top of page

privacy policy

The protection of your data is one of the most important principles of KplusX Gesellschaft für Soziale Arbeit mbH. With this data protection declaration, we would like to inform you about the type, scope and purpose of the personal data we collect, use and process. We would also like to inform you about the rights to which you are entitled.

1. Contact details

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

KplusX Society for Social Work mbH
Süntelstr. 22
31785 Hameln


Tel.: 05151-8224820
Website: www.kplusx.de

2. Name and address of the data protection officer

The data protection officer appointed by the controller is:

Robert Geier

Süntelstr. 22

31785 Hameln
Tel.: 05151-8224820
E-Mail: datenschutz(at)kplusx.de
Website: https://www.kplusx.de/d

You can contact us using the contact form at the following link:
https://www.kplusx.de/kontakt.

3. Legal basis for processing

We process and use your data to perform the contract and provide our services, to improve our services and our websites and adapt them to your needs, to provide updates and upgrades and to send you notifications related to the service, as well as to create invoices and collect our claims.

Art. 6 I lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our services. If we are subject to a legal obligation which requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 I lit. c GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary to protect our legitimate interests or those of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override them. We are permitted to carry out such processing operations in particular because they were specifically mentioned by the European legislator. A legitimate interest is generally assumed if the data subject is a customer of the controller.

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business activities.

We process applicant data in accordance with Art. 88 GDPR in conjunction with Section 26 BDSG (new).

4. Data we collect and process:

4.1. Contact forms and email contact:
There are contact forms on our website that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.
At the time the message is sent, the following data is also stored:

- The user's IP address

- Date and time of registration

Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.

Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

4.2. Blog comment function
We offer users of our blog the opportunity to leave individual comments on individual blog posts.

If a user leaves a comment in the blog published on this website, information on the time the comment was entered and the user name (pseudonym) chosen by the person concerned are saved and published in addition to the comments. The email address is also logged. This personal data collected is not passed on to third parties unless such a transfer is required by law or serves the legal defense of the person responsible for processing.

4.3. Log data

When you visit our website or use our services, the device you use to access the site automatically transmits log data (connection data) to our servers. Log data is also recorded by our servers when visitors access your web pages. Log data contains the IP address of the device you use to access the website or a service, the type of browser you use to access it, the website you previously visited, your system configuration, and the date and time. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems.

4.4. Cookies

We use cookies in various places on our website.

Cookies are small identifiers that a server stores on the device you use to access our website or our services. They contain information that can be retrieved when you access our services, thus enabling a more efficient and better use of our services.

We use permanent and so-called session cookies. Session cookies are deleted when you close your web browser. Permanent cookies remain on your device until they are no longer required to achieve their purpose and are deleted.

The cookies serve to improve our services and the use of certain features.

You can prevent cookies from being set at any time by making the appropriate settings in your Internet browser and thus permanently deny the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the setting of cookies in the Internet browser you are using, not all functions of our website may be fully usable.

4.5 Social media: Facebook, Twitter, Instagram & Co

We maintain publicly accessible profiles on social networks. Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners ). Visiting our social media presence triggers numerous data protection-relevant processing operations. In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your device. or by recording your IP address. Using the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in. . Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection provisions. the respective social media portals. Our social media presence is intended to ensure the most comprehensive possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Paragraph 1 Letter f of GDPR. The data collected by the social networks The analysis processes initiated may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR). Person responsible and assertion of rights. If you visit one of our social media sites (e.g. Facebook), we and the operator of the social media platform are jointly responsible for the data processing operations triggered during this visit. You can exercise your rights (information, correction, deletion, You can generally assert your rights (e.g. restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook). Please note that despite the joint responsibility with the social media Portal operators do not have full influence on the data processing procedures of the social media portals. Our options are largely based on the company policy of the respective provider. The data collected directly by us via the social media presence is deleted from our systems as soon as you request us to delete your data, revoke your consent to storage or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below). We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https ://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381. Details on how they handle your personal data can be found You can find Instagram's privacy policy at: https://help.instagram.com/155833707900388

4.6 WhatsApp
To communicate with our clients and other third parties, we use the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp receives access to metadata that is generated during the communication process (e.g. sender, recipient and time). We would also like to point out that WhatsApp says it shares its users' personal data with its US-based parent company Facebook. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.
The use of WhatsApp is based on our legitimate interest in communicating with customers, interested parties and other business and contractual partners as quickly and effectively as possible (Art. 6 Para. 1 lit. f GDPR). If consent has been requested, data processing will be carried out exclusively on the basis of consent; this can be revoked at any time with effect for the future.
The communication content exchanged between and on WhatsApp remains with us until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

4.7 Website analysis services and advertising and marketing services

Likewise, Google Analytics is used for certain evaluation measures exclusively in a manner that complies with data protection regulations. This is a web analysis service provided by Google Inc. ("Google"). Google Analytics uses "cookies" (pure text files) that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, IP anonymization is activated on these websites - Google calls this function "IP masking". This means that your IP address is shortened beforehand within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Further evaluations can then only be carried out without any IP or personal reference, so that the ECJ ruling of October 6, 2015 (Case C-362/14) is also observed and no personal data is transmitted to the USA.

On our behalf, Google will use this anonymous information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

Further information on terms of use and data protection can be found at www.google.com/analytics/terms/de.html or at www.google.com/intl/de/analytics/privacyoverview.html.

We would like to point out that the website has been expanded to ensure anonymous collection of IP addresses (so-called IP masking). Personal user profiles cannot therefore be created. The stored data is therefore only used to further develop our (internet) offering.

The same high data protection rules also apply to the use of the online advertising program "Google AdWords" and the associated conversion tracking (visit action evaluation). When you click on an ad placed by Google, the cookie for conversion tracking is set. The cookie expires after 30 days and is not used to personally identify the user. Each Google AdWords customer receives a different cookie. These cannot be tracked via the websites of AdWords customers. The information is used to show AdWords customers only the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. Google AdWords customers do not receive any information that can be used to personally identify users.

If you visit certain pages of our website and the cookie has not yet expired, Google and SWB can recognize that you clicked on the ad and were redirected to this page. If you do not want to participate in tracking, you can deactivate the Google Conversion Tracking cookie in your internet browser under user settings.

You can find out more about Google's privacy policy here: http://www.google.de/policies/privacy/

5. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the users' IP addresses are deleted or altered so that it is no longer possible to assign the calling client.

6. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

6.1. Right to information

You can request confirmation from the controller as to whether personal data concerning you are being processed by us.

If such processing takes place, you can request the following information from the controller:

- the purposes for which the personal data are processed;

- the categories of personal data being processed;

- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

- the planned duration for which the personal data concerning you will be stored or, if specific information is not possible, the criteria used to determine that period;

- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

- the existence of a right of complaint to the competent supervisory authority;

- all available information as to their origin, if the personal data are not collected from the data subject;

- the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

6.2. Right to rectification

You have the right to request rectification and/or completion from the controller if the personal data concerning you that are processed are incorrect or incomplete. The controller must carry out the rectification immediately.

6.3. Right to restriction of processing

You can request the restriction of the processing of personal data concerning you under the following conditions:

- if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

- the controller no longer needs the personal data for the purposes of processing, but you require them to assert, exercise or defend legal claims, or

- if you have objected to processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, these data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above-mentioned requirements, you will be informed by the controller before the restriction is lifted.

6.4. Right to erasure

You can request that the responsible party delete the personal data concerning you immediately. The responsible party is obliged to delete this data immediately if one of the following reasons applies:

- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

- You withdraw your consent on which the processing is based according to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR, and there is no other legal basis for the processing.

- You object to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR.

- The personal data concerning you have been processed unlawfully.

- The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.

- The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17 Para. 1 GDPR, the controller shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process the personal data that you, as the data subject, have requested the erasure by them of all links to these personal data or of copies or replications of these personal data.

The right to erasure does not apply if processing is necessary:

- to exercise the right to freedom of expression and information;

- to fulfill a legal obligation which requires processing by Union or Member State law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

- for reasons of public interest in the area of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) GDPR;

- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to make the achievement of the objectives of this processing impossible or seriously compromises it, or

- to assert, exercise or defend legal claims.

6.5. Right to information

If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, this controller is obliged to inform all recipients to whom the personal data concerning you were disclosed of said rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure.

You have the right to be informed by the controller about these recipients.

6.6. Right to data portability

You have the right to receive the personal data concerning you that you have made available to the controller in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was made available, provided that

- the processing is based on consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract in accordance with Art. 6 (1) (b) GDPR and

- the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

6.7. Right of objection

You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option of exercising your right of objection by means of automated procedures that use technical specifications, notwithstanding Directive 2002/58/EC.

6.8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your consent to data protection at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

6.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

7. Data transfer to third countries
Data transfers to third countries only occur in the context of the administration of IT systems/websites and only to the extent that:

- the transmission is generally permissible and

- the special conditions for a transfer to a third country are met, in particular the data importer ensures an adequate level of data protection in accordance with the EU standard contractual clauses for the transfer of personal data to processors in third countries.

8. Security

KplusX Gesellschaft für Soziale Arbeit mbH uses technical and organizational security measures to protect the data you provide to KplusX Gesellschaft für Soziale Arbeit mbH from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

9. Changes to the Privacy Policy

We reserve the right to change our privacy policy if this should become necessary due to new technologies. Please ensure that you have the most recent version. If we make material changes to this privacy policy, we will announce them on our website.

Status: May 2020

bottom of page