Information on data protection for Visitors to our Website, Customers, Suppliers, Interested Parties, Applicants and other Data Subjects

With the following information, we would like to give you – be it as a visitor to our online offering, as a customer, an interested party, supplier, as an applicant or any other data subject – an overview of the processing of your personal data by us and of your rights under data protection law. Details of which data are processed and the manner in which they are used is predominantly determined by the services agreed. Therefore, not every element of this information may be applicable to you.

1. Controller and contact details of the Data Protection Officer

Responsibility lies with

Krüger & Sohn GmbH
Robert-Bosch-Strasse 1+3
84030 Landshut
(hereinafter referred to as the “Company”)

You can reach our external Data Protection Officer under

Henrik von Kunhardt
Gerhard-Hauptmann-Strasse 7
85276 Pfaffenhofen, Germany

2. Processing of personal data in connection with your use of our websites, applications and online platforms

a. Data categories, purpose of processing and legal basis

In connection with your use of the Company’s websites, applications or online tools (hereinafter collectively referred to as the “Online Offering”) we process the following personal data:

  • Personal data that you yourself enter voluntarily in the context of an online offering (such as during registration, requests to contact you or in the context of participation in surveys, etc.), such as first and last name, E-mail address, telephone number, information provided in the context of a support request, comments or forum posts and
  • Information that is automatically sent to us by your web browser or terminal device, such as your IP address, device type, browser type, web sites previously visited, sub-pages visited or the date and time of each visitor query. We will process your personal data for the following purposes:
  • to enable you to use the services and functions of our online offerings,
  • to process your request,
  • to establish your identity and enable user authentication,
  • to send you marketing information or contact you as part of customer satisfaction surveys as described in Clause 4; and
  • to enforce our Terms of Use, to assert or defend against legal claims, and to deter and prevent fraudulent and similar acts, including attacks on our IT infrastructure. Processing personal data is necessary to achieve the aforementioned purposes. Unless expressly stated otherwise at the time of collection of personal data, the legal basis for data processing is:
  • execution and performance of a contract with you under Article 6 paragraph 1 lit. b) GDPR,
  • fulfilment of legal obligations to which the Company is subject under Article 6 paragraph 1 lit. c) of the GDPR, or
  • safeguarding legitimate interests under Article 6 paragraph 1 lit. f) GDPR. The legitimate interest of the Company lies in the processing of your personal data for the purpose of offering and operating the online services. In some cases we will ask you expressly for your consent to the processing of your personal data. In such a case, the legal basis for processing your personal data is the consent you have given in accordance with Article 6 paragraph 1 lit. a) GDPR.

b. Cookies

Cookies are small text files that your browser automatically creates and stores on your mobile device when you visit the website. Cookies contain information that is related to the context of use and your terminal device. Depending on the type, the use of cookies is possible without consent or may require consent. Cookies not subject to consent are especially those that are necessary to use our online offering or that serve IT security. The legal basis for the storage and retrieval of such cookies is Section 25 (2) No. 2 TTDSG. The legal basis for further data processing in these cases is Article 6 paragraph 1 lit. f GDPR (legitimate interests in the provision of the online offer or IT security).

By comparison, cookies requiring your consent serve to individually adapt the use of our offering to your preferences on the one hand. You give your consent in this respect when our “cookie banner” appears while you are calling up our online offering. Here, you can declare your consent to the use of cookies on this website by clicking a button.

For example, we use cookies to find out whether you have already visited our online offering. For the purpose of user-friendliness, we also use temporary cookies which are stored on your end device for a certain fixed period of time. If you visit our website again, the circumstances of your visit and your entries are automatically recognised and, if necessary, supplemented.

Furthermore, we use cookies in order to statistically record and optimise the use of our online offering and to analyse it for you.The legal basis for data processing for cookies requiring consent or the data obtained from them is your consent pursuant to Section 25 (1) TTDSG and Article 6 paragraph 1 lit. a GDPR in conjunction with Article 7 GDPR. This data includes, among other things, pages called up, duration of visit, origin, country, etc. We analyse these statistical data in order to optimise our offering.

You may revoke or adjust your decision regarding the use of cookies on our website at any time by clicking on “Settings” on the cookie banner. Thus, you can also revoke the consent you have given whenever you wish. Revocation the consent does not affect the lawfulness of any processing carried out on the basis of your consent until revocation.

Overview of the cookies used on this website:

VendorPurposeTypeStorage time
Technical cookies of the application server
to arrange requests for sessions on the
server side. Beyond that, no user-related
information will be stored.
cookie settings

c. Google Maps

For the display of geographical information, e.g. for the display of the more interactive map for directions, Google Maps is used on our website. When using Google Maps, personal data about the use of the website and Maps functions by users of the websites will be transmitted to Google.

By using Google’s mapping services on our website, the user is given a way to find us more easily when visiting.

The legal basis for the temporary storage of the data and the log files is Article 6 paragraph 1 lit. f GDPR. The legal basis for the transfer of personal data to Google as the provider of the Google Maps service is Article 6 paragraph 1 lit. a GDPR. We will obtain the necessary consent from our users as soon as they have called up our website.

The data will be erased as soon as it is no longer necessary for achieving the purpose of collection.

In case of collection of the data to provide the website, this is the case as soon as the respective session is finished.

When the data are stored in log files, this is the case after seven days at the latest. Storage beyond that is not possible. In this case, the IP addresses of the users will be anonymised or pseudonymised, so that allocation of the user calling it up is no longer possible.

If you do not want Google to collect, process or use data about you via our website when the map view is displayed, you can refuse to consent to the forwarding of data to Google, which is displayed when you first access our website. In addition, you can disable JavaScript in your browser settings.

However, in these cases you cannot use the map display. When JavaScript is deactivated other functions on the website such as menu navigation will not function any longer either. We therefore recommend that you do not disable JavaScript if you wish to take full advantage of the content and features of our website.

As described in Clause 2 b, a cookie is also set when Google Maps is used. The notes there therefore apply accordingly.

You will find more information about the data processing by Google in Google’s Privacy Policy:

d. Links to other websites and to our social media pages

This Privacy Policy applies only to our online offerings and not to websites and applications of third parties. Our online offerings may contain links to third-party websites and applications that may be of interest to you. We are not responsible for the collection, processing and use of your data within the framework of websites or applications that are not operated by us, nor for their content.

On our website, we use references (“links”) to the social networks Facebook, Twitter and Instagram on the basis of Article 6 paragraph 1 sentence 1 lit. f) GDPR to draw attention to our services and products and to contact you as a visitor and user of these social media sites and our website.

We have no influence on the processing of your personal data when you visit social media sites.

The provider of the social network has control over the data processing in the context of the use of the respective service. This includes, for example, the storage and use of cookies on user terminals and the analysis of your behaviour on the social network.

You will recognise the links by the logo of the respective social network. By clicking on the logo, a direct connection will be established between your browser and the server of the respective service and you will be redirected to the website of the service provider.

For more information about data processing on social media sites, please refer to the privacy policy of the relevant social network:

e. Forms for the transmission of documents and data sheets

Forms are available on our website which can be used for the electronic transmission of documents and data sheets on our products. If a user takes advantage of these options, the data entered in the input mask will be transmitted to us and part of the data is stored.

In this context, no data will be passed on to third parties outside the Company. The data will be used exclusively for the transmission of the corresponding documents.

The legal basis for processing data transmitted in connection with sending documents is Article 6 paragraph 1 sentence 1 lit. f) GDPR.

Processing the personal data from the input mask serves us to make contact and to prevent improper use of the contact form.

The data will be erased as soon as it is no longer necessary for achieving the purpose of collection.

Regarding the personal data from the input mask of the form, this will be the case when the respective correspondence with the user has ended.

Users have the possibility to object to the processing of their personal data at any time. In such a case, the correspondence cannot be continued. Please send us your deletion request via E-mail to

In this case, all personal data stored in the course of the data transmission will be deleted.

f. Matomo

We use the web analysis service Matomo on our website. Matomo uses cookies for this analysis.

Cookies are small text files that are stored on your computer and enable an analysis of your use of the website.

The information generated by the cookies, for example time, place and frequency of your website visit including your IP address, is transferred to our PIWIK server and stored there.

Your IP address is immediately anonymised during this process, so that you remain anonymous to us as a user.

The information generated by the cookie about your use of this website will not be passed on to third parties.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

3. Processing of personal data of Business Partners

a. Data categories, purpose of processing and legal basis

Within the scope of cooperation with Business Partners, the Company processes personal data of contact persons at customers, suppliers, interested parties, sales partners and cooperation partners (hereinafter referred to as “Business Partners”):

  • contact information, such as first and last name, business address, business phone number, business mobile number, business fax number, and business email address,
  • payment information such as details required for processing payment transactions or preventing fraud, including credit card details and card verification numbers,
  • additional information which needs to be processed in the context of a project or handling a contractual relationship and which is voluntarily provided by Business Partners, e.g. in the context of orders placed, inquiries or details of projects,
  • personal data collected from publicly available sources, information databases or credit agencies, and
  • as far as legally required in the context of compliance screenings: date of birth, identity card and ID numbers, information on relevant legal proceedings or other legal disputes involving Business Partners.

Personal data is also processed for the following purposes:

  • communication with Business Partners on products, services and projects, for example to process inquiries from the Business Partner or to provide technical information on products,
  • maintenance and protection of the safety of our products and services as well as our websites, prevention and discovery of safety risks, fraudulent activities or other criminal offences or acts carried out with the intent to cause damages;
  • compliance with (i) legal requirements (e.g. tax and commercial retention requirements), (ii) existing obligations to conduct compliance screenings (to prevent white-collar crime or money laundering), and (iii) policies and industry standards; and
  • settling legal disputes, enforcing existing agreements as well as asserting, exercising and defence against legal claims.

Processing personal data is necessary to achieve the aforementioned purposes. Unless expressly stated otherwise at the time of collection of personal data, the legal basis for data processing is:

  • execution and performance of a contract with you under Article 6 paragraph 1 lit. b) GDPR,
  • fulfilment of legal obligations to which the Company is subject under Article 6 paragraph 1 lit. c) of the GDPR, or
  • safeguarding legitimate interests under Article 6 paragraph 1 lit. f) GDPR. The legitimate interest lies in the initiation, implementation and handling of the business relationship in commercial transactions.

If, in an individual case, you have expressly given your consent to the processing of your personal data, this consent is the legal basis for the processing (Article 6 paragraph 1 lit. a) GDPR.

4. Processing of personal data of applicants

a. Categories of data and purpose of data processing

Within the framework of the application procedure, we process the following categories of personal data:

  • personal data (first and last name, date of birth, address, school-leaving certificate)
  • communication data (telephone number, mobile number, fax number, E-mail address)
  • data on assessment and evaluation in the application procedure
  • data on education (school, vocational training, civilian / military service, university education, doctorate)
  • data on the applicant’s previous professional career, training and work certificates
  • information on other qualifications (e.g. language skills, PC skills, voluntary work)
  • application photo
  • details of the desired salary
  • application history
  • social media links (link to Xing or LinkedIn profile, if data transfer from these profiles was selected)
  • identification data of the Internet browser used

Personal data that you provide to us as part of your application will be stored and used exclusively for the purpose of processing the application and, if necessary, for the implementation of subsequent employment.

b. Legal basis of processing

The processing of your personal data in the context of the application procedure is based on Article 6 paragraph 1 lit. b) GDPR (establishment and execution of a contract) as well as Sec. 26 (1) sentence 1 German Data Protection Act (BDSG).

c. Transfer of data

Your data will be made available to the relevant members of the Human Resources Department and to the employees or managers of the department(s) responsible for the position for which you have applied.

In the case of an unsolicited application, your documents will be made available to the relevant members of the Human Resources Department and to the responsible employees or superiors of the relevant department/s for whom your application might be of interest. We also use contract processors (e.g. IT service providers). Your data will be passed on to them in strict compliance with the obligation of secrecy and the requirements of the GDPR. The processors commissioned by us may process the data only for us and not for their own purposes. Responsibility for data processing in these cases remains with us.

Data will also be passed on if we are obliged to do so by law and/or official or court orders.

5. Recipients and categories of recipients

Within our Company, access to your data is granted to those bodies that need it to fulfil their contractual and legal obligations. Service providers and agents appointed by us may also receive the data for these purposes if they commit to protecting confidentiality and integrity. These are companies in the categories IT services, logistics, printing services, telecommunication, collection of receivables, consulting as well as sales and marketing.

As far as passing on data to recipients outside our company is concerned, it must first be kept in mind that we will pass on only necessary personal data, observing all regulations on data protection. As a matter of principle, we may pass on information about you only if this is required by law, you have given your consent or we have otherwise been granted authority. Under these circumstances, recipients of personal data may, for example, be:

  • public authorities and institutions (such as tax authorities, authorities prosecuting criminal acts, family courts, land registries) if based on a statutory or regulatory obligation,
  • banking and financial services institutes or comparable institutions to whom we transfer personal data for fulfilling the contractual relationship (banks, credit agencies),
  • other group-affiliated companies for risk management purposes due to legal or regulatory obligations,
  • creditors or liquidators submitting queries in connection with a foreclosure,
  • auditors,
  • service providers whom we involve in connection with contract data processing relationships,
  • sales representatives of the company.

6. Transfer to third countries

Data transfer to bodies in states outside the European Union (so-called third countries) will take place to the extent

  • this is required for performance of the contractual relationship (such as shipment orders),
  • it is required by law (such as obligatory reporting under tax law), or
  • you have given us your consent.

Moreover, transfer to bodies in third countries is intended in the following cases:

  • If necessary in individual cases, your personal data may be transmitted to an IT service provider in a third country to ensure that the IT department of the Company remains operative, observing the level of the European data protection rules.
  • On the basis of statutory provisions on controlling money laundering, the financing of terrorism and other criminal acts and within the scope of a balancing of interests, personal data (such as legitimisation data) may be transferred to third countries in individual cases, observing the data protection level of the European Union.

The use of our range of social media, Google Maps as well as the use of IT service providers may result in data transmissions and subsequent processing of usage data of the respective services in the United States. The basis for any processing activities is your explicit declaration of consent which you have given via the cookie banner. Your declaration of consent justifies such data processing by way of exception and on a case-by-case basis pursuant to Article 49 paragraph 1 lit. a) GDPR. Please note that data protection which would be comparable to the level in the EU and EEA does not exist in the United States.

In particular, it is possible that state authorities may access your personal data on the basis of legal authorisations without us or you being informed. There are no comparable opportunities for enforcing the law of another country in the U.S. so that this does not appear promising.

Any data transfers take place exclusively in an automated manner in connection with the use of our offering on social media (Facebook, Twitter and Instagram), Google Maps and because of the use of IT service providers and with the help of the use of cookies. For further details, please refer to the Clauses on social media sites (Clause 2 d), Google Maps (Clause 2 c), cookies (Clause 2 b), IT service providers (Clause 4 c) and transfer to third countries (Clause 6) in this data protection declaration.

You may refuse the use of cookies and other technologies altogether or choose individual settings.

You can also revoke your consent at any time with effect for the future. Any processing carried out previously remains unaffected by a revocation.

7. Retention period

We process and store your personal data as long as is necessary for the fulfilment of our contractual obligations and the exercise of our rights. The revocation of any consent given previously will be stored for three years (accountability). The administrative cookie will be deleted 6 months after the last visit. Server log data is anonymised before storage.

In individual cases, longer storage of data for the purpose of providing evidence may be justified in legitimate individual cases. According to Secs. 195 et seqq. German Civil Code (BGB), the statute of limitations may be up to 30 years, the regular statute of limitations being 3 years.

8. Data security

For reasons of security and to protect the transmission of confidential contents such as orders or inquiries that you send to us as the site operator, this website with our online offering has implemented SSL or TLS encryption. You will recognise an encoded connection by the change in the address line of the browser from “http://” to “https://” and the lock symbol in your browser line.

Our staff and the providers we have hired are committed to confidentiality and compliance with the provisions of the applicable data protection laws. The Company takes adequate technical and organisational security measures to protect your personal data against loss, modification, destruction, access by unauthorised persons or unlawful transfer. Our security measures are being improved on an ongoing basis in accordance with technological development.

9. Rights of data subjects

Every data subject has the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to limitation of processing pursuant to Article 18 GDPR, and the right to data portability pursuant to Article 20 GDPR. As far as the right to obtain information and the right to erasure are concerned, the restrictions pursuant to Secs. 34 and 35 BDSG are applicable. Moreover, there is a right to appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Sec. 19 BDSG).

Your consent to the processing of personal data granted to us may be withdrawn at any time by informing us accordingly. This also applies to the withdrawal of declarations of consent given to us before the effective date of the GDPR, i.e. before 25 May 2018. Please note that this withdrawal will be valid only for the future. Processing events that took place before withdrawal are not affected.

You also have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 paragraph 1 lit. e) GDPR (data processing in the public interest) and Article 6 paragraph 1 lit. f) GDPR (data processing based on a balancing of interests); this also applies to profiling within the meaning of Article 4 paragraph 4 GDPR based on this provision. If you do object, we will no longer process your personal data unless we have compelling justified reasons for such processing which override your interests, rights and freedoms. This will especially be the case where processing is required for asserting, exercising or defending legal rights.

In accordance with Article 22 GDPR, you also have the right not to be subject to fully automated decision-making. As a matter of principle, we do not use fully automated decision-making processes to establish, perform or terminate a business relationship. In the event that we should use such processes in individual cases (for example to improve our products and services), we will inform you of this and of your rights in this respect separately if prescribed by law.

For more information and explanations regarding the above rights, please visit the website “Rights for citizens“ of the European Commission ( de).

10. Obligation to provide data

Within the scope of our business relationship, you are obliged to provide those personal contract data which are required for commencing, executing and terminating a business relationship and for performing the associated contractual obligations or the collection of which is imposed upon us by law. Without these data, we will generally not be able to enter into agreements with you, to perform under such an agreement or to terminate it. The same applies to visits of our online offering and the collection of usage data. Without the collection of usage data, we and our service providers are not able to provide you with our online offering.

11. Profiling

Your data will partially be processed automatically with the objective of assessing certain personal aspects (profiling). For example, we will use profiling in the following cases:

  • We use analysis tools to be able to inform you selectively of our products and services. These permit communication according to need and advertising including market and opinion research.
  • In connection with the assessment of your creditworthiness we employ scoring. With this tool, the probability of a customer meeting payment obligations is calculated. Scoring is based on a proven and recognised mathematical-statistical method. The resulting score values assist us in decision-making in connection with the sale of products and will become part of the ongoing risk management.

12. Up-to-dateness of and changes to this privacy policy

This privacy policy is currently valid and has the status December 2022.