Kores Holding Zug AG (in the following: Kores) is firmly committed to data privacy. Therefore, as a matter of course, we strictly adhere to the legal regulations concerning the protection of data privacy (in particular those in GDPR (General Data Protection Regulation) and DSG [The Austrian data protection act]) and will do everything possible to ensure the privacy of your data. In addition, it is important for us that you know at any given time which data we store and how we use them. Please take a moment to read the following text informing you about the way we deal with your data. We reserve the right to revise the content of this data privacy statement from time to time, in particular to adapt it to new legal stipulations and technical development so that we can also safeguard data protection in the future. It is therefore advisable to regularly take note of our information and remarks concerning data processing.
This Data Privacy Statement is applicable to Kores’s internet presence under the domain: www.kores.com, as well as other country Kores websites (in the following: “Website”).
1. Responsible person and scope
The responsible person is: Kores Holding Zug AG, Baarerstraße 112, 6302 Zug, Switzerland (hereinafter “Kores”).
2. Data Protection Officer
Our Data Protection Officer is: Kores Holding Zug AG, Baarerstraße 112, 6302 Zug, Switzerland. Please refer to our Data Protection Officer if you have any questions regarding data protection issues at our company. You can reach him under the email-address: email@example.com.
3. General Principles on data processing
We collect and use personal data from our users basically only then, when this is necessary to provide a functional Website as well as to deliver our content and services.
3.1. Personal data
Personal data is all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, email-address, address, date of birth or your phone number. Non-personal data is ex. data regarding the number of users at a website.
3.2. Processing of personal data
Processing of personal data is any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
We process personal data through our Website only if you provide us with this data, ex. when sending us an email. We process this data for the named purposes or for the purposes defined in your request. We do not disclose your personal data to third parties, unless otherwise provided by law or you have given us your consent thereto. Apart from that you may use the general information at www.kores.com without revealing your personal data.
3.3. Legal basis
Collecting and processing your personal data takes generally place upon your consent. Should the data processing be based on your consent, the legal basis for this data processing is Article 6 (1) lit. a GDPR. An exception may occur when obtaining a consent is not possible and/or this is permitted by law.
If processing your personal data is necessary for the purposes of legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, the legal basis for this data processing is Article 6 (1) lit. f GDPR.
Below we describe the processing operations connected with usage of cookies, sessions and logfiles.
4.1. Usage of cookies, sessions and logfiles
4.2. Data collected by cookies
Except for the IP address, no personal data will be stored in the cookies, sessions and logfiles. Furthermore, these files cannot transfer viruses, spy on your computer, or send emails undetected. In addition, each webserver can only read out those cookies it placed itself.
The following data is automatically collected via cookies, sessions and logfiles when you call up our Website:
- Your internet address (IP address) / host name
- Agent/browser type and version
- Website you were referred from (referrer URL)
- Operating system used
- Pages viewed on our Website
- Date and time of access
This data is stored separately from the data you provided to us and is not linked with other personal data. The data processed according to 4.2. is processed for statistical purposes, in order to optimize our Website and our offer.
4.3. Google Analytics
When using Google Analytics, it may not be excluded, that apart from the IP address Google processes further personal data. Please be informed that such information may be transferred by Google to third parties, if this is required by law or if Google contracts third parties to process such data.
Google will use the information gathered by the cookies to evaluate your use of the Website in order to compile reports about Website activities for us and provide additional services associated with the Website and Internet usage. According to Google, Google will not associate your IP address with other personal data collected by Google.
You have the option to prevent Google from acquiring and processing data generated by cookies and data related to your use of our Website (including your IP address) by downloading and installing a Google-provided browser plugin. More information about Google Analytics Opt-out function can be found at: https://tools.google.com/dlpage/gaoptout?hl=en . Please be informed, that in such an event, not all functions of this Website may be available to you.
This plug-in prevents Google Analytics from giving you information about your visit to the site. This plug-in does not prevent any other analysis.
In order to ensure the best possible protection of your personal data, Google Analytics has been extended by the code “anonymizeIP” on this website. This code causes the last 8 bits of the IP addresses to be deleted and their IP address is thus collected anonymously (so-called IP-masking). Your IP address will be shortened by Google in principle, even before the transfer within Member States of the European Union or in other contracting States of the Agreement on the European Economic Area and thereby anonymized. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there.
4.4. Prevention of cookies
Upon closing your browser, the session-cookies are deleted, other cookies after one year. Cookies from our Partners, ex. Google (4.3.) are deleted maximally after 24 months. You can deactivate the usage of cookies by Google by means of visiting the deactivating site of Google. Alternatively, you may deactivate the usage of third party cookies by means of visiting the deactivating site of the network initiative.
4.5. Legal basis
The processing activities described above are necessary for the purposes of legitimate interests pursued by us. The legal basis for this data processing is Article 6 (1) lit. f GDPR.
5. Data security and precautionary measures
We are committed to protecting your privacy and treating your personal data confidential. In order to avoid any manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress.
5.1. Responsibility of the User
We urge you to also take all possible measures to protect your data while working on the internet. Due to the structure of the internet, it is not possible for us to ensure that third parties, which are not within the scope of our responsibility, adapt identical privacy and security measures. Possibly if personal data is not encrypted or is sent per email it may be seen or read by third parties. Hereto we have no impact. It is the responsibility of the user, to secure his/her data via encryption or by other means.
We use the SSL (Secure Sockets Layer) to encrypt your data on all Websites which require providing personal data. SSL encryption masks your data before transmitting it to our server, in such a manner that it cannot be reconstructed by third parties. This safeguards the privacy of your personal data.
5.3. Technical security measures at Kores:
- Encryption of sensitive data transfer with SSL certificates.
- Server security: a firewall system protects our servers against attacks.
- An internal security system and authorisation concept make sure that your sensitive data is not accessible to our employees unless they have a special authorisation.
6. Service providers for processing personal data
We employ service providers, who process personal data on our behalf and only on our instruction. The service providers are required to comply with all data protection regulations and to process data in accordance with our instructions. Our service providers have been carefully selected and receive access to your personal data only to the extent and for the time necessary to carry out their services.
Service providers in third countries are subject to data protection regulations, which do not protect personal data to the same extent as in the European Union. Should we process your personal data in countries, which do not provide such a high level of data privacy as in the European Union, then we will ensure by means of contractual regulations and other instruments that your personal data is safe and adequately protected.
7. Social Media Plug-ins
We rely on our website on the basis of Art. 6 para. 1 sentence 1 lit. f DSGVO social plug-ins from the social networks Facebook and Instagram, in order to make our companies better known. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for the operation compliant with data protection is to be guaranteed by their respective providers. The integration of these plug-ins by us is done by means of the so-called two-click method to protect visitors to our website in the best possible way.
Our website uses Facebook social plugins (“plugins”). If you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers.
By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are currently not logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the US and stored there. If you are logged in to Facebook, Facebook can assign the visit to our website directly to your Facebook account.
Facebook may use this information for the purpose of advertising, market research and tailor-made Facebook pages. For this purpose, Facebook uses usage, interest and relationship profiles, e.g. to evaluate your use of our website in relation to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook. If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.
Our website also uses so-called Instagram social plugins (“plugins”) operated by Instagram Deutscher Anwaltverein 3 LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).
The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”.
When you visit a page of our website that contains such a plugin, your browser connects directly to Instagram’s servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are currently not logged in to Instagram.
This information (including your IP address) is sent from your browser directly to an Instagram server in the US and stored there. If you’re logged in to Instagram, Instagram can instantly associate your visit to our website with your Instagram account. If you interact with the plugins, for example, press the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there.
The information will also be posted on your Instagram account and displayed there to your contacts. If you do not want Instagram to directly map the data collected through our website to your Instagram account, you’ll need to log out of Instagram before visiting our website.
We rely on our website on the basis of Art. 6 para. 1 sentence 1 lit. f DSGVO Services of the provider Google LLC in order to make our website more attractive to you as a user. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for the privacy-compliant operation is to be guaranteed by the provider.
Kores websites use the video sharing platform YouTube, which is owned by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066 is operated in USA. YouTube is a platform that enables the playback of audio and video files.
The described data processing can be deactivated under the following link: https://adssettings.google.com/authenticated.
9. Storage period
Your data will be stored only for the period of time required by law. Your data will be erased, when you have withdrawn your consent for processing your data or the purposes of processing your data have been obtained or when the processing is no longer legitimate for any legal reasons. Any retention periods required by law shall remain unaffected. During the statutory retention periods your data will not be processed for other purposes.
10. Rights concerned
From the GDPR, the following rights arise for you as an affected person for the processing of your personal data:
10.1. Right of access
According to art. 15 GDPR, you can request information about your personal data processed by us. In particular, you may request information on the source of the data, the recipients of this data or categories of recipients, as well as the processing purposes.
10.2. Right of objection
If the processing of personal data is based on your consent, you may object to this processing for the future, at any time and without any reason. To do so please send an email at: firstname.lastname@example.org or a letter at: Kores GmbH, Muthgasse 36, 1190 Vienna, Austria.
10.3. Right to rectification
In accordance with art. 16 GDPR, you can immediately request the rectification of incorrect or the completion of your personal data stored by us.
10.4. Right to erasure or restriction
In accordance with art. 17 GDPR, you may request the deletion of your personal data stored by us. The personal data will be deleted within 7 working days from your request. Any retention periods required by law shall remain unaffected. If your data may not be deleted due to retention periods, only a restriction of processing may be applied. Upon deleting your data, no access right may be granted.
10.5. Right to data portability
According to art. 20 GDPR, you may request to receive your personal data that you have provided to us in a structured, common, and machine-read format, or you may request the transfer to another responsible person, insofar this is possible to due technical means.
10.6. Right of revocation
In accordance with art. 7 (3) GDPR, you can revoke your once given consent to us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future. In such an event you may not access our company’s online services to full extent.
11. Complaint to a supervisory authority
According to art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of stay, your workplace or our company headquarters.