I. Controller responsible for data processing
Within the meaning of Art. 4 (7) GDPR:
1. Controller
KaVo Dental GmbH
Bismarckring 39
88400 Biberach
Germany
Tel.: +49 (0) 7351 56-0
E-Mail: privacy@kavo.com
Managing Directors:
Mr Oliver Krett
Mr Armin Imhof
2. Data protection officer
Please contact us if you have any questions about data protection.
Mr Stefan Kleinermann
Kleinermann & Sohn GmbH
Max-Planck-Str. 9
52499 Baesweiler
Germany
Tel.: +49 (02401) 6054-0
E-Mail: dsb@das-datenschutz-team.de
II. Scope and purpose of data processing
1. Anonymous data collection
We process the personal data of visitors to our website only to the extent necessary to provide a functional website and our content and services.
You can visit our website without providing any personal data. For technical reasons, including to ensure a secure and stable internet presence, we only store server log files, access data without any personal references, such as the internet browser used, your IP address (anonymised), the date and time of access, or the name of the requested file or website accessed.
Data are stored in server log files to ensure the functionality of our website and for security reasons, in particular to prevent and detect attacks on our website or attempted fraud. The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. If the data are collected to provide the website, this is done when the respective session has ended.
These anonymous data are stored separately from any personal data you may have provided, so they do not allow any conclusions to be drawn about a specific person. The data are evaluated for statistical purposes in order to optimise our website and content. The legal basis for the temporary storage of the data and the server log files is Art. 6 (1) (f) GDPR.
2. Collecting and processing personal data
If you wish to request a service/support, make a maintenance request or initiate a maintenance order from our company via our website, or if you have any questions about products or prices, it is necessary to process your personal data. If there is no legal basis for processing personal data, we will obtain the consent of the data subject. This will be evident in the appropriate places. This may be necessary if you register on our website, request our newsletter or contact us via our contact form.
The legal basis for processing operations for which we obtain your consent for processing purposes is Art. 6 (1) (a) GDPR. If the processing of personal data is necessary to fulfil or initiate a contract (e.g. for the provision of our services, or, in the case of service requests/orders, inquiries about our products and services), such processing is carried out in accordance with Art. 6 (1) (b) GDPR.
We store and use the personal data you provide, such as name, company/practice, address, area of activity, email address and telephone number, for the purpose of providing our services and individual communication with you in accordance with the General Data Protection Regulation (GDPR) and the German Data Protection Act (Bundesdatenschutzgesetz, BDSG).
The legal basis for the processing of data transmitted in an email or via one of our contact forms is Art. 6 (1) (f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for data processing is Art. 6 (1) (b) GDPR.
Data transfer
If we use external service providers to provide services, their access to the data is also exclusively for the purpose of providing the service. In the case of price enquiries, purchase enquiries or other data required for the sales and/or service process, we pass on the data to the specified specialised trade partner for the purpose of processing your enquiry. The legal basis is Art. 6 (1) (b) GDPR.
If necessary, we may forward your request to our parent/sister company if they have a suitable offer that matches your request.
Your data will not be passed on to other third parties. We take technical and organisational measures to ensure compliance with data protection regulations and require our external service providers to do the same.
3. Web hosting
Our web hosting is carried out by a web hosting provider commissioned by us. Depending on the platform, the server location is in Germany or Europe. The legal basis is Art. 6 (1) (f) GDPR (provision of our online content). We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR.
4. Registration for “Extranet” dealer login and/or “MyKaVo” or “KaVo Portal” dealer login
You can register for the “Extranet” dealer login and/or the “MyKaVo” or “KaVo Portal” dealer login by providing personal data. Clicking on the corresponding menu items will take you to separate websites hosted by us or our service provider. The data entered as part of this registration can be seen in the input mask for the respective registration form.
When you register, we store your IP address and the date and time of registration. This serves as a safeguard in the event that a third party misuses your email address and misuses our service without your knowledge. We do not collect any other data. Your data will not be passed on to third parties unless there is a legal obligation to pass them on or if such transfer serves the purpose of criminal prosecution.
You have the option of changing the personal data provided during registration at any time or having them completely deleted by us, subject to retention periods stipulated by law and/or the German Fiscal Code.
Your registration is required for the provision of certain content and services on our website. The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given their consent. If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR. The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected.
We use the services of carefully selected service providers to create accounts and manage user accounts and login data. We have concluded an order processing contract with the providers in accordance with Art. 28 GDPR.
Data transfer
If we use external service providers to provide services, their access to the data is also exclusively for the purpose of providing the service. These are carefully selected and, if required by law, contractually obliged in accordance with Art. 28 GDPR. In the case of price enquiries, purchase enquiries or other data required for the sales and/or service process, we pass on the data to the specified specialised trade partner for the purpose of processing your enquiry. The legal basis is Art. 6 (1) (b) GDPR.
If necessary, we may forward your request to our parent/sister company if they have a suitable offer that matches your request.
When you order the KaVo Box original factory repair, we transmit your data (name, address, telephone number and email address) to our contracted service provider so that they can perform the pick-up and delivery service for you. The legal basis is Art. 6 (1) (b) GDPR.
We use the service provider SendGrid to transmit the “transactional” emails that are sent as part of your order or registration. Transactional emails are automated emails that are triggered by certain actions of a customer or contact (e.g. order confirmations or status changes for orders). SendGrid is provided by Twilio Inc (101 Spear Street, 5th Floor, San Francisco, California, 94105, United States of America), a company based in the USA. We have concluded an order processing contract with the service provider in accordance with Art. 28 GDPR. The legal basis for sending transactional emails is Art. 6 (1) (b) GDPR.
The appropriate level of data protection for the transfer of data to the USA is guaranteed by the EU-US Data Privacy Framework. You can access and view the provider’s privacy policy https://www.twilio.com/en-us/legal/privacy.
Your data will not be passed on to other third parties. We take technical and organisational measures to ensure compliance with data protection regulations and require our external service providers to do the same.
5. Newsletter registration
Once you have expressly registered for the newsletter, you will regularly receive interesting content about products, services and promotions from KaVo Dental GmbH, the parent company and/or sister companies by email. Your email address will not be passed on to other companies. Every email contains information on how you can unsubscribe from emails with future effect.
To register for the newsletter, we need your first name, surname and email address.
When you register for our newsletter, we store your IP address and the date and time of registration. This serves as a safeguard in the event that a third party misuses your email address and subscribes to our newsletter without your knowledge. We do not collect any other data. The data collected in this way are used exclusively for the subscription to our newsletter. They will not be passed on to third parties. You can cancel your subscription to this newsletter at any time. Details of this can be found in the confirmation email and in each individual newsletter. During the registration process, your consent is obtained for the processing of the data, with reference to this data protection declaration.
The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 (1) (a) GDPR if the user has given their consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) of the Protection against Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb, UWG). The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. If it is not possible to delete the data due to retention/evidence obligations, the data will be restricted (blocked). Your email address will therefore be stored for as long as the subscription to the newsletter is active.
We use "HubSpot" and "Microsoft Dynamics" to send our newsletter. Our newsletters contain a web beacon – a pixel-sized file that is retrieved when the newsletter is opened. This function allows us to analyse whether and when the newsletter has been opened and which links have been clicked. The analysis helps us improve our content. Further information on "HubSpot" and "Microsoft Dynamics" can be found in our privacy policy under "8. Use of tools and plugins on our website" in "HubSpot (newsletter and forms)" and "Microsoft Dynamics (newsletter and forms)".
6. Satisfaction surveys
We conduct satisfaction surveys of existing customers at irregular intervals for the purpose of improving our services, quality assurance and product enhancement. Participation in the survey is voluntary.
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as part of a balancing of interests (Art. 6 (1) (f) GDPR) in conjunction with Section 7 (3) UWG. The UWG allows us to do this if you provide us with your email address in connection with the sale of a product or service and you have not objected to its use.
We store the questions and answers from the survey. The anonymous survey results are evaluated and processed internally by the Marketing department. The results are also evaluated and analysed exclusively by employees of KaVo Dental GmbH.
Your answers will be completely anonymised and deleted as soon as we have completed the evaluation and there are no reasons that justify longer storage (e.g. if you have given your consent in accordance with Art. 6 (1) (a) GDPR).
If your personal data is processed on the basis of Art. 6 (1) (f) GDPR, you have the right to object if there are reasons for this arising from your particular situation or if the objection is directed against direct advertising (Art. 21 GDPR). You can object to the processing of your data from the customer survey or the receipt of direct advertising. If you object to direct advertising, we will no longer send you any advertising messages. Automated messages for the ordering and shipping process remain unaffected.
Any consent given to the processing of personal data can be revoked at any time. The legality of data processing based on consent remains unaffected until such consent is revoked. If you wish to exercise your right to object, simply send an email to privacy@kavo.com.
7. Cookies
Cookies are used when you visit our website. Cookies are small files that are stored on your device when you visit a website. They may be used, for instance, to recognise whether there has previously been a connection between the device and our website, to take account of your preferred language or other settings, to offer you certain functionalities or to recognise your interests based on usage.
Cookies may also contain personal data. Whether and which cookies are used when you visit our website depends on which areas and functions of our website you use and whether you agree to the use of cookies that are not technically necessary in our cookie settings (cookie notice banner).
The use of cookies also depends on the settings of the web browser you are using (e.g. Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox). Most web browsers are preset to automatically accept certain types of cookies; however, you can usually change this setting. You can delete existing cookies at any time.
Your consent (= approval) to, and rejection or deletion of cookies is linked to the device and also web browser used. If you use several devices or web browsers, you can make different decisions or settings in each case. If you decide against the use of cookies or delete them, it is possible that not all functions of our websites will be available to you, or that individual functions will only be available to a limited extent. The legal basis for the processing of personal data using technically necessary cookies/session cookies is Art. 6 (1) (f) GDPR (legitimate interest in ensuring the functionality and security of our website). If you have given your consent, the legal basis for the processing of personal data using cookies for analysis purposes or third-party cookies is Art. 6 (1) (a) GDPR.
Information on the cookies used can be found in our Cookie Policy:
8. Use of tools and plugins on our Website
In order to be able to document consent to the storage of cookies requiring consent from visitors to our website in accordance with data protection regulations, we use OneTrust cookie consent technology from the provider OneTrust Technology Ltd, 82 St John St, Farringdon, London EC1M 4JN, United Kingdom.
When you visit our website for the first time, cookies are stored in your browser, in which the consent you have given or the revocation of this consent is stored. This enables us to obtain and manage the consent of website users for data processing. The corresponding scripts are only executed and the selected cookies set after you have given your consent. OneTrust itself also uses cookies in order to remember your cookie selection and to avoid displaying a cookie banner on every subpage of our website. The processing is necessary to fulfil a legal obligation (Art. 7 (1) GDPR) to which we are subject (Art. 6 (1) (1) (c) GDPR). Your consent status is stored for 365 days in the browser of your end device using a cookie. This means that your cookie preference is retained for subsequent page requests. We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR. Further information about the data processing of OneTrust Cookies is available at https://www.onetrust.com/privacy
You can find out which cookies are set via the OneTrust consent management application under “7. Cookies” in our Data Protection Declaration.
We use the web analysis service Google Analytics from the provider Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland on our website. We use this web analysis service to analyse and regularly improve the use of our website. We use the statistics obtained to improve our content and make it more appealing to you. Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the security and confidentiality of the processed data. The service uses cookies, which are stored on your end device and enable us to analyse the use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the European Economic Area Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses the data collected in this way to provide us with an evaluation of the visit to our website and the usage activities there. This data may also be used to provide other services related to the use of our website and the use of the internet. Google states that it will not associate your IP address with any other data.
The legal basis for the use of Google Analytics is your voluntary consent, which you have given to us via our cookie banner (Art. 6 (1) (a) GDPR).
You can access and view the provider’s privacy policy at https://policies.google.com/privacy?hl=en.
We use the Google Ads online marketing process on our website, including conversion tracking. This is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).
We use conversion tracking for the targeted advertising of our content in the Google Display Network. The legal basis is Art. 6 (1) (a) GDPR (your consent).
If you click on an ad placed by Google, the conversion tracking we use stores a cookie on your end device. These conversion cookies lose their validity after 30 days and are not used for your personal identification. If the cookie is still valid and you visit a specific page of our website, both we and Google can determine that you have clicked on one of our ads placed on Google and that you have subsequently been redirected to our website.
Google uses the information obtained in this way to provide us with an anonymised total number of visitors to our website. We also receive information about the number of users who have clicked on our ad(s) and about the pages of our website that were subsequently accessed. Neither we nor third parties who also use Google Ads will be able to identify you in this way.
You can also prevent or restrict the installation of cookies by configuring the appropriate settings in your internet browser. You can also delete previously stored cookies at any time. However, the steps and procedures required for this depend on the specific internet browser you are using. If you have any questions, please use the help function or documentation on your internet browser or contact the manufacturer or support team.
You can access and view the provider’s privacy policy at https://policies.google.com/privacy?hl=en.
We use the Remarketing function from Google on our website. This is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). The function is used to present interest-based advertising to website visitors within the Google Display Network. A cookie is stored in the browser of the website visitor, which makes it possible to recognise visitors when they visit websites that belong to the Google Display Network. On these pages, the visitor can be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google’s Remarketing function.
According to Google, it does not collect any personal data during this process. However, if you do not wish to use Google’s Remarketing function, you can deactivate it by configuring the appropriate settings at http://www.google.com/settings/ads. Alternatively, you can deactivate the use of cookies for interest-based advertising via the network advertising initiative by following the instructions at https://thenai.org/opt-out/.
The EU standard contractual clauses have been agreed with Google, thus ensuring compliance with EU data protection law.
You can access and view the provider’s privacy policy at https://policies.google.com/privacy?hl=en.
Our website uses the Google Tag Manager service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).
Google Tag Manager is a solution that allows website tags to be managed via an interface. Google Tag Manager itself does not set any cookies and does not collect any personal data. The service triggers other tags, which in turn may collect data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Please note, however, that we have no influence on the technical design of Google Tag Manager, so it cannot be completely ruled out that personal data will be processed by Google Tag Manager. In this case, Google is solely responsible for this data processing. The legal basis for the use of Google Tag Manager is your voluntary consent, which you have given to us via our cookie banner (Art. 6 (1) (a) GDPR).
Further information about Google Tag Manager is provided in Google’s Terms of Use and Privacy Policy.
We have not implemented Google Maps on our website, but have linked our maps to the Google Maps and Route Planner to give you the option of displaying further geographical information and calculating routes. When you view maps on our website, Google Maps is not called up and therefore your IP address is not passed on.
If you use this link to Google Maps, data about your use of our website (referrer URL) may be transmitted to Google and collected and used by Google. This is beyond our control.
Further information about how Google Maps and the route planner use your data and Google’s Privacy Policy is available at
We use the HubSpot service provided by HubSpot Inc (25 First Street, Cambridge, MA 02141, USA) on our website. The responsible service provider in the EU is HubSpot Germany GmbH (Am Postbahnhof 17, 10243 Berlin; hereinafter “HubSpot”). We use this service for the purpose of email marketing (newsletter registration and newsletter sendout) and the provision of online forms (e.g. contact forms, service forms).
If you contact us via our online forms, your data from the form will be processed in order to deal with your request. The legal basis for such transmission to us is Art. 6 (1) (f) GDPR. Other legal bases for data processing that apply in the context of specific HubSpot services (including the need for express consent in accordance with Art. 6 (1) (a) GDPR when sending newsletters) remain unaffected by this. Your data will be forwarded internally to the responsible department or contact person in order to process your request.
To fulfil the various functions, HubSpot uses cookies that enable analysis of the use of our websites by website visitors. Data is also collected on how you reached our website, for example through ads on our social media or links in our emails. In particular, this allows us to identify which aspects of our online content you are interested in when you contact us. We have concluded a data protection agreement with HubSpot, including the new EU standard contractual clauses, in which we oblige HubSpot to protect our customers’ data and not to pass it on to third parties.
Please note: If you contact us via contact forms, personal data may be transferred to service providers in third countries. These third countries do not have an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse. The security of such transfer is regularly ensured by EU standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your acknowledgement of the Data Protection Policy in the contact forms is deemed to be consent within the meaning of Art. 49 (1) (a) GDPR, which justifies data transfer to insecure third countries.
You can access and view the provider’s privacy policy at https://legal.hubspot.com/privacy-policy.
We use the Microsoft Dynamics service on our website, a marketing tool from Microsoft Cooperation, One Microsoft Way, Redmond, WA 98052-6399, USA. The responsible service provider in the EU is Microsoft Ireland Operations Limited, One Microsoft Place, South Country Business Park, Leopardstown, Dublin 18, Ireland. We use the service for the purpose of email marketing (newsletter registration and newsletter dispatch) and the provision of online forms (e.g. contact forms, service forms, etc.).
If you contact us via our online forms, your data from the form will be processed in order to deal with your request. The legal basis for such transmission to us is Art. 6 (1) (f) GDPR. Other legal bases for data processing that apply in the context of specific "Microsoft Dynamics" services (including the need for express consent in accordance with Art. 6 (1) (a) GDPR when sending newsletters) remain unaffected by this. Your data will be forwarded internally to the responsible department or contact person in order to process your request.
To fulfil the various functions, "Microsoft Dynamics" uses cookies that enable analysis of the use of our websites by website visitors. Data is also collected on how you reached our website, for example through ads on our social media or links in our emails. In particular, this allows us to identify which aspects of our online content you are interested in when you contact us. We have concluded a data protection agreement with "Microsoft Dynamics", including the new EU standard contractual clauses, in which we oblige "Microsoft Dynamics" to protect our customers’ data and not to pass it on to third parties.
Please note: If you contact us via contact forms, personal data may be transferred to service providers in third countries. These third countries do not have an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse. The security of such transfer is regularly ensured by EU standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your acknowledgement of the Data Protection Policy in the contact forms is deemed to be consent within the meaning of Art. 49 (1) (a) GDPR, which justifies data transfer to insecure third countries.
You can access and view the provider's privacy policy at https://privacy.microsoft.com/en-us/privacystatement. Users can find further information on the use of cookies in connection with the system at https://learn.microsoft.com/en-us/dynamics365/customer-insights/journeys/cookies.
Our website integrates videos from our own channel on the YouTube video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The implementation of this is based on Art. 6 (1) (f) GDPR, whereby our interest lies in the smooth integration of the videos and the appealing design of our website. We use the “enhanced data protection mode” option provided by Google.
When you access a page that has an embedded video, a connection is established to the Google servers and the content is displayed on the website by notifying your browser. According to Google, in “extended data protection mode” your data – in particular which of our websites you have visited, as well as device-specific information such as the IP address – is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to such transmission. If you are logged in to Google at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
In some cases, information is transmitted to the parent company Google Inc., based in the USA, to other Google companies and to external partners of Google, which may be located outside the European Union. Google uses the standard contractual clauses approved by the European Commission and relies on the adequacy rulings issued by the European Commission regarding certain countries.
Further information about data protection in connection with YouTube is provided in the Google Privacy Policy at https://policies.google.com/privacy?hl=en
We have linked social media logos from Facebook, Instagram, LinkedIn, XING, Pinterest, Twitter and YouTube (hereinafter “providers”) on our website, which redirect to our profiles stored with the respective providers and are intended to enable you to follow us there.
- Facebook is a service of Meta Platforms, Inc., 1601 Willow Road Menlo Park, California 94025, USA. In the EU, this service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Hereinafter both are referred to as “Facebook”.
- You can access and view the Facebook privacy policy at https://en-gb.facebook.com/privacy/policy/
- Instagram is a service of Meta Platforms, Inc., 1601 Willow Road Menlo Park, California 94025, USA. In the EU, this service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
- You can access and view the Instagram privacy policy at https://privacycenter.instagram.com/policy/.
- LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
- You can access and view the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy.
- Xing is a service of XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.
- You can access and view the Xing privacy policy at https://privacy.xing.com/en/privacy-policy.
- Twitter is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
- You can access and view the Twitter privacy policy at https://twitter.com/en/privacy.
- Pinterest is a service of Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA. In the EU, this service is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
- You can access and view the Pinterest privacy policy at https://policy.pinterest.com/en-gb/privacy-policy.
- YouTube is a service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. In the EU, this service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
- You can access and view the Google privacy policy at https://policies.google.com/privacy?hl=en.
For data protection reasons, we have only implemented a link to our respective profiles with the providers. This means that no data about you will be transmitted to the providers unless you click on the respective social media logo. However, as soon as you click on the link we have set to our respective profile, you will be redirected to the provider’s website, which will result in data being transferred to the respective provider. We have no influence on this transfer and collection of data, including personal data, to or by the providers. We have no knowledge of the specific purposes of this data processing or its scope and storage duration. We do not know whether the providers carry out deletions, generate or assign profiles or set anonymisations, and these matters are outside our sphere of influence.
If you are logged in to one of the aforementioned providers at the same time as clicking on the respective link on our website, the data collected by the provider when you access their website will be directly assigned to your profile there.
The processing of users’ personal data is based on our legitimate interests in effective user information and communication with users in accordance with Art. 6 (1) (f) GDPR. If users are asked by the respective providers to consent to data processing (i.e. to give their consent, e.g. by ticking a box or clicking a button to confirm), the legal basis for processing is Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR.
For a detailed description of the respective forms of processing and the options to object (opt out), please refer to the data protection declarations and information provided by the operators of the respective networks. In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted with the respective provider, as they have access to the user’s data and can take appropriate measures and provide information.
We use the Flockler service to display social media content on our website. Provided by Flockler Oy Rautatienkatu 26 B 32, 33100, Tampere, Finland, this service aggregates relevant social media channels and displays them on our website.
A connection to the Flockler servers is established when visitors interact with the respective content. Flockler obtains your IP address in this process. This also applies if you are not logged in to the respective social media provider or do not have an account with them. The websites you visit are linked to your social media account and made known to other users. Data is also transmitted to the social media provider. Please be aware that as users of Flockler’s services, we do not have access to the transmitted data and have no knowledge of its further use. More information about this can be found in the provider’s privacy policy.
The use of the Flocker plug-in is based on our legitimate interests in accordance with Art. 6 (1) (f) GDPR. We have a legitimate interest in achieving the greatest possible visibility on social media.
For this provider’s data protection policy and further information, please see: https://flockler.com/privacy-policy.
Third-party content, such as graphics from other websites, may be integrated into our website. This is done on the basis of our legitimate interests (interest in the optimisation and economic operation of our online content within the meaning of Art. 6 (1) (f) GDPR). This always presupposes that the providers of this content (hereinafter referred to as “third-party providers”) are aware of the IP address of the user, as the content cannot be sent to the browser of the respective user without the IP address. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers use the IP address only to deliver the content. However, we have no influence over whether the third-party providers store the IP address, e.g. for statistical purposes. Insofar as we are aware of this, we will inform users accordingly.
9. Telephone/video conferencing, job interviews, training sessions & further development via MS Teams
Where the need arises, we use the Teams tool from the Microsoft Corporation to conduct telephone/video conferences online. This may also include job interviews, training sessions and further development.
Neither you nor we are permitted to make image or sound recordings.
Various types of data are processed when using MS Teams as part of a telephone/video conference. The scope of the data also depends on the data you provide before or while taking part in a telephone/video conference.
The following personal data may be processed during a telephone/video conference:
- Contact details (e.g. your email address, if you provide it personally)
- Log files, log data
- Metadata (e.g. topic and description of the meeting, IP address, time of participation)
- Profile details (e.g. your user name, first name, surname if you have provided these yourself)
To participate in a telephone/video conference, you will receive an invitation (invitation link or calendar appointment), which is emailed to the email address that you have provided to us. Your registration data will be processed by us.
To take part in a telephone/video conference, you must at least provide your name. You can deactivate transmission via microphone and camera at any time via the corresponding settings.
Insofar as personal data of employees of KaVo Dental GmbH is processed, Section 26 (1) of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) is the legal basis for such processing. If, in connection with the use of MS Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of MS Teams, Art. 6 (1) (f) GDPR serves as the legal basis for data processing. In such cases, our interest lies in the effective implementation of telephone/video conferencing.
When conducting job interviews via MS Teams, the legal basis is Section 26 (1) BDSG.
Otherwise, the legal basis for data processing when conducting telephone/video conferencing is Art. 6 (1) (b) GDPR, insofar as this is conducted within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 (1) (f) GDPR. Here too, our interest lies in the effective implementation of telephone/video conferencing and online events.
The provider Microsoft may obtain knowledge of the aforementioned data in order to process it as part of order processing. All data traffic is encrypted (MTLS, TLS or SRTP) and data is generally stored on servers in the European Economic Area (EEA). From a data protection perspective, Microsoft is a “third-country” provider (in this case the USA), where the level of data protection does not correspond to that of the EU. In order to ensure an adequate level of data protection for any transfer of personal data, we have entered into contractual agreements to protect your privacy (which include the new EU standard contractual clauses).
Insofar as data transfer to third countries is planned and there are no data protection adequacy rulings or suitable guarantees, it is possible that authorities in the respective third country (e.g. secret services) could gain access to the transmitted data in order to collect and analyse it, so the enforceability of your rights as a data subject cannot be guaranteed.
Further information is provided in Microsoft’s privacy statement, available at https://privacy.microsoft.com/en-gb/privacystatement
10. Complaints/warranty handling
As part of the complaints/warranty handling process, we process personal data relating to the contract reason. This includes your personal data (name, address, contact information, date of purchase, etc.) as well as any other data that you provide to us as part of the complaints/warranty handling process. The legal basis is Art. 6 (1) (b) GDPR.
Beyond the actual fulfilment of the pre-contract or contract, we process your data if this is necessary to fulfil our legal obligations (Art. 6 (1) (c) GDPR).
Data transfer
As part of the complaints/warranty handling process, your data will be passed on to (specialist) commercial partners to enable billing, settle payments or carry out the maintenance/repair of KaVo products.
11. Warranty extension
As part of the warranty extension process for KaVo products, we process personal data relating to the contract reason. These include your personal data (name, address, contact information, date of purchase, etc.) as well as any other data that you provide to us as part of the warranty extension process. The legal basis is Art. 6 (1) (b) GDPR. Beyond the actual fulfilment of the pre-contract or contract, we process your data if this is necessary to fulfil our legal obligations (Art. 6 (1) (c) GDPR).
Data transfer
As part of the warranty extension process, your data will be passed on to (specialist) commercial partners to enable billing, settle payments or carry out maintenance/repair of KaVo products in accordance with the terms of the warranty.
12. E-learning for training and further education
If you take part in one of our online training courses or e-learning offers, your personal access details for our e-learning platform will be sent to your email address.
The e-learning platform is hosted on the servers of a third-party provider in Europe. We have concluded an order processing contract with the provider in accordance with Art. 28 GDPR. Your registration for the e-learning system, the length of your visit and your learning progress and results are recorded and stored for the purpose of carrying out the training and for ensuring the security of our systems. The legal basis is Art. 6 (1) (b) GDPR (fulfilment of the contract) and Art. 6 (1) (f) GDPR (our legitimate interest in the security of our IT systems and the improvement of our services).
We process your personal details in order to carry out and plan online training courses, e-learning courses and face-to-face events. These details are as follows:
- First name, surname
- Telephone number
- Email address
- Address (usually the company address)
The data are processed for the purpose of registering participants and planning and implementing online training or e-learning. The legal basis is Art. 6 (1) (b) GDPR. If personal data of employees of KaVo Dental GmbH are processed in the context of online training or e-learning, the legal basis is Section 26 (1) BDSG.
We require your email address in order to send you the invitation link for online training/e-learning. If you do not agree to your email address being processed for this purpose, we will not be able to send you an invitation link.
We use Microsoft Teams to conduct online training courses. Further data protection information on the use of Teams can be found in our Data Protection Declaration under “9. Telephone/video conferencing, job interviews, training sessions & further development via MS Teams”.
Your personal data will be deleted, provided that such deletion does not conflict with any retention obligations under commercial and tax law and/or obligations to provide evidence.
13. Job application conditions
You have the opportunity to apply for vacancies at our company. Clicking on the menu item “Career” will take you to vacancies offered at KaVo Dental GmbH. If you apply for an advertised position via email karriere@kavo.com, karrierestart@kavo.com, ausbildung@kavo.com or schuelerpraktikum@kavo.com or by post, your application data will be collected and processed electronically in our applicant management system for the purpose of handling the application process. Only the specialist departments involved in the application process have access to this applicant management system. If your application culminates in the conclusion of an employment contract, we may store the data that you have submitted in your personnel file for the purpose of the usual organisational and administrative process, in compliance with the relevant legal regulations. According to Section 26 (1) (1) BDSG in conjunction with Art. 88 (1) GDPR, data protection law permits the collection of data required for the establishment of the employment relationship. If you voluntarily provide us with information about yourself that goes beyond what is necessary, this takes place on the basis of consent in accordance with Art. 6 (1) (1) (a) GDPR. As part of the processing, your data may be transferred to persons within our company, as well as service providers who are contractually bound and obliged to maintain confidentiality and perform partial data processing tasks.
If an application is rejected, we will delete the data transmitted to us three months after notification of the rejection. However, the data will not be deleted if they require longer storage of up to six months or until the conclusion of legal proceedings due to legal provisions, e.g. due to the burden of proof under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG).
If your application for a specific position is rejected, you may be given the option of being included in our applicant pool. If you have given us your consent to this in writing within 4 weeks (preferably by email), we may include you in the applicant pool and contact you again if we believe there are suitable positions that match your profile. Your application will be stored in the applicant pool for a maximum of 12 months, after which we will automatically delete your data. The legal basis for this is Art. 6 (1) (a) GDPR (your consent). Of course, you can withdraw your consent at any time in accordance with Art. 7 (3) GDPR by notifying us with future effect.
14. Rights of the data subject
As the subject of data processing, you have the right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR). You also have the right to withdraw your consent to data processing at any time (Art. 7 (3) GDPR). The withdrawal of consent shall not affect the lawfulness of data processing based on consent before its withdrawal. Further processing of this data on another legal basis, such as to fulfil legal obligations (e.g. statutory retention periods), also remains unaffected. We do not use automated decision-making or profiling (Art. 22 GDPR).
Right to object (Art. 21 GDPR)
You have the right to object, for reasons arising from your particular situation, at any time to processing of personal data concerning you, based on a balancing of interests (Art. 6 (1) (f) GDPR). This is particularly pertinent if the processing of such data is not necessary for the performance of a contract. If you make use of your right to object, we would ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that there are compelling legitimate grounds for data processing that outweigh your interests and rights. Please address your objection to the contact address of the controller given above.
If you believe that the processing of your data violates data protection law or that your data protection claims have otherwise been violated in any way, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters (The Baden-Württemberg Federal State Commissioner for Data Protection and Freedom of Information). (Art. 77 GDPR)
To exercise your rights as a data subject, please contact the aforementioned office. Requests that are submitted electronically are generally answered electronically. The information, notifications and measures to be provided in accordance with the GDPR, including the exercise of data subject rights, are generally provided free of charge. Only in the case of manifestly unfounded or excessive requests are we entitled to charge a reasonable fee for processing or to refrain from taking action (see Art. 12 (5) GDPR).
If there are reasonable doubts about your identity, we may request additional information from you for the purpose of identification. If we are unable to identify you, we are entitled to refuse to process your request. As far as possible, we will inform you separately if we are unable to identify you (see Art. 12 (6) and Art. 11 GDPR).
Requests for information are generally processed immediately, within one month of receipt of the request. The deadline may be extended by a further two months if this is necessary in view of the complexity and/or number of requests; in the event of an extension of the deadline, we will inform you of the reasons for the delay within one month of receipt of your request. If we do not act on a request, we will inform you within one month of receipt of the request of the reasons for this and notify you of the possibility of lodging a complaint with a supervisory authority or seeking a judicial remedy (see Art. 12 (3) and (4) GDPR).
Please note that you can only exercise your rights as a data subject within the scope of restrictions and limitations provided for by the European Union or its Member States. (Art. 23 GDPR).
15. Data security
When you register for the KaVo portal, use one of our contact forms on our website or subscribe to our newsletter, your personal data is encrypted and transmitted via the internet using TLS. We take technical and organisational measures to secure our website and other systems against loss, destruction, access, modification or distribution of your data by unauthorised persons.
16. Deletion and restriction (blocking) of personal data
Your personal data will be deleted and restricted (blocked) once the purpose limitation has ceased, provided that it is no longer required to fulfil the contract or initiate a contract, taking into account retention periods based on legal provisions and/or the tax code.
17. Contact options
On our website, we give you the opportunity to contact us by email and/or via the contact forms provided. The information you provide will be stored for the purpose of processing your contact. Reference is made to this data protection declaration policy for the data processing as part of the sending process. We process personal data from the input mask in our contact form solely in order to process the contact.
Alternatively, you can contact us via the email addresses provided. In this case, the user’s personal data transmitted with the email will be stored.
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given their consent. The legal basis for the processing of data transmitted in the course of sending an email and/or via one of our contact forms is Art. 6 (1) (f) GDPR. If the contact is aimed at concluding a contract, the additional legal basis for such processing is Art. 6 (1) (b) GDPR. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and there are no retention periods to the contrary. They will not be passed on to third parties.
18. Data transfer to third countries
When you visit our website or use the services we provide, data may also be transferred to or processed in countries outside the European Union or the European Economic Area. Some of these countries may not guarantee the same level of protection for your personal data as exists in your country. There is a risk that your data may be processed by the authorities there for control and monitoring purposes, possibly without the option of legal recourse.
We will only transfer your data to a third country or an international organisation under the following conditions:
- Existence of an adequacy ruling by the European Commission pursuant to Art. 45 GDPR;
- Existence of appropriate safeguards pursuant to Art. 46 GDPR (e.g. binding internal data protection rules, standard data protection clauses, approved codes of conduct or approved certification mechanisms;
- Existence of an exception pursuant to Art. 49 GDPR (e.g. if you have given your consent to the pursuit of legal claims, if necessary for the performance of a contract)
19. Changes and updates to the Data Protection Declaration
Updates to our privacy policy may result from changes to the data processing we carry out, or from changes in the law, court rulings, changes to our company's contact information, etc. We therefore ask you to inform yourself regularly about the content of our Data Protection Declaration.
As of April 2024
APPENDIX
1) Affiliate
PLANMECA OY
Asentajankatu 6
00880 Helsinki
Finland