Privacy Policy

We are pleased that you have visited our website, kfi-cargo.com, and are interested in our company.

The protection of your personal data—such as your date of birth, name, phone number, address, etc.—is very important to us.

The purpose of this Privacy Policy is to inform you about the processing of your personal data that we collect when you visit our website. Our data protection practices comply with the legal provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The following privacy policy serves to fulfill the information obligations arising from the GDPR. These can be found, for example, in Art. 13 and Art. 14 et seq. of the GDPR.

1. Section 1 - General Information

1.1. Data Controller

The controller within the meaning of Article 4(7) of the GDPR is the person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

The controller for our website is:

KFI Cargo Control GmbH
Röntgenstr. 1
66763 Dillingen
Germany
Email:  info@kfi-cargo.com
Phone: +49 (0) 6831 76889-30
Fax: +49 (0) 6831 76889-33

We have appointed a Data Protection Officer in accordance with Article 37 of the GDPR. You can contact our Data Protection Officer at  info@kfi-cargo.com .

1.2. Provision of the Website and Creation of Log Files

Every time you visit our website, our system automatically collects data and information about the device used to access the site (e.g., computer, mobile phone, tablet, etc.).

What personal data is collected, and to what extent is it processed?

(1) Information about the browser type and version used;
(2) The operating system of the device used to access the site;
(3) Hostname of the accessing computer;
(4) The IP address of the accessing device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) accessed on our website;
(7) Websites from which the user’s system accessed our website (referrer tracking);
(8) Indication of whether the request was successful;
(9) Amount of data transferred

This data is stored in our system's log files. This data is not stored together with the personal data of any specific user, so individual visitors to the site cannot be identified.

Legal basis for the processing of personal data

Art. 6(1)(f) of the GDPR (legitimate interest). Our legitimate interest is to ensure that the purpose described below is achieved.

Purpose of data processing

The temporary (automated) storage of data is necessary for the proper functioning of a website visit in order to enable the website to be displayed. The storage and processing of personal data also serves to ensure that our website remains compatible for as many visitors as possible, as well as to combat misuse and resolve technical issues. To this end, it is necessary to log the technical data of the accessing computer in order to be able to respond as quickly as possible to display errors, attacks on our IT systems, and/or malfunctions in the functionality of our website. In addition, the data helps us optimize the website and generally ensure the security of our IT systems.

Duration of storage

The aforementioned technical data will be deleted as soon as it is no longer needed to ensure the website’s compatibility for all visitors, but no later than 3 months after the website is accessed.

Right to object and request deletion

You may object to the processing of your data at any time in accordance with Article 21 of the GDPR and request the erasure of your data in accordance with Article 17 of the GDPR. You can find information about your rights and how to exercise them at the bottom of this Privacy Policy.

1.3. General Information on How to Contact Us

Please note that with unencrypted email communication, we cannot guarantee complete data security during transmission to our IT systems; therefore, we strongly recommend using encrypted communication or sending information by mail for highly confidential information. The following risks, among others, are associated with email transmission:

  • Personal data could be disclosed to third parties without authorization due to an incorrect email address;

  • You do not have any information about the recipient's side, such as which employees have access to the email or how many of them do.;

  • Since email data is transmitted through multiple intermediate points, unauthorized third parties can generally access it if it is not encrypted.

1.4. Data Processors

We use several data processors in connection with our website. Whenever a data processor is used for a specific function (e.g., a booking request form) or a web service, this is explicitly stated at the relevant location. In this case, the following additional data processors are used:

We partner with IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, to host the website. Your data is processed on the basis of a data processing agreement in accordance with Article 28 of the GDPR, which serves as the legal basis for the transfer of data to this company.

Section 2 - Special Information

2.1. Special Features of the Website

Our website offers various features, and when you use them, we collect, process, and store personal data. Below, we explain what happens to this data:

Contact form(s)

  • What personal data is collected, and to what extent is it processed?

    We will process the data you have entered into our contact forms—specifically, the information you have provided in the contact form fields—for the purpose described below.

  • Legal basis for the processing of personal data

    Art. 6(1)(a) of the GDPR (Consent through a clear affirmative action or conduct)

  • Purpose of data processing

    We will use the data collected via our contact form(s) solely for the purpose of processing the specific inquiry submitted through the contact form.

  • Duration of storage

    Once your request has been processed, the collected data will be deleted immediately, unless there are any legal retention requirements.

  • Right to Withdrawal and Right to Erasure

    The options for revocation and deletion are governed by the general provisions regarding the right of revocation and the right to erasure under data protection law, as described below in this Privacy Policy.

  • Requirement to Provide Personal Information

    The use of the contact forms is voluntary and is not required by contract or law. You are not obligated to contact us via the contact form; instead, you may use the other contact options listed on our website. If you wish to use our contact form, you must fill out the fields marked as required. If you do not fill in the required fields on the contact form, you will either be unable to submit your inquiry, or we will unfortunately be unable to process your inquiry.

Newsletter Sign-Up Form

  • What personal data is collected, and to what extent is it processed?

    When you subscribe to the newsletter on our website, we receive the email address you enter in the subscription field and, if applicable, any additional contact information you provide via the newsletter subscription form.

  • Legal basis for the processing of personal data

    Art. 6(1)(a) of the GDPR (Consent through a clear affirmative action or conduct)

  • Purpose of data processing

    The data collected in our newsletter sign-up form will be used by us exclusively for sending our newsletter, in which we provide information about all our services and news. After you sign up, we will send you a confirmation email containing a link that you must click to complete your subscription to our newsletter (double opt-in).

  • Duration of storage

    You can unsubscribe from our newsletter at any time by clicking the unsubscribe link, which is included in every newsletter. We will delete your data immediately after you unsubscribe. Similarly, we will delete your data immediately if your registration is not completed. We reserve the right to delete your data without providing a reason and without prior or subsequent notice.

  • Right of withdrawal and right to request removal

    You may withdraw your consent at any time in accordance with Article 7(3) of the GDPR. However, this does not affect the lawfulness of processing carried out prior to the withdrawal. For information regarding your other rights, please refer to the overview at the end of this Privacy Policy.

  • Requirement to Provide Personal Information

    If you would like to subscribe to our newsletter, you must fill out the fields marked as required and confirm your email address by clicking the double opt-in link. The information required for newsletter registration is neither necessary to enter into a contract with us nor legally required. It is used exclusively for the purpose of sending our newsletter. If you do not provide the necessary information, we unfortunately cannot provide you with our newsletter service.

2.2. Statistical Analysis of Visits to This Website – Web Trackers

When you visit this website or access individual files on the website, we collect, process, and store the following data: IP address, the website from which the file was accessed, the name of the file, the date and time of access, the amount of data transferred, and a notification regarding the success of the access (so-called web log). We use this access data exclusively in a non-personalized form for the continuous improvement of our website and for statistical purposes. We also use the following web trackers to analyze visits to this website:

  • Custom Audiences

    We use the Custom Audiences service provided by Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, email: impressum-support@support.facebook.com, website: http://facebook.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework by the European Commission pursuant to Article 45 of the GDPR (hereinafter: DPF -  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection provided by the GDPR applies to the transfer.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    Facebook Custom Audience is an advertising tool offered by Facebook that allows you to run targeted advertising campaigns aimed at website visitors.

    You can view the provider's certification under the EU-US Data Privacy Framework at  https://www.dataprivacyframework.gov/list .

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://www.facebook.com/privacy/policy/.

    The provider also offers an opt-out option at  https://www.facebook.com/privacy/policy/ .

  • Facebook Connect

    We use the Facebook Connect service on our website, provided by Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, email: impressum-support@support.facebook.com, website:  http://www.facebook.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision by the European Commission regarding the EU-US Data Privacy Framework pursuant to Article 45 of the GDPR (hereinafter: DPF -  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection under the GDPR applies to the transfer.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    With Facebook Connect, users can use their Facebook profile to sign in to other web services more easily.

    You can view the provider's certification under the EU-US Data Privacy Framework at  https://www.dataprivacyframework.gov/list .

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://www.facebook.com/privacy/policy/.

    The provider also offers an opt-out option at  https://www.facebook.com/privacy/policy/ .

  • Google

    We use the Google service on our website, provided by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework of the European Commission within the meaning of Art. 45 GDPR (hereinafter: DPF -  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection under the GDPR applies to the transfer.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    We use Google to load additional Google services on our website. This service is used to provide additional Google services, such as the data processing required for the delivery of streams and fonts, as well as relevant content from Google Search. It is technically necessary to exchange the visitor’s information already held by Google across Google services and to provide the visitor with personalized content tailored to their Google Account.

    For the processing itself, the service or we collect the following data: background data stored in the Google user account or with other Google services regarding the website visitor; background data related to the provision of Google services, such as streaming data or advertising data; data regarding the website user’s interaction with Google Search; information about the user’s device, IP address, and browser, and additional data from Google services required to provide Google services related to our website.

    If the service is enabled on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the necessary data. As part of data processing on behalf of a client, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data may also be transferred to the Google services Google APIs, DoubleClick, Google Cloud, Google Ads, and Google Fonts in accordance with the Google Privacy Policy. You can view the provider’s certification under the EU-US Data Privacy Framework at  https://www.dataprivacyframework.gov/list .

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://policies.google.com/privacy.

    The provider also offers an opt-out option at  https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de .

  • Google Ads

    We use the Google Ads service on our website, provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework issued by the European Commission pursuant to Article 45 of the GDPR (hereinafter: DPF -  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection provided by the GDPR applies to the transfer.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    Google Ads is an advertising system that allows us to place ads on external websites across the internet to inform our customers about our services. Based on parameters we set, Google Ads displays ads on external websites that are tailored to our target audience and lead to our website. If a visitor clicks on a Google Ads ad, they are directed to our website. To measure the success and cost of Google Ads campaigns, Google Ads tracks the effectiveness of the advertising campaign when our website is visited. Our website processes the data provided by Google Ads to analyze and improve our advertising efforts, as well as to calculate any applicable fees. With your consent, your data may also be used for remarketing purposes.

    For the processing itself, the service or we collect the following data: data on the advertising interests of website visitors, interactions between site visitors and advertisements related to our website, data regarding visits to our website by site visitors who previously clicked on Google Ads advertisements and were directed to our website, data regarding the user’s device, IP address, and browser, and additional data from Google services for the purpose of delivering and refining Google advertisements related to our website.

    If the service is active on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the necessary data. As part of data processing on behalf of a client, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When Google Ads is used on our website, Google may transmit and process information from other Google services to provide background services for the improvement and personalization of Google advertising. To this end, data processing may also be carried out by other Google services such as Google APIs, Google Cloud, Google Ads, Google Analytics, Google Tag Manager, Google Marketing Platform, and Google Fonts in accordance with Google’s Privacy Policy under Google’s own responsibility for data protection. You can view the provider’s certification under the EU-US Data Privacy Framework at  https://www.dataprivacyframework.gov/list . For more information on the responsible handling of business data, please visit https://business.safety.google/privacy/.

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://policies.google.com/privacy.

    The provider also offers an opt-out option at  https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de .

  • Google Analytics

    We use the Google Analytics service on our website, provided by Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework issued by the European Commission pursuant to Article 45 of the GDPR (hereinafter: DPF -  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection provided by the GDPR applies to the transfer.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    Google Analytics is a web tracking tool that analyzes the behavior of website visitors and their interactions with our website, providing us with reports and forecasts regarding the content and products on our website and their popularity (so-called tracking). We have integrated Google Analytics so that the service can compile an analysis of website users’ browsing behavior. To this end, Google collects data on visitors’ interactions with our website and, where applicable, existing information derived from cookies or other storage technologies, and processes this data statistically for us. Google Analytics uses data processing technologies that enable the tracking of individual visitors and their interactions with other Google services, such as the Google Ads advertising network. Data from other Google services is also used to close data gaps and generate comprehensive statistics on the content of our website using machine learning technologies, modeled statistics, and forecasting functions. If Google Analytics is active on our website, the data collected by Google Analytics is transferred to servers operated by Google Ireland Limited. As part of data processing on our behalf, personal data may also be transferred to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. We use Google Analytics to continuously optimize our website and improve its availability. This constitutes what is known as reach measurement.

    For the processing itself, the service or we collect the following data: Data regarding site visitors’ interactions with the website’s content, data regarding the use of the services displayed on our website, data from external Google services to the extent that they interact with our website (e.g., advertising data or data regarding advertising behavior), data regarding approximate geographic location, the browser and operating system used, as well as additional information about the device used.

    Google Analytics will store the data relevant to web tracking for as long as necessary to fulfill the web service you have subscribed to. Data collection and storage are anonymized. To the extent that individual interactions by site visitors make it possible to subsequently establish a personal connection to specific actions, we will delete the collected data once the purpose has been achieved. The data will be deleted at the latest when it is no longer subject to any legal retention obligations. As a rule, we will delete this data after 12 months at the latest. You can view the provider’s certification under the EU-US Data Privacy Framework at  https://www.dataprivacyframework.gov/list .

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://policies.google.com/privacy.

    The provider also offers an opt-out option at  https://tools.google.com/dlpage/gaoptout?hl=de .

  • Google Tag Manager

    We use the Google Tag Manager service on our website, provided by Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: https://www.google.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework by the European Commission pursuant to Article 45 of the GDPR (hereinafter: DPF -  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection provided by the GDPR applies to the transfer.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    Google Tag Manager provides a technical platform for running other web tools and web tracking programs using so-called “tags” and for managing them centrally. In this context, Google Tag Manager stores cookies on your computer and, to the extent that web tracking tools are run via Google Tag Manager, analyzes your browsing behavior (so-called “tracking”). The data generated by the “tags” is consolidated, stored, and processed by Google Tag Manager under a unified user interface. All integrated “tags” are listed separately in this privacy policy. When using our website with Google Tag Manager “tags” enabled, data—including, in particular, your IP address and your user activities—is transmitted to servers operated by Google. The tracking tools used in Google Tag Manager ensure, through IP anonymization of the source code, that the IP address is anonymized by Google Tag Manager prior to transmission. With Tag Manager, metrics from various service providers (Google and third-party providers) can be linked and analyzed based on so-called tag management. Google Tag Manager helps us compile reports on website activity and manage the web tools on our website.

    For the purposes of processing, the service—or we—collect the following data: cookies, web tracking data, outbound or inbound links, and information generated during the integration and activation of JavaScript code on the website by Google Tag Manager and the web tools triggered by Google Tag Manager.

    You can view the provider's certification under the EU-US Data Privacy Framework at  https://www.dataprivacyframework.gov/list .

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://policies.google.com/privacy.

    The provider also offers an opt-out option at  https://policies.google.com/privacy .

  • Matomo (local)

    We use the Matomo (local) service on our website, provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, email: privacy@matomo.org, website:  https://matomo.org/. Personal data is transmitted exclusively to servers located in the European Union.

    The legal basis for the processing of personal data is our legitimate interest pursuant to Article 6(1)(f) of the GDPR. Our legitimate interest lies in achieving the purpose described below.

    Matomo is hosted on our own server infrastructure and configured by us in such a way that no data is transferred to Matomo, InnoCraft Ltd., or any other third parties. The collection of statistical data serves to monitor the functionality and user-friendliness of our website and to optimize it by analyzing anonymized user traffic. This allows us to identify which content is relevant to our website visitors and users and to expand our offerings accordingly. We can also use the collected data to create anonymous user profiles and derive general statistical information. The data collected in this context will not be combined with other personal data without separate consent.

    For processing purposes, the service—or we—collect the following data: parts of your IP address in anonymized form, user activity (e.g., referrer links, time spent on specific URLs, clickstream, shopping cart or order IDs), data regarding your browser settings, browser provider, browser version, screen resolution, and the operating system used.

    Data collection by our local Matomo instance is also configured to respect privacy. IP addresses are anonymized before they are collected and processed. We have also enabled the “Do Not Track” preference in Matomo. This ensures that Matomo respects a “Do Not Track” request from your browser when you visit our website and, regardless of our other measures, does not track the website user. You can prevent tracking by Matomo at any time by enabling the “Do Not Track” setting in your browser.

    With regard to the processing of your data, you have the right to object as set forth in Article 21. Further information can be found at the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://matomo.org/faq/general/faq_18254/.

  • Meta-Pixel

    We use the Meta Pixel service on our website, provided by Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, email: impressum-support@support.facebook.com, website:  https://www.facebook.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework issued by the European Commission pursuant to Article 45 of the GDPR (hereinafter: DPF -  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection provided by the GDPR applies to the transfer.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    This service is a plugin used to track the activities of website users. Their browsing behavior is then analyzed and used for advertising purposes. This ensures the effectiveness of our advertisements.

    You can view the provider's certification under the EU-US Data Privacy Framework at  https://www.dataprivacyframework.gov/list .

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://www.facebook.com/privacy/policy/.

    The provider also offers an opt-out option at  https://www.facebook.com/privacy/policy/ .

  • Tracking-Expert

    We use the Tracking-Expert service on our website, provided by Experteam GmbH, Karlsruher Str. 71, 75179 Pforzheim, Germany, email: info@tracking-expert.de, website:  https://tracking-expert.de/. Personal data is transmitted exclusively to servers located within the European Union.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    We use the Tracking-Expert web service to collect and analyze conversion data on our website on the server side. This allows us to track which user actions—such as purchases or form submissions—actually take place. This provides us with more precise and reliable tracking information that is processed not by the user’s browser but by our server. Additionally, the service helps us operate in compliance with data protection regulations by providing a consent management platform and transparently managing data processing.

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://tracking-expert.de/datenschutz/.

2.3. Integration of external web services and processing of data outside the EU

On our website, we use active content from external providers, known as web services. When you visit our website, these external providers may receive personal information about your visit. This may involve the processing of data outside the EU. You can prevent this by installing a corresponding browser plugin or by disabling the execution of scripts in your browser. This may result in functional limitations on the websites you visit.

We use the following external web services:

  • Amazon AWS

    We use the Amazon AWS service on our website, provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg, Luxembourg, email: privacyshield@amazon.com, website:  http://aws.amazon.com/. Personal data is also transferred to the United States. With regard to the transfer of personal data to the United States, there is an adequacy decision regarding the EU-US Data Privacy Framework issued by the European Commission pursuant to Art. 45 GDPR (hereinafter: DPF -  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, meaning that the standard level of protection provided by the GDPR applies to the transfer.

    The legal basis for the processing of personal data is our legitimate interest pursuant to Article 6(1)(f) of the GDPR. Our legitimate interest lies in achieving the purpose described below.

    Amazon AWS is a cloud computing service provided by Amazon that is used to host our website and its individual components. The separate AWS cloud allows us to host our website and its services on faster servers.

    You can view the provider's certification under the EU-US Data Privacy Framework at  https://www.dataprivacyframework.gov/list .

    With regard to the processing of your data, you have the right to object as set forth in Article 21. Further information can be found at the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://aws.amazon.com/de/privacy/?nc1=f_pr.

  • Brevo

    We use the Brevo service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, email: support@sendinblue.com, website: http://de.sendinblue.com/, on our website. Personal data is transmitted exclusively to servers located in the European Union.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    Our newsletter and the corresponding sign-up option are provided through the Brevo service.

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://www.brevo.com/de/legal/privacypolicy/.

  • sibforms.com

    We use the sibforms.com service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, website: https://de.sendinblue.com/. Personal data is transmitted exclusively to servers located in the European Union.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    This service provides access to our newsletter and the option to subscribe.

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://www.brevo.com/de/datenschutz-uebersicht/.

  • Site Point

    We use the Site Point service on our website, provided by Site Point GmbH, Vorstadtstraße 57, 66117 Saarbrücken, Germany, email: info@sitepoint.de, website: https://www.sitepoint.de/. Personal data is transmitted exclusively to servers located in the European Union.

    The legal basis for the processing of your personal data is the consent you provided on our website pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR.

    Site Point GmbH is a service provider specializing in content management and web design. On our website, we use the Site Point service to manage content and optimize our site’s design. Site Point offers tools and resources for web developers and designers to help them build a professional online presence.

    You may withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the consent form itself or the end of this Privacy Policy.

    For more information on how the transferred data is handled, please refer to the provider’s privacy policy at  https://www.sitepoint.de/datenschutzerklaerung/.

  • Social Plug-In – „Facebook by META“

    • What personal data is collected, and to what extent is it processed?

      We have integrated a social plugin from the social network “Facebook by META” into our website. This plugin is operated by Meta Platforms Ireland Ltd., Merrion Road, D04 X2K5 Dublin 4, Ireland, email: impressum-support@support.facebook.com, website:  http://www.facebook.com/ (“Facebook by META”). When you visit a page that contains such a plug-in, your browser automatically establishes a background connection to the servers of Facebook by META. The content of the plugin is transmitted directly from Facebook by META to your browser and integrated into our site. Through this integration, Facebook by META receives the information that your browser has loaded a specific page of our website. This applies even if you do not have a Facebook by META profile or are not currently logged in to Facebook by META. This information (including your IP address) is transmitted directly from your browser to a Facebook by META server in Ireland and stored there. If you are logged into Facebook by META, Facebook by META can immediately associate your visit to our website with your Facebook by META profile. If you interact with the plugins—for example, by clicking the “Like” button or posting a comment—this information is also transmitted directly to a Facebook by META server and stored there. The information is also published on your Facebook by META profile and displayed to your Facebook by META contacts whom you have authorized to view it.

    • Legal basis for the processing of personal data

      Art. 6(1)(a) GDPR (if you have registered with “Facebook by META”) and Art. 6(1)(f) GDPR (if you have not registered with Facebook by META). To the extent that processing is based on Art. 6(1)(f) GDPR, the legitimate interest of the website operator is to enable users to interact with the website operator’s content on Facebook by META.

    • Purpose of data processing

      The primary purpose of collecting this data is to provide you with a way to interact socially through Facebook by META and thus make our website more interactive. You can find information about the scope of data collection and the further processing and use of the data you provide by Facebook by META, as well as your rights and settings options for protecting your privacy, in Facebook by META’s privacy policy: https://www.facebook.com/privacy/policy/

    • Duration of storage

      Facebook by META will store the data necessary for providing the web service for as long as necessary. If the data is subject to legal retention requirements, it will be deleted once the retention period has expired.

    • Right to object and request deletion

      If you do not want the Facebook by META social plugin to run, you can prevent it from doing so by installing a suitable add-on or script blocker. If you do not want Facebook by META to associate the data collected via our website with your Facebook by META profile, you must log out of Facebook by META before visiting our website. The options for objection and removal are otherwise governed by the general provisions regarding the right to object and the right to erasure under data protection law, as described below in this privacy policy.

2.4. Information on the Use of Cookies

  • What personal data is collected, and to what extent is it processed?

    We use and integrate cookies on various pages to enable certain features of our website and to integrate external web services. These so-called "cookies" are small text files that your browser can store on your device. These text files contain a unique string of characters that uniquely identifies your browser when you return to our website. The process of storing a cookie file is also referred to as “setting a cookie.” Cookies can be set both by the website itself and by external web services. Cookies are set by our website or the external web services to maintain the full functionality of our website, improve user-friendliness, or to pursue the purpose specified with your consent. Cookie technology also allows us to recognize individual visitors using pseudonyms, such as an individual or random ID, so that we can offer more personalized services. Details are listed in the table below.

  • Legal basis for the processing of personal data

    To the extent that cookies are processed on the basis of consent pursuant to Article 6(1)(a) of the GDPR, this consent also constitutes consent within the meaning of Section 25(1) of the TDDDG for the placement of the cookie on the user’s device. To the extent that another legal basis under the GDPR is cited (e.g., for the performance of a contract or to fulfill legal obligations), the storage or placement is based on an exception pursuant to Section 25(2) of the TDDDG. This exception applies “if the sole purpose of storing information on the end-user’s terminal equipment or the sole purpose of accessing information already stored on the end-user’s terminal equipment is to carry out the transmission of a message via a public telecommunications network” or “if the storage of information in the end-user’s terminal equipment or access to information already stored in the end-user’s terminal equipment is strictly necessary for the provider of a digital service to provide a digital service expressly requested by the user.” The applicable legal basis is determined by the cookie table listed later in this section.

  • Purpose of data processing

    Cookies are set by our website or external web services to ensure the full functionality of our website, improve user-friendliness, or to fulfill the purpose specified with your consent. Cookie technology also allows us to recognize individual visitors using pseudonyms, such as a unique or random ID, so that we can offer more personalized services. Details are listed in the table below.

  • Duration of storage

    Our cookies are stored until you delete them from your browser or, in the case of session cookies, until the session expires. Details are provided in the table below.

  • Right to object and right to rectification

    You can configure your browser to prevent cookies from being set altogether. You can then decide on a case-by-case basis whether to accept cookies or accept them by default. Cookies can be used for various purposes, such as to recognize that your device is already connected to our website (persistent cookies) or to save recently viewed content (session cookies). If you have expressly granted us permission to process your personal data, you may revoke this consent at any time. Please note that this does not affect the lawfulness of the processing carried out on the basis of your consent prior to its revocation.

Cookie-Name Server Provider Purpose Legal basis Retention period Typ
__cfuvid .sibforms.com sibforms.com This cookie is part of the CDN services provided by Cloudflare. By distributing server load, these CDN services help speed up our website and protect our server connection from malicious access by bots or other attacks. Art. 6(1)(f) of the GDPR (legitimate interests) Meeting Security
_fbp .com, .kfi-cargo.com Facebook Connect Facebook uses this cookie to display advertising content and to attribute ad clicks to a user. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) about 3 months Marketing
_ga kfi-cargo.com Google Analytics This cookie assigns a unique ID to a user so that the web tracker can track the user's actions under that ID. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) approximately 24 months Analytics
_ga_ kfi-cargo.com Google Analytics This cookie stores a unique ID for a website visitor in connection with Google Analytics or Google Tag Manager and tracks how the visitor uses the website. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) approximately 24 months Analytics
Google Analytics cookie kfi-shop.de Google Tag Manager This cookie is used by Google AdS to improve the effectiveness of advertising. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) about 3 months Marketing
Test cookie .doubleclick.net Website operator This cookie is set to determine whether the website visitor's browser supports cookies for the DoubleClick service. Art. 6(1)(c) of the GDPR (compliance with a legal obligation) about 15 minutes Cookie-Banner
ET_ConsentId kfi-shop.de Tracking-Expert This cookie is set by Tracking-Expert. It stores your selection from the cookie banner. Art. 6(1)(c) of the GDPR (compliance with a legal obligation) about 1 year Cookie-Banner
ET_Consent kfi-shop.de Tracking-Expert This cookie is set by Tracking-Expert. It stores your selection from the cookie banner. Art. 6(1)(c) of the GDPR (compliance with a legal obligation) about 1 year Cookie-Banner
ET_Stats kfi-shop.de Tracking-Expert This cookie is set by Tracking-Expert. It stores your selection from the cookie banner. Art. 6(1)(c) of the GDPR (compliance with a legal obligation) about 1 year Cookie-Banner
auth kfi-shop.de Website operator This cookie allows us to store the website visitor's authentication information. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) about 3 days Configuration
The identifier of the cookie. kfi-shop.de Website operator This cookie is a tracking cookie from Piwik PRO. It allows us to track page interactions using an assigned pseudonymous visitor ID and to generate statistics about user behavior on the website. To this end, it stores and analyzes information about visitors’ actions on the website during the current session, such as the date and time of the first visit, the average time spent on the website, and the total number of visitors to the website. Art. 6(1)(f) of the GDPR (legitimate interests) about 13 months Analytics
LanguageId kfi-shop.de Website operator This cookie allows us to save the convenience settings you have selected and keep them available for your current and future visits to the site. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) Meeting Configuration
stg_last_interaction kfi-shop.de Website operator This cookie is set in connection with Piwik PRO. It indicates whether the last visitor's session is still active or whether a new session has begun. It stores the timestamp of the visitor's last interaction with our website. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) about 12 months Analytics
stg_returning_visitor kfi-shop.de Website operator This cookie is set in connection with Piwik PRO. It indicates whether the visitor has been to our website before—if so, they are a returning visitor. It stores the timestamp of the visitor’s last interaction with our website. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) about 12 months Analytics
__Secure-BUCKET .google.com Google The __Secure-BUCKET cookie is used to prevent CSRF (Cross-Site Request Forgery) attacks and ensure the security of embedded Google services. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) about 6 months Configuration
NID .google.com Google The NID cookie contains a unique ID that Google uses to store your preferences and other information, such as your preferred language, how many search results should be displayed per page (e.g., 10 or 20), and whether the Google SafeSearch filter should be enabled. The "NID" cookie is also used to display Google ads to users who are not signed in across Google services. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) about 6 months Marketing
SOCS .google.com Google This cookie stores your preferences regarding our cookie banner. Art. 6(1)(c) of the GDPR (compliance with a legal obligation) about 12 months Cookie-Banner
AEC .google.com Google This cookie is used to protect our website. It is used to implement and prevent measures against spam and bot attacks. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) about 6 months Security
IDE .google.com Google Ads This cookie collects statistical data about website visitors and categorizes the information based on factors such as demographics, country, etc. This is used to personalize the user's advertising. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (Consent) about 12 months Marketing

2.5. Using localStorage and sessionStorage

"Web Storage" is a technical method that, similar to cookies, allows data and information to be stored on the user's computer or device.

Data can generally be stored in web storage in two ways. The type of web storage depends on the duration of storage. A distinction is made between permanent storage (localStorage) and storage limited to the "session" (sessionStorage). A session begins when the page is loaded and ends when the page is exited (e.g., by closing the tab or the browser).

Access to localStorage and sessionStorage is provided by the scripts and web services used on the website.

We have created a table below to explain the types of data and the purposes of localStorage and sessionStorage.

Name Art Purpose Legal basis
Google Analytics cookie Analytics Used by Google for conversion tracking in Google Ads and Google Tag Manager. Helps measure the effectiveness of advertising campaigns by tracking user interactions with ads and websites. Stores data regarding ad clicks and conversions, enabling website operators to understand how users interact with their ads and make data-driven decisions to optimize their campaigns. Art. 6(1)(a) GDPR – Consent
cookieStates Cookie-Banner Saves your choice from the cookie banner. Art. 6(1)(c) of the GDPR (compliance with a legal obligation)
lastExternalReferrer Analytics Records how the user arrived at the website by logging their last URL. Art. 6(1)(a) GDPR – Consent
lastExternalReferrerTime Analytics Records how the user arrived at the website by logging their last URL. Art. 6(1)(a) GDPR – Consent
tcstring Cookie-Banner Saves your choice from the cookie banner. Art. 6(1)(c) of the GDPR (compliance with a legal obligation)

3. Section 3 - Your Rights

3.1. Right to Information

You have the right to request confirmation as to whether we process your personal data. If this is the case, you have the right to access the information specified in Article 15(1) and (2) of the GDPR. We will also be happy to provide you with a copy of the data, provided that this does not infringe upon the rights and freedoms of others (see Article 15(4) of the GDPR).

3.2. Right to Correction

In accordance with Article 16 of the GDPR, you have the right to have any personal data we hold that is incorrect (such as your address, name, etc.) corrected at any time. You may also request that we complete any incomplete personal data we hold at any time. We will make the necessary changes without delay.

3.3. Right to erasure

Pursuant to Article 17(1) of the GDPR, you have the right to request that we erase the personal data we have collected about you if

  • the data is no longer needed;
  • the legal basis for the processing has ceased to exist without replacement due to the withdrawal of your consent;
  • you have objected to the processing and there are no overriding legitimate grounds for the processing;
  • your data is being processed unlawfully;
  • a legal obligation requires this
  • data has been collected in accordance with Article 8(1) of the GDPR.

Pursuant to Article 17(3) of the GDPR, this right does not apply if

  • the processing is necessary for the exercise of the right to freedom of expression and information;
  • your data has been collected based on a legal obligation;
  • the processing is necessary for reasons of public interest;
  • the data is necessary for the assertion, exercise, or defense of legal claims.

3.4. Right to restriction of processing

Pursuant to Article 18(1) of the GDPR, you have the right to request the restriction of the processing of your personal data in certain cases.

This is the case when

  • you dispute the accuracy of your personal data;
  • the processing is unlawful and you do not consent to its erasure;
  • the data is no longer needed for the purpose for which it was processed, but the collected data is necessary for the establishment, exercise, or defense of legal claims;
  • an objection to the processing has been lodged pursuant to Article 21(1) of the GDPR, and it is still unclear which interests prevail.

3.5. Right of Withdrawal

If you have given us your explicit consent to process your personal data (Art. 6(1)(a) GDPR), you may withdraw this consent at any time. Please note that this does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.

3.6. Right to Object

If, due to a specific situation, you no longer wish for us to process your data, you may object at any time, in accordance with Article 21 of the GDPR, to the processing of data that we have collected on the basis of Article 6(1)(f) of the GDPR (legitimate interest).

3.7. Right to Data Portability

Upon request, in accordance with Article 20(1) of the GDPR, we will provide you or a representative designated by you with the following data in a commonly used machine-readable format:

  • Data collected on the basis of explicit consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR;
  • Data that we have received from you pursuant to Article 6(1)(b) of the GDPR in connection with existing contracts; provided that the data has been processed using an automated procedure.

3.8. How can you exercise your rights?

You can exercise your rights at any time by contacting us using the contact information below:

KFI Cargo Control GmbH
Röntgenstr. 1
66763 Dillingen
Germany
Email: info@kfi-cargo.com
Phone: +49 (0) 6831 76889-30
Fax: +49 (0) 6831 76889-33

3.9. Right to lodge a complaint with the supervisory authority pursuant to Article 77(1) of the GDPR

If you suspect that your data is being processed unlawfully on our website, you may, of course, seek a judicial resolution of the matter at any time. In addition, you may pursue any other legal remedies available to you. Regardless of this, pursuant to Article 77(1) of the GDPR, you have the option to contact a supervisory authority. You have the right to lodge a complaint under Article 77 of the GDPR in the EU Member State where you reside, where you work, and/or where the alleged infringement occurred; that is, you may choose the supervisory authority to which you wish to appeal from among the locations mentioned above. The supervisory authority to which the complaint was submitted will then inform you of the status and results of your submission, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Created by:

© DURY LEGAL Attorneys at Law – www.dury.de

© Website-Check GmbH – www.website-check.de