of interests. The legitimate interest is to be seen in our interest in expanding our (potential) customer base and our network. In the case of processing for the purposes of direct marketing, Section 7 of the Unfair Competition Act is the relevant legal basis.

We use your contact data, which we have received from you in connection with the sale of goods or services by or from us (name, company, address, telephone and, if applicable, fax number, email address), within the framework of the legal requirements according to § 7 (3) of the Unfair Competition Act and Article 6 (1) (f) of the GDPR to send you information about similar goods or services of fka.

If you do not wish to receive such information or no longer wish to receive it, you can object to the further use of your data for this purpose. You can send your objection by post, email, fax or any other means provided by fka (e.g., a corresponding link in an Email).

In the event of objection, we will delete the data immediately unless you have expressly consented to its further use or we reserve the right to use your data beyond this, which is permitted by law and about which we will inform you or have already informed you.

You can find information on your rights as a data subjects under Section 8.

8. Your rights as a data subject

As a data subject, you have numerous rights granted by the European legislature, so-called “data subject rights.” In the following, we would like to present these to you in a transparent and understandable manner. Please note that the following description is not intended to replace the wording of the relevant provisions, nor are your statutory rights restricted by the following explanations.

If you have any questions about the rights of data subjects or if you wish to exercise your rights, you can contact our data protection officer at any time using the contact details provided.

8.1 Right to confirmation and information

You as the data subject have the right to request confirmation from the controller as to whether personal data concerning you is being processed and, if so, the right to request information on such personal data and on the following information:

(1) the processing purposes;
(2) the categories of personal data that is processed;
(3) the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
(4) if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining this duration;
(5) the existence of a right of rectification or deletion of personal data concerning you or of a restriction on processing by the controller or of a right of opposition to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) if the personal data is not collected from you as the data subject, all available information on the origin of the data;
(8) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) of the GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on you as the data subject.

If your personal data is transferred to a third country or an international organization, you as the data subject shall also have the right to be informed of the appropriate guarantees relating to the transfer.

You also have the right to obtain from us a free copy of the personal data that are the subject of the processing, provided that the rights and freedoms of other persons are not affected.

In special cases, the right may also be limited by the provisions of Sections 27 (2), 28 (2), 29 (1) sentence 2 and 34 of the German Data Protection Act (BDSG).

Please contact our data protection officer if you wish to make use of these rights.

8.2 Right of rectification

You have the right to request us to rectify any inaccurate personal data concerning you without delay and, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

Please contact our data protection officer if you wish to make use of these rights.

8.3 Right of deletion (“Right to be forgotten”)

You have the right to require us to delete personal data concerning you immediately, provided that one of the following reasons applies:

(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) You withdraw your consent on which the processing referred to in Article 6(1) (a) or Article 9 (2) (a) of the GDPR was based and there is no other legal basis for processing;
(3) You object to the processing under Article 21 (1) of the GDPR and there are no overriding legitimate grounds for processing, or you object to the processing under Article 21 (2) of the GDPR;
(4) Your personal data has been processed unlawfully;
(5) The deletion of your personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which we are subject; or
(6) Your personal data has been collected in relation to information society services provided in accordance with Article 8 (1) of the GDPR.

Where we have made your personal data public and are obliged to delete it for one or more of the above reasons, we shall take appropriate measures, including technical measures, to inform data processors who handle the personal data that you have requested the deletion of all links to such data or of copies or replications of same. We do this while taking into account the available technology and implementation costs.

The right to deletion according to the above description does not exist if the processing is necessary for certain reasons specified in Article 17 para. 3 of the GDPR (in particular, for example, to fulfil a legal obligation or to assert, exercise or defend legal claims).

The right may also be limited in special cases by the provision of § 35 of the BDSG.

If one or more of the above-mentioned reasons apply and you would like to have the data stored at fka deleted, please contact our data protection officer.

8.4 Right of restriction of processing

You shall have the right to require us to restrict processing if one of the following conditions applies:

(1) You dispute the accuracy of your personal data for a period which enables us to verify the accuracy of your personal data;
(2) Your processing is unlawful and you refuse to have your personal data deleted and instead request that the use of your personal data be restricted;
(3) We no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) If you have lodged an objection to the processing referred to in Article 21(1) of the GDPR as long as it has not yet been established that our legitimate reasons outweigh yours.

If you wish to exercise this right, please contact our data protection officer at the above contact details.

8.5 Right of data portability

You shall have the right to receive your personal data that you have provided to us in a structured, current and machine-readable format and shall have the right to transmit such data to another controller without interference by us, to whom you have provided your personal data, on the condition that

(1) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and
(2) the processing is carried out using automated methods.

If you exercise this right, you also have the right to have your personal data transferred directly by us to another data controller, provided that this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.

The right of deletion (“right to be forgotten”) remains unaffected by the right to data portability. The right to data portability shall not apply to the processing necessary to perform a task in the public interest or to carry it out in the exercise of official authority delegated to us.

If you wish to exercise this right, please contact our data protection officer at the above contact details.

8.6 Right to object to processing

You have the right to object at any time to the processing of your personal data on the basis of Article 6 (1) (e) (task in the public interest or exercise of sovereign power) or (f) (prevailing interest of the controller or a third party) of the GDPR for reasons arising from your particular situation. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.

Where your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising, including any profiling related to such direct marketing. In addition, you have the right to object to the processing of your personal data for reasons arising from your particular situation, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, unless such processing is necessary to perform a task in the public interest.

In connection with the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your right of objection by means of automated procedures using technical specifications (objection using technical means “by default”). The right can be limited in special cases by the regulation of sec 36 of the BDSG.

If you wish to exercise this right, please contact our data protection officer at the above contact details.

8.7 Rights relating to automated decisions in individual cases (including profiling)

You have the right not to be subject to a decision based solely on automated processing (including profiling) which has legal effect against you or significantly affects you in a similar manner. This does not apply if the decision

(1) is necessary to conclude or perform a contract between the you and us;
(2) is admissible by law of the European Union or of the Member States to which we are subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
(3) has your explicit consent.

If the decision to conclude or perform a contract between you and us is necessary or is taken with your express consent, we as controller shall take appropriate measures to safeguard your rights, freedoms and legitimate interests. This includes at least the right to obtain the intervention of a person by us, to state your own position and to challenge the decision.

The right can be limited in special cases by the regulation of Section 37 of the BDSG.

If you wish to exercise this right, please contact our data protection officer at the above contact details.

8.8 Right to revoke a data protection consent

You have the right to revoke your consent to the processing of your personal data at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until withdrawal.

The revocation can be declared by post, email, fax or by any other means provided by us (e.g. a corresponding link in an email).

In the event of revocation, the stored data will be erased immediately unless you have expressly consented to its further use in this regard or its further use has been reserved, which is legally permitted and about which we have informed you.

8.9 Right to lodge a complaint

You have the right to complain to a supervisory authority (see Article 51 of the GDPR) under Article 57 (1) (f) and (2) of the GDPR.

Responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (Landesbeauftragte für Datenschutz- und Informationsfreiheit Nordrhein-Westfalen), Kavalleriestraße 2 - 4, 40213 Düsseldorf, Germany.

9. Principles of data processing

In the following, we would like to provide you with an overview of the general principles of processing personal information. We adhere to these principles in all cases of processing your personal data. Should you have any questions in this regard, you can contact our data protection officer at any time.

9.1. Legal basis for the processing of personal data

Processing your personal data is only legal if it rests on a legal basis which allows such processing. The European legislator has provided the following legal bases for the processing of personal data. We would like to give you an overview of these in the following. In any case, we would like to inform you about the respective legal foundations on which we base concrete processing.

9.1.1. Consent

According to Article 6 (1) (a) of the GDPR, we are entitled to process personal data if we have obtained your consent for one or more specific processing purposes.

9.1.2. Fulfilment of contract and pre-contractual measures

Article 6 (1) (b) of the GDPR allows us to process your personal data if this is necessary to perform a contract to which you are a party or to implement pre-contractual measures taken at your request.

9.1.3. Fulfilment of a legal obligation

Processing of your personal data is also permitted under Article 6 (1) (c) of the GDPR if this is necessary for processing in order to fulfil a legal obligation (e.g. statutory reporting obligations) to which we are subject as data controllers.

9.1.4. Vital interest

Article 6 (1) (d) of the GDPR allows us to process your personal data when necessary to protect your vital interests or that of another natural person, e.g. in the context of accidents.

9.1.5. Assignment in the public interest or exercise of sovereignty

In accordance with Article 6 (1) (e) of the GDPR, we may, as an exception, also process your personal data if this is necessary to perform a task in the public interest or in the exercise of official authority delegated to us.

9.1.6. Prevailing interest of the controller or a third party

Finally, in accordance with Article 6 (1) (f) of the GDPR, we may base the processing of your personal data on the fact that this is necessary to safeguard our legitimate interests or those of a third party, unless your interests or fundamental rights or freedoms, which require the protection of personal data, prevail, notably if you are a child. According to the European legislator, a legitimate interest may arise in particular from an existing customer or employment relationship and our interest in direct advertising. The impact assessment shall especially take into account whether you can reasonably foresee, at the time when your personal data is collected and in view of the circumstances in which it is collected, that processing for this purpose may take place.

In our case, such legitimate interests may be, in particular,

(1) Improvement of our products and services;
(2) Planning, implementing and improving our marketing activities;
(3) Addressing new customers and new employees; and
(4) Expansion of our network.

We will inform you separately about our legitimate interests within the scope of balancing interests.

9.2. Obligation to provide personal data; consequences of failure to provide such data

The European legislator stipulates that data subjects must be informed of existing obligations on providing personal data and of the consequences of failing to provide such data when it is collected from the data subject. We inform you about this individually in the specific case of processing and, if necessary, refer to this data privacy policy.

In general, there is no obligation for you to provide personal data. In this case, your omission to provide personal data may only result in us not being able to process your request or not being able to process it completely, in you not being able to make use of certain offers or in you having to reckon with the loss of legal positions.

In rare cases, you may have to provide your personal information as required by law. This may in particular result from tax regulations or regulations on money laundering prevention.

If necessary, contractual regulations may also prescribe that you provide your personal data, or your personal data is required to conclude a contract. For example, an employment contract may stipulate that you provide bank account details for salary transfer, or certain information may be required to grant certain contractual conditions.

If there is a legal obligation for you to provide information, there may be the threat of legal disadvantages. Your omission to provide personal data despite a contractual obligation or requirement for the purpose of concluding a contract may have the consequence that a breach of contractual obligations exists or a contract cannot be concluded.

If you have any questions, you can always contact our data protection officer, who can provide you with information on the existence of provision obligations and the consequences of non-provision.

9.3. Origin of data

If we have not collected your personal data from you, the European legislator stipulates that you have to be informed of the source of the data and, where appropriate, whether it comes from publicly available sources.

We always provide information about the respective source of the data in the specific individual case.

It may happen that we use data from publicly accessible sources, for example to check and correct obviously incorrect addresses with the help of Internet research. In order to safeguard our economic interests, we may use data from credit agencies to obtain credit-related information if we consider this to be necessary in individual cases, in particular if payment obligations are not fulfilled or are not done so on time.

9.4. Recipients and categories of recipients of personal data

We process your data only within our company. Only those persons and business units have access to your personal data who need it within the scope of the concrete processing purposes.

We do not pass on this data to third parties in principle, unless we have either obtained your consent in advance or base the data transfer on another legal basis, in particular to execute or perform a contract, to fulfil legal regulations or to protect our legitimate interests in the context of the weighing of interests.

Possible recipients of your personal data under the aforementioned conditions may be

(1) The Institute for Automotive Engineering (ika) at the RWTH Aachen University as our cooperation partner in connection with the implementation of projects;
(2) Group companies (e.g. as part of the audit);
(3) Consultants (tax consultants, lawyers);
(4) Service providers (e.g. shipping service providers);
(5) Processors working under contract in the framework of their contract processing activities;
(6) Banks and other payment service providers; or
(7) Authorities, courts and other bodies with official authority.

In the event of a transfer, we will inform you of this in each individual case.

9.5. Duration of storage or criteria for determining the storage period

If we provide a specific storage period for certain personal data, we will inform you of this in the individual case. If we are unable to specify the concrete duration of the storage, we will inform you of the relevant criteria for determining the particular storage period.

The duration of the storage of your personal data depends primarily on the processing purposes. Your data will be deleted when the specific processing purposes no longer apply and no other reasons justify a longer storage period.

However, a longer storage period may be justified if, for example, we are obliged to store the data for a longer period due to statutory storage obligations and periods. For example, storage periods provided for under commercial or tax law can stipulate a storage period of up to ten years.

As far as your personal data is required to assert, exercise or defend claims, we will store your personal data required for this purpose for the duration of such legal actions, in any case until the expiry of relevant limitation periods, unless the reason for this no longer applies, or for other reasons a longer storage period is possible.

9.6. Automated decision making/Profiling

In principle, we do not use automated decision making processes/profiling

If, in exceptional cases, credit information is obtained about you, we will inform you separately.

9.7. Intended transfer to third countries

In accordance with the requirements of the European legislator, we must inform you whether we intend to transfer your personal data to a recipient in a third country or to an international organization and whether an adequacy decision exists or is missing or equivalent guarantees exist, including information on how these can be obtained. In principle, we neither transfer your personal data to a third country nor do we intend to do so. Should this intentionally deviate from the aforementioned principle in individual cases or take place, we will inform you separately.