top of page
Open Home page

Privacy Policy

We take the protection of your personal data during collection, processing, and use during your visit to our website very seriously and want you to know when we collect which data and how we use it. We have taken the technical and organizational measures to ensure that the regulations on data protection are observed both by us and by any service providers.
 
This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our website and the associated web pages, functions, and content, as well as our external online presences, such as our social media profiles (hereinafter referred to as “online offering”).

Responsibility

The responsible party for the collection, processing, and use of your personal data within the meaning of Art. 4 No. 7 GDPR is
 
Kurotec-KTS Kunststofftechnik Stade GmbH
Am Bullenhof 25
21680 Stade, Germany
Tel.: +49 (0)4141 9995-0
Email: info@kurotec-kts.de

Name and address of the data protection officer

The data protection officer of the controller is:
 
Lawyer
Michael H. Heng
Am Kaiserkai 69
20457 Hamburg
Email: dsb@advocatus.de
 
Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

Types of processed data

• Master data (e.g., your name, address)
• Contact details (e.g., your email address, telephone number)
• Content data (e.g., your text entries on our site, photographs, videos you upload)
• Usage data (e.g., the subpages you visit, access times)
• Meta/communication data (e.g., device information, IP addresses)
 
Categories of affected persons
 
Visitors and users of the online offering (hereinafter: “users”), customers, interested parties, business partners.

Purpose of processing

• Provision of the online offering, its functions, and content
• Responding to contact requests and communicating with users
• Security measures
• Reach measurement/marketing

Used terms

• “Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification -number, location data, an online identifier (e.g. cookie) or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person (Art. 4 (1) GDPR).
 
• “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution, or otherwise making available, alignment or combination, restriction, erasure, or destruction (Art. 4(2) GDPR).
 
• “Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person (Art. 4(4) GDPR).
 
• “Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person (Art. 4(5) GDPR).
 
• “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4(7) GDPR).
 
• “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Art. 4(8) GDPR).

Relevant legal bases

Art. 13 GDPR stipulates that we must inform you of the legal bases for our data processing. Unless the legal basis is expressly mentioned in the following privacy policy, the following applies:
 
• The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR.
• The legal basis for processing for the fulfillment of our services and the implementation of contractual measures as well as responding to inquiries is Art. 6 (1) lit. b GDPR.
• The legal basis for processing for the fulfillment of our legal obligations is Art. 6 (1) lit. c GDPR.
• The legal basis for processing to safeguard our legitimate interests is Art. 6 (1) lit. f GDPR.
• The legal basis in the event that vital interests of the data subject or another natural person require the processing of personal data is Art. 6 (1) lit. d GDPR.

Safety measures

To protect your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which are continuously adapted to the state of the art.

 

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data.

 

We have established procedures to ensure the exercise of data subject rights, deletion of data, and responses to data security risks.

 

Furthermore, we take into account the protection of personal data through data protection by design and by default (Art. 25 GDPR).

 

Your personal data is transmitted to us in encrypted form. This applies to all communication conducted via our website. We use the SSL/TLS (Secure Socket Layer / Transport Layer Security) encryption system. Please note that data transmission over the Internet, for example via email communication, may have security vulnerabilities.

Collaboration with processors and third parties

If, in the course of our processing, we disclose data to processors or third parties, transfer it to them, or otherwise grant them access to the data, this is done exclusively on the basis of a legal permission, e.g. if you have given your consent (Art. 6 para. 1 lit. a GDPR), if the transfer to third parties is required for contract performance (Art. 6 para. 1 lit. b GDPR), if there is a legal obligation (Art. 6 para. 1 lit. c GDPR), or on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR). In the case of processors, the disclosure is based on a data processing agreement concluded with the processor in accordance with Art. 28 GDPR.

Transmission to third countries

A transfer of data to a third country, e.g. when using services of third parties, only takes place if it is necessary for the fulfillment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests under the aforementioned legal bases. Subject to other statutory or contractual permissions, we process or have data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met (e.g. on the basis of special guarantees such as an officially recognized adequacy decision or compliance with officially recognized standard contractual clauses).

Rights of data subjects

• Right to confirmation and access: Pursuant to Art. 15 GDPR, you have the right to obtain confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to free access to the personal data stored about you and a copy of this data.

• Right to rectification: Pursuant to Art. 16 GDPR, you have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of processing, you also have the right to request completion of incomplete personal data.

• Right to erasure: Pursuant to Art. 17 GDPR, you have the right to request that personal data concerning you be deleted without undue delay.

• Right to restriction of processing: Under the conditions of Art. 18 GDPR, you have the right to request restriction of the processing of personal data.

• Right to data portability: Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to request transmission to another controller, insofar as this is technically feasible.

• Right to withdraw consent: Pursuant to Art. 7 para. 3 GDPR, you have the right to withdraw consent to the processing of personal data at any time with effect for the future.

• Right to object: In accordance with Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Art. 6 para. 1 lit. e or f GDPR.


You may exercise the aforementioned rights at any time vis-à-vis the above-mentioned controller or the above-mentioned data protection officer.

 

• Right to lodge a complaint with a supervisory authority: Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

Deletion of data

Unless expressly stated otherwise, the data stored by us will be deleted in accordance with Art. 17 GDPR as soon as it is no longer necessary for its intended purpose and there are no statutory retention obligations preventing deletion.
If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted in accordance with Art. 18 GDPR, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to statutory requirements in Germany, retention is carried out in particular for 10 years pursuant to §§ 147 para. 1 no. 1, 4 and 4a, para. 3 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.) and for 6 years pursuant to §§ 147 para. 1 no. 2, 3 and 5, para. 3 AO, 257 para. 1 no. 2 and 3, para. 4 HGB (commercial correspondence).

Operation of the website and access to the website

The hosting services we use from our hosting provider serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use for the operation of the website.
In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, interested parties, and visitors to this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with Art. 28 GDPR.

 

We or our hosting provider also process access data. This includes:

• name and URL of the retrieved file

• date and time of retrieval

• amount of data transferred

• notification of successful retrieval (HTTP response code)

• browser type and browser version

• operating system

• referrer URL (i.e. the previously visited page)

• websites accessed by the user’s system via our website

• internet service provider of the user

• IP address and the requesting provider

 

We use these log data without assignment to your person or other profiling for statistical evaluations for the purpose of operation, security, and optimization of our online offering, as well as for anonymous recording of the number of visitors to our website and the scope and type of use of our website and services, and for billing purposes to measure the number of “clicks” received from cooperation partners. On the basis of this information, we can provide personalized and location-based content, analyze data traffic, identify and resolve errors, and improve our services. This also constitutes our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

 

We reserve the right to subsequently review the log data if there is justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period if this is necessary for security purposes or for providing or billing a service, e.g. if you use one of our offers. After completion of the ordering process or receipt of payment, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website.

Contact

When contacting us (e.g. by email, telephone, or via social media), the user’s details are processed for the purpose of handling and processing the contact request in accordance with Art. 6 para. 1 lit. b GDPR. Responding to your request also constitutes our legitimate interest in processing the transmitted data pursuant to Art. 6 para. 1 lit. f GDPR.


We delete inquiries if they are no longer required. We regularly review their necessity, at the latest every two years. Statutory archiving obligations also apply.

Cookies

We use various types of cookies on our website, which are listed individually below.

 

Some of these are “necessary cookies”, which are required to maintain the operation of the website. Our legitimate interest in setting these cookies and processing personal data is based on Art. 6 para. 1 lit. f GDPR.

 

For the setting of all other cookies, we require your consent. For this purpose, we use the cookie consent tool “Usercentrics”, which asks for your consent to the processing of your personal data when you first visit our website. You have the option to completely refuse consent, differentiate between cookie categories, or grant consent for the use of all cookie categories. The selection is made within the consent tool and can be changed and adjusted at any time. Processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR.

 

You can revoke your consent at any time in whole or in part by accessing and adjusting the cookie consent tool via the link available on each page. You may also object to the use of cookies by disabling cookies in your browser settings. Please note that this may significantly restrict the functionality of this website.

 

The storage duration of cookies is specified in the cookie consent tool.

Google Maps

We integrate maps from the service “Google Maps” provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This may result in the transmission of personal data (in particular IP address and location data) to Google and processing on Google servers. However, this data transfer does not take place unless you have expressly consented to it (e.g. via our cookie consent tool or by clicking on a blocked map).
The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time with effect for the future (e.g. via the consent tool settings). Where data is transferred to the USA, we rely on the EU–US Data Privacy Framework (DPF). Google is certified accordingly. Further information on data processing can be found in Google’s privacy policy.

Google Fonts (Web Fonts)

For a consistent display of fonts, this website uses so-called Web Fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For data protection reasons, these fonts are disabled by default. Only when you give your consent does your browser establish a direct connection to Google’s servers to load the fonts. In this process, your IP address is transmitted to Google to enable the fonts to be displayed on your device. The processing of your data is carried out exclusively based on your consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future (e.g., via the settings of our consent tool).

 

By using Google Fonts, personal data (in particular your IP address) may be transferred to servers of Google LLC in the USA. We rely on the EU-US Data Privacy Framework (DPF), for which Google is certified, for this transfer.

Further information about Google Web Fonts can be found at: https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy

Google reCAPTCHA

We use the reCAPTCHA service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) to protect our contact form from misuse by automated programs (bots) and spam. When using reCAPTCHA, data such as IP address, mouse movements, and time spent on the website are transmitted to Google and analyzed there. This processing may also take place on servers of Google in the USA.
The use of reCAPTCHA is based exclusively on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG (if cookies are set). Consent can be revoked at any time with effect for the future. Where data is transferred to the USA, we rely on the EU–US Data Privacy Framework (DPF), for which Google is certified. Further information on Google’s data protection provisions can be found in Google’s privacy policy.

Online Offer - Data Privacy Notice for the LinkedIn Company Page

1. Joint Controllership

 

Google Web Fonts: We are jointly responsible with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn") for the processing of personal data on our LinkedIn company page (Art. 26 GDPR).

We have concluded a joint controllership agreement with LinkedIn (the so-called "Page Insights Joint Controller Addendum"). This agreement specifies which data protection obligations we and LinkedIn fulfill. You can view the agreement here: https://legal.linkedin.com/pages-joint-controller-addendum (Note: This legal agreement is often provided by LinkedIn primarily in English, but it is binding for us).

 

2. Data Processing by Page Insights

 

LinkedIn provides us with "Page Insights" for our company page. These are aggregated statistics that provide us with insights into how visitors interact with our page (e.g., follower growth, engagement rates, visitor demographics).

To generate these statistics, LinkedIn processes personal data of page visitors. We ourselves only receive aggregated reports that cannot be traced back to individual persons and have no access to the underlying personal data.

We use these statistics to analyze the appeal of our LinkedIn page and to optimize our content in a targeted manner.

The legal basis for this processing is our legitimate interest in an optimized presentation of our company and effective communication with customers and prospects (Art. 6 para. 1 lit. f GDPR). You have the right to object to this processing at any time on grounds relating to your particular situation (Art. 21 para. 1 GDPR).

 

3. Data Processing During Direct Interaction

 

When you interact with our LinkedIn company page—for example, by writing comments, sending direct messages, liking, or sharing posts—personal data is processed (e.g., your profile name, profile picture, and the content of your interaction).

We are jointly responsible with LinkedIn for comments and public interactions on our page. We are solely responsible for processing direct messages that you send us via LinkedIn. We process this data to communicate with you and answer your inquiries.

The legal basis for this processing is our legitimate interest in communicating with prospective and existing customers (Art. 6 para. 1 lit. f GDPR) or the performance of pre-contractual measures, provided your inquiry is aimed at concluding a contract (Art. 6 para. 1 lit. b GDPR).

 

4. Data Transfer to Third Countries

 

LinkedIn may also transfer personal data to countries outside the European Economic Area, in particular to the USA. LinkedIn Corporation, headquartered in the USA, is certified under the EU-U.S. Data Privacy Framework. LinkedIn also uses Standard Contractual Clauses issued by the European Commission as the basis for data transfers to third countries. Further information can be found in LinkedIn's Privacy Policy.

 

5. Data Retention Period

 

For information on the retention period of data processed by LinkedIn, please refer to LinkedIn's Privacy Policy. Messages and inquiries that you send directly to us are stored for as long as necessary for processing and are subsequently deleted unless statutory retention obligations apply.

 

6. Your Rights and How to Exercise Them

 

According to the agreement pursuant to Article 26 of the GDPR, LinkedIn assumes primary responsibility for the processing of Insights data. LinkedIn fulfills all obligations under the GDPR with regard to the processing of Insights data (including information obligations and data subject rights).

... Regardless of the above, you can assert your rights (access, rectification, erasure, restriction of processing, data portability, objection) against both us and LinkedIn. Since LinkedIn has access to user data and can implement corresponding measures directly, we recommend that you contact LinkedIn directly with any inquiries regarding Insights data. Should you address the inquiry to us, we will forward it to LinkedIn immediately and cooperate with LinkedIn in processing it.

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority.

 

Further information:

Status of the privacy policy: January 28, 2026.

bottom of page