Thank you for visiting our website and for your interest in our services.
1. Subject matter and scope of the privacy statement
is data protection declaration also fulfils our information obligations under Articles 13 and 14 of the General Data Protection Regulation (GDPR).
Specific information on data processing regarding the use of our website and the functions provided by us can be found under Sections 4 and 5 below. “Our website” within the terms of this data protection declaration refers to the main page available at www.fka.de as well as all sub-websites without externally linked websites of third parties over whose content we have no influence.
You can find detailed information on your rights as a data subject and on the general principles governing how we process your personal data under Sections 7 and 8. The information contained therein also supplements – even without express reference – the information on the processing of personal data in the cases specified in Sections 4 to 7.
2. Name and contact details of the controller
In accordance with the data protection law, i.e. the body which alone or jointly with others decides on the purposes and means of processing personal data, the “Controller” is, in this case,
Telephone: +49 241 8861 0
Fax: +49 241 8861 110
You will find further information about our company, details of the authorized representatives and other contact details in our legal notice on our website: https://www.fka.de/en/imprint.
3. Contact data of the data protection officer
We have appointed a data protection officer. If you have any questions or concerns about data protection, the easiest way to reach our data protection officer is to use the following contact details:
- Data Protection Officer –
Steinbachstr. 7, 52074 Aachen, Germany
If you have any questions or other concerns regarding data protection, please do not hesitate to contact our data protection officer at any time using the contact details given above.
4. Data processing within the scope of use of our website
In this section, we would like to inform you in detail about which personal data we process and for which purposes when you visit our website and use the functions provided.
For security reasons and to protect your personal data and other confidential content, your data is transmitted in encrypted form when you use the website. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.
4.1. Provision of the website and creation of log files
If you do not use any of the registration functions provided or otherwise provide us with information, we only collect the technical information that your browser transmits to our server each time you visit the website. The following information can be collected:
- (1) Information about the accessing device: operating system, browser and version;
- (2) The website from which our website was redirected (referrer information), as the case may be;
- (3) Date and time of access;
- (4) IP (Internet Protocol) address of the device used to access our website; and
- (5) File request.
The information is stored on our servers as part of an automatically generated log file. We do not draw any conclusions about the identity of the visitor from the information collected.
We need this information in order to optimally deliver our website and requested files to your computer or internet browser. In the event of a hacker attack on our website, data may be made available to the law enforcement authorities to the necessary extent.
The legal basis for processing the information includes the following:
(1) Processing to safeguard legitimate interests (Article 6 para. 1 lit. f of the GDPR): legitimate interests are the provision of a website and the assertion or defense of legal claims in connection with the improper use of our website;
(2) Fulfilment of a legal obligation (Article 6 para. 1 lit. c of the GDPR), as far as we are obliged to surrender the data to criminal prosecution or regulatory authorities or on a civil law basis.
External recipients of the data may be criminal prosecution or regulatory authorities or similar bodies in order to defend against and prevent misuse of our Internet presence.
Providing this information to such authorities is not required by law or by contract, nor is it necessary to conclude a contract, and there is no obligation to provide personal data. Please note, however, that information is collected automatically when you visit our website. If you prevent – for example with the help of appropriate tools – the provision of data (e.g. the transmission of the screen size, the device used or the browser used), certain functions of our Internet presence can no longer be displayed or used correctly.
Log files are automatically deleted after seven days, unless a longer storage period is required in the event of violations to clarify and enforce claims and for criminal prosecution.
Subject to the conditions specified in more detail, you are entitled to the rights of the data subjects referred to in Section 7.
4.2. Cookies and web analytics
Cookies do not affect your PC or the data stored on it. Cookies do not allow access to the contents of your hard disk.
On this website we also use the open source web analysis service "Matomo" (www.matomo.org). It collects and stores data for statistical analysis of the user behaviour of the website for optimisation and marketing purposes. For this purpose, anonymous user profiles can be created and evaluated on the basis of the collected data.
The data collected using Matomo technology (including your anonymous IP address) is processed on our servers and stored in visitor logs for 90 days. Old data will be deleted after one week.
The provision of the information is not required by law or contract and there is no obligation to provide personal data.
Subject to the conditions described in more detail, you are entitled to the rights of the data subjects referred to in Section 7.
4.3. Integration of third-party services and content
On our webseite we integrate third-party services and content to improve our website content.
4.3.1 Integration of OpenStreetMap map material
On some of our webpages we have included videos from the provider YouTube, which are stored at https://www.youtube.com/ and can be accessed directly from our website. We have integrated all videos in the “extended data protection mode” so that no data about you as a user will be transferred to YouTube if you do not play the videos. If you click on the video, your IP address will be transmitted to YouTube and YouTube will know that you have viewed the video. If you are logged in to YouTube, this information will also be associated with your account. We have no control over this data transfer. However, you can prevent this by logging out of YouTube with your user account before viewing the video.
4.3.3 Social media
On certain pages within our website we have included links to the social media channels of Twitter (www.twitter.com), Facebook (www.facebook.com), Xing (www.xing.de), LinkedIn (www.linkedin.de) and kununu (www.kununu.com). For this we use the tool "shariff", which prevents personal data from being transferred to the providers of these services when simply viewing the pages provided by us. However, if you click on the links provided, the providers may store cookies on your computer or your IP address. We have no influence on the processing of personal data in this case. Further information can be found in the data protection information of the respective social media channels:
Xing and kununu (kununu is a service provided by Xing: https://privacy.xing.com/de/datenschutzerklaerung
5. Contact and communication with fka
If you want to contact us,you can do so in the ways described below.
If you use the contact form provided on our website, we will process the following data or data categories:
(2) Email address,
(3) Content data (e.g. your question) and
(4) Data stored within the scope of the log files (see section 4.1).
In addition, you can contact us by email, fax, telephone or post. If you make use of these possibilities, we will collect the data you provide. In particular, the following data or data categories can be considered:
(1) User-related data (e.g. name, address),
(2) Contact details (e.g. email, telephone/fax number),
(3) Content data (e.g. text input, photographs, videos),
(4) Usage data (e.g. date and time of contact),
(5) Contract data (e.g. subject matter of contract, duration, customer category) and
(6) Payment data (e.g. bank details).
The aforementioned data and data categories can also be processed if you communicate with us, for example, within the framework of ongoing projects.
We process your data generally for the execution of a contract or for pre-contractual measures in accordance with Article 6 (1) (a) of the GDPR if the information is communicated on the occasion of a contract or a contract initiation (for example, a concrete inquiry for sending an offer or an email notification with reference to a concrete project).
Otherwise, your data will be processed to safeguard legitimate interests in accordance with Article 6 (1) (f) of the GDPR if no other legal basis can be considered. Our legitimate interest lies in processing the enquiry or concrete request by providing an appropriate service and possibly expanding our customer base.
We only process your data within our company and pass it on to third parties only in exceptional cases and within the legally permissible framework.
Your request will be forwarded to the appropriate department within our company. Depending on the request, this can be the persons responsible for the project, Accounting, Controlling, Human Relations, IT, or PR/media. Within our company, only those persons have access to your data who need it to properly handle your inquiry.
The provision of the information is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. There is also no obligation to provide information. If you do not provide us with certain information, we may not be able to process your request or can only do so to a limited extent. Exceptionally, for legal reasons, it may be necessary for you to provide us with certain information in order for us to process declarations with legally binding effect, for example for the conclusion or execution of a contract.
The data collected in the course of establishing contact or communication will be stored for as long as it is necessary to process request or execute the contract. If statutory retention periods provide for longer storage (e.g. emails as business letters in accordance with sec. 257 of the German Commercial Code, and sec. 147 of the German Tax Code) or if further storage is necessary for the assertion, exercise or defense of legal claims, deletion is not possible. You are entitled to the data subject rights mentioned in and under the conditions described in more detail in Section 7 below .
6. Processing of business card data and use of personal data for marketing purposes
If you give us or our employees a business card as part of a personal contact (e.g. at events or trade fairs), we store the data provided on it, in particular
(4) Email address and
(5) Telephone and fax numbers
to contact you, for example, in order to initiate business transactions, to maintain existing business relationships or to send you information about services, products or events.
We process the data on the basis of Article 6 (1) (a) of the GDPR insofar as it serves to initiate or execute a contract. If no other legal basis is relevant, we process your data in accordance with Article 6 para. (1) (a) of the GDPR on the basis of a weighing of interests. The legitimate interest is to be seen in our interest in expanding our (potential) customer base and our network. In the case of processing for the purposes of direct marketing, Section 7 of the Unfair Competition Act is the relevant legal basis.
We use your contact data, which we have received from you in connection with the sale of goods or services by or from us (name, company, address, telephone and, if applicable, fax number, email address), within the framework of the legal requirements according to § 7 (3) of the Unfair Competition Act and Article 6 (1) (f) of the GDPR to send you information about similar goods or services of fka.
If you do not wish to receive such information or no longer wish to receive it, you can object to the further use of your data for this purpose. You can send your objection by post, email, fax or any other means provided by fka (e.g., a corresponding link in an Email).
In the event of objection, we will delete the data immediately unless you have expressly consented to its further use or we reserve the right to use your data beyond this, which is permitted by law and about which we will inform you or have already informed you.
You can find information on your rights as a data subjects under Section 8.
7. Your rights as a data subject
As a data subject, you have numerous rights granted by the European legislature, so-called “data subject rights.” In the following, we would like to present these to you in a transparent and understandable manner. Please note that the following description is not intended to replace the wording of the relevant provisions, nor are your statutory rights restricted by the following explanations.
If you have any questions about the rights of data subjects or if you wish to exercise your rights, you can contact our data protection officer at any time using the contact details provided.
7.1 Right to confirmation and information
You as the data subject have the right to request confirmation from the controller as to whether personal data concerning you is being processed and, if so, the right to request information on such personal data and on the following information:
(1) the processing purposes;
(2) the categories of personal data that is processed;
(3) the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
(4) if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining this duration;
(5) the existence of a right of rectification or deletion of personal data concerning you or of a restriction on processing by the controller or of a right of opposition to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) if the personal data is not collected from you as the data subject, all available information on the origin of the data;
(8) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) of the GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on you as the data subject.
If your personal data is transferred to a third country or an international organization, you as the data subject shall also have the right to be informed of the appropriate guarantees relating to the transfer.
You also have the right to obtain from us a free copy of the personal data that are the subject of the processing, provided that the rights and freedoms of other persons are not affected.
In special cases, the right may also be limited by the provisions of Sections 27 (2), 28 (2), 29 (1) sentence 2 and 34 of the German Data Protection Act (BDSG).
Please contact our data protection officer if you wish to make use of these rights.
7.2 Right of rectification
You have the right to request us to rectify any inaccurate personal data concerning you without delay and, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
Please contact our data protection officer if you wish to make use of these rights.
7.3 Right of deletion (“Right to be forgotten”)
You have the right to require us to delete personal data concerning you immediately, provided that one of the following reasons applies:
(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) You withdraw your consent on which the processing referred to in Article 6(1) (a) or Article 9 (2) (a) of the GDPR was based and there is no other legal basis for processing;
(3) You object to the processing under Article 21 (1) of the GDPR and there are no overriding legitimate grounds for processing, or you object to the processing under Article 21 (2) of the GDPR;
(4) Your personal data has been processed unlawfully;
(5) The deletion of your personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which we are subject; or
(6) Your personal data has been collected in relation to information society services provided in accordance with Article 8 (1) of the GDPR.
Where we have made your personal data public and are obliged to delete it for one or more of the above reasons, we shall take appropriate measures, including technical measures, to inform data processors who handle the personal data that you have requested the deletion of all links to such data or of copies or replications of same. We do this while taking into account the available technology and implementation costs.
The right to deletion according to the above description does not exist if the processing is necessary for certain reasons specified in Article 17 para. 3 of the GDPR (in particular, for example, to fulfil a legal obligation or to assert, exercise or defend legal claims).
The right may also be limited in special cases by the provision of § 35 of the BDSG.
If one or more of the above-mentioned reasons apply and you would like to have the data stored at fka deleted, please contact our data protection officer.
7.4 Right of restriction of processing
You shall have the right to require us to restrict processing if one of the following conditions applies:
(1) You dispute the accuracy of your personal data for a period which enables us to verify the accuracy of your personal data;
(2) Your processing is unlawful and you refuse to have your personal data deleted and instead request that the use of your personal data be restricted;
(3) We no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) If you have lodged an objection to the processing referred to in Article 21(1) of the GDPR as long as it has not yet been established that our legitimate reasons outweigh yours.
If you wish to exercise this right, please contact our data protection officer at the above contact details.
7.5 Right of data portability
You shall have the right to receive your personal data that you have provided to us in a structured, current and machine-readable format and shall have the right to transmit such data to another controller without interference by us, to whom you have provided your personal data, on the condition that
(1) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and
(2) the processing is carried out using automated methods.
If you exercise this right, you also have the right to have your personal data transferred directly by us to another data controller, provided that this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.
The right of deletion (“right to be forgotten”) remains unaffected by the right to data portability. The right to data portability shall not apply to the processing necessary to perform a task in the public interest or to carry it out in the exercise of official authority delegated to us.
If you wish to exercise this right, please contact our data protection officer at the above contact details.
7.6 Right to object to processing
You have the right to object at any time to the processing of your personal data on the basis of Article 6 (1) (e) (task in the public interest or exercise of sovereign power) or (f) (prevailing interest of the controller or a third party) of the GDPR for reasons arising from your particular situation. This also applies to profiling based on these provisions.
In the event of an objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.
Where your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising, including any profiling related to such direct marketing. In addition, you have the right to object to the processing of your personal data for reasons arising from your particular situation, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, unless such processing is necessary to perform a task in the public interest.
In connection with the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your right of objection by means of automated procedures using technical specifications (objection using technical means “by default”). The right can be limited in special cases by the regulation of sec 36 of the BDSG.
If you wish to exercise this right, please contact our data protection officer at the above contact details.
7.7 Rights relating to automated decisions in individual cases (including profiling)
You have the right not to be subject to a decision based solely on automated processing (including profiling) which has legal effect against you or significantly affects you in a similar manner. This does not apply if the decision
(1) is necessary to conclude or perform a contract between the you and us;
(2) is admissible by law of the European Union or of the Member States to which we are subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
(3) has your explicit consent.
If the decision to conclude or perform a contract between you and us is necessary or is taken with your express consent, we as controller shall take appropriate measures to safeguard your rights, freedoms and legitimate interests. This includes at least the right to obtain the intervention of a person by us, to state your own position and to challenge the decision.
The right can be limited in special cases by the regulation of Section 37 of the BDSG.
7.8 Right to revoke a data protection consent
You have the right to revoke your consent to the processing of your personal data at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until withdrawal.
The revocation can be declared by post, email, fax or by any other means provided by us (e.g. a corresponding link in an email).
In the event of revocation, the stored data will be erased immediately unless you have expressly consented to its further use in this regard or its further use has been reserved, which is legally permitted and about which we have informed you.
7.9 Right to lodge a complaint
You have the right to complain to a supervisory authority (see Article 51 of the GDPR) under Article 57 (1) (f) and (2) of the GDPR.
Responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (Landesbeauftragte für Datenschutz- und Informationsfreiheit Nordrhein-Westfalen), Kavalleriestraße 2 - 4, 40213 Düsseldorf, Germany.
8. Principles of data processing
In the following, we would like to provide you with an overview of the general principles of processing personal information. We adhere to these principles in all cases of processing your personal data. Should you have any questions in this regard, you can contact our data protection officer at any time.
8.1. Legal basis for the processing of personal data
Processing your personal data is only legal if it rests on a legal basis which allows such processing. The European legislator has provided the following legal bases for the processing of personal data. We would like to give you an overview of these in the following. In any case, we would like to inform you about the respective legal foundations on which we base concrete processing.
According to Article 6 (1) (a) of the GDPR, we are entitled to process personal data if we have obtained your consent for one or more specific processing purposes.
8.1.2. Fulfilment of contract and pre-contractual measures
Article 6 (1) (b) of the GDPR allows us to process your personal data if this is necessary to perform a contract to which you are a party or to implement pre-contractual measures taken at your request.
8.1.3. Fulfilment of a legal obligation
Processing of your personal data is also permitted under Article 6 (1) (c) of the GDPR if this is necessary for processing in order to fulfil a legal obligation (e.g. statutory reporting obligations) to which we are subject as data controllers.
8.1.4. Vital interest
Article 6 (1) (d) of the GDPR allows us to process your personal data when necessary to protect your vital interests or that of another natural person, e.g. in the context of accidents.
8.1.5. Assignment in the public interest or exercise of sovereignty
In accordance with Article 6 (1) (e) of the GDPR, we may, as an exception, also process your personal data if this is necessary to perform a task in the public interest or in the exercise of official authority delegated to us.
8.1.6. Prevailing interest of the controller or a third party
Finally, in accordance with Article 6 (1) (f) of the GDPR, we may base the processing of your personal data on the fact that this is necessary to safeguard our legitimate interests or those of a third party, unless your interests or fundamental rights or freedoms, which require the protection of personal data, prevail, notably if you are a child. According to the European legislator, a legitimate interest may arise in particular from an existing customer or employment relationship and our interest in direct advertising. The impact assessment shall especially take into account whether you can reasonably foresee, at the time when your personal data is collected and in view of the circumstances in which it is collected, that processing for this purpose may take place.
In our case, such legitimate interests may be, in particular,
(1) Improvement of our products and services;
(2) Planning, implementing and improving our marketing activities;
(3) Addressing new customers and new employees; and
(4) Expansion of our network.
We will inform you separately about our legitimate interests within the scope of balancing interests.
8.2. Obligation to provide personal data; consequences of failure to provide such data
In general, there is no obligation for you to provide personal data. In this case, your omission to provide personal data may only result in us not being able to process your request or not being able to process it completely, in you not being able to make use of certain offers or in you having to reckon with the loss of legal positions.
In rare cases, you may have to provide your personal information as required by law. This may in particular result from tax regulations or regulations on money laundering prevention.
If necessary, contractual regulations may also prescribe that you provide your personal data, or your personal data is required to conclude a contract. For example, an employment contract may stipulate that you provide bank account details for salary transfer, or certain information may be required to grant certain contractual conditions.
If there is a legal obligation for you to provide information, there may be the threat of legal disadvantages. Your omission to provide personal data despite a contractual obligation or requirement for the purpose of concluding a contract may have the consequence that a breach of contractual obligations exists or a contract cannot be concluded.
If you have any questions, you can always contact our data protection officer, who can provide you with information on the existence of provision obligations and the consequences of non-provision.
8.3. Origin of data
If we have not collected your personal data from you, the European legislator stipulates that you have to be informed of the source of the data and, where appropriate, whether it comes from publicly available sources.
We always provide information about the respective source of the data in the specific individual case.
It may happen that we use data from publicly accessible sources, for example to check and correct obviously incorrect addresses with the help of Internet research. In order to safeguard our economic interests, we may use data from credit agencies to obtain credit-related information if we consider this to be necessary in individual cases, in particular if payment obligations are not fulfilled or are not done so on time.
8.4. Recipients and categories of recipients of personal data
We process your data only within our company. Only those persons and business units have access to your personal data who need it within the scope of the concrete processing purposes.
We do not pass on this data to third parties in principle, unless we have either obtained your consent in advance or base the data transfer on another legal basis, in particular to execute or perform a contract, to fulfil legal regulations or to protect our legitimate interests in the context of the weighing of interests.
Possible recipients of your personal data under the aforementioned conditions may be
(1) The Institute for Automotive Engineering (ika) at the RWTH Aachen University as our cooperation partner in connection with the implementation of projects;
(2) Group companies (e.g. as part of the audit);
(3) Consultants (tax consultants, lawyers);
(4) Service providers (e.g. shipping service providers);
(5) Processors working under contract in the framework of their contract processing activities;
(6) Banks and other payment service providers; or
(7) Authorities, courts and other bodies with official authority.
In the event of a transfer, we will inform you of this in each individual case.
8.5. Duration of storage or criteria for determining the storage period
If we provide a specific storage period for certain personal data, we will inform you of this in the individual case. If we are unable to specify the concrete duration of the storage, we will inform you of the relevant criteria for determining the particular storage period.
The duration of the storage of your personal data depends primarily on the processing purposes. Your data will be deleted when the specific processing purposes no longer apply and no other reasons justify a longer storage period.
However, a longer storage period may be justified if, for example, we are obliged to store the data for a longer period due to statutory storage obligations and periods. For example, storage periods provided for under commercial or tax law can stipulate a storage period of up to ten years.
As far as your personal data is required to assert, exercise or defend claims, we will store your personal data required for this purpose for the duration of such legal actions, in any case until the expiry of relevant limitation periods, unless the reason for this no longer applies, or for other reasons a longer storage period is possible.
8.6. Automated decision making/Profiling
In principle, we do not use automated decision making processes/profiling
If, in exceptional cases, credit information is obtained about you, we will inform you separately.
8.7. Intended transfer to third countries
In accordance with the requirements of the European legislator, we must inform you whether we intend to transfer your personal data to a recipient in a third country or to an international organization and whether an adequacy decision exists or is missing or equivalent guarantees exist, including information on how these can be obtained. In principle, we neither transfer your personal data to a third country nor do we intend to do so. Should this intentionally deviate from the aforementioned principle in individual cases or take place, we will inform you separately.
Version: December 13, 2019