Privacy Policy

In the following paragraphs, we show which data is processed when and for what purpose and on what legal basis. The aim is to explain how our services work and how the protection of your personal data is guaranteed.
All definitions refer to the General Data Protection Regulation (GDPR). According to Art. 4(1) GDPR, personal data are any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly.
In order to provide a complete overview of data processing in this data protection declaration, links are provided at various points to information and data protection notices located on external websites. We make every effort to keep the links listed up to date. Nevertheless, due to the constant updating of the websites, it cannot be ruled out that links do not function correctly. Should you notice such a link, we would be pleased if you inform us so that we can enter the current link.

This data protection declaration can be accessed, saved and printed out at any time at www.kryolan.com/contact/privacy-policy.

Responsibility for data processing

The person responsible, within the meaning of Art. 4(7) GDPR, for the processing of personal data is:

Kryolan GmbH
Papierstr. 10
13409 Berlin
Germany
Phone: +49 30/499 892-0
Fax: +49 30/491 4994
E-mail: info@kryolan.com

Contact person for data protection

If you have any questions about the processing of your personal data, as well as your rights regarding data protection, please contact our external Data Protection Officer:

Jens Krügermann
kpp-group GmbH
Berliner Str. 112a, 13189 Berlin
Phone: +49 30/206 7372 0
E-mail: dataprotection@kryolan.com.

Data security

Our website and other systems are secured by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized individuals. However, despite regular checks, complete protection against all breaches is not possible.

General information on the processing of personal data

Order processing

We process the data of our customers in the context of the ordering process through our online shop to enable them to select and order the selected products and services, as well as facilitate their payment and product delivery.

The data processed includes inventory data, communication data, contract data, payment data.
The individuals and entities affected by the processing include our customers, prospective customers and other business partners.
Data processing is carried out for the purpose of providing contractual services within the framework of the operation of an online shop, billing, delivery and customer services. In this context, we use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
The processing is carried out on the basis of Art. 6 (1)(b) (execution of order transactions) and (c) (legally required archiving) GDPR. In this context, the information marked as required is necessary for the justification and fulfilment of the contract. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations to legal advisors and authorities. The data is only processed in third countries if this is necessary for the fulfilment of the contract (e.g. at the customer's request for delivery or payment).
Users can optionally create a user account, in which they can view their orders in detail. As part of the registration process, users are asked to provide required mandatory information. User accounts are not public and cannot be indexed by search engines. If users have cancelled their user account, their data related to the user account will be deleted. It can be retained if necessary for commercial or tax reasons in accordance with Art. 6 (1)(c) GDPR. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. It is the responsibility of the users to save their data in the event of removal before the end of the contract.

Within the scope of registration and renewed logins as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized actions. In principle, this data is not passed on to third parties unless it is necessary for fulfilment of orders or there is a legal obligation to do so in accordance with Art. 6 (1)(c) GDPR.
The deletion takes place after the expiry of legal warranty and comparable obligations. The necessity of the storage of the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (6 years for commercial reasons and 10 years for tax reasons).

Log files

Every time you visit our website, data and information is automatically collected by the system of your device and stored in so-called server log files. This data is information that relates to an identified or identifiable natural person (website visitor). The data is automatically transferred by your respective browser when you call up our website. This includes the following data:

  • The time of the call of our website (request to the server of the host provider),
  • URL of the website from which you accessed our website,
  • The operating system you are using,
  • Type and version of the browser you are using,
  • IP address of our computer.
The purpose of this processing is the retrievability of our website on your device and to enable a correct display of our website on your device or in your browser. Furthermore, the data serves to optimize our website and to ensure the security of our systems. An evaluation of this data for marketing purposes does not take place.

Art. 6 (1)(f) GDPR is the legal basis for the data processing. There is a legitimate interest in presenting you with a website optimised for your browser and enabling communication between our server and your terminal device. For the later, the processing of your IP address in particular is necessary.

The processed information is only stored for as long as necessary for the intended purpose or as required by law.

The recipient of the data is our server host, who works for us within the framework of an order data agreement.

The provision of personal data is neither required by law nor by contract, nor it is necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide the data would result in you not being able to use our website or not being able to use it to its full extent.

Basic information about cookies

Our website uses cookies. Cookies are text files that are stored on your device to make the use of a website more comfortable. Cookies can be used to store entries and settings on a website so that you do not have to enter them again each time you visit a website. Cookies contain a cookie ID, which makes it possible to assign the device in which the cookie was stored. In detail, we use the following cookies:
Cookies that contain a randomly generated, specific identification number that makes you or your device identifiable during your visit to our website. These cookies are automatically deleted at the end of your visit.
Cookies, which contain a randomly generated, specific identification number, which makes you or your device identifiable on our website. These cookies are used to store the contents of the shopping cart. These cookies are automatically deleted after one year.
The purpose of this processing is to make the use of our website comfortable for you and to offer the possibility to save settings.
The legal basis for the processing is Art. 6 (1)(f) GDPR. There is a legitimate interest in presenting you with a website that saves your personal settings and makes it easier for you to visit our website.

Right of objection

You can restrict or completely prevent the setting of cookies in your browser settings. You can also arrange for the automatic deletion of cookies when closing the browser window. Below links for how to delete cookies in the most common browsers and change the cookie settings:

Google Chrome: Cookies
Mozilla Firefox: Cookies
Apple Safari: Cookies
Microsoft Internet Explorer: Cookies
Microsoft Edge: Cookies

The provision of personal data is neither legally nor contractually required and is also not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide the data may mean that you cannot use our website or cannot use it to its full extent. Other services used by us also use cookies. We point out the use of cookies separately for the individual services.

Basic principles on the transfer of personal data to third countries

Basic principles on the transfer of personal data to third countries If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this will only occur if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or allow data to be processed in a third country if the special requirements of Art. 44 GDPR are met. I.e. the processing is carried out, for example, on the basis of special guarantees, e.g. compliance with officially recognised special contractual obligations (standard contractual clauses).

Basic information about Google services

Our website uses various services provided by Google Inc. (Google), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
For more information on the individual specific services of Google used on this website, please refer to the further privacy policy.
By integrating Google services, Google may collect and process information (including personal data). It cannot be ruled out that Google also transmits the information to a server in a third country. Information on this can be found at www.google.com/policies/privacy/frameworks.
We cannot influence which data Google actually collects and processes. However, Google states that the following information (including personal data) may be processed:

  • Protocol data (in particular the IP address)
  • Site-related information
  • Unique application numbers
  • Cookies and similar technologies
If you are logged into your Google account, Google may add the processed information to your account depending on your account settings and treat it as personal data, see in particular www.google.de/policies/privacy/partners.
Google states the following:
"We may combine personal data from one service with information and personal data from other Google services. For example, this makes it easier for you to share content with friends and acquaintances. Depending on your account settings, your activity on other websites and apps may be linked to your personal data to improve Google's services and ads served by Google."
www.google.com/intl/de/policies/privacy/index.html.

You can prevent this data from being added directly by logging out of your Google account or also by activating the appropriate account settings in your Google account. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can find out how to delete cookies in the most common browsers here:

Google Chrome: Cookies
Mozilla Firefox: Cookies
Apple Safari: Cookies
Microsoft Internet Explorer: Cookies
Microsoft Edge: Cookies

You can find more detailed information in Google's privacy policy, which you can access here: www.google.com/policies/privacy. For guidance on Google's privacy settings, please visit privacy.google.com/take-control.html.

Use of "Google Analytics"

This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). The purpose of us using the tool is to enable the analysis of your user interactions on websites and in apps and to improve our offer through the statistics and reports obtained and to make it more interesting for you as a user.
(We primarily track the interactions between you, the website user, and our website through cookies, device/browser data, IP addresses, and website or app activity. Google Analytics also collects your IP addresses to ensure the security of the service and to provide us, as the website operator, with information about which country, region or location the respective user comes from (IP location determination). For your protection, however, we always use the anonymisation function (IP masking), i.e. Google truncates the IP addresses by the last octet within the EU/EEA.
Google acts as an order processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. For these cases, Google has, according to its own statements, imposed a standard on itself that corresponds to the former EU-US Privacy Shield Frameworks and has agreed to comply with applicable data protection laws in the international transfer of data. We have also agreed upon standard contractual clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your given consent (Art. 6(1)(1)(a) GDPR). The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to revoke your consent is to use our Consent Manager or to install the Google browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=en.

For more information on the scope of services provided by Google Analytics, please visit marketingplatform.google.com/about/analytics/terms/de.

Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245?hl=en.

General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google's privacy policy at www.google.de/intl/de/policies/privacy.

Use of YouTube

We have integrated YouTube videos into our online offer, which are stored on YouTube.com and can be played directly from our website. [These are all integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos, the data mentioned in paragraph 2 are transmitted. We have no influence on this data transmission]. The legal basis for the display of the videos is Art. 6(1)(1)(a) GDPR, i.e. the integration only takes place after your consent.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the above-mentioned basic data such as IP address and timestamp are transmitted. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to have your data associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
The information collected is stored on Google servers, in the USA. For these cases, the provider has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield Frameworks and has agreed to comply with applicable data protection laws in the international transfer of data. We have also agreed upon standard data protection clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

Integration of Google Maps

On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function comfortably. The legal basis for the use of the maps is Art. 6(1)(1)(a) GDPR, i.e. the integration only takes place after your consent.
By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the above-mentioned basic data such as IP address and timestamp are transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purpose of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
The information collected is stored on Google servers, in the USA. For these cases, the provider has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield Frameworks and has agreed to comply with applicable data protection laws in the international transfer of data. We have also agreed upon standard data protection clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy.

Use of "Facebook Pixel" (category 'Personalization')

The website uses advertising measures of Facebook Inc. (Facebook). By integrating "Facebook Pixel" on our website, we can display our advertising measures (Facebook Ads) to our website and social network Facebook users and measure and evaluate the success (Conversion Tracking). This connection of Facebook and our website is technically carried out via the "Facebook Pixel". The legal basis for the processing of your data is Art. 6(1)(1)(a) GDPR, i.e., the integration only takes place after your consent.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server when you visit our website. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore present you with the processes known to us: through the integration of "Facebook Pixel", Facebook receives the information that you have called up the corresponding web page of our website, or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will learn your IP address and other identifying features and use them to create a profile.
The information collected is stored on Facebook servers, including in the USA. For these cases, the provider has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield Frameworks and has agreed to comply with applicable data protection laws in the international transfer of data. We have also agreed upon standard data protection clauses with Facebook, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country. The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. The easiest way to revoke your consent is via our Consent Manager or by clicking [here]. In addition, (only logged in users) can object via the function of the provider under the following link: www.facebook.com/settings/?tab=ads#_ possible.
We also use the remarketing function "Custom Audiences" which also uses "Facebook Pixel" and to display interest-based advertisements when you visit our website or other websites that have also integrated "Facebook Pixel". This allows us to show you advertisements that are of interest to you in order to make our website more interesting for you and to market our offer. Further information on data processing by Facebook is available at Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; privacy policy: www.facebook.com/about/privacy.

Use of Calendly

You have the possibility to make appointments with us directly via our website.
We use the provider "Calendly" for this purpose. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA.
The data processed by you will only be used for the purpose of booking the appointment and will only include the necessary data (entry of a name, e-mail address and telephone number required so that we know with whom the appointment has been made, how we can reach you if necessary). You can optionally enter further details for the appointment.
The appointment data is stored for us on the servers of Calendly, whose privacy policy you can view here: https://calendly.com/legal/privacy-notice
The legal basis for the data processing is Art. 6(1)(b) and (f)GDPR. The website operator has a legitimate interest in making it as easy as possible to arrange appointments with interested parties and customers.

You can also find more information here.
The legal basis for the data processing is Art. 6(1)(b) and (f)GDPR. The website operator has a legitimate interest in making it as easy as possible to arrange appointments with interested parties and customers.
The information collected is stored on Calendly servers, including in the USA. We have agreed upon standard data protection clauses with Calendly, the purpose of which is to maintain an appropriate level of data protection in the third country. Details can be found here: https://calendly.com/pages/dpa.

Use of the "registration function

You have the option to create a user account on our website.
Within the scope of registration, the data entered in the input fields will be processed by us. This includes the following data as mandatory information:

  • E-mail address
  • Password
  • First names
  • Last name
  • Language
  • Commercial use of the products

In addition, you can add further data as voluntary information. The following data is potential example:

  • Date of birth
  • Company
  • Country
  • Description

Mandatory and voluntary information are treated equally. The mandatory information is necessary to create a user account for you.
When submitting the registration, the following data will also be processed:

  • your IP address
  • Date and time of the sender

Right of withdrawal
You have the right to object. You can independently deactivate or delete your user account at any time. You can also send or inform us of your objection at any time (e.g. by e-mail to datenschutz@kryolan.com).

The processed information will only be stored for as long as necessary for the intended purpose or as required by law.
The recipient of the data is our server host, who works for us within the framework of an order data agreement.
The legal basis for data processing is initially your consent (Art. 6(1)(a) GDPR). When carrying out transactions from the user account, the performance of a contract acts as a legal basis for collection of the data (Art. 6(1)(b) GDPR).
The provision of personal data is neither legally nor contractually required and is also not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, we cannot provide you with a user account without the necessary information.

Contact

When contacting us (e.g., via contact form, email, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6(1)(b) GDPR. The user's details may be stored in a customer relationship management system (CRM system) or comparable enquiry organisation.
We delete the enquiries if they are no longer necessary. We review the necessity every two years. The legal archiving obligations apply.

Newsletter

By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content of the newsletter: we send newsletters, e-mails and other electronic notifications with promotional information (newsletter) only with the consent of the recipients or a legal permission. If the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Apart from that, our newsletters contain information about our products and accompanying information (e.g., safety instructions), offers, promotions and our company.

Double-Opt-In and logging: the registration for our newsletter takes place in a Double-Opt-In procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, changes to your data stored with the dispatch service provider are logged.

Registration data: to register for the newsletter, it is sufficient to provide your e-mail address.

The dispatch of the newsletter and the performance measurement associated with it are carried out on the basis of the consent of the recipients in accordance with Art. 6(1)(a) GDPR. We will also use your e-mail address in relation to any product recalls in order to provide you with necessary information. The legal basis for this is Art. 6(1)(b) GDPR.
The logging of the registration process is based on our legitimate interests according to Art. 6(1)(f) GDPR. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users and furthermore allows us to prove consent.

Cancellation/Revocation - You may cancel your subscription to our newsletter at any time, i.e., revoke your consent. You will find a link to unsubscribe at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

Social Networks & External Links

We currently use the following social media plug-in: Facebook Pixel, which is only loaded if you have previously activated the function by giving your consent. Through the plug-ins, we offer you the opportunity to interact with social networks and other users. The legal basis for the use of the plug-ins is Art. 6(1)(1)(a) GDPR, i.e., the integration only takes place after your consent.
The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for non-logged-in users) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider will also store this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as you can thus avoid an assignment to your profile with the plug-in provider.
The information collected is stored on servers of the providers, in the case of international providers also outside Europe. For these cases, the provider has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield Frameworks and has agreed to comply with applicable data protection laws in the international transfer of data. We have also agreed upon standard data protection clauses with the providers, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. The easiest way to revoke your consent is via our Consent Manager or via the functions of the social media providers.
Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy. Addresses of the respective plug-in providers and URL of the respective privacy notices: [...].

Facebook: Privacy Policy
X: Privacy Policy
Instagram: Privacy Policy
Google: Privacy Policy
Pinterest: Privacy Policy
Tiktok: Privacy Policy

External payment service providers

We use external payment service providers through whose platforms users and we can make payment transactions (each with a link to the privacy policy):

Paypal: Privacy Policy,
Zinia: Privacy Policy,
Via Stripe: Privacy Policy,
Visa: Privacy Policy,
Mastercard: Privacy Policy,
American Express: Privacy Policy

In the context of the performance of contracts, we use the payment service providers on the basis of Art. 6(1)(b) GDPR. Furthermore, we use external payment service providers on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, name and address, bank data, account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to complete the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e., we do not receive any account or credit card related information, but only information with confirmation of successful or declined payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers.
For payment transactions, the terms and conditions and data protection information of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.
For the fulfilment of the contract, it may be necessary that the data is forwarded to our payment service provider or to the commissioned credit institution. This depends on the selected payment method.

Payment provider

You can use the following payment methods with us:

Paypal
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal. This regularly involves the following data: Name, address, company, e-mail address, telephone and mobile number, IP address.
The data transmitted to PayPal may be transferred by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal may also pass on your data to third parties insofar as this is necessary for the fulfilment of contractual obligations or the data is to be processed on behalf of PayPal. You can read PayPal's privacy policy at Privacy Policy.
The legal basis for the data processing is Art. 6(1)(b) GDPR, as the processing of the data is necessary for the payment with PayPal and thus for the execution of the contract.

Credit card / Stripe
If you choose a payment method offered via the payment service provider "Stripe", the payment processing is carried out via Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6(1)(b) GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. You can find more information on the data protection of "Stripe" at the following internet address: Privacy Policy.

Apple Pay
If you choose the "Apple Pay" payment method of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing takes place via the "Apple Pay" function of your terminal device operated with iOS, watchOS or macOS by charging a payment card deposited with "Apple Pay". Apple Pay uses security functions that are integrated into the hardware and software of your device to protect your transactions. For the release of a payment, the entry of a code previously defined by you as well as the verification by means of the "Face ID" or "Touch ID" function of your terminal device is therefore required.
For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is passed on to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the success of the payment.
Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.
Apple retains anonymised transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was completed successfully. Anonymization completely eliminates the possibility of any personal reference. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay", and uncheck "Allow payments on Mac".
For more information about Apple Pay privacy, please visit Privacy Policy.

Google Pay
If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (Google), the payment will be processed via the "Google Pay" application of your mobile device running at least Android 4.4 ("KitKat") and having an NFC function by charging a payment card deposited with Google Pay or a payment system verified there (e.g., PayPal). For the release of a payment via Google Pay in the amount of more than €25, the prior unlocking of your mobile device by the respective verification measure set up (such as facial recognition, password, fingerprint or pattern) is required. For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the source website, with which a completed payment is verified. This transaction number does not contain any information about the real payment data of your payment means deposited in Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the payment means deposited with Google Pay.
Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.
Google reserves the right to collect, store and analyse certain transaction-specific information for each transaction made through Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description provided by the merchant of the goods or services purchased, photos you included with the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and the offer associated with the transaction, if any.
According to Google, this processing is carried out exclusively in accordance with Art. 6(1)(f) GDPR on the basis of the legitimate interest in proper billing, verification of transaction data and optimisation and functional maintenance of the Google Pay service.
Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.
Google Pay's terms of service can be found here: Terms of Service.

For more information about Google Pay privacy, please visit Terms of Service.

Online applications. Data protection information in the application process

We process the applicant data only for the purpose and within the scope of the application procedure in accordance with the legal requirements. Applicant data is processed to fulfil our (pre)contractual obligations within the scope of the application procedure in accordance with Art. 6(1)(b), Art. 6(1)(f) GDPR insofar as the data processing becomes necessary for us, e.g., within the scope of legal procedures.

The application procedure requires applicants to provide us with applicant data. The necessary applicant data are marked, if we offer an online form, otherwise necessary information is described in the job descriptions and basically include the personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and the certificates. In addition, applicants may voluntarily provide us with additional information.

By submitting an application to us, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy.

Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR are voluntarily disclosed within the scope of the application procedure, their processing is additionally carried out in accordance with Art. 9(2)(b) GDPR (e.g. health data, such as severely disabled status or ethnic origin).

Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9(2)(a) GDPR (e.g. health data, if this is necessary for the exercise of the profession).

If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form. Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We cannot therefore accept any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend either using an online form or sending application by post.

In the event of a successful application, the data provided by the applicants may be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

Subject to a justified withdrawal by the applicant, the deletion will take place after the expiry of a period of six months so that we can answer any follow-up questions about the application and satisfy our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with the requirements of tax law.
Rights of data subjects
In principle, you have the following rights:

The right to withdraw consent (Art. 7 GDPR);
The right of access (Art. 15 GDPR);
The right to rectification (Art. 16 GDPR);
The right to erasure (Art. 17 GDPR);
The right to restriction of processing (Art. 18(f) GDPR);
The right to data portability (Art. 20 GDPR);
Please note that in order to exercise your rights, the legal requirements must be met in each case. This means, for example, that we may not delete your personal data if the deletion conflicts with legal retention periods.
The right to object (Art. 21 GDPR).

If we use our own legitimate interest or a legitimate interest of a third party (Art. 6(1)(f) GDPR) as the legal basis for processing your personal data, you have the right to object in accordance with Art. 21 GDPR.
In accordance with Art. 21 GDPR, you have the right to object to the processing of personal data at any time. We will then no longer process the personal data for direct marketing or related profiling purposes. We will also not process your personal data for other purposes after an objection, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms; or the processing serves to assert, exercise or defend legal claims (see, for example, Article 21(1) of the GDPR - limited right of objection). In this case, you must provide reasons for the objection that arise from your particular situation. You may also object to the processing of your personal data on grounds relating to your particular situation for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest (Article 21(6) GDPR).

For requests of this nature, please contact datenschutz@kryolan.com. Please note that in the case of such requests, it must be ensured that data subject contacts us directly.
If you believe that your rights have been violated by our data processing, you can also contact your supervisory authority for data protection at any time.
Automated decision-making does not take place on our website.
Amendment of the privacy policy
Changes in the law or changes to our internal company processes may make it necessary to adapt this data protection declaration.

Last modified: July 2024