Global Privacy Statement for Kellenberger Group

Scope
This Global Privacy Statement explains how the Kellenberger companies listed below (collectively “Kellenberger”, “we”, “us”, “our”) collect, use, store, and share personal data when you visit our websites, request information or quotes, contact sales or support, attend events, or otherwise interact with us worldwide.

Controllers and Regional Contacts

• Kellenberger Machines Holdings GmbH Thannäckerstrasse 22 9403 Goldach Switzerland Phone: +41 71 242 91 11 Fax: +41 71 242 92 22; info@kellenberger.com
• Kellenberger Switzerland AG — Thannäckerstrasse 22, 9403 Goldach, Switzerland; Tel +41 71 242 91 11; info@kellenberger.com
• Kellenberger Machine (Shanghai) Co.,Ltd. — 1388 East Kang Qiao Road, Pudong, Shanghai 201319, China; Tel +86 21 38108686; info@kellenberger.com
• Kellenberger Systems — 1755 Brittania Drive, Unit A, Elgin, Illinois 60124, United States; Tel +1 800 843 8801; info@kellenberger.com
• Kellenberger Germany GmbH — Lachenhauweg 12, 72766 Reutlingen, Germany; Tel +41 71 242 92 32; info@kellenberger.com
• Kellenberger Malaysia Snd. Bhd., No. D17-06, Menara Suezcap1, KL Gareway, No.2, Jalan Kerinchi, Gerbang Kerinchi Lestari, 59200 Kuala Lumpur, info@kellenberger.com

What We Collect

• Contact and business details: name, job title, company, email, phone, address.
• Commercial data: company size, industry, quotes, order and warranty information.
• Technical and usage data: IP address, device and browser information, pages visited, referrer, session duration, cookies and similar technologies.
• Communications: messages you send by email, web form, chat, or phone and related metadata.
• Support data: ticket content, troubleshooting logs, and service history.
• Optional data: marketing preferences, event registrations, and any other information you choose to provide.

Why We Process Personal Data
We process personal data to:

• respond to inquiries and provide quotes; perform contracts and deliver products and services;
• operate and improve our website and products;
• provide customer support;
• send service communications and marketing where permitted;
• comply with legal obligations; and
• protect our rights and property.

Lawful bases for processing personal data include performance of a contract, legitimate interests, consent, and legal obligations as applicable by jurisdiction.

Cookies and Tracking
We use cookies and similar technologies for essential site functionality, analytics, and marketing. You can manage cookie preferences through our cookie tool. Refusing non‑essential cookies may affect site functionality.

Third Parties and Processors
We share personal data with service providers who perform services on our behalf (hosting, analytics, CRM, marketing platforms, payment processors, and support tools). We require processors to protect personal data and act only on our instructions under written agreements.

Logfiles
When you visit our website, log files are created and stored for 14 days. These log files are automatically transmitted to us or the website service provider by your browser.
The following data is collected:

• Browser type and browser version
• Referrer URL (the website from which you accessed our site)
• Host name of the accessing computer
• Operating system used
• Time of the server request
• IP address

This data is used to ensure a technically flawless website and is therefore collected on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the error-free presentation of our online presence and the optimization of the website that may be necessary as a result.

We will ask for your consent before using cookies that cannot be classified as necessary. Our legal basis for setting technically necessary cookies is based on our legitimate interest (in accordance with Article 6(1)(f) of the General Data Protection Regulation) in improving the functionality of our website. Session cookies are deleted when you close your internet browser.

Contact requests / Contact option

If you contact us (e.g. by telephone or email), we will store the data you provide for the purpose of processing your request and in case of follow-up questions. This data is processed on the basis of Article 6(1)(b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 (1) (a) GDPR) through implied behavior when contacting us. The data you send us will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

Google Fonts
We have dynamically integrated Google Fonts into our website to display external fonts. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, based in the USA, hereinafter referred to as “Google”.
We integrate the fonts on the basis of Art. 6 (1) lit. f. Our legitimate interest lies in the uniform, optimized, and economical operation of our websites.
The dynamic integration of the fonts means that when you visit our websites, network connections are established with Google servers in order to reload the fonts. For technical reasons, your IP address is transmitted to Google, among other things. Since Google has its headquarters in the USA and most of its servers are located there, data transfers also take place outside the EU. There is no adequacy decision by the EU Commission for the USA, as the legal situation there does not guarantee that you can fully exercise your rights under the GDPR. The transfer of your IP address as personal data therefore carries a risk that cannot be completely minimized even by our EU standard contractual clauses with Google. Google maintains:
https://adssettings.google.com/authenticated (for registered user),
https://adssettings.google.com/ (for non-registered user) sowie
https://policies.google.com/privacy
Further information is available on how the Group handles collected data and what options you have to prevent the use of your data.

Consent Management Borlabs Cookie
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs–cookie) to store your consent to technically unnecessary cookies and data processing. According to the provider, Borlabs Cookie does not process any personal data. The borlabs–cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.

YouTube
We have an account on YouTube and use the platform to communicate with customers, applicants, and interested parties. YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. To illustrate and advertise our products, you will find YouTube videos that have been directly embedded on our pages. A connection to YouTube is only established after you have actively consented to data processing by YouTube, either via our consent management tool or by clicking on the overlay of a video. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. This ensures that no data processing by YouTube takes place when you simply visit our pages with embedded videos. The YouTube videos on our website are implemented using “extended privacy mode.” According to Google, “extended privacy mode” allows videos to be played without cookies, thereby achieving a higher standard of data protection. Nevertheless, when you access YouTube videos, at least your IP address, the exact time, and the Internet address where the video is embedded are collected. In addition, when a video is played, connections are established to other Google addresses over which we have no control. In particular, we cannot prevent Google from further processing the information collected in this way for profiling purposes and using it for its own purposes. If you have a Google account and are logged in to this account when you call up a video, Google will link the information collected to your account. You can prevent this merging of information by logging out of your Google account beforehand. In your Google account settings, you can also make further configurations, for example, to prevent your YouTube history from being permanently stored. Please note that when using YouTube, user data may be processed outside the European Union, in particular in the USA. YouTube is jointly responsible with us for the data that YouTube forwards to us as a company. This may pose increased risks for users, for example if access to user data is made more difficult. We do not have access to this user data. Responsibility lies solely with YouTube. YouTube provides information about the explicit processing and disclosure of your information in its own privacy policy:
https://policies.google.com/privacy

Instagram
Our company uses Instagram as part of our marketing strategy to promote our products and services and to communicate with prospects and customers. We are jointly responsible with Meta Platforms Ireland Limited for our presence on this social media platform. When you visit our online presence on Instagram, user data is processed by Meta Platforms Ireland Ltd., the operator of the platform in the EU. This data includes, among other things, personal information and the user’s IP address. This data is used for statistical purposes and is also used by Meta Platforms Ireland Ltd. for market research and advertising, as well as to create user profiles. As a company, we process personal data based on our legitimate interest in analyzing, communicating, selling, and promoting our products and services (Art. 6(1)(f) GDPR). In some cases, the user’s consent may also be required in accordance with Art. 6(1)(a) GDPR. The user may revoke this consent at any time by notifying the platform operator (Art. 7(3) GDPR). If you contact us via Instagram, we will use the personal data you provide to process your request. Once we have responded to your request and there are no legal retention obligations, we will delete your data.

Meta Platforms Ireland Ltd. may set cookies when processing your data. However, it is possible to prevent the installation of cookies by adjusting your browser settings accordingly. Cookies that have already been stored can be deleted at any time. Please note, however, that restricting or preventing the installation of cookies may mean that not all functions of Instagram can be used in full. For more information, please refer to Instagram’s privacy policy. We have regulated our joint responsibility with Meta Platforms Ireland Limited in an agreement, which can be found at  https://www.facebook.com/legal/terms/page_controller_addendum. For more information about processing activities, how to prevent them, and how to delete data processed by Instagram, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.
Please note that it cannot be ruled out that your data may also be processed via Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA.

XING
We have a company page on the XING career platform. The platform is provided by New Work SE, Am Strandkai 1, 20457 Hamburg. There, we can share news about our company, present ourselves, and get in direct contact with interested parties and business partners. XING also allows you to use interactive features such as sharing or commenting on posts or sending us direct messages. When you use or visit our XING company page, personal data is processed by us and by XING. This data includes, among other things, personal information and the user’s IP address. We are joint controllers within the meaning of the GDPR. XING describes in its privacy policy how the provider processes personal data and how you can exercise your rights in this regard:  https://privacy.xing.com/de/datenschutzerklaerung
As the operator of our company page on XING, we receive information from the platform about statistical evaluations relating to visits to our company page. If you are not logged into your XING profile, the data is anonymized so that we cannot draw any conclusions about individual page visitors. However, the statistics help us to continuously improve our company’s online presence and make it more attractive. If you visit our company page while logged into your XING user account, we can track your visit to our page through your user account. If you do not want this to happen, you can log out of your user account before visiting our company page. If you use interactive XING functions as a registered user, these activities are linked to your user account and processed by XING. We have no influence on the functionality or visibility of your activities. As a company, we process personal data on the basis of our legitimate interest in analyzing, communicating, selling, and promoting our products and services (Art. 6 (1) (f) GDPR). In some cases, the user’s consent may also be required in accordance with Art. 6 (1) (a) GDPR. The user may revoke this consent at any time by notifying the platform operator (Art. 7(3) GDPR). If you contact us via XING (e.g., by sending a direct message), we will process the information we receive from you for the purpose of responding to your inquiry on the basis of Art. 6(1)(f) GDPR. Depending on the inquiry, Art. 6 (1) (b) GDPR may also serve as the legal basis if, for example, you are interested in a position in our company and this therefore constitutes pre-contractual measures. Once we have responded to your inquiry and there are no legal retention obligations, we will delete your data.

LinkedIn
We have a company page on the LinkedIn career platform. The platform is provided by LinkedIn Ireland Unlimited Company in Ireland, a subsidiary of LinkedIn Corporation based in the USA. There we can provide information about news in our company, present ourselves, and make direct contact with interested parties and business partners. LinkedIn also enables interactive features such as sharing or commenting on posts or sending us direct messages. When you use or visit our LinkedIn company page, personal data is processed by us and by LinkedIn. This data includes, among other things, personal information and the user’s IP address.
We are joint controllers within the meaning of the GDPR. LinkedIn describes in its privacy policy how the provider processes personal data and how you can exercise your rights in this regard: https://www.linkedin.com/legal/privacy–policyPlease note that it cannot be ruled out that your data may also be processed by LinkedIn Corporation, which is based in the USA.
As the operator of our company page on LinkedIn, we receive information from the platform about statistical evaluations relating to visits to our company page. If you are not logged into your LinkedIn profile, the data is anonymized so that we cannot draw any conclusions about individual page visitors. However, the statistics help us to continuously improve our company’s presence and make it more attractive. If you visit our company page while logged into your LinkedIn user account, we can track your visit to our page through your user account. If you do not want this to happen, you can log out of your user account before visiting our company page. If you use interactive LinkedIn features as a logged-in user, these activities are linked to your user account and processed by LinkedIn. We have no influence on the functionality or visibility of your activities. As a company, we process personal data based on our legitimate interest in analysis,  communication, the sale and promotion of our products and services (Art. 6 (1) (f) GDPR). In some cases, the user’s consent may also be required in accordance with Art. 6 (1) (a) GDPR. The user may revoke this consent at any time by notifying the platform operator (Art. 7(3) GDPR). If you contact us via LinkedIn (e.g., by sending a direct message), we will process the information we receive from you for the purpose of responding to your inquiry on the basis of Art. 6(1)(f) GDPR. Depending on the inquiry, Art. 6 (1) (b) GDPR may also serve as the legal basis if, for example, you are interested in a position in our company and this therefore constitutes pre-contractual measures. Once we have responded to your inquiry and there are no legal retention obligations, we will delete your data.

Social media links via graphics or text links
When we include links to social networks such as Facebook, Instagram, etc. on our website, this is done solely as part of our marketing strategy and to provide an easy connection to our social media presence. Please note that we cannot accept any responsibility for data protection and data processing on the social media platforms in question.

Only when you click on the corresponding graphic or a link to a social media profile or account will you leave our website and be redirected to the corresponding platform. Data processing is then carried out exclusively by the operators of the platforms. Please read the privacy policies of the relevant social networks to find out about data processing and your data protection rights in this regard. Please note that we have no control over the processing of your personal data by the operators of social networks. If you have concerns about data processing on these platforms, we recommend that you contact the platform operator directly or adjust the settings in your user account accordingly to exercise your data protection rights.
The following social networks are integrated into our site via links:

YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, ein Tochterunternehmen der Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
Datenschutzhinweise: https://policies.google.com/privacy

Instagram
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, ein Tochterunternehmen von Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA.
Datenschutzhinweise: https://privacycenter.instagram.com/policy/

LinkedIn
LinkedIn Ireland Unlimited Company, Irland, (Tochterunternehmen der LinkedIn Corporation mit Sitz in den USA) Datenschutzhinweise: https://www.linkedin.com/legal/privacy–policy

Data processing within the company
We process personal data on the basis of data protection regulations in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) and, where applicable, the state data protection laws of the individual federal states. The data of the following groups of persons is processed by the responsible persons within the company for the purpose of fulfilling their tasks.
Specifically, this means:

• Customer and prospect data is processed for the purpose of executing and managing the contractual relationship or the pre-contractual relationship, as well as for contact requests and communication, on the basis of Art. 6 (1) (b) GDPR and Art. 6 (1) (c) GDPR.
• Personal data of our suppliers and service providers and their employees is processed for the initiation and execution of our contractual relationships on the basis of Art. 6 (1) (b) GDPR and Art. 6 (1) (c) GDPR.
• Employee data is stored for the establishment, implementation, and termination of employment relationships (Article 88 GDPR, Section 26 BDSG).

Applicant data
1.) Scope and extent: This privacy policy is based on the provisions of the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). It applies to you and your personal data as an applicant for a position in our company.

Our company, which has advertised the position you are applying for, is the controller of the data processed in accordance with this privacy policy. If you have any questions regarding the processing of your personal data, please contact the following address: ITSupport@kellenberger.net.

This privacy policy applies to natural persons who apply for a position in our company. This applies regardless of whether the application is completed on our online portal or whether you apply by email or letter.

Our company only processes personal data that is necessary to assess your suitability for the position you are applying for. This includes the following personal data in particular:

• Contact details such as surname, first name, address, email address, telephone number, date and place of birth, gender, marital status, citizenship, or nationality; This also includes information that you submit with your application, such as details in your cover letter, resume, educational certificates, and other information that you provide to us (e.g., education, academic and professional qualifications, previous employment, personal skills, photos);
• Information provided by third parties, such as details from official registers, references, and information from public and professional networks;
• Information that you have disclosed to us during the selection process or that has emerged from the job interview or assessments, for example. If job interviews are conducted by telephone or video conference, they may be recorded.
• If you are already employed by our company, information that we have about you based on your previous employment relationship may be used.

If you also provide us with special categories of personal data in your application, we may process this personal data (e.g., health data).

2.) Purpose of data processing: We process your personal data only for the following purposes:

• Recruitment: We process personal data in order to assess whether you are qualified for the position you are applying for and to carry out further checks (e.g., nationality).
• Employment contract: If your application is successful, we process personal data in order to conclude and execute an employment contract with you. If a process within the scope of contract execution requires your consent, we will obtain your consent in advance.

In principle, only persons (HR personnel and potential supervisors) involved in the recruitment process for the position you have applied for have access to your personal data.

We may also share your personal data with third parties in the following circumstances:

• We operate an applicant portal (if available) that can also be viewed by other companies in our group. The surname, first name, and email address of applicants are visible on this portal. However, this only applies to the information mentioned and does not apply to application files in particular.
• IT service providers (e.g., operators of services related to video interviews, data storage, cloud services, data analysis, etc.);
• other external bodies (e.g., official registers, credit agencies, or employment agencies).

With the exception of the above-mentioned circumstances or if disclosure is necessary for the fulfillment of legal obligations or the assertion or defense of legal claims, your personal data will only be shared with third parties with your consent. It is possible that your personal data may also be located abroad, e.g. in the EU or the EEA (European Economic Area) or in countries whose legal system does not provide the same comprehensive protection for your personal data as in Switzerland, the EU or the EEA. If we disclose your personal data to recipients in such countries, we always conclude a data transfer agreement to ensure adequate protection of your personal data.

We only store your personal data for as long as it is necessary for the application process and for the purposes specified in this privacy policy. Personal data collected during a telephone or video interview will be deleted after a certain period of time in accordance with legal requirements. If you have given your consent, we will use your personal data to contact you about any future job opportunities, provided that we have a legitimate interest in storing your data or for as long as storage is required or permitted by applicable law. If no employment contract has been concluded with you, your personal data will be deleted or anonymized after 6 (six) months at the latest.

We take appropriate technical and organizational measures to protect your personal data.

Subject to the limits provided for in applicable law, you have the following rights:

• You may request access to your personal data processed by us.
• You may request the correction or deletion of inaccurate personal data.
• You may request that the personal data you have provided to us be returned to you or transferred to a person of your choice in a structured, commonly used, and machine-readable format.
• In addition, you may also withdraw your consent if you have consented to us processing your personal data.

You also have the right to lodge a complaint with a data protection authority about the way in which we have used your personal data.

You are not obliged to provide us with personal data. However, without personal data, we cannot accept and process your application.

This privacy policy may be changed at any time. The version valid at the time of submission of your application shall apply.

International Transfers
Personal data may be transferred to and processed in countries other than your country of residence. When transfers occur, we use appropriate safeguards such as standard contractual clauses, adequacy decisions, or other lawful mechanisms.

Retention
We retain personal data only as long as necessary for the purposes described and to meet legal, tax, or accounting obligations. Retention periods vary by data type and purpose; specific retention details are available on request.

Security
We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, and destruction.

Your Rights
Depending on your jurisdiction you may have rights including the right to:

• obtain information about the data processed and to receive a copy of it,
• rectification if we process incorrect data about you,
• erasure, unless there are exceptions that require us to continue storing the data, such as retention obligations or limitation periods
• restrict processing,
• withdraw consent to data processing at any time,
• object to processing in the public interest or for legitimate interests,
• data portability,
• lodge a complaint with a data protection supervisory authority if you believe that we are not processing your data properly. The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg is responsible for our company. If you are located in another federal state or outside Germany, you can also contact the data protection authority there.

How to Contact Us
For privacy questions or to exercise rights contact ITSupport@kellenberger.net or use the privacy contact form. For region‑specific contacts see the controllers listed above.

Changes to This Statement
We may update this statement to reflect legal or operational changes. The effective date at the top indicates the current version.

EU GDPR Addendum

Scope and Controller
This addendum applies to individuals located in the European Economic Area. The relevant controller will be the Kellenberger entity that engages with you (see Controllers and Regional Contacts). Where required, Kellenberger Machines Holdings GmbH will act as the controller for global matters and can provide an EU representative if necessary.

Legal Bases for Processing
We rely on the following legal bases for processing personal data of EU residents: performance of a contract, compliance with a legal obligation, consent, and legitimate interests. Where we rely on legitimate interests we balance those interests against your rights and freedoms and document that assessment.

Processing Activities and Legal Bases