This Data Privacy Policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as "Data") within our online offering and the related websites, features and content, as well as external online presence, e.g. our social media profiles. (hereinafter referred to as "online offer"). With regard to the terminology used, e.g. "personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).


Kallfass GmbH - Maschinen plus Automation

Röter Straße 44
D-72270 Klosterreichenbach

Phone: +49 74 42 / 84 46 - 0
Fax: +49 74 42 / 84 46 - 50

Managing Directors:
Dipl.-Ing. Ernst Kallfass
Volker Kallfass
Hans Haist

Register entry:
Amtsgericht Stendal 104356


Data protection officer:

Contact details of the data protection officer
The company's data protection officer is available at the above-mentioned corporate address and at

Types of processed data:
  • ☒ Inventory data (e.g., names, addresses, only in case of visitors contacting website).
  • ☒ Contact details (e.g., e-mail, phone numbers, only in the case of visitors contacting website).
  • ☐ Content data (e.g., text input, photographs, videos).
  • ☐ Contract data (e.g., contract objective, term, customer category).
  • ☐ Payment data (e.g., bank details, payment history).
  • ☒ Usage data (e.g., visited web pages, interest in content, access times).
  • ☒ Meta/communication data (e.g., device information, IP addresses).
Processing of special categories of data (Article 9, (1) of the GDPR):
  • ☒ Special categories of data are not processed.
  • ☐ Particular categories of data are not processed unless they are sent by the users for processing purposes, e.g. entered in online forms.
  • ☐ The following special categories of data are processed:
Categories of persons who are effected by the processing:
  • ☒ Customers / interested persons / suppliers.
  • ☐ Visitors and users of the online offer.

Issue: May 24, 2018

1. Relevant legal basis

In accordance with Art. 13 GDPR, we herewith inform you about the legal basis of our data processing policy. Unless the legal basis is stated in the data privacy policy, the following rules shall be applicable: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 of the DSGVO. The legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b DSGVO. The legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c DSGVO, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO shall serve as legal basis.

2. Changes and updates to the data privacy policy

We kindly ask you to obtain regular information about the content of our data privacy policy. We will adjust the data privacy policy as soon as the changes to the data processing we make require such adjustments. We will notify you as soon as the changes require your participation (e.g. consent) or other individual notification.

3. Safety measures

3.1. We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account the state-of-the-art-technology, the implementation costs and the type, the scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons and organisational measures in order to ensure a level of protection appropriate to the risk. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. Furthermore, we have also set up procedures to ensure the perception of data subject rights, data deletion and data vulnerability. Moreover, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings taken into account (Article 25 GDPR).

3.2. One of the security measures is the encrypted transfer of data between your browser and our server.

4. Collaboration with persons processing orders and third parties

4.1. If, in the context of our processing, we disclose data to other persons and companies (persons processing orders or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or based on our legitimate interests (e.g. the use of agents, the host of the web, etc.).

4.2. If we commission third parties to process data on the basis of a what is referred to "contract processing contract", this is done on the basis of Art. 28 GDPR.

5. Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure, or transmission of data to third parties, this will only be done if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. DSGVO. That is to say, the processing is for example on the basis of specific guarantees, such as the officially recognised level of data protection (e.g. for the US through the “Privacy Shield”) or in compliance with officially recognised special contractual obligations (what is referred to as "standard contractual clauses").

6. Rights of affected persons

6.1. You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.

6.2. According to Art. 16 DSGVO you have the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.

6.3. In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted without delay, or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.

6.4. You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other persons responsible.

6.5. According to Art. 77 DSGVO you also have the right to file a complaint with the responsible supervisory authority.

7. Right of rescission

You have the right to withdraw from previously granted consent with effect for the future in accordance with. Art. 7 para. 3 DSGVO.

8. Right of objection

You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. In particular, the objection may be made against processing for direct marketing purposes.

9. Cookies and the right of objection

We set temporary and permanent cookies, that is to say, small files that are stored on users' devices (for the explanation of the term and function, see last section of this Data Privacy Policy). In part, these cookies are used for security reasons or to operate our online offer (for example, for the presentation of the website) or to save the user's decision when confirming the cookie banner. In addition, we or our technology partners use cookies for audience measurements and marketing purposes, for which users are informed about in the course of the data privacy policy.

A general objection against the use of the cookies used for the purpose of online marketing can in a variety of services, especially in the case of tracking, via the US website or the EU website be explained. Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser. Please note that in this case not all features of this online offer may be used.

Revoke Cookies


10. Deleting data

10.1. The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this data privacy policy, the data stored with us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other and legitimate purposes, its processing will be restricted. That is to say, the data is blocked and not processed for other purposes. For example, this applies to data that must be kept for commercial or tax reasons.

10.2. Germany: According to legal requirements, the data are stored for 6 years in accordance with § 257 paragraph 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).

11. Contact

11.1. When contacting us (via contact form or e-mail), the information provided by the user is used in order to process the contact request and its handling acc. to Art. 6 para. 1 lit. b) DSGVO.

11.2. The user information can be stored in our Customer Relationship Management System (“CRM System”) or similar request organisation.

12. Collection of access data and log files

12.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO Data, we collect data of every access made to the server on which this service is located (referred to as “server log files”). The access data includes name of the retrieved web site, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

12.2. Log file information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data of which further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.

13. Online presence in social media

13.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO we maintain online presence within social networks and platforms in order to communicate with the active customers, prospects and users, and to inform the users about our services. When invoking the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.

13.2. Unless otherwise stated in our Data Privacy Policy, we process users' data as long as they communicate with us within social networks and platforms, e.g. write posts on our online presence or send us messages.

14. Cookies & audience measurement

14.1. Cookies are information transmitted from our web server or third-party web servers to users' web browsers and stored there for future retrieval. Cookies can be small files or other types of information storage.

14.2. The use of cookies in the context of pseudonymous audience measurement informs users in the context of this data privacy policy.

14.3. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

14.4. You may opt out from the use of cookies selected for audience measurement and promotional purposes through the Disable Network Initiative's ( and the US website ( or the European website (


If you register for our free newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name and address, will be sent to us. We also store the IP address of your computer and the date and time of your registration. During the registration process, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be passed on to third parties.

The legal basis for this is Art. 6 Para. 1 lit. a) GDPR.

You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter.

Google Analytics

We use Google Analytics on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

The Google Analytics service is used to analyze how our website is used. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.

Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymization function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US.

The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general.

Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at,

including options you can exercise to prevent such use of your data.

In addition, Google offers an opt-out add-on at

in addition with further information. This add-on can be installed on the most popular browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs Google Analytics' JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services we may use as detailed herein.