English | Deutsch

Data Protection

  1. Privacy Notice
    Krones AG (hereinafter referred to as “Krones”, “we” or “us”) is glad that you are visiting our websites as well as mobile applications (collectively also referred to as “Online Offer”) and that you are interested in our Company and our products. We view the protection of your private sphere during the processing of personal data and the security of all business data as important considerations which we take into account in our business processes. We process personal data collected during your visit to our Online Offers in a confidential manner any only in compliance with the statutory provisions. Data protection and information security are part of our company policy.
  2. Controller
    Krones is the Controller responsible for the processing of your data. Our contact details are as follows:

    Krones AG
    Böhmerwaldstraße 5
    93073 Neutraubling
    Phone: +49 9401 70 – 0
    Telefax: +49 9401 70 – 24 88
    Email: sm2@krones.com
  3. Processing of personal data
    1. Principles
      Personal data is any information relating to an identified or identifiable natural person, i.e. for example names, addresses, telephone numbers, e-mail addresses, contractual, booking and accounting data which is the expression of a person’s identity. We process personal data (including IP addresses) only if there is a legal basis for this or if you granted us your consent in this regard, for example in the course of a registration.
    2. Categories of data processed
      The following data categories are processed:

      • Communication data (e.g. name, telephone, e-mail, address, IP address)
      • Customer history
    3. Purposes of processing and legal bases
      We and service providers engaged by us process your personal data for the following purposes of processing and subject to the following legal bases:

      1. Contractual basis (preparation, performance, termination):
        • Answering enquiries
        • Handling of your orders
        • Preparation, negotiation and fulfilment of a contract with you
        • Granting access to certain information and offers.
      2. Legal obligation
        • Official or judicial order
      3. Legitimate interest of Krones
        • Direct marketing
        • Pseudonymised webtracking
        • Improvement of products and services
        • Online surveys (note: if we involve a market research institute for survey, it will only become active on our behalf and subject to our instructions.)
        • Establishment or protection of legal claims or defence of court actions
        • Prevention of abuse or other unlawful activities
        • Guarantee of data security
      4. Consent
        • Product or customer surveys by e-mail and/or telephone
        • Sending newsletters
    4. Log files
      During each use of our website, your internet browser automatically transmits certain information to us which we store in so-called log files (e.g. internet browser used and operating system; domain name of the website you previously visited number of visits; average dwell time, pages accessed). This information is not associated with a specific person. We and our subsidiary companies worldwide store these log files for the detection of disturbances and for security reasons (e.g. for the clarification of attempted attacks) for a short time and deleted thereafter. Log files the continued retention of which is required for evidentiary purposes shall be excluded from the deletion until final clarification of the respective incident and can be forwarded to investigating authorities on an individual basis. Log files are also used for analysis purposes (without or without the complete IP address); for this, see the Web Analysis Section.
  4. Obligation for the provision of personal data
    To the extent there is a contract between you and us, you have to provide the personal data which is required for commencement, performance and termination of the contractual relationship and for the fulfilment of the contractual obligations related thereto or to the collection of which we are legally obliged. Without the provision of such data, we will generally not be able to enter into, perform and terminate a contract with you. To the extent the data processing in the course of your use of our website is not required for the commencement, performance and termination of a contractual relationship or for the fulfilment of contractual obligations and is not required under applicable laws, the provision of your data shall be voluntary. Please note that certain functionalities of the website or services cannot be used if you do not provide the data required for such purposes.
  5. Children
    Krones will not knowingly process personal data of children without explicitly pointing out that such data should only be transmitted with the consent of the legal guardians or if permissible under applicable legal provisions. Any use or disclosure of personal data of children by Krones will in general only be performed, to the extent this is legally permitted, to obtain the legally required consent of the parents or for the protection of children.
  6. Data disclosure
    1. Forwarding of data to other controllers
      In general, we transfer your personal data to third parties only if this is required for contract performance or if the third party has a legitimate interest in the data disclosure of if you provided your consent thereto. Third parties may be subsidiary companies of Krones. To the extent data is transferred to third parties based upon a legitimate interest, this is explained in this Privacy Notice. Furthermore, data can be transferred to other controllers to the extent we are obliged to do so due to statutory provisions or enforceable official or judicial orders.
    2. Service providers
      We engage external service providers to perform tasks such as sales and marketing services, contract management, payment processing, programming, data hosting and hotline services. We have chosen these service providers carefully and monitor them on a regular basis, in particular their careful treatment and protection of the data stored with them. We oblige all service providers to maintain confidentiality and to comply with the statutory regulations.
  7. Disclosure to recipients outside the EEA
    We may also disclose personal data to recipients based outside the European Economic Area, in so-called third states. In such case, we make sure before disclosure that the recipient either has an appropriate data protection level in place (e.g. based upon an adequacy decision by the EU Commission for the country in question or the agreement of so-called EU Standard Contractual Clauses of the European Union with the recipient) or that you granted your consent to such disclosure.
  8. Duration of storage; retention periods
    In general, we store your personal data as long as this is required for the provision of our online offers and the services related thereto or as long as we have a legitimate interest in continued storage (for example, we may have a legitimate interest in postal marketing after fulfilment of the contract). In all other cases, we delete your personal data with the exception of data which we have to keep for the fulfilment of legal obligations (e.g. under tax or commercial law).
  9. Use of cookies
    Cookies are small text files which are stored on your computer when you visit an online offer. If you access such online offer again, your browser will send back the contents of the cookies to the respective provider, thus allowing for recognition of the end device. By reading out cookies, we can design our online offer for you in an optimal manner and facilitate your use, e.g. storage of the password. If you do not wish that Krones recognises your computer, please adjust the settings of your internet browser such that it deletes cookies from your hard disks, blocks all cookies or warns you before a cookie is saved.
  10. Web analysis
    We need statistical information on the use of our online offer in order to make it more user-friendly, to perform reach measurements and to carry out market research activities. To that end, we use the web analysis tools described in this Section. The use profiles generated by using analysis cookies or evaluating the log files will not be combined with personal data. The tools either do not use IP addresses of the users at all or shorten them immediately after collection. The providers of the tools process data as processors only subject to our instructions and not for their own purposes. For tools which work with opt-out cookies, it has to be noted that the opt-out function is specific to devices and/or browsers and generally only applies to the end device or browser you are currently using. If you use several end devices and/or browsers, you have to set opt-out for each individual end device and for each browser used. Furthermore, you can prevent the generation of user profiles as a whole by deactivating the use of cookies in general.

    1. Matomo
      Within the scope of Matomo’s coverage analysis, the following information is collected on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of Art. 6 Par. 1 lit. f. GDPR). The user’s IP address is made anonymous before it is saved. Matomo uses cookies, which are stored on the user’s computer and which enable an analysis of the use of our online offer by the users. Thereby pseudonymous user profiles of the users can be created from the processed data. The cookies have a storage period of one week. The information generated by the cookie about your use of this website is only stored on our server and is not passed on to third parties. Users can object to the anonymous data collection by the Matomo programme at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie will be stored in your browser, which means that Matomo will no longer collect any session data. However, if users delete their cookies, the opt-out cookie will also be deleted and must therefore be reactivated by the users. The logs with the users’ data are deleted after 6 months at the latest.
  11. Google reCAPTCHA
    We use the Google reCAPTCHA service, which protects our website from spam and abuse. reCAPTCHA prevents automated software (known as bots) from engaging in abusive activities on the website. It does so by checking whether the inputs being made are actually being made by a human. To enable this process, the following details are collected and processed:

      • Referrer (the address of the page on which the captcha is used)
      • IP address of the user
      • Google account (if the user is registered with Google, this is detected and assigned)
      • The input behaviour of the user (e.g. answering the reCAPTCHA question, the speed of entry in the form fields, the order in which the input fields are selected by the user) is analysed in order to improve pattern detection at Google.  Browser, browser size and resolution, browser plug-ins, date, language setting
      • Cascading style sheets (CSS) and scripts (Javascript) of the web page
      • Mouse and touch-pad events within the page
        Google also reads the cookies of other Google services such as Gmail, Search and Analytics. All the above details are sent to Google in encrypted form. Google’s subsequent analyses determines the form in which the captcha is displayed on the page – either in a checkbox or as a text input. Personal details from the input fields of the relevant form are not exported or stored. Further information on Google’s data protection policy can be found at www.google.com/policies/privacy/.
  12. Social plugins
    In our online offer, we use so-called social plugins of different social networks; these are described individually in this Section. The plugins represent independent extensions of the providers of social networks. Therefore, we do not have any influence on the amount of the data collected and stored by such plugins. If you do not wish that the providers of social networks receive and, where applicable, store data collected via this online offer, you should not use the respective plugins. With the so-called two-click solution, we protect you from your visit to our websites being collected and evaluated by providers of social networks by default.

      1. YouTube
        his online offer uses the YouTube video platform which is operated by YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, USA (“YouTube”). YouTube is a platform enabling users to playback video and audio files. If you access a corresponding page of our offer, the embedded YouTube player establishes a connection to YouTube so that the video or audio files can be transmitted and reproduced. In the course thereof, data will also be transferred to YouTube as data controller. We are not responsible for the processing of such data by YouTube. Please refer to the privacy notice of YouTube for further information on the scope and purpose of the data collected, on the further processing and use of the data by YouTube, on your rights and the data protection options available to you.
  13. Processing of your location data
    Our offer also includes so-called location based services by means of which we provide you with specific offers which are customised for your individual location. In order to be able to provide you with these functions of the app, we collect the respective last three GPS locations transmitted by the mobile end device and your IP address if you consent thereto. We do not create movement profiles in the course thereof. You can deactivate or reactivate or temporarily deactivate in the pause mode this function in the settings of the respective app or the operating system of your mobile end device without impairing the basic functionality of the app.
  14. External Links
    Our online offer may contain links to third-party websites − i.e. of providers not affiliated to us. After clicking on the link, we do not have any influence on the collection, processing and use of any personal data transferred to the third party by clicking on the link (such as the IP address or the URL of the page containing the link) as the behaviour of third parties is naturally not under our control. We do not assume any responsibility for the processing of such personal data by third parties.
  15. Safety
    Our employees and the service providers acting on our behalf are obliged to maintain confidentiality and comply with the provisions of the applicable data protection laws. We take all required technical and organisational measures in order to ensure an appropriate level of protection and to protect your data managed by us particularly against the risks of accidental or unlawful destruction, manipulation, loss, alteration or unauthorised disclosure or unauthorised access. Our security measures are subject to continuous improvement according to technological developments.
  16. Your rights as a user
    Please use the details set forth in the “Controller” section to assert your rights. When doing so, please ensure that we are able to clearly identify you. You are entitled to obtain from us information on the processing of your data. For this purpose, you can assert a right of access regarding your personal information we process. In addition, you can require us to rectify incorrect data and – to the extent the statutory provisions are met – complete or erase your data. However, this shall not apply to data required for billing and accounting purposes or subject to the statutory retention obligation. To the extent access to such data is not required, processing thereof will be restricted. In addition, you can require us to – to the extent the statutory provisions are met – restrict the processing of your data.

    • Objection to data processing:
      Moreover, you are entitled to object to data processing by us at any time. We will then cease processing your data, unless we can – in accordance with the statutory provisions – demonstrate compelling legitimate grounds for the further processing which override your interests.
    • Objection to direct marketing:
      Apart from that, you can object to the processing of your personal data for marketing purposes at any time (“objection to marketing”). Please note that for organisational reasons, your withdrawal and the use of your data in the course of a campaign which has already commenced may overlap.
    • Objection to data processing if “legitimate interest” is the legal basis:
      In addition, you are entitled to object to data processing by us at any time to the extent such processing is based upon the legal basis of a legitimate interest. We will then cease processing your data, unless we can – in accordance with the statutory provisions – demonstrate compelling legitimate grounds for the further processing which override your interests.
    • Withdrawal of consent:
      If you have given us your consent to the processing of your data, you can withdraw it at any time with effect for the future. A withdrawal shall not affect the lawfulness of the data up until the time of the withdrawal.
    • Data portability
      Furthermore, you are entitled to receive data which you provided to us in a structured, common and machine-readable format or – to the extent technically feasible – to request transfer of such data to a third party.
    • Right to lodge a complaint with the supervisory authority:
      You are entitled to lodge a complaint with a supervisory authority. For this, you can contact the data protection authority which is competent for your place of residence or your state or the data protection authority competent for us. This is:
      Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
      Promenade 27
      91522 Ansbach
      Telephone: +49 981 53 1300
      Fax: +49 981 53 98 1300
      E-mail: poststelle@lda.bayern.de
  17. Changes to the Privacy Notice
    We reserve the right to amend our security and data protection measures to the extent this is necessary due to technological advancements. In these cases, we will also adjust our data protection information accordingly. Therefore, please note the respective current version of our Privacy Notice.

Version: 15.01.2020