Last Updated: December, 2023
Körber Supply Chain GmbH and its affiliated companies (“Körber Supply Chain”) and Körber Supply Chain Software Management GmbH and its affiliated companies (“Körber Supply Chain Software”)(Körber Supply Chain and Körber Supply Chain hereinafter jointly referred to “Körber”, “we” or “us”, “Körber Supply Chain Group”) take the protection of your personal information very seriously.
The following companies belong to Körber Supply Chain: Körber Supply Chain GmbH, Körber Supply Chain Consulting GmbH, Körber Supply Chain Automation GmbH, Körber Supply Chain Automation Eisenberg, Körber Supply Chain DK A/S, Körber Supply Chain PT S.A., Körber Supply Chain NL B.V., Körber Supply Chain GB Ltd., Körber Supply Chain NA, LLC., Körber Supply Chain SG Pte. Ltd, Körber Supply Chain Logistics GmbH.
The following companies belong to Körber Supply Chain Software: Körber Supply Chain Software Management GmbH, Körber Supply Chain Software GmbH, Körber Supply Chain Lyon SASU, Körber Supply Chain ES, S.L, Körber Supply Chain UK Ltd., Körber Supply Chain Software Berlin GmbH, Körber Supply Chain Sainte Savine SAS, Körber Supply Chain Basingstoke Ltd., Körber Supply Chain Bristol Ltd., Körber Supply Chain NA, Inc. , Körber Supply Chain US, Inc., Körber Supply Chain CA, Inc., Körber Supply Chain BR Ltda., Körber Supply Chain CL SpA, Körber Supply Chain AU Pty. Ltd., Körber Supply Chain Sydney Pty. Ltd., Körber Supply Chain NZ Limited, COHESIO GROUP, INC., Körber Supply Chain Software SG Pte. Ltd., Körber Supply Chain (Shanghai) Ltd.
We treat your personal information confidentially and in accordance with applicable data protection law, including but not limited to, the California Consumer Privacy Act of 2018 and its implementing regulations (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), General Data Protection Regulation (GDPR) and UK GDPR and its implementing regulations. This privacy policy informs you about how, to what extent and for what purposes we process data that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly to you (“personal information”) when
Further, this privacy policy contains information on recipients of your personal data within the EEA and third countries (Section 8), deletion of your personal data and retention periods (Section 9), your rights as a data subject (Section 11) and automated decision making (Section 13).
Privacy Principles
1. Collection, Processing, and Use of Personal Information.
The use of the Services is generally possible without providing personal information. You are neither obliged to visit this website nor to provide any personal information. If you do not provide us with personal information, you may not be able to use certain functionalities of the Services. Otherwise, there will be no consequences for you. The personal information we collect about you may include, without limitation:
We also collect data for pseudonymized user profiles to improve the Services. Note that under CCPA personal information does not include (i) publicly available information from government records, (ii) de-identified or aggregated consumer information, and (iii) any information excluded pursuant to applicable law.
2. Cookie Notice.
When you use the Services, we may also collect certain information with cookies. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser.
A. Strictly Necessary Cookies – We collect the necessary information to enable you to use the Services. This includes your IP address and data about the start, end, and subject of your use of the Services as well as any identification data (e.g. your login data when you log into a secure area). This data is used to provide and design the service according to requirements. Legal basis for deploying strictly necessary cookies is our legitimate interest in providing our website under Art. 6.1 (f) GDPR. Strictly necessary cookies always deleted as soon as they are no longer required and there are no storage obligations.
B. Consent to Other Cookies and Web Analytics – When you visit our website, a “cookie banner" appears, with which we ask you for your consent to set cookies. We use cookies to store your preferences when using our website, to statistically analyze your usage behavior, and to show you personalized advertising on third-party websites or social media. This data may be used by us and our partners to enrich usage profiles.
When making your decision, please take into account that your personal data stored for the respective cookie may be transferred to countries outside the EU where no level of data protection comparable to the EU is guaranteed. With respect to the United States, we generally use U.S. provider that are certified under the Data Privacy Framework (see Section 8 for further details). You can find out if a provider is certified in the Tool/Provider list (see below). If a U.S. provider is not certified, we ensure that EU standard contractual clauses have been concluded with the provider. If a provider is not (yet) certified under the Data Privacy Framework, you consent to the third-country data transfer to that provider by selecting the appropriate cookies.
If you agree, we will proceed as described in more detail in the following sections.
Legal basis for deploying other cookies is your consent pursuant to Art. 6.1 (a) GDPR. The consent you have given via the cookie button extends to data processing by all companies of the Körber Supply Chain Group and, accordingly, to the disclosure of the data collected via a particular website within all companies of the Körber Supply Chain Group. With regard to the processing of data collected through the cookies described below, the companies of the Körber Supply Chain Group assume “joint and several liability” within the meaning of Art. 26 GDPR as they jointly decide about the means and purpose of the personal data processing activities. You can assert your rights regarding the processing of the personal data collected by cookies with any of the companies of the Körber Supply Chain Group. You may revoke your consent at any time and prevent the setting of cookies or web analytics here:
If you use the Services and give your consent for “other cookies”, it may be that information in the form of a cookie is stored on your computer. You can deactivate the storage of cookies in your browser and have the possibility to delete them from your hard disk at any time. We would like to point out to you that a use of our offers on the website without cookies may only be possible to a limited extent. However, you can also use your browser only to prevent certain cookies from being set (e.g. cookies from third parties), for example if you want to prevent web tracking. Please refer to your browser's help function for more information.
Please refer to the below table for detailed information about marketing and web tracking services and used on our website and the associated providers. In addition, there are links to the privacy policy of the provider and an explanation on how you can prevent web tracking. Typically, in such cases, an “opt-out cookie” is stored on your device preventing the collection of usage data from your device by the respective provider. Please note: in case you delete cookies from your device, you may have to set the "opt-out cookie" again.
https://www.nextroll.com/privacy.
Prevent processing via opt-out (see https://app.adroll.com/optout)
https://www.drift.com/privacy-policy/
For further information, see Section 4. B.
www.facebook.com/privacy/explanation
For further information, see Section 2. F
https://www.google.de/intl/de/policies/
Prevent processing please press “Disable Google Analytics” Button in this Privacy Policy and for further information see Section 2. C.
Google LLC is certified under the Data Privacy Framework.
Google Double-Click Google Ads: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland
https://www.google.de/intl/de/policies/
Prevent processing via ads settings (see https://adssettings.google.com/anonymous?hl=en) and for further information see Section 2. E.
The parent company Google LLC is certified under the Data Privacy Framework.
https://www.hubspot.de/data-privacy/gdpr
For more information, see Section 4. F.
HubSpot Inc. is certified under the Data Privacy Framework.
https://www.hushly.com/privacy-policy/
Prevent processing see Sections 2. B., G., and 3.
Marketo: Marketo, EMEA Ltd., 4-6 Riverwalk Drive, Citywest Business Campus, Cooldown Commons, Dublin 24, D24 DCW0, IRELAND
https://documents.marketo.com/legal/privacy
For further information, see Section 4. A.
Marketo, Inc. is covered by the certification of the parent company Adobe Inc. under the Data Privacy Framework.
https://www.oktopost.com/privacy
For further information see Section 4. D.
Oktopost Technologies Inc. is certified under the Data Privacy Framework.
Prevent processing by deactivating personalized recommendations in the Outbrain interest profile at https://my.outbrain.com/recommendations-settings/home or by making the appropriate selection at www.aboutads.info/choices or www.youradchoices.ca/choices or www.youronlinechoices.euhttps://www.outbrain.com/privacy/
http://www.pubmatic.com/privacy-policy.php
Prevent processing via opt-out (seehttps://pubmatic.com/legal/opt-out/) or via the website of DAA (see https://optout.aboutads.info/?c=2&lang=EN)
PubMatic, Inc. is certified under the Data Privacy Framework.
6sense Intent Tracking: 6Sense Insights, Inc., 450 Mission Street, Suite 201, San Francisco, CA, 94105, USA
https://6sense.com/privacy-policy/
Prevent processing see Sections 2. B, G, and 3.
6Sense Insights, Inc. is certified under the Data Privacy Framework.
Taboola: Taboola, Inc., Attn: Privacy Policy, 16. Madison Square West, 7th Floor, New York, New York 10010, USA
https://www.taboola.com/privacy-policy
Prevent processing see privacy policy (https://www.taboola.com/privacy-policy)
http://www.thetradedesk.com/privacy-policy/
To prevent processing following the link: https://www.adsrvr.org/?AspxAutoDetectCookieSupport=1
Trade Desk, Inc. is certified under the Data Privacy Framework.
C. Web Analytics – If you opt-in to “other cookies” on the Services, we use Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Google Analytics uses cookies to enable an analysis of your use of the website. The information about your use of this website is usually transferred to a Google server in the USA and stored there. However, Google will reduce your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area beforehand and thus make it anonymous. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website in order to compile reports on website activity. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.
Deletion – The information collected by Google Analytics in the form of pseudonymous user profiles will be deleted no later than 14 months after the last new entry in the respective user profile.
D. Google Tag Manager – The Services may use Google Tag Manager to manage website tags. A tag is a JavaScript snippet used to send information from a website to recipients, in particular in the context of web tracking. The Google Tag Manager tool itself does not collect any personal data. The tool triggers other tags that may collect data (e.g. the Google Analytics tag). Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. This makes it easier to effectively implement your need against tracking procedures.
E. Google Ads – If you opt-in to “other cookies”, we use Google Ads Conversion and Google Ads Remarketing on our website, services of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (Google). Google Ads helps us to display you advertising on our website that is of interest for you in order to make our website more interesting for you. Google Remarketing enables us to display you advertisement of our Services on websites within the Google advertising network. These advertisings are delivered by Google via so-called "ad servers". For this purpose, we use cookies, through which Google can measure certain parameters for measuring success, such as the display of the ads or the clicks of the users and analyze the interaction of visitors on our website to find out which of our Services is of interest for you. If you access our website via a Google ad or certain services of Google or websites in the Google advertising network, Google will store a cookie on your end device. These cookies enable Google to recognize your internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers' websites. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective; in particular, we cannot identify users based on this information. Through the integration of Ads Conversion, Google receives the information that you have accessed the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.
Deletion – Google Ads cookies usually lose their validity after 30 days and are not intended to identify you personally.
Revoke Consent
– Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. Please note, however, that without cookies you may not be able to take full advantage of all of the features of the Services. You can prevent the collection and transmission of data relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link. Alternatively, you can prevent Google Analytics from collecting data by visiting tools.google.com/dlpage/gaoptout. Further information on data protection at Google can be found at:
https://www.google.de/intl/de/policies/ (DE) and https://policies.google.com/ (US).
F. Meta Pixel – This website uses the Meta Pixel of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”), to measure the effectiveness of advertising. By integrating the Meta pixel, Meta receives the information that you have clicked on an ad from us or called up the corresponding page of our website. If you are registered with a Meta service, Meta can assign the visit to your account. Even if you are not registered with Meta or have not logged in, it is possible that the provider learns and stores your IP address and other identifying characteristics. If you opt-in for “other cookies”, Meta Pixel uses cookies to provide these functions. These cookies store information about your visit to our website (such as your IP address) and information about your Meta account (if you have one), such as a user ID. This data is transferred to Meta and processed by Meta. We only receive statistical data from Meta for this purpose without any reference to a specific person. Meta is certified under the Data Privacy Framework between the EU and the USA.
If you have a Meta account, you can adjust your settings for advertisements at the Meta Account Settings. You can find more information on privacy at Meta in the Meta privacy policy:
https://www.facebook.com/privacy/policy/.
G. Your Choices – Although we do not control third parties’ collection or use of your information to serve interest-based advertising or other targeted content, a number of these third parties may provide you with ways to choose not to have your information collected or used in this way. For example, you can opt out of receiving targeted advertisements from members of the Network Advertising Initiative by visiting http://www.networkadvertising.org/choices. In addition, some web analytics providers are members of industry associations whose websites allow to centrally preventing the use of web tracking. Please find below reference to the websites of these associations for expressing your choices in regard to web tracking and processing data in pseudonymous profiles.
Some of your browsing sessions may be translated into information that helps website designers make websites easier to use and simpler to navigate. If you would like to disable this tracking, please click here: www.clicktale.net/disable.html
3. How We Respond to “Do Not Track” Signals.
A do not track signal (“DNT”) prevents web applications from tracking you, you can learn more about DNT athttps://allaboutdnt.com. Your web browser may let you choose your preference as to whether you want to allow the collection of information about your online activities over time and across different websites or online services. At this time, the Services do not respond to the preferences you may have set in your web browser regarding such collection of your information, and the Services may continue to collect information in the manner described in this Privacy Policy.
4. Third Party Content.
A. Marketo – Körber Supply Chain Group uses Marketo as a provider of newsletters and as a provider in connection with inquiries via the contact form. We will only combine pseudonymized data with personal information from your CRM profile if you have sent us an enquiry via our contact form, subscribed to a newsletter, or given us your consent to do so. We will do so only in order to address you in the best possible way and provide you with a service in line with your interests. With Marketo we have concluded a data processing agreement in accordance with Art. 28 GDPR and with Marketo Inc. we have concluded EU standard contractual clauses (for data transfers outside the EEA). The data is stored in Europe in data centers in the Netherlands. For further information on data processing by Marketo, please visit the Marketo website (https://documents.marketo.com/legal/privacy).
B. Hushly – This website uses the tool "Hushly" provided by LeadTip Inc, 10761 Gasocigne Dr, Cupertino, California, 95014, USA (“Hushly”), to generate reports about the use of our website and to recruit and manage potential business contacts (so-called "leads") on our website. Using the "Lead Capture & Email Validation" feature, Hushly allows us to evaluate the seriousness of business enquiries made through contact forms. For this purpose, Hushly processes data you submit through forms on our website and may send confirmation emails to the email address you provide to verify your identity. Using the Lead Enrichment feature, Hushly allows us to find more information about contacts and leads by matching the email address you provide for this purpose with other publicly available information from social networks such as LinkedIn. Hushly may use cookies to provide these features. We set this cookie through our website only with your consent. For further information on data processing by Hushly, please visit the Hushly website (https://www.hushly.com/privacy-policy/).
C. Wistia – Videos embedded on the Services are provided by Wistia, Inc. 17 Tudor Street, Cambridge, Massachusetts, 02139 USA (Wistia). For the video hosting platform Wistia we use the so-called “Privacy Mode” that only collects fully anonymized viewing data by disabling session tracking and anonymizing IP addresses of our viewers. Only after you have given us your consent will the tracking options be activated. This may include Cookies. Your consent also includes data transfer to the USA. Wistia is certified under the Data Privacy Framework between the EU and the USA. If you are logged into your Wistia account, you enable Wistia to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your Wistia account.
D. Oktopost – To publish social media contributions and analyze the reach and interaction with them, we use goal tracking technologies from Oktopost Technologies Inc. of 34 Tuval Street, Tel Aviv, Israel ("Oktopost"). This may include cookies. Oktopost collects information for us about whether one of our posts in social media has been shared, liked, commented, clicked or mentioned and whether you are a user who has interacted with our posts in social media. The information generated by cookies is transferred to and stored on an Oktopost server in the USA or other third countries. If necessary, data may be transferred to non-EEA countries, especially the USA (for data transfers to countries outside the EEA). Oktopost uses this information on our behalf for evaluation purposes and produces reports on the reach and use of our posts in social media. You can deactivate Oktopost's storage of data in cookies by disabling cookies. For more information on data processing by Oktopost, please visit the Oktopost website (https://www.oktopost.com/privacy).
E. Drift Chat Box – We use chat box technologies on our website from Drift.com Inc., 222 Berkeley Street Suite 600 Boston, MA 02116 USA (Drift) at present for US customers only. By providing a chat box, we would like to offer you another effective and uncomplicated communication channel to us. The use is voluntary. You can also contact us by other means. The personal data you provide in the context of your chat box request and your IP address are processed for responding to your request. The legal basis for the processing of the personal data collected is the performance of a contract or the implementation of measures prior to entering into a contract with you. Drift sets Cookies to enable and improve the chat function if you have given your consent to this via the cookie banner. The chat box user is assigned an ID that can be recognized. If necessary, data may be transferred to non-EEA countries, especially the USA (for data transfers to countries outside the EEA).
F. HubSpot - Our website contains tracking technology from HubSpot Inc, 24 First St, 2nd Floor, Cambridge/MA 02141, United States ("HubSpot"). This may include cookies. HubSpot collects and stores usage data in pseudonymous profiles to enable interest-based advertising. In addition, we use cookies to find out which of our company's services are of interest to you. For this purpose, we store information about your interaction with our website, such as downloaded documents, visited pages, date and time of retrieval ("usage data"). You can deactivate the storage of data by HubSpot in cookies and the associated recording of your user behavior by deactivating cookies.
For online marketing activities, Körber Supply Chain also uses an integrated software solution from HubSpot. With this, Körber Supply Chain cover various aspects, including:
The contact forms allow you, as a visitor to our website, to learn more about Körber Supply Chain, download content, and provide Körber Supply Chain with your contact information and other demographic information. Körber Supply Chain uses this information to contact you. Before Körber Supply Chain processes your data for the purposes set out in this section, Körber Supply Chain will obtain your consent to process your data using HubSpot. You can withdraw this consent at any time for the future in accordance with Art. 7 (3) GDPR.
Körber Supply Chain measures the success of email content that Körber Supply Chain send to you via HubSpot in order to identify your reading habits based on email opening, opening times, and links clicked, so that Körber Supply Chain can create and send you interest-based and useful content. Your consent to data processing includes performance measurement. Unfortunately, a separate withdrawal of the performance measurement is not possible, in which case you must withdraw the consent in its entirety.
Körber Supply Chain uses HubSpot to optimize advertising and customer targeting. Only if you have given Körber Supply Chain consent to do so, Körber Supply Chain can also combine the pseudonymous data with personal data from your CRM profile in order to address you optimally and provide you with interest-based information.
Your data will be passed on to HubSpot Inc., a US company. HubSpot also uses other sub-processors in the USA. HubSpot is certified under the Data Privacy Framework between the EU and the USA.
For more information on data processing by HubSpot, please visit HubSpot's website (https://www.hubspot.de/data-privacy/gdpr).
G. Social Media and YouTube Channel – Our website contains links to social media (e.g. Facebook or Instagram) and to our YouTube channel. Third party providers operate these services exclusively. If you follow the links, information may be transferred to these providers. No personal data will be passed on when you visit our website. Only if you click a social share button, information will be transferred to the provider. You can find information on the purpose and scope of the data processing by the provider as well as your rights and setting options for the protection of your privacy in the privacy policy of the provider:
5. Company Pages in Social Networks
Joint Controllership – We maintain company pages on the social networks of Facebook, Instagram, LinkedIn, X (formerly Twitter), YouTube and Xing. As the operator of these pages, we are responsible for the collection (but not for the further processing) of the data of visitors to our company pages jointly with the respective operator of the social network within the meaning of the GDPR.
Categories of personal data collected - The data collected includes Information about the types of content visitors view or interact with, or the actions they take and Information about the devices visitors use (e.g., IP addresses, operating system, browser type, language settings, cookie data). Social networks also collect and use information to provide analytics services, known as "page insights," to page operators to provide them with insights into how people interact with their pages and with content associated with them.
Further Information on the Joint Controllership - We have concluded a special agreement with the respective operator of the social network:
Meta: Facebook and Instagram: "Joint Controller Addendum," https://www.facebook.com/legal/terms/page_controller_addendum
LinkedIn: "Page Insights Joint Controller Addendum" https://legal.linkedin.com/pages-joint-controller-addendum.
YouTube: Google's privacy policy and terms of use
X (formerly Twitter): The general terms and conditions of Twitter and the guidelines referred to therein.
Xing: Xing's terms and conditions and the policies referenced therein.
In each case, these regulate in particular which security measures the operator must observe and in which the operator has agreed to fulfill the rights of data subject (i.e. users can, for example, address their right of access and their right to erasure directly to the operator of the social network).
The rights of users (in particular the right of access, erasure, restriction and right to lodge a complaint to the supervisory authority), are not restricted by the agreements with the respective operator. You can assert your rights (right to access, correction, erasure, restriction of processing, data portability, objection and right to lodge a complaint to the supervisory authority) both against us and against the respective operator of the social network.
Purpose of processing, legal basis, data subjects - Purposes of processing are contact requests and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors).
The legal basis for data processing is our legitimate interest in ensuring that our offer and our company are present on the internet as comprehensively as possible, as well as the possibility of communicating with you via social networks (Art. 6 (1) lit. f GDPR).
Data subjects include website visitors and visitors from our company pages on social networks.
Data Transfers outside EEA - In the case of Facebook, Instagram, YouTube, X (formerly Twitter) and LinkedIn, it is possible that some of the information collected may also be processed outside the European Union in the USA. For data transfers between the EU and the USA, see Section 8. Meta (
For more information on the processing of personal data, please refer to the privacy notices of Meta (Facebook, Instagram), YouTube, LinkedIn, X (formerly Twitter), and Xing.
6. Processing of Business Contact Information.
A. Legal Basis. Our legal basis for collecting and using the personal business contact information will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you (for example, when providing the Services), or where the processing is in our legitimate interests and not overridden by your data protectioninterests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to process personal information about you or may need to process personal information in order to exercise, establish, or defend legal claims. Specifically, we process your personal information, such as contact data or correspondence, to the extent that this is necessary to:
The same applies if you are an employee of an interested party, supplier, service provider or other business partner and we receive your personal data in this context; the legal basis in this case is our legitimate interest in establishing or carrying out the business relationship with your employer (Article 6.1(f) GDPR).
B. Contact Form. If you contact us via the contact form, we will save your details (in particular name and title, your contact details, your company, the country and your message) and process them in order to process your enquiry. For this purpose, we use the provider Marketo as a processor, as further discussed below and Körber Supply Chain uses HubSpot as a processor for subpages of this Website with competences of Körber Supply Chain. Depending on your region and your requirements, we will forward your enquiry to the appropriate company of the Körber Supply Chain Group. The legal basis for this data processing is - depending on the subject of your enquiry - the processing for the performance of a contract or for the implementation of pre-contractual measures (Article 6.1 (b) GDPR) or our legitimate interest in providing a contact form for general enquiries or in providing information material (Article 6.1 (f) GDPR) or your consent (Article 6.1 (a) GDPR).
C. CRM System. Your details are also stored in a Customer Relation Management System ("CRM System"). The same applies if you request information or material from us. If you give us your telephone number, we may contact you by phone to discuss your project and put you in touch with the appropriate contact person. In connection with enquiries and the data collected in CRM, the companies of the Körber Supply Chain Group act as "joint controllers" within the meaning of Art. 26 GDPR, as they jointly decide on the means and purposes of processing personal data. Entry and access to your personal data depends on your region and your enquiry and is regulated by contract between the companies of the Körber Supply Chain Group. For further information on these contractual terms, please contact our data protection officer, as noted below. You can assert your rights with regard to the processing of the personal data collected at any company of the Körber Supply Chain Group.
D. Newsletter. If you register for our newsletter, we will process your e-mail address and send you a confirmation e-mail with a confirmation link that you must click on to subscribe to our newsletter. We will also add you to our mailing list in order to send you e-mail advertising for our own similar goods or services if you purchase a good or service from us and you have not previously objected to this processing of your e-mail address. You can cancel the newsletter at any time and object to the e-mail advertising at any time. You will find a possibility to unsubscribe in every newsletter and every other advertising e-mail that we send you. Körber Supply Chain Group also uses Marketo as a processor for newsletter sending in accordance with Art. 28 GDPR. Körber Supply Chain additionally uses HubSpot as a processor for newsletter sending in accordance with Art. 28 GDPR. Your personal data is stored in Europe. However, we cannot fully exclude data transfers to Marketo Inc. or HubSpot Inc. both based in the USA, as further noted below. Because Marketo Inc. and HubSpot Inc. are certified under the Data Privacy Framework, transfers to Marketo Inc. and HubSpot Inc. in the USA are currently lawful (see Section 8).
E. Newsletter Performance Measurement. The newsletters contain a so-called. "web-beacon", which means a pixel-sized file that is retrieved when the newsletter is opened, either from the server of the Körber Supply Chain Group Company or from the server of the service provider Marketo or HubSpot. In the course of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of retrieval may be collected. We receive a statistical report from Marketo or HubSpot about whether recipients open the newsletters, when they open it and which links they click. This processing serves us to recognize the reading habits of the newsletter recipients and to adapt the content to them or to send different content according to their interests. Your consent to receive the newsletter also covers the consent to performance measurement. The legal basis for data processing is Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. For this purpose you can e.g. use the unsubscribe link in each newsletter or contact us. A separate revocation of the performance measurement is unfortunately not possible; in this case, you must revoke the consent to the newsletter in its entirety.
F. Declare Objection. You can declare your objection directly to these companies. You will find a possibility to declare your objection or revocation e.g. in every e-mail. You can also declare your revocation to Körber. We will then forward it to the responsible company.
G. Email. If you agree to be informed by e-mail about the latest products and services of the Körber Supply Chain Group, the companies will send you this information by e-mail. Your details will be stored in a shared distribution list for this purpose. You can revoke your consent at any time with effect for the future. To do so, you can use the unsubscribe link in each newsletter or contact us.
7. Electronic Communication.
You are welcome to communicate with us by e-mail at any time. Please be advised that we use an E-mail Gateway of an external provider of security technologies to defend against SPAM e-mail, other threatening e-mail, threatening e-mail attachments and URLs. In doing so, this external provider may process your first and last name, e-mail address and IP address. The legal basis is our legitimate interest in preventing unauthorized access to communications networks, the spread of malicious code and damage to computers and electronic communications systems (Article 6.1(f) GDPR in conjunction with Recital 49).
8. Transmission to Third Parties and to Countries Outside the EEA.
The data we collect from you may be transferred to and stored at a destination outside of the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who works for us, one of our group companies or our suppliers for the purposes set out in this Privacy Policy. In order to ensure that any third party processes your personal data in a way which is consistent with the EU's laws on data protection, to the extent that we share data outside of the EEA, we will seek to put in place agreements with those third parties, including with our group companies, which contain provisions approved by the EU for protecting personal data. Your personal information will only be transmitted to third parties if this is legally permitted or if you have given your prior consent. For example, we may transfer data to other companies of the Körber group, if this is necessary to respond to a request you have made. We will only disclose your personal information to government authorities within the framework of legal obligations or as a result of an official order or court decision. Processing described under Sections 2., 4. and 5. may lead to data transfers to third countries outside the EEA, especially to the USA. Please note that in the event of a data transfer to third countries outside the EEA, Chapter V of the GDPR requires that the recipients have an adequate level of data protection. Most of the US providers we use are certified under the EU-US Data Privacy Framework, which enables secure data transfers to these US providers. The Tool/Provider list in Section 2. B. indicates if the respective provider is certified under the Data Privacy Framework. A complete list of companies certified under the Data Privacy Framework can be accessed via the following link: https://www.dataprivacyframework.gov/s/participant-search. If a provider is not certified under the Data Privacy Framework this provider is contractually bound by the EU standard contractual clauses to process data in conformity with data protection regulations. Please note that transfers from the EU to non-certified U.S. providers are also subject to stricter U.S. rules on government surveillance programs under Executive Order 14086, which was adopted as a condition of the European Commission's adequacy decision for U.S. providers certified under the Data Privacy Framework. Should you have any questions in this regard, please contact our data protection officer (see Section 14).
9. Retention.
We delete your personal information as soon as it is no longer needed for the purposes for which the personal information was collected, as far as no legal storage obligations stand in the way.
10. Data Security.
Körber has taken the necessary technical and organizational measures to protect the personal data you provide from loss, destruction, manipulation and unauthorized access. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to treat personal data confidentially. Our employees are trained accordingly. Both internal and external tests ensure compliance with all data protection relevant processes at Körber. To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" ("https://") or a green, closed lock symbol is added to the address component. By clicking on the icon, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption guarantees the encrypted and complete transmission of your data. We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security risks. A complete protection of data against access by third parties is not possible.
11. Your Rights Regarding Personal Data.
The data protection laws grant EEA and UK residents a number of rights with regard to data concerning your person (rights of data subjects). These include the:
The EU General Data Protection Regulation also grants you the right of appeal to a data protection supervisory authority. However, if you have any questions or complaints regarding data protection at Körber, we recommend that you first contact our data protection officer (see Section 14).
12. Notice for California Residents.
Our California Consumer Privacy Act (“CCPA”) Notice applies to California residents from whom we collect personal information. Please visit Privacy Notice for California Residents to learn more about how we adhere to the CCPA (as amended by CPRA) and how to exercise the rights afforded to you under the CCPA (as amended by CPRA).
California Civil Code Section § 1798.83 may permit users of our Services who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us.
13. No Automated Single Decision.
Automated decision making and profiling includes any decision-making processes that occur solely through automated means. As far as this is not exceptionally necessary for the conclusion of a contract or permitted by law (as in the case of age verification), we do not use your personal data for automated individual decisions.
14. How Can You Contact Us?
You will find our contact details as the responsible body in the imprint. You may also email us at info.sc@koerber-supplychain.com. If you wish to exercise the rights mentioned under Section 11 or if you have any questions about data protection with us or this data protection declaration, you can also contact our data protection officer: datenschutz.sc@koerber-supplychain.com.
15. Changes to this Privacy Policy.
New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can always find the latest version on our website. In the event we make a material change to how we use your personal information, we will provide you with notice by posting on our website. The date this Privacy Policy was last revised is at the top of this page. We encourage you to review this Privacy Policy periodically to check for any updates or changes.