Privacy Statement

Below you will find the information required under Articles 13 and 14 of the General Data Protection Regulation ("GDPR") regarding the processing of your personal data when you visit (hereinafter referred to as "you" or "your") our websites; www.kostal-electro-mobility.com (hereinafter referred to as "website") by Leopold Kostal GmbH & Co. KG (hereinafter referred to as "we" or "us").

A. Data controller and data protection officer

Leopold Kostal GmbH & Co. KG, An der Bellmerei 10, 58513 Lüdenscheid, info@kostal.com, Phone +49 (0) 2351 16-0.

Data protection officer of the KOSTAL Group, An der Bellmerei 10, 58513 Lüdenscheid, datenschutz@kostal.com

B. Information about the processing of personal data

Below you will find information about the processing of your personal data for the purposes specified there in more detail, as well as, among other things, the legal basis for the processing. If the legal basis for the processing is stated as the balancing of interests, you can request further information on the balancing of interests from us using the contact details provided in section A .

I. Use of the website

1. Informational use of the website

When you visit our website, we process the IP address of your device for technical reasons, i.e., to enable the website to be displayed. Without this information, we cannot provide the content of the website that you have accessed.

In addition, to protect our IT infrastructure, we process the IP address of your device, the type and version of the Internet browser you are using, information about the operating system of your device, information about the pages you have accessed, the previously visited page (referrer URL), and the date and time of access, and store this information in so-called log files.

The legal basis for this processing is the balancing of interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Our legitimate interest is to provide the content of the website accessed by the user and to protect the IT infrastructure used to provide the website, in particular to detect, eliminate, and document evidence of malfunctions (e.g., DDoS attacks). You can request further information on this balancing of interests from us using the contact details provided in Section A.

The recipient of this data is our hosting provider Microsoft Azure, which acts as a processor on our behalf. Another recipient is PSV Neo GmbH, which also acts as a processor and is responsible for developing, maintaining, and servicing the website.

We generally store this personal data in the log files for thirty (30) days. In the event of a security-related incident (e.g., an attack), we will store the log files until the security-related incident has been resolved and fully investigated.

2. Typo3

In order to provide this website, we use the Typo3 web content management system, which provides analysis functions for evaluating surfing behavior. For this purpose, information generated by cookies about the use of this website is stored in a database on a server of a service provider contractually bound to us. The data collected is anonymized by technical measures (e.g., by deleting the last digits of the IP address), including the anonymized IP address (anonymization is achieved by deleting the last digit).

The legal basis for the use of Typo3 is the balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is the provision of the website content requested by the user and the protection of the IT infrastructure used to provide the website.

You can prevent the installation of cookies by adjusting your browser software settings accordingly. This is described in Section D.II. However, we would like to point out that this may mean that not all functions of this website can be used to their full extent.

The recipient of this data is our hosting provider Microsoft Azure, which acts as a processor on our behalf.

We store this personal data in the log files for a period of thirty (30) days. In the event of a security incident (e.g., an attack), we will store the log files until the security incident has been resolved and fully investigated.

3. Usercentrics

We use the Usercentrics Consent Manager to manage your consent, possible revocations of consent, and objections to the use of cookies.

Data processing in this context is carried out to manage user decisions regarding cookies (consent, revocation, opt-out) and to ensure the security of the application.

The IP address of your device, the type and version of the Internet browser you are using, information about the operating system of your device, information about the pages accessed, the previously visited page (referrer URL), and the date and time of access are processed. In addition, the user's decision regarding individual cookies or groups of cookies is stored at the time of the decision and the last visit.

Legal basis for processing the balancing of interests (Article 6(1)(f) GDPR) Our legitimate interest here lies in the simple and reliable control of cookies.

The recipient of the data is Usercentrics GmbH, which acts as our processor.

We store the data for a period of 6 months. The revocation of a previously given consent is kept for three years (accountability). Server log data is anonymized before storage.

We would like to point out that it is not possible to use the website without transferring personal data, such as your IP address. There is no automatic decision-making process regarding consent to the use of cookies.

II. Job vacancies

You will also find links to job vacancies on the website. These links lead to an external website, which has its own privacy policy. You can find it here.

III. Analysis of behavior on the website Plausible Analytics

The website uses Plausible Analytics. The provider is Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

Plausible Analytics is a web analytics tool that provides us with anonymized information about the use of our website. We use the insights gained to optimize our content and services accordingly. Plausible Analytics collects the following data: page URL, HTTP request, HTTP referrer, browser, operating system, device type, and IP address. HTTP requests and IP addresses are stored in a hash for 24 hours; during this period, a user can be recognized if they return to the website. It is not possible to identify the person; Plausible Analytics does not set cookies and does not store any information in the user's browser. Plausible Analytics acts as a data processor for us and processes the data only in accordance with our instructions and in compliance with the GDPR.

Plausible Analytics is integrated based on our interest in statistical analysis of the use of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information on the handling of user data can be found in the privacy policy of Plausible Analytics: plausible.io/privacy and plausible.io/data-policy.

C. Third-party plug-ins

The third-party plug-ins described below are integrated into our website. These enable you to use certain services provided by external providers directly on our website. These third-party plug-ins are provided by the provider named below on their own responsibility.

Plug-in providers may (similar to when you visit an external website via a link) receive your IP address and the address (URL) of the website from which you accessed the plug-in. If you are registered as a user with the third-party provider, the plug-in provider can usually also assign the data received to your user account.

I. Maptoolkit

We use the Maptoolkit map service to display maps on our website. Maptoolkit is provided by Toursprung GmbH, Mariahilfer Str. 93/20, 1060 Vienna, Austria. When you access the content of our website, you will be connected to the servers of Toursprung GmbH. Your IP address and possibly browser data such as your user agent will be transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Maptoolkit. The IP address is technically anonymized before any further processing. It is not possible to trace this data back to individual persons.

The aforementioned data is only stored for the duration of use. Further information can be found in the privacy policy at www.maptoolkit.com/de/privacy/.

II. Google Tag Manager

Our website uses the Google Tag Manager service, which is provided for users in the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other users by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together "Google").

Google Tag Manager is used exclusively for managing website tools by integrating so-called website tags. A tag is an element that is stored in the source code of our website in order to execute a tool, for example through scripts. If these are optional tools, they will only be integrated by Google Tag Manager with your consent. Google Tag Manager does not use cookies.

The legal basis is your consent in accordance with Art. 6 (1) (a) GDPR, which you can withdraw at any time. Access to and storage of information on your device is then based on the implementing laws of the e-Privacy Directive of the EU member states, in Germany in accordance with Section 25 (1) TTDSG. You can withdraw your consent to the use of the tools at any time. To do so, click on "Privacy settings" at the bottom of the page, which will bring up the cookie banner again and allow you to select or deactivate individual tools.

For the purpose of ensuring stability and functionality in the use of Google Tag Manager, Google collects information about which tags are integrated by our website, but generally no personal data, in particular no data about usage behavior, IP addresses, or the pages visited.

We have concluded a data processing agreement with Google. In the event that personal data is transferred to the US, we have concluded standard contractual clauses with Google.

For more information, please refer to Google's information on Tag Manager: support.google.com/tagmanager/answer/9323295

D. Use of cookies

When you use our website, we store cookies in your browser unless you prevent this by changing your browser settings.

I. General information about cookies

Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. When the website is accessed again using the same device, the cookie and the information stored in it can be read.

In principle, and also in the description of the individual cookies we use in section D.III , a distinction is made between (i) first-party and third-party cookies, (ii) transient and persistent cookies, and (iii) cookies that do not require consent and cookies that require consent.

First-party cookies are those set by us or a processor commissioned by us. Third-party cookies, on the other hand, are those set and accessed by another controller.

Transient cookies are deleted when you close your browser. Persistent cookies, on the other hand, are those that are stored on your device for a certain period of time.

Cookies that do not require consent are those whose sole purpose is to carry out the transmission of a message via an electronic communications network. Cookies that are strictly necessary for the provision of an information society service explicitly requested by the participant or user (also known as "strictly necessary cookies") also do not require consent. All other cookies require consent.

II. Cookie management

If the user's consent is required for the use of certain cookies, we will only use these cookies when you use the website if you have given your prior consent. For information on whether consent is required for the use of a cookie, please refer to section D.III .

When you visit our website, we display a "cookie banner" in which you can declare your consent to the use of cookies on this website by clicking a button. By clicking the button provided for this purpose, you have the option of consenting to the use of all cookies requiring consent as described in detail in section D.III of this cookie information.

We also store your consent and, if applicable, your individual selection of cookies requiring consent in the form of another cookie ("opt-in cookie") on your device so that we can determine whether you have already given your consent when you visit the website again. The opt-in cookie has a limited validity period of one (1) month.

Cookies that are strictly necessary cannot be deactivated via the cookie management function of this website. However, you can deactivate these cookies at any time in your browser.

You can also manage the use of cookies in your browser settings. Different browsers offer different ways to configure cookie settings in your browser. For more detailed information, please visit www.allaboutcookies.org/ge/cookies-verwalten/.

If you disable the storage of cookies in your browser, some functions of the website may not work or may no longer work properly.

Your consent is given in the cookie banner Art. 6 para. 1 sentence 1 lit. a GDPR, which you give via the consent banner or in the respective tool itself by individually permitting its use via a banner (overlay) placed above it. Access to and storage of information on the end device is then based on the implementing laws of the e-Privacy Directive of the EU member states, in Germany pursuant to Section 25 (1) TTDSG. You can revoke your consent to the use of the tools at any time. To do so, click on "Privacy Settings" at the bottom of the page, which will bring up the cookie banner again and allow you to select or deactivate individual tools.

III. Cookies used on this website

Below you will find information about the cookies we use.

1. Name: UC_setting and/or uc String

Purpose and content: Absolutely necessary opt-in cookie (see section II above) for storing your consent and, if applicable, your individual selection for the use of cookies on your device in order to determine whether you have already given your consent when you visit the website again. Responsibility: First-party. Validity: transient. Consent required: no. Legal basis for processing: Balancing of interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Our legitimate interest is the management of cookie consents given by the user for this website.

2. Name: ucData (optional)

Purpose and content: Opt-in cookie that is absolutely necessary to store your consent and, if applicable, your individual selection for Google Consent Mode. Responsibility: First party. Validity: transient. Consent required: no. Legal basis for processing: Balancing of interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Our legitimate interest is the management of cookie consents given by the user for this website.

3. Name: ASLBSA

Purpose and content: This cookie is used to provide a load balancing function. Responsibility: First-party. Validity: transient. Consent required: no. Legal basis for processing: Balancing of interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Our legitimate interest is to ensure the security of our website.

4. Name: ASLBSACORS

E. Information about the rights of data subjects

As a data subject, you have the following rights regarding the processing of your personal data, which you can exercise by contacting us using the contact information provided in the section A :

A right to information (Art. 15 GDPR) about which personal data we process about you. This includes further information about the data processing, such as the purpose and legal basis, as well as the recipients of this data. You also have the right to request a copy of this data.
The right to request that we correct any inaccurate personal data concerning you and complete any incomplete personal data (Art. 16 GDPR).
A right to request the erasure of personal data concerning you in cases provided for by law (Art. 17 GDPR), for example if the data is no longer required for the purposes for which it was collected or if it has been processed unlawfully.
A right to request the restriction of processing in cases prescribed by law (Art. 18 GDPR).
A right to receive the personal data concerning you that we process on the basis of your consent or for the performance of a contract (see section B ) in a structured, commonly used and machine-readable format (right to data portability, Art. 20 GDPR).
The right to withdraw your consent at any time. This does not affect the lawfulness of the processing carried out until the withdrawal.
A right to lodge a complaint with a supervisory authority (Art. 77 GDPR). A list of data protection supervisory authorities with their addresses can be found here.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR (see section B ). We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You may not be entitled to the above rights in all cases. The law provides for restrictions in each case. You can find the full scope of your rights in the above articles, which you can access at the following link: eur-lex.europa.eu/legal-content/DE/TXT/HTML/.

1st of1, 2025