Privacy policy of KGW Gerber Edelstähle GmbH

Status: October 2025

With the following data protection declaration, we would like to inform you about what types of your personal data (hereinafter also referred to as "data" for short) we process for what purposes and to what extent within the framework of providing our website and the associated functions and content. This declaration applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles.

The protection of your personal data is important to us. We therefore process your data exclusively on the basis of legal provisions, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). The terms used are not gender-specific.

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:

KGW Gerber Edelstähle GmbH

Mewer Ring 9

58454 Witten

Germany

Represented by the managing director:

Kai Bützler

Contact:

Phone: +49 (0)2302-88908-88

Fax: +49 (0)2302-88908-80

Email: kai@kgw.nrw

For the exercise of your data subject rights as well as for all other questions regarding data protection, please contact the email address mentioned above. The use of a central, function-related email address instead of the direct contact address of the managing director ensures that data protection inquiries can be processed efficiently and comprehensibly, even in the absence of individual persons. This is an essential component of a professional data protection organization.

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects. It serves for quick orientation and for fulfilling the transparency obligations from the GDPR.

Processing overview

Types of data processed

Inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers), content data (e.g. text input in forms), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. IP addresses, device information).

Categories of data subjects

Visitors and users of the online offer, customers, interested parties, communication partners.

Purposes of processing

Provision of the online offer and its functions, answering contact inquiries and communication, provision of contractual services, security measures, reach measurement and marketing.

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations in Germany (BDSG) may apply.

Consent ($Art. 6 Abs. 1 S. 1 lit. a DSGVO$): The data subject has given their consent to the processing of personal data concerning them for one or more specific purposes. This is particularly relevant for the use of non-essential cookies and tracking technologies.

Fulfillment of contract and pre-contractual inquiries ($Art. 6 Abs. 1 S. 1 lit. b DSGVO$): The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This applies, for example, to the processing of inquiries via our contact form or appointment booking.

Legal obligation ($Art. 6 Abs. 1 S. 1 lit. c DSGVO$): The processing is necessary for compliance with a legal obligation to which we are subject. This includes, for example, commercial and tax law retention obligations.

Legitimate interests ($Art. 6 Abs. 1 S. 1 lit. f DSGVO$): The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. This applies, for example, to ensuring the security and functionality of our website (server log files).

In accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the risk for the rights and freedoms of natural persons, we take appropriate technical and organizational measures (TOMs) to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, ensuring availability and their separation. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, the deletion of data and a reaction to their endangerment. An essential part of our security measures is the end-to-end SSL/TLS encryption of data transmission between your browser and our server.

If we disclose data to other persons and companies (processors or third parties) within the framework of our processing, transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission. This may be the case if a transfer of the data to third parties is required for the fulfillment of the contract ($Art. 6 Abs. 1 lit. b DSGVO$), you have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using web hosts).

If we commission third parties with the processing of data on the basis of a so-called "data processing agreement" (DPA), this is done on the basis of $Art. 28 DSGVO$. We carefully select our processors and contractually ensure that they comply with data protection regulations.

The processing of your data generally takes place within the European Union (EU) or the European Economic Area (EEA). If we process data in a third country (i.e. outside the EU/EEA) or if this happens in the context of using third-party services or disclosing or transferring data to third parties, this will only take place if the special requirements of $Art. 44 ff. DSGVO$ are met.

For data transfers to the USA, we rely on the adequacy decision of the European Commission of July 10, 2023 for the EU-US Data Privacy Framework (DPF). A transfer to US companies only takes place if they are certified under the DPF. This certification ensures a level of protection for personal data that is comparable to that in the EU.

The legal landscape for transatlantic data transfers is constantly evolving; previous agreements such as the "Privacy Shield" have been declared invalid by court. For this reason, as an additional safeguard and as a fallback mechanism, we rely on the conclusion of Standard Contractual Clauses (SCCs) of the EU Commission with the respective service providers. This combination of DPF certification and SCCs creates a robust legal basis and demonstrates a high degree of care to protect your data as best as possible, even during transfers to the USA.

As a data subject affected by data processing, you have various rights under the GDPR, which we explain below:

Right to information ($Art. 15 DSGVO$): You have the right to request confirmation as to whether data concerning you is being processed, and to information about this data as well as further information and a copy of the data.

Right to rectification ($Art. 16 DSGVO$): You have the right to request the completion of the data concerning you or the rectification of inaccurate data concerning you.

Right to erasure and restriction of processing ($Art. 17 und 18 DSGVO$): You have the right to request that data concerning you be deleted without undue delay, or alternatively to request a restriction of the processing of the data, in accordance with legal provisions.

Right to data portability ($Art. 20 DSGVO$): You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller.

Right to object ($Art. 21 DSGVO$): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on $Art. 6 Abs. 1 lit. e$ or $f DSGVO$. If your data is processed for direct marketing purposes, you have the right to object at any time to processing for the purpose of such advertising; this also applies to profiling to the extent that it is related to such direct marketing.

Right to withdraw consent ($Art. 7 Abs. 3 DSGVO$): You have the right to withdraw given consents at any time with effect for the future. The legality of the processing carried out until the withdrawal remains unaffected.

Right to lodge a complaint with a supervisory authority ($Art. 77 DSGVO$): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.

We store your personal data only as long as it is necessary for the respective processing purposes or as provided for by the various retention periods stipulated by law. If the storage purpose ceases to apply or a legal retention period expires, the data will be routinely blocked or deleted in accordance with legal regulations.

According to legal requirements in Germany, retention is particularly for:

10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 und 4, Abs. 4 HGB (books, records, management reports, booking vouchers, commercial books, documents relevant for taxation, etc.).

6 years according to § 257 Abs. 1 Nr. 2 und 3, Abs. 4 HGB (commercial letters).

The structure of our digital infrastructure is deliberately chosen so that core data processing for the operation of the website takes place on systems within the EU. This minimizes risks associated with international data transfers. Only for extended analysis and marketing functions that require your explicit consent are services from providers in third countries (in particular the USA) used.

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. This data is technically necessary to display our website to you and to ensure stability and security.

Processed data: IP address, date and time of the request, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page).

Purpose: Delivery of the website to the user's computer, ensuring the functionality of the website, optimizing the website and ensuring the security of our information technology systems.

Legal basis: Our legitimate interest in a secure and efficient provision of our online offer in accordance with $Art. 6 Abs. 1 lit. f DSGVO$.

Storage period: The server log files are stored for security reasons (e.g. to clarify abuse or fraud) for a maximum of 14 days and then deleted.

Service provider (processor):

Website builder and hosting: For the operation of our website, we use the services of onepage GmbH. We have concluded a data processing agreement (DPA) with onepage in accordance with $Art. 28 DSGVO$. This ensures that onepage processes your data only on our instructions and in compliance with the GDPR. Onepage's servers are located exclusively in the EU.

Provider: onepage GmbH, Gontardstraße 11, 10178 Berlin, Germany.

Privacy Policy:

Domain registration: Our domain is managed by united-domains GmbH. The processing of data by this provider is limited to the technical data necessary for domain registration and DNS resolution. United-domains' servers are located in Germany.

Provider: united-domains GmbH, Gautinger Straße 10, 82319 Starnberg, Germany.

Privacy Policy:

Our website uses cookies. Cookies are small text files that are stored on your device. We distinguish between technically necessary cookies, which are essential for the basic function of the site, and optional cookies, which are used for analysis and marketing purposes.

Technically necessary cookies: These cookies are absolutely essential for the operation of the site and cannot be deactivated. They enable basic functions such as page navigation. The legal basis for their use is our legitimate interest ($Art. 6 Abs. 1 lit. f DSGVO$).

Optional cookies: All other cookies, especially for marketing, analysis or the integration of external media, are only set after your express consent ($Art. 6 Abs. 1 lit. a DSGVO$).

Consent Management Tool: To obtain and manage your consents, we use the integrated consent management tool from onepage.io. This tool ensures that optional cookies and scripts are only loaded after your active consent. You can revoke your once given consent at any time for the future via the settings of the consent tool.

If you contact us via contact form or email, the data you transmit will be stored by us to process your inquiry and for follow-up questions.

Processed data: Name, email address, possibly phone number and the content of your message.

Purpose: Processing of the contact inquiry and its handling.

Legal basis: The processing takes place for the implementation of pre-contractual measures or for the fulfillment of a contract in accordance with $Art. 6 Abs. 1 lit. b DSGVO$.

Storage: The inquiries and the associated data are stored in the integrated Customer Relationship Management (CRM) system of onepage.io. This ensures that this sensitive communication data remains within the EU-based infrastructure of our main processor. We delete the inquiries if they are no longer required and no legal archiving obligations prevent this.

We offer you the possibility to book appointments with us via a tool integrated on our website.

Processed data: Name, email address, possibly phone number and other information you provide about the appointment request.

Purpose: Efficient planning, coordination and confirmation of appointments.

Legal basis: The processing of your data for the specific appointment arrangement takes place for the implementation of pre-contractual measures at your request ($Art. 6 Abs. 1 lit. b DSGVO$).

Service provider: We use the native appointment booking tool from onepage.io for this. The data processing thus takes place within the framework of our data processing agreement with onepage.io and the data is stored on servers in the EU.

We only use the services described below for analyzing user behavior and displaying advertising on the basis of your express consent in accordance with $Art. 6 Abs. 1 lit. a DSGVO$, which you give via our consent management tool.

We use the integrated analysis tool from onepage.io to obtain basic statistical evaluations about the use of our website.

Purpose: Analysis of visitor numbers, page views and general interaction with our website to improve our offer.

Legal basis: Your consent ($Art. 6 Abs. 1 lit. a DSGVO$).

Data processing: The analysis takes place within the onepage.io infrastructure. No data transfer to external third parties or to third countries takes place. This represents a data protection-friendly alternative to more extensive analysis tools.

This website uses, after your consent, Google Analytics, a web analysis service of Google Ireland Limited.

Purpose: Google Analytics enables us to conduct a detailed analysis of website usage. We can compile reports on website activities and thus make our offer more user-friendly and optimize it economically. Specifically, data such as your (anonymized) IP address, your click behavior, the dwell time on individual pages, and technical information about your browser and device are analyzed.

Legal basis: Your consent ($Art. 6 Abs. 1 lit. a DSGVO$).

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Order processing: We have concluded the "Google Ads Data Processing Terms" with Google, which comply with the requirements of $Art. 28 DSGVO$ and ensure that Google processes the data only on instructions.

IP anonymization: We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Third country transfer: The information generated by cookies about your use of this website is generally transmitted to a Google LLC server in the USA and stored there. This data transfer is secured by the certification of Google LLC under the EU-US Data Privacy Framework (DPF). In addition, we have concluded the EU standard contractual clauses with Google.

Revocation and objection: You can revoke your consent at any time via our Consent Management Tool. Furthermore, you can prevent the collection of data by Google Analytics by downloading and installing the browser plug-in available under the following link:

We use the "Meta Pixel" of the social network Meta on our website after your consent.

Purpose: With the help of the Meta Pixel, we can measure the effectiveness of our advertisements on Facebook and Instagram ("conversion tracking"). In addition, based on the collected data, we can create target groups for future advertisements ("Custom Audiences") and thus optimize our marketing measures.

Legal basis: Your consent ($Art. 6 Abs. 1 lit. a DSGVO$).

Joint responsibility: For the collection of data on our website and its transmission to Meta, we are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, within the meaning of $Art. 26 DSGVO$. This joint responsibility is limited exclusively to the collection and transmission of data. The subsequent processing by Meta is the sole responsibility of Meta. The agreement on joint responsibility can be viewed here:

Third country transfer: The data is forwarded to the parent company Meta Platforms, Inc. in the USA. This data transfer is secured by the certification of Meta Platforms, Inc. under the EU-US Data Privacy Framework (DPF). In addition, EU standard contractual clauses have been agreed as a further guarantee.

Revocation: You can revoke your consent to the use of the Meta Pixel at any time via our Consent Management Tool.

The Meta Pixel is only used if you have expressly agreed via our Consent Tool. Without consent, no tracking data will be transmitted to Meta.

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

We operate a company page on the LinkedIn platform.

Purpose: Presentation of our company, publication of news, communication with interested parties and potential applicants, and analysis of the reach of our posts.

Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Joint responsibility for "Page Insights": For the processing of statistical usage data (so-called "Page Insights") that LinkedIn provides to us in aggregated form, we are jointly responsible with LinkedIn ($Art. 26 DSGVO$). This data helps us understand how users interact with our page. We do not have access to the underlying personal data of individual users. The agreement on joint responsibility (Page Insights Joint Controller Addendum) can be found here:

Legal basis: The operation of our LinkedIn page and the associated communication are based on our legitimate interests in contemporary and far-reaching public relations and company presentation ($Art. 6 Abs. 1 lit. f DSGVO$).

Third country transfer: It is possible that data will be transmitted from LinkedIn to LinkedIn Corporation in the USA. LinkedIn Corporation is a subsidiary of Microsoft Corporation, which is certified under the EU-US Data Privacy Framework (DPF), thereby ensuring an adequate level of data protection.

LinkedIn Privacy Policy:

We reserve the right to adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply to your renewed visit. We ask you to regularly inform yourself about the content of our data protection declaration. This data protection declaration was created with the greatest possible care. Nevertheless, legal or technical changes may arise that require adjustments. The current version can always be found on our website.