Global Privacy Policy of the Kellenberger Group

Scope of Application

This global privacy policy explains how the Kellenberger companies listed below (collectively “Kellenberger,” “we,” “us,” “our”) collect, use, store, and share personal data when you visit our websites, request information or quotes, contact sales or support, participate in events, or otherwise interact with us worldwide.

Inspection points and regional contacts

• Kellenberger Machines Holdings GmbH Thannäckerstrasse 22 9403 Goldach Switzerland Phone: +41 71 242 91 11 Fax: +41 71 242 92 22; info@kellenberger.com
• Kellenberger Switzerland AG — Thannäckerstrasse 22, 9403 Goldach, Switzerland; Tel +41 71 242 91 11; info@kellenberger.com
• Kellenberger Machine (Shanghai) Co., Ltd. — 1388 East Kang Qiao Road, Pudong, Shanghai 201319, China; Tel +86 21 38108686; info@kellenberger.com
• Kellenberger Systems — 1755 Brittania Drive, Unit A, Elgin, Illinois 60124, United States; Tel +1 800 843 8801; info@kellenberger.com
• Kellenberger Germany GmbH — Lachenhauweg 12, 72766 Reutlingen, Germany; Tel +41 71 242 92 32; info@kellenberger.com
• Kellenberger Malaysia Snd. Bhd., No. D17-06, Menara Suezcap1, KL Gareway, No. 2, Jalan Kerinchi, Gerbang Kerinchi Lestari, 59200 Kuala Lumpur, info@kellenberger.com

What we collect

• Contact and business information: Name, job title, company, email, phone number, address.
• Business information: Company size, industry, quotes, order and warranty information.
• Technical and usage information: IP address, device and browser information, pages visited, referrers, session duration, cookies, and similar technologies.
• Communication: Messages you send via email, web form, chat, or phone, as well as related metadata.
• Support data: Ticket content, troubleshooting logs, and service history.
• Optional data: Marketing preferences, event registrations, and any other information you choose to provide.

Why we process personal data

We process personal data to:

• Respond to inquiries and prepare quotes; Fulfill contracts and deliver products and services;
• Operate and improve our website and products;
• Provide customer service;
• Send service communications and marketing where permitted;
• Comply with legal obligations; and
• Protect our rights and property.

The legal bases for processing personal data include the performance of a contract, legitimate interests, consent, and legal obligations, which vary depending on the jurisdiction.

Cookies und Tracking

We use cookies and similar technologies for essential website functionality, analytics, and marketing. You can manage your cookie settings using our cookie tool. Refusing non-essential cookies may affect the functionality of the site.

Third-party providers and processors

We share personal data with service providers who perform services on our behalf (hosting, analytics, CRM, marketing platforms, payment processors, and support tools). We require processors to protect personal data and to act solely on our instructions in accordance with written agreements.

Log files

When you visit our website, log files are created and stored for 14 days. These log files are automatically transmitted to us or the website service provider by your browser.
The following data is collected:

• Browser type and browser version
• Referrer URL (the website from which you accessed our site)
• Host name of the accessing computer
• Operating system used
• Time of the server request
• IP address

This data is used to ensure that the website functions properly and is therefore collected on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the error-free presentation of our online presence and the associated optimization of the website.

We will ask for your consent before using cookies that cannot be classified as necessary. Our legal basis for the use of technically necessary cookies is based on our legitimate interest (in accordance with Article 6(1)(f) of the General Data Protection Regulation) in improving the functionality of our website. Session cookies are deleted when you close your internet browser.

Contact requests / Contact options

When you contact us (e.g. by telephone or email), we store the data you provide for the purpose of processing your request and in case of further questions. This data is processed on the basis of Article 6(1)(b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Article 6(1)(a) GDPR) through your implied behavior when contacting us. The data you provide will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

Google Fonts

We have dynamically integrated Google Fonts into our website to display external fonts. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC based in the USA, hereinafter referred to as “Google”.
We integrate the fonts on the basis of Art. 6 (1) lit. f. Our legitimate interest lies in the uniform, optimized, and economical operation of our websites.

The dynamic integration of fonts means that when you visit our websites, network connections are established with Google servers to reload the fonts. For technical reasons, your IP address is transmitted to Google, among others. Since Google is headquartered in the US and most of its servers are located there, data transfers also take place outside the EU. There is no adequacy decision by the EU Commission for the US, as the legal situation there does not guarantee that you can fully exercise your rights under the GDPR. The transfer of your IP address as personal data therefore carries a risk that cannot be completely minimized even by our EU standard contractual clauses with Google.

Google states:

• https://adssettings.google.com/authenticated (for registered users),
• https://adssettings.google.com/ (for non-registered users), and
• https://policies.google.com/privacy

Further information on how the group handles the data collected and what options you have to prevent the use of your data can be found here.

Consent management Borlabs Cookie
This website uses Borlabs Cookie, which sets a technically necessary cookie (Borlabs Cookie) to store your consent to technically unnecessary cookies and data processing. According to the provider, Borlabs Cookie does not process any personal data. The Borlabs cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you enter or load the website again, you will be asked for your cookie consent again.

YouTube

We have an account on YouTube and use the platform to communicate with customers, applicants, and interested parties. YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To illustrate and promote our products, you will find YouTube videos embedded directly on our pages. A connection to YouTube is only established after you have actively consented to data processing by YouTube, either via our consent management tool or by clicking on the video overlay. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. This ensures that no data processing by YouTube takes place when you simply visit our pages with embedded videos. The YouTube videos on our website are implemented in “extended privacy mode.” According to Google, “extended privacy mode” allows videos to be played without cookies, thus achieving a higher standard of data protection. Nevertheless, when you access YouTube videos, at least your IP address, the exact time, and the Internet address where the video is embedded are recorded. In addition, when you play a video, connections are made to other Google addresses over which we have no control. In particular, we cannot prevent Google from further processing the information collected in this way for profiling purposes and using it for its own purposes. If you have a Google account and are logged into that account when you call up a video, Google will link the information collected to your account. You can prevent this merging of information by logging out of your Google account beforehand. You can also make further configurations in your Google account settings, for example to prevent your YouTube history from being permanently stored. Please note that when using YouTube, user data may be processed outside the European Union, in particular in the USA. YouTube is jointly responsible with us for the data that YouTube forwards to us as a company. This may pose increased risks for users, for example, if access to user data is made more difficult. We do not have access to this user data. The responsibility lies solely with YouTube. YouTube provides information about the explicit processing and disclosure of your data in its own privacy policy:
https://policies.google.com/privacy

Instagram

Our company uses Instagram as part of our marketing strategy to promote our products and services and to communicate with prospects and customers. We are jointly responsible with Meta Platforms Ireland Limited for our presence on this social media platform. When you visit our online presence on Instagram, user data is processed by Meta Platforms Ireland Ltd., the operator of the platform in the EU. This data includes, among other things, personal information and the user’s IP address. This data is used for statistical purposes and is also used by Meta Platforms Ireland Ltd. for market research and advertising, as well as to create user profiles. As a company, we process personal data based on our legitimate interest in analyzing, communicating, selling, and promoting our products and services (Art. 6(1)(f) GDPR). In some cases, the user’s consent may also be required in accordance with Art. 6(1)(a) GDPR. The user can revoke this consent at any time by notifying the platform operator (Art. 7(3) GDPR). If you contact us via Instagram, we will use the personal data you provide to process your request. Once we have responded to your request and there are no legal retention obligations, we will delete your data.

Meta Platforms Ireland Ltd. may set cookies when processing your data. However, it is possible to prevent the installation of cookies by adjusting your browser settings accordingly. Cookies that have already been stored can be deleted at any time. Please note, however, that restricting or preventing the installation of cookies may mean that not all functions of Instagram can be used in full. For more information, please refer to Instagram’s privacy policy. We have regulated our joint responsibility with Meta Platforms Ireland Limited in an agreement, which can be found at https://www.facebook.com/legal/terms/page_controller_addendum. For more information about processing activities, how you can prevent them, and how you can delete data processed by Instagram, please refer to Instagram’s privacy policy:

https://help.instagram.com/519522125107875.

Please note that it cannot be ruled out that your data may also be processed via Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA.

XING

We have a company page on the XING career platform. The platform is provided by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. There, we can share news about our company, present ourselves, and get in touch directly with interested parties and business partners. XING also allows you to use interactive features such as sharing or commenting on posts or sending direct messages to us. When you use or visit our XING company page, personal data is processed by us and by XING. This data includes, among other things, personal information and the user’s IP address. We are joint controllers within the meaning of the GDPR. XING describes in its privacy policy how the provider processes personal data and how you can exercise your rights in this regard: https://privacy.xing.com/de/datenschutzerklaerung

As the operator of our company page on XING, we receive information from the platform about statistical evaluations of visits to our company page. If you are not logged into your XING profile, the data is anonymized so that we cannot draw any conclusions about individual page visitors. However, the statistics help us to continuously improve our company’s online presence and make it more attractive. If you visit our company page while logged into your XING user account, we can track your visit to our page via your user account. If you do not want this, you can log out of your user account before visiting our company page. If you use interactive XING functions as a registered user, these activities are linked to your user account and processed by XING. We have no influence on the functionality or visibility of your activities. As a company, we process personal data on the basis of our legitimate interest in the analysis, communication, sale, and promotion of our products and services (Art. 6 (1) (f) GDPR). In some cases, the consent of the user may also be required in accordance with Art. 6 (1) (a) GDPR. The user can revoke this consent at any time by notifying the platform operator (Art. 7(3) GDPR). If you contact us via XING (e.g., by direct message), we will process the information we receive from you in order to respond to your request in accordance with Art. 6(1)(f) GDPR. Depending on the request, Art. 6 (1) (b) GDPR may also serve as the legal basis if, for example, you are interested in a position in our company and this therefore constitutes pre-contractual measures. Once we have responded to your request and there are no legal retention obligations, we will delete your data.

LinkedIn

We have a company page on the LinkedIn career platform. The platform is provided by LinkedIn Ireland Unlimited Company in Ireland, a subsidiary of LinkedIn Corporation based in the USA. There, we can provide information about news in our company, present ourselves, and establish direct contact with interested parties and business partners. LinkedIn also enables interactive features such as sharing or commenting on posts or sending direct messages. When you use or visit our LinkedIn company page, personal data is processed by us and by LinkedIn. This data includes, among other things, personal information and the user’s IP address.
We are joint controllers within the meaning of the GDPR. LinkedIn describes in its privacy policy how the provider processes personal data and how you can exercise your rights in this regard: https://www.linkedin.com/legal/privacy–Richtlinie. As the operator of our company page on LinkedIn, we receive information from the platform about statistical evaluations of visits to our company page. If you are not logged into your LinkedIn profile, the data is anonymized so that we cannot draw any conclusions about individual page visitors. However, the statistics help us to continuously improve our company’s presence and make it more attractive. If you visit our company page while logged into your LinkedIn user account, we can track your visit to our page via your user account. If you do not want this, you can log out of your user account before visiting our company page. If you use interactive LinkedIn features as a logged-in user, these activities will be linked to your user account and processed by LinkedIn. We have no influence on the functionality or visibility of your activities. As a company, we process personal data based on our legitimate interest in analyzing, communicating, selling, and promoting our products and services (Art. 6 (1) (f) GDPR). In some cases, the user’s consent may also be required in accordance with Art. 6 1 (a) GDPR. The user can revoke this consent at any time by notifying the platform operator (Art. 7(3) GDPR). If you contact us via LinkedIn (e.g., via direct message), we will process the information we receive from you in order to respond to your request in accordance with Art. 6(1)(f) GDPR. Depending on the inquiry, Art. 6 (1) (b) GDPR may also serve as a legal basis if, for example, you are interested in a position at our company and this therefore constitutes pre-contractual measures. Once we have responded to your request and there are no legal retention obligations, we will delete your data.

Social media links via graphics or text links

When we include links to social networks such as Facebook, Instagram, etc. on our website, this is done solely as part of our marketing strategy and to provide an easy connection to our social media presence. Please note that we accept no responsibility for data protection and data processing on the social media platforms in question.

Only when you click on the corresponding graphic or link to a social media profile or account will you leave our website and be redirected to the corresponding platform. Data processing is then carried out exclusively by the operators of the platforms. Please read the privacy policies of the relevant social networks to learn more about data processing and your privacy rights in this context. Please note that we have no control over the processing of your personal data by the operators of social networks. If you have concerns about data processing on these platforms, we recommend that you contact the platform operator directly or adjust the settings in your user account accordingly to exercise your data protection rights. The following social networks are integrated into our site via links:

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
Privacy policy: https://policies.google.com/privacy

Instagram
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, a subsidiary of Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA.
Privacy policy: https://privacycenter.instagram.com/policy/

LinkedIn

LinkedIn Ireland Unlimited Company, Ireland (subsidiary of LinkedIn Corporation, based in the USA) Privacy policy: https://www.linkedin.com/legal/privacy–policy

Data proccesing within the company
We process personal data on the basis of the data protection provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as, where applicable, the data protection laws of the individual federal states. The data of the following groups of persons is processed by the responsible persons within the company for the purpose of fulfilling their tasks.

Specifically, this means:

• Customer and prospect data is processed for the purpose of executing and managing the contractual relationship or pre-contractual relationship, as well as for contact requests and communication in accordance with Art. 6 (1) (b) GDPR and Art. 6 (1) (c) GDPR.
•  The personal data of our suppliers and service providers and their employees is processed for the establishment and execution of our contractual relationships on the basis of Art. 6 (1) (b) GDPR and Art. 6 (1) (c) GDPR.
• Employee data is stored for the establishment, implementation, and termination of employment relationships (Article 88 GDPR, Section 26 BDSG).

Applicant data

1.) Scope and extent: This privacy policy is based on the provisions of the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). It applies to you and your personal data as an applicant for a position in our company.

Our company, which advertised the position you applied for, is responsible for the data processed in accordance with this privacy policy. If you have any questions about the processing of your personal data, please contact us at the following address: ITSupport@kellenberger.net.

This privacy policy applies to individuals who apply for a position at our company. This applies regardless of whether the application is completed via our online portal or whether you apply by email or letter.

Our company only processes personal data that is necessary to assess your suitability for the position you are applying for. This includes, in particular, the following personal data:

• Contact details such as last name, first name, address, email address, telephone number, date and place of birth, gender, marital status, citizenship or nationality; This also includes information that you submit with your application, such as details in your cover letter, resume, educational qualifications, and other information that you provide to us (e.g., training, academic and professional qualifications, previous employment, personal skills, photos);
• Information provided by third parties, such as information from official registers, references, and information from public and professional networks;
• Information that you have disclosed to us during the selection process or that has emerged from the interview or assessments, for example. If interviews are conducted by telephone or video conference, they may be recorded.
• If you are already employed by us, information we have about you based on your previous employment relationship may be used.

If you also provide us with special categories of personal data in your application, we may process this personal data (e.g., health data).

2.) Purpose of data processing: We process your personal data exclusively for the following purposes:

• Recruitment: We process personal data to determine whether you are qualified for the position you are applying for and to carry out further checks (e.g., citizenship).
• Employment contract: If your application is successful, we process personal data to conclude and execute an employment contract with you. If a process within the scope of contract fulfillment requires your consent, we will obtain this consent in advance.

As a rule, only persons (HR employees and potential supervisors) involved in the recruitment process for the position you are applying for have access to your personal data.

We may also share your personal data with third parties in the following circumstances:

• We operate an applicant portal (where available) that can also be viewed by other companies in our group. The surname, first name, and email address of applicants are visible on this portal. However, this only applies to the information mentioned and not to application documents in particular.
• IT service providers (e.g., operators of services related to video interviews, data storage, cloud services, data analysis, etc.);
• other external bodies (e.g., official registers, credit agencies, or employment agencies).

Except in the circumstances mentioned above, or if disclosure is necessary to comply with legal obligations or to assert or defend claims, your personal data will only be shared with third parties with your consent. It is possible that your personal data may also be located abroad, e.g., in the EU or EEA (European Economic Area) or in countries whose legal system does not offer the same comprehensive protection of your personal data as in Switzerland, the EU, or the EEA. When we transfer your personal data to recipients in such countries, we always enter into a data transfer agreement to ensure adequate protection of your personal data.

We only store your personal data for as long as it is necessary for the application process and for the purposes specified in this privacy policy. Personal data collected during a telephone or video interview will be deleted after a certain period of time in accordance with legal requirements. If you have given your consent, we will use your personal data to inform you about future job opportunities, provided that we have a legitimate interest in storing your data or as long as storage is required or permitted under applicable law. If no employment contract has been concluded with you, your personal data will be deleted or anonymized after 6 (six) months at the latest.

We take appropriate technical and organizational measures to protect your personal data.

Subject to the limits provided for in applicable law, you have the following rights:

• You can request access to your personal data processed by us.
• You can request the correction or deletion of inaccurate personal data.
• You may request that the personal data you have provided be returned to you or transferred to a person of your choice in a structured, commonly used, and machine-readable format.
• You may also withdraw your consent if you have consented to us processing your personal data.

You also have the right to lodge a complaint with a data protection authority about the way we have used your personal data.

You are not obliged to provide us with personal data. However, without personal data, we cannot accept and process your application.

This privacy policy is subject to change at any time. The version valid at the time of submission of your application applies.

International transfers

Personal data may be transferred to and processed in countries other than your country of residence. When transfers occur, we use appropriate safeguards such as standard contractual clauses, adequacy decisions, or other lawful mechanisms.

Retention

We retain personal data only for as long as necessary for the purposes described and to comply with legal, tax, or accounting obligations. Retention periods vary depending on the type of data and purpose; specific information on retention is available upon request.

Security

We implement administrative, technical, and physical safeguards designed to protect personal data from unauthorized access, disclosure, alteration, and destruction.

Your rights

Depending on your jurisdiction, you may have rights, including the right to:

• Receive information about the data processed and obtain a copy of it,
• Correct any inaccurate data we process about you,
• Delete it, unless there are exceptions that require us to continue storing the data, such as retention obligations or limitation periods.
• Restrict processing,
• Withdraw consent to data processing at any time,
• Object to processing in the public interest or for legitimate interests,
• Data portability,
• Lodge a complaint with a data protection supervisory authority if you believe that we are not processing your data properly. The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg is responsible for our company. If you are based in another federal state or outside Germany, you can also contact the data protection authority there.

How to contact us

For questions about data protection or exercising your rights, please contact ITSupport@kellenberger.net or use the web form at [link to data protection contact form]. For region-specific contacts, see the responsible parties listed above.

Changes to this statement

We may update this statement to reflect legal or operational changes. The effective date above indicates the current version.

EU GDPR Addendum

Scope and Control

This addendum applies to individuals residing in the European Economic Area. The responsible controller is the Kellenberger company that is in contact with you (see Controllers and Regional Contacts). If necessary, Kellenberger Machines Holdings GmbH acts as the controller for global matters and may appoint an EU representative if necessary.

Legal basis for processing

We rely on the following legal bases for processing the personal data of EU citizens: contract fulfillment, compliance with a legal obligation, consent, and legitimate interests. When we rely on legitimate interests, we balance those interests against your rights and freedoms and document that assessment.

Processing activities and legal bases