Kamei: Data protection

Legal

Privacy Policy

____________________________________________

A. Privacy policy for website

B. Privacy policy for social media presence

C. Information on data protection for applicants

____________________________________________

As of July 2025

A. Privacy policy for website

We process personal data (hereinafter referred to as "data") of users only to the extent necessary for the provision of a functional and convenient website as well as our content and services.

"Processing" includes the collection, use, disclosure and/or storage of personal data. According to the General Data Protection Regulation (hereinafter "GDPR"), "personal data" generally refers to all data that can be used to identify a natural person. The exact definitions of the terms are set out in Article 4 of the GDPR.

The following information details the type, scope, purpose, duration and legal basis of the processing of personal data, the purposes and means of which we decide alone or jointly with others, as well as the third-party components we may use to optimize and improve the user experience, which process data under their own responsibility:

_________________________________________

I. Information about the responsible party

II. User rights

III. Information on data processing

_________________________________________

I. Information about the responsible party

The controller (hereinafter referred to as "provider") within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

KAMEI GmbH

Heinrichswinkel 2

38448 Wolfsburg

Tel. +49 (0)5363 804-0

Fax: +49 (0)5363 804-79

Email: support@kamei.de

Company headquarters:

Daimlerstrasse 22

91301 Forchheim

External Data Protection Officer of the controller:

Killian Hedrich
c/o DatCQ GbR

Alexander F. Bräuer, Killian Hedrich

and Frank Weiss
Katharinenstraße 16
73728 Esslingen

Tel. +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
Email: dsb@datcq.de

II. User rights

With regard to the processing of his personal data by the provider as described below, the user has the right to

1. to request confirmation as to whether data concerning him is being processed and to receive detailed information about this data as well as further information and copies of the data in accordance with Article 15 GDPR;

2. to request the immediate rectification of inaccurate data concerning him or the completion of such data in accordance with Article 16 GDPR;

3. to request that the data concerning him be erased without undue delay in accordance with Article 17 GDPR, or alternatively, if, for example, further processing is necessary in accordance with Article 17(3) GDPR, to request a restriction of the processing of the data in accordance with Article 18 GDPR;

4. that he receives the data concerning him and provided by him in accordance with Article 20 GDPR and to request its transmission to other controllers;

5. to lodge a complaint with the supervisory authority pursuant to Article 77 GDPR if the user believes that the processing of his or her data by the provider infringes the GDPR.

_________________________

6. The user may, in principle, object at any time to the future processing of his or her data, which is carried out by a controller on the basis of Art. 6 para. 1 lit. f GDPR, in accordance with Art. 21 GDPR. The objection can be made in particular against processing for direct marketing purposes.

_________________________

7. The provider is also obliged to communicate any rectification or erasure of personal data or restriction of processing carried out pursuant to Article 16 GDPR, Article 17 paragraph 1 GDPR and Article 18 GDPR to all recipients of the data to whom the data has been disclosed by him. The obligation does not apply if such notification proves impossible or involves disproportionate effort. The customer has the right to information regarding these recipients.

III. Information on data processing

Unless detailed information is provided below regarding individual data processing activities, the user's data processed by the provider will be deleted or blocked as soon as the purpose of storage ceases to apply and there are no legal retention obligations preventing deletion.

Server data

For communication and security reasons, the following data, among others, which the user's internet browser transmits to the provider or its web hosting provider, are collected during visits to the website (so-called server log files):

- Browser type and version;

- operating system used;

- Website from which the user switched to the provider's website (referrer URL);

- Website visited by the user;

- Date and time of access;

- User's Internet Protocol (IP) address.

The data will also be stored temporarily. This data is not stored together with other personal data of the user. The legal basis for the temporary storage is Art. 6 para. 1 lit. f GDPR based on the legitimate interest in improving the stability, functionality and security of the website.

The data will be deleted after a maximum of seven days. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.

1. Cookies

The responsible party uses so-called [cookies/flavors] on its website. Cookies. Cookies are small text files or other storage technologies that the internet browser used by the user places and stores on the end device. These cookies process certain user information to varying degrees, such as browser and location data and IP address values.

Its use allows the person responsible to make their website more user-friendly, effective and secure.

The processing serves the legitimate interest of the controller in improving the functionality and security of the website as well as fulfilling legal requirements and is based on the legal basis of Art. 6 para. 1 lit. f GDPR.

The "session" cookies are deleted when the user closes their browser.

2. Third-party cookies

Third-party cookies may also be used on the provider's website. These third-party providers are partner companies with whom the provider collaborates for the purposes of advertising, analysis, or website functionality. Should this be the case, the purposes and legal bases of the corresponding processing will be set out in the following explanations.

3. Elimination option

The user can prevent or restrict the installation of cookies by adjusting the browser settings accordingly. Previously stored cookies can also be deleted at any time. The settings for this depend on the respective browser. Flash cookies cannot be prevented via the browser settings, but rather by adjusting the settings of the Flash player. Should the user prevent or restrict the installation of cookies, this may result in not all functions of the website being fully usable.

Contact requests

In the event that the user contacts the provider via contact form or email, the personal data entered by the user on this occasion will be used to process the request. Providing this data is necessary to answer the request; without providing the data, a response is not possible or only possible to a limited extent.

If the contact request serves the purpose of fulfilling a contract or carrying out pre-contractual measures, the legal basis is Art. 6 para. 1 lit. b GDPR.

The user's data will be deleted once the user's request has been fully answered and there are no legal retention obligations, such as those arising from subsequent contract processing.

The legal basis can also be the user's consent pursuant to Art. 6 para. 1 lit. a GDPR. When using the contact form, the user's consent to the aforementioned processing may be obtained, and reference will be made to this privacy policy.

The user may revoke their consent for the customer account at any time by notifying the provider in accordance with Art. 7 para. 3 GDPR. The data processed in this context will be deleted as soon as its processing is no longer necessary.

Google Maps

For directions and to display specialist retailers nationwide, the provider uses the "Google Maps" component of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google".

When a page containing the "Google Maps" component is accessed, a connection to a Google server is established to display the map, provided the page visitor has given their consent. Through this connection, Google can identify which website is sending a request and to which IP address the directions are being transmitted.

The legal basis for this is Article 6 paragraph 1 letter a GDPR. The user can withdraw their consent at any time for the future by adjusting the cookie settings on the website, in accordance with Article 7 Paragraph 3 of the GDPR.

_____________________

In the case of data transfer to the USA, processing is carried out on the basis of an adequacy decision of the EU Commission in conjunction with the participation of Google am so-called. “Data Privacy Framework”:

https://www.dataprivacyframework.gov/list

Furthermore, there are so-called standard contractual clauses between the provider and Google:

https://privacy.google.com/businesses/compliance/#!#gdpr

The use of "Google Maps" and the information obtained via "Google Maps" is subject to the following: Google Terms of Service as well as the additional Google Maps Terms of Service.

Further information, in particular on the options for preventing data usage, is available from Google at the following links:

https://policies.google.com/privacy

Matomo

This website uses the software "Matomo" to analyze website visits. The processing is carried out on behalf of the provider by uebler GmbH, Daimlerstraße 22, 91301 Forchheim.

The following visitor information is processed:

anonymized IP address;

Operating system;

Browser type;

Language;

Website accessed;

Time spent on the website;

Frequency of website visits in the last 24 hours.

To capture this data, the software uses the device fingerprinting method. The device's data is processed anonymously and changed every 24 hours.

The legal basis for this is Article 6(1)(f) GDPR. The provider has a legitimate interest in analyzing and optimizing the website.

Should the user not agree to this processing, there is the option to prevent the analysis of their website visit by means of the so-called... To end the "opt-out".

By confirming the link

No tracking because of disabled JavaScript or activated ad blocker.

A cookie will be placed on the user's device that will prevent the analysis from being stored in the future.

Please note: If the user deletes the cookies in their browser settings, the opt-out cookie will usually also be deleted and may need to be reactivated by the user.

Social media embedding

The provider uses plugins from the social networks listed below on the website.

The plugins are integrated via a content blocker, so that when a website with a social plugin is accessed, a connection to the respective server of the social network is not automatically established to display the plugin. Only by clicking the consent button will the connection to the third-party server of the respective social media provider be enabled and the corresponding content loaded.

The legal basis for this is Article 6 paragraph 1 letter a GDPR. The user can revoke their consent at any time for the future in accordance with Art. 7 para. 3 GDPR by adjusting the cookie settings in their browser. After the user grants permission, the respective network collects information about the user. This includes data such as IP address, date, time and page visited. If the user is logged into their user account on the respective network during this time, the network operator may be able to associate the information collected about the user's specific visit with the user's personal account. If the user wants to prevent the collected information from being directly associated with their user account, the user must log out before sharing. Furthermore, it is possible to configure the respective user account accordingly.

The following social networks are embedded by the provider:

Facebook - Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Instagram- Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

YouTube - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In the case of data transfers to the USA, processing is carried out on the basis of an adequacy decision of the EU Commission in conjunction with the participation of the aforementioned companies am so-called. “Data Privacy Framework”:

https://www.dataprivacyframework.gov/list

Integration of social media

The provider includes a link to the social networks listed below on the website.

The legal basis for this is Article 6(1)(f) GDPR. The provider's legitimate interest lies in improving the user experience of the website.

The plugins are integrated via a linked graphic. Only by clicking on the corresponding graphic will the user be redirected to the service of the respective social network.

After the customer is redirected, the respective network collects information about the user. This includes data such as IP address, date, time and page visited. If the user is logged into their user account on the respective network during this time, the network operator may be able to associate the information collected about the user's specific visit with the user's personal account. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and possibly published. If the user wants to prevent the collected information from being directly associated with their user account, the user must log out before clicking on the graphic. Furthermore, it is possible to configure the respective user account accordingly.

The following social networks are linked by the provider:

Facebook - Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Instagram- Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

YouTube - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

TikTok - TikTok Technology Limited, The Sorting Office, Ropemaker Place, Dublin 2, Ireland.

B. Privacy policy for social media presence

We use so-called [methods] to promote our products and services and to communicate with prospective or current customers. Social media platforms.

The following information explains in particular the type, scope, purpose, duration and legal basis of the processing of personal data when you visit one of our company presentations on a social media platform or contact us via that platform.

_________________________________________

I. Information on the joint controllers

II. User rights

III. Information on data processing

_________________________________________

I. Information on the joint controllers

For all the social media platforms listed below, the

KAMEI GmbH

Heinrichswinkel 2

38448 Wolfsburg

Tel. +49 (0)5363 804-0

Fax: +49 (0)5363 804-79

Email: support@kamei.de

Company headquarters:

Daimlerstrasse 22

91301 Forchheim

- hereinafter referred to as "provider" -

jointly with the platform operator named below within the meaning of Article 26 GDPR is responsible.

The provider's external data protection officeris:

Killian Hedrich
c/o DatCQ GbR

Alexander F. Bräuer, Killian Hedrich

and Frank Weiss
Katharinenstraße 16
73728 Esslingen

Tel. +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
Email: dsb@datcq.de

_________________________

Facebook and Instagram

The provider is featured on the social media platforms "Facebook" and "Instagram" together with the

Meta Platforms Ireland Limited

4 Grand Canal Square

Grand Canal Harbour

Dublin 2 Ireland

responsible.

Facebook's data protection officer can be contacted via a contact form:

https://www.facebook.com/help/contact/540977946302970

The joint controllers have regulated their respective obligations under the GDPR in an agreement. This agreement can be accessed via the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

TikTok

The provider is featured on the social media platform "TikTok" together with the

TikTok Technology Limited

The Sorting Office

Ropemaker Place,

Dublin 2, Ireland

responsible.

TikTok's data protection officer can be contacted via a contact form:

https://www.tiktok.com/legal/report/DPO/de

The joint controllers have regulated their respective obligations under the GDPR in an agreement. This agreement can be accessed via the following link:

https://www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en

_________________________

II. User rights

Regardless of the details of the agreement, you can assert your rights under the GDPR against each and every one of the controllers.

With regard to the processing of his personal data by the controllers as described below, the user has the right to

2. to request the immediate rectification of inaccurate data concerning him or the completion of such data in accordance with Article 16 GDPR;

4. that he receives the data concerning him and provided by him in accordance with Article 20 GDPR, as well as the further right to request its transmission to other controllers;

5. to lodge a complaint with the supervisory authority pursuant to Article 77 GDPR if the user believes that the processing of his or her data by a controller infringes the GDPR.

_________________________

7. The controller is also obliged to communicate any rectification or erasure of personal data or restriction of processing carried out pursuant to Article 16 GDPR, Article 17 paragraph 1 GDPR and Article 18 GDPR to all recipients of the data to whom the data have been disclosed. The obligation does not apply if such notification proves impossible or involves disproportionate effort. The user has the right to information regarding these recipients.

III. Information on data processing

To promote its products and services and to communicate with potential customers or clients, the provider maintains a company presence on the following platform(s).

The legal basis for the processing of personal data that takes place as a result and is subsequently reproduced for each platform is Art. 6 para. 1 lit. f GDPR. The provider's legitimate interest lies in the analysis, communication, sales and promotion of its products and services.

The legal basis can also be the user's consent to the platform operator in accordance with Art. 6 para. 1 lit. a GDPR. The user can withdraw their consent at any time for the future by notifying the platform operator, in accordance with Article 7 Paragraph 3 of the GDPR.

Facebook and Instagram

When accessing the provider's online presence on the platforms "facebook" and "Instagram", Meta Platforms Ireland Limited, as the operator of both platforms in the EU, processes user data (e.g. personal information, IP address, etc.). This user data is used by the provider to generate statistical information about the use of its company presence on "facebook" and "Instagram".

Meta Platforms Ireland Limited uses this data in particular for market research and advertising purposes, as well as for creating user profiles. Based on these profiles, Meta Platforms Ireland Limited, for example, is able to target users with interest-based advertising both inside and outside of "facebook" and "Instagram". If the user is logged into their account on “facebook” or “Instagram” at the time of access, Meta Platforms Ireland Limited can also link the data to the respective user account.

If the user contacts the provider via "facebook" or "Instagram", the personal data entered by the user on this occasion will be used to process the request. The user's data will be deleted by the provider once the user's request has been fully answered and there are no legal retention obligations, such as those arising from subsequent contract processing.

Meta Platforms Ireland Limited may also use cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by adjusting the browser settings accordingly. Previously stored cookies can also be deleted at any time. The settings for this depend on the respective browser. Should the user prevent or restrict the installation of cookies, this may result in not all functions of Facebook being fully usable.

Further details regarding the processing activities, their prevention and the deletion of data processed by Facebook Ireland Ltd. can be found in the data policy of “facebook” and “Instagram”:

https://www.facebook.com/privacy/explanation

https://help.instagram.com/519522125107875

It is possible that the processing by Meta Platforms Ireland Limited also takes place via Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

TikTok

When accessing the provider's online presence on the "TikTok" platform, TikTok Technology Limited, as the operator of the platform in the EU, processes user data (e.g., personal information, IP address, etc.). This user data is used by the provider to generate anonymized statistical information about the use of their company presence on "TikTok".

TikTok Technology Limited uses this data in particular for market research and advertising purposes, as well as for creating user profiles. Based on these profiles, TikTok Technology Limited, for example, is able to target users with interest-based advertising both inside and outside of “TikTok”. If the user is logged into their account on “TikTok” at the time of access, TikTok Technology Limited can also link the data to the respective user account.

If the user contacts the provider via "TikTok", the personal data entered by the user on this occasion will be used to process the request. The user's data will be deleted by the provider once the user's request has been fully answered and there are no legal retention obligations, such as those arising from subsequent contract processing.

TikTok Technology Limited may also use cookies to process the data.

Further details regarding the processing activities, their prevention and the deletion of data processed by TikTok Technology Limited can be found in TikTok's data policy:

https://www.tiktok.com/legal/page/eea/privacy-policy/de

It is possible that processing by TikTok Technology Limited may also take place in the USA or other third countries. Further details can be found in the privacy policy of TikTok Technology Limited (see link above) under the section “Our global activities and data transfers”.

C. Information on data protection for applicants

_________________________________________

I. Information about the responsible party

II. User rights

III. Information on data processing

_________________________________________

I. Information about the responsible party

The data collection and processing for job applications is governed by the

KAMEI GmbH

Heinrichswinkel 2

38448 Wolfsburg

Tel. +49 (0)5363 804-0

Fax: +49 (0)5363 804-79

Email: support@kamei.de

Company headquarters:

Daimlerstrasse 22

91301 Forchheim

responsible.

The external data protection officer of the controller is:

Killian Hedrich
c/o DatCQ GbR

Alexander F. Bräuer, Killian Hedrich

and Frank Weiss
Katharinenstraße 16
73728 Esslingen

Tel. +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
Email: dsb@datcq.de

II. User rights

Every data subject has the right to information about their personal data as well as the right to rectification of inaccurate data or to erasure, provided one of the grounds mentioned in Art. 17 GDPR applies, e.g. if the data are no longer needed for the purposes pursued. There is also the right to restrict processing if one of the conditions mentioned in Art. 18 GDPR applies, and in the cases of Art. 20 GDPR, the right to data portability.

_________________________

Furthermore, the data subject may object to the processing at any time for the future, in particular if the processing is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. For this, aInformal notification of objection, e.g. by email toinfo@uebler.com. In the event of an objection, the data will be deleted immediately, unless legal retention obligations or legitimate interests in a legal defense prevent deletion.

_________________________

Every data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data infringes data protection regulations. The right to lodge a complaint may be exercised in particular with a supervisory authority in the Member State of the data subject's residence or place of work or the place of the alleged infringement.

III. Information on data processing

Application process

In connection with an application, the personnel departments (personnel department, department head) process data from the applicant that is required as part of the application and that was provided by the applicant with their application. This may include contact details, all data related to the application (resume, certificates, qualifications, answers to questions, etc.) and, if applicable, bank account details (to reimburse travel expenses). This data is collected and processed solely for the purpose of processing the application.

The legal basis for this is Art. 6 para. 1 lit. b GDPR or Art. 9 para. 2 lit. b GDPR 1 GDPR.

Application data will be treated confidentially.

In some cases, service providers bound by instructions are used, who... B. in the areas of personnel selection, IT or the archiving and destruction of documents, and with whom separate data processing agreements have been concluded.

Unless statutory retention periods exist, the data will be deleted as soon as storage is no longer necessary or the legitimate interest in storage has ceased.

If no appointment is made, this is usually the case no later than six months after the completion of the application process. In individual cases, data may be stored for a longer period (e.g., for travel expense reports). The storage period then depends on the legal retention requirements.

Consent for longer storage

If no hiring has taken place, but the application is still of interest, The applicant must give explicit consent for the further processing of their data.

If the applicant gives such explicit consent, the application data will be included in the internal applicant pool for a period of one year after the completion of the application process.

After this period, the application data will be deleted.

The legal basis for the aforementioned processing is Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR. In accordance with Article 7 Paragraph 3 of the GDPR, consent can be withdrawn at any time for the future by sending us an informal notification.

Privacy Policy

Pursue

Help and information

Service

Legal