Privacy Policy

Privacy Policy

Kontron Hartmann-Wiener GmbH, Linde 18, 51399 Burscheid, Germany, represented by Frank Godulla and Alexander Bremmert. This Privacy Policy applies jointly to both company locations (Burscheid and Stuttgart) and describes how we process personal data through our website https://www.kontron.com/en/group/our-companies/kontron-hartmann-wiener. We comply with the EU General Data Protection Regulation (GDPR) and national data-protection laws.

1. Controller and Data Protection Officer

Controller: Kontron Hartmann-Wiener GmbH, Linde 18, 51399 Burscheid, Germany.
Phone: +49 (0)2174 / 896-0
Email: [email protected]
External Data Protection Officer: audatis Consulting GmbH, email [email protected], telephone +49 (0)5221 87292-08, fax +49 (0)5221 87292-49.

2. Legal Bases for Processing

Processing is carried out in accordance with Article 6 GDPR:
a) Consent (e.g. for analytics or marketing cookies)
b) Contract performance or pre-contractual measures
c) Legal obligations (e.g. tax or commercial law)
f) Legitimate interests (website security, performance monitoring)
We do not intentionally collect personal data from persons under 16 years of age.

3. Data Collection When Visiting the Website

When you visit our website without registration or consent, only technically necessary data are processed to ensure functionality and security. These include browser type, operating system, referrer URL, accessed pages, timestamp and anonymised IP address.
Legal basis: Article 6(1)(f) GDPR. Data are not used to identify you personally and are deleted within 14 days

4. TLS/SSL Encryption

All transmissions occur via TLS (https). Nevertheless, internet-based data transmission may have security gaps.

5. Cookies and Consent Management

We use CookieYes to obtain and store your consent status (Article 6(1)(c) and (f) GDPR). The tool records your consent choices and prevents non-essential cookies from loading before consent is given. If you withdraw consent via our banner or browser settings, non-essential cookies will be disabled. Details and retention times for all cookies can be viewed directly in the Consent Manager.

6. Third-Party Services and Processors

Cloudflare Inc. – CDN and security optimisation, legal basis: Article 6(1)(f) GDPR, country: USA (EU-US Data Privacy Framework), purpose: ensures availability and protection against DDoS attacks.
Google Analytics / Tag Manager – web analysis and marketing, legal basis: Article 6(1)(a) GDPR (consent), country: USA (DPF / SCCs), loaded only after consent, IP anonymisation active.
Google Ads / AdSense / Conversion Tracking – advertising performance measurement, legal basis: Article 6(1)(a) GDPR, country: USA (DPF / SCCs), DoubleClick cookies used for ad optimisation.
YouTube – video display, legal basis: Article 6(1)(a) GDPR, country: USA (DPF), videos load only after consent is given.
LinkedIn Insight Tag – analytics and retargeting, legal basis: Article 6(1)(a) GDPR, country: USA (DPF), used for corporate marketing statistics.
ClickDimensions LLC – email and campaign tracking, legal basis: Article 6(1)(a) GDPR, country: USA (SCCs), cookies “cusid”, “cuvid”, “cuvon” set after consent.
EQS Cockpit (EQS Group AG) – investor relations releases, legal basis: Article 6(1)(f) GDPR, country: Germany, used for IR disclosures only.
Zencoder (Brightcove) – video streaming support, legal basis: Article 6(1)(a) GDPR, country: USA (DPF), technical video delivery service.
ipapi.co (Kloudend Inc.) – geo-location for language selection, legal basis: Article 6(1)(f) GDPR, country: USA (SCCs), only IP and region processed, no storage on our servers.
sourcebuster.js – visitor origin analysis, legal basis: Article 6(1)(a) and (f) GDPR, country: EU, no data transfer to third parties.
WooCommerce (Automattic Inc.) – online shop functions, legal basis: Article 6(1)(b) GDPR, country: USA (DPF), cookies only essential for checkout processes.
All third-party providers are either DPF-certified or bound by EU Standard Contractual Clauses (SCCs).

7. Social Media Presence

We operate profiles on LinkedIn, YouTube and Facebook under Article 6(1)(f) GDPR in joint responsibility with each platform operator. Further information can be found in the privacy policies of the respective providers: LinkedIn Ireland Unlimited Company (https://www.linkedin.com/legal/privacy-policy), Meta Platforms Ireland Ltd. (https://www.facebook.com/about/privacy) and Google Ireland Ltd. for YouTube (https://policies.google.com/privacy).

8. Data Subject Rights

You may exercise the following rights at any time in accordance with Articles 15 to 21 GDPR: right of access, rectification, erasure, restriction of processing, data portability, objection, withdrawal of consent and right to lodge a complaint with a supervisory authority. The competent supervisory authority is the Landesbeauftragte für Datenschutz NRW, Düsseldorf.

9. Storage Period

Personal data are stored only as long as necessary to fulfil the purpose or as required by law. After expiry of statutory retention periods, data are deleted or anonymised.

10. International Transfers

If data are transferred to the USA or other third countries, we use providers certified under the EU-US Data Privacy Framework or the European Commission’s Standard Contractual Clauses. Additional protective measures include encryption and pseudonymisation.

11. Automated Decision-Making and Profiling

No automated decision-making or profiling as defined in Article 22 GDPR takes place.

12. Updates to this Privacy Policy

Status: October 2025. We reserve the right to update this policy to reflect changes in our services or legal requirements. The latest version is always available at https://www.kontron.com/en/group/our-companies/kontron-hartmann-wiener/privacy-policy.