top of page

Legal Notice

Quick Overview: Privacy

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes any information that can be used to personally identify you. For detailed information about data protection, please refer to our full privacy policy listed below.

Data Collection on This Website

Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the section “Notice of the Responsible Party” in this privacy policy.

How do we collect your data?
Your data is collected in two ways:

  1. Data you provide to us directly – for example, information you enter into a contact form.

  2. Data collected automatically or with your consent – when you visit the website, our IT systems automatically collect certain technical data (e.g., internet browser, operating system, or time of page access). This collection occurs automatically as soon as you enter the website.

What do we use your data for?
Some of the data is collected to ensure that the website is provided error-free. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other service requests.

Your Rights Regarding Your Data

You have the right at any time to request free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent for data processing, you may revoke this consent at any time for the future. Additionally, you have the right, under certain circumstances, to request the restriction of processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority. For further questions regarding data protection, you can contact us at any time.

Analytics and Third-Party Tools

When you visit this website, your browsing behavior may be analyzed statistically. This is primarily done using so-called analytics programs. Detailed information about these analytics programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

WIX

The provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter “WIX”). WIX is a tool for creating and hosting websites. When you visit our website, WIX analyzes user behavior, visitor sources, the region of website visitors, and visitor numbers. WIX stores cookies on your browser that are required for displaying the website and ensuring security (necessary cookies).

The data collected via WIX may be stored on servers located around the world, including servers in the USA.

For more details, please refer to WIX’s privacy policy: https://de.wix.com/about/privacy.

Data transfer to the USA and other third countries is based, according to WIX, on the Standard Contractual Clauses of the European Commission or comparable safeguards under Article 46 GDPR. Further details can be found here: https://de.wix.com/about/privacy-dpa-users.

The use of WIX is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring our website is displayed as reliably as possible. If a corresponding consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and §25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to adhering to these privacy standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5626

Data Processing Agreement (DPA)

We have concluded a Data Processing Agreement (DPA) with WIX for the use of the service mentioned above. This is a legally required agreement under data protection law that ensures WIX processes the personal data of our website visitors solely according to our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Privacy

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws as well as this privacy policy. When you use this website, various personal data is collected. Personal data includes any information that can be used to personally identify you. This privacy policy explains which data we collect, how we use it, and for what purpose. Please note that data transmission over the Internet (e.g., via email communication) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Notice of the Responsible Party

The responsible party for data processing on this website is:

Kumandra Energy GmbH & Co. KG
Herzog-Friedrich-Str. 8a
DE-83278 Traunstein, Germany
Phone: +49 861 230 835 20
E-Mail: info@kumandra.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, or similar).

Data Retention

Unless a specific retention period is mentioned in this privacy policy, your personal data will remain with us until the purpose of data processing no longer applies. If you exercise a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons to retain your personal data (e.g., statutory tax or commercial retention periods). In such cases, deletion will occur once these reasons no longer apply.

Legal Basis for Data Processing

If you have given consent, we process your personal data based on Article 6(1)(a) GDPR and, where special categories of data are involved, Article 9(2)(a) GDPR. If you have explicitly consented to the transfer of personal data to third countries, processing is also based on Article 49(1)(a) GDPR.

If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing also occurs under §25(1) TDDDG. Consent may be revoked at any time.

If data is required for the performance of a contract or pre-contractual measures, processing is based on Article 6(1)(b) GDPR. Furthermore, we process data to comply with legal obligations under Article 6(1)(c) GDPR, or on the basis of our legitimate interest under Article 6(1)(f) GDPR. The specific legal basis for each processing activity is described in the respective sections below.

Recipients of Personal Data

In the course of our business operations, we cooperate with various external entities. Personal data is only shared with external parties if required for contract fulfillment, if we are legally obliged to do so (e.g., disclosure to tax authorities), if we have a legitimate interest in the transfer under Article 6(1)(f) GDPR, or if another legal basis allows the transfer.

When using data processors, personal data is shared only under a valid data processing agreement. In cases of joint processing, a joint processing agreement is concluded.

Withdrawal of Consent

Many data processing activities require your explicit consent. You may revoke any consent you have given at any time. The legality of processing carried out prior to the withdrawal remains unaffected.

Right to Object (Art. 21 GDPR)

If data processing is based on Article 6(1)(e) or (f) GDPR, you have the right to object at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such advertising. This also applies to profiling in connection with direct marketing. Once you object, your personal data will no longer be used for direct marketing purposes.

Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority in the event of violations of the GDPR, particularly in the member state of your habitual residence, place of work, or the location of the alleged infringement. This is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive personal data that we process automatically based on your consent or in fulfillment of a contract in a commonly used, machine-readable format, and to transmit it to another controller where technically feasible.

Access, Rectification, and Deletion

You have the right at any time, under applicable law, to obtain free information about your stored personal data, its origin, recipients, and the purpose of processing, as well as the right to request correction or deletion of this data. For any questions regarding personal data, you may contact us at any time.

Right to Restrict Processing

You have the right to request the restriction of processing of your personal data in the following cases:

  • If you dispute the accuracy of your personal data, processing may be restricted during verification.

  • If processing is unlawful, you may request restriction instead of deletion.

  • If we no longer need your personal data but you require it for the assertion, exercise, or defense of legal claims, you may request restriction instead of deletion.

  • If you have lodged an objection under Article 21(1) GDPR, processing may be restricted pending determination of whether your interests or ours prevail.

Restricted data may only be processed with your consent, for legal claims, to protect the rights of others, or for important public interest reasons.

SSL / TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us. You can recognize an encrypted connection by the change from “http://” to “https://” in the browser address bar and the lock icon. When SSL/TLS encryption is enabled, the data you transmit cannot be read by third parties.

Objection to Marketing Emails

The use of contact information published under the imprint obligation for sending unsolicited advertising and informational materials is hereby expressly prohibited. The operators of the website reserve the right to take legal action in case of the unsolicited sending of advertising information, e.g., via spam emails.

4. Data Collection on This Website

YouTube with Enhanced Privacy Mode

This website embeds videos from YouTube. The provider of YouTube is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page with an embedded YouTube video, a connection to YouTube servers is established, informing the server which of our pages you have visited.

If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in enhanced privacy mode. According to YouTube, videos played in this mode are not used for personalizing YouTube browsing. Ads shown in enhanced privacy mode are also non-personalized. No cookies are set in this mode; however, local storage elements may be stored in the user’s browser, which function similarly to cookies and may contain personal data for recognition purposes. More details on enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780.

Activating a YouTube video may trigger further data processing over which we have no control. Use of YouTube serves the legitimate interest of presenting our online content attractively (Article 6(1)(f) GDPR). Where consent has been obtained, processing occurs exclusively on the basis of Article 6(1)(a) GDPR and §25(1) TDDDG; consent can be revoked at any time. More information on YouTube privacy can be found here: https://policies.google.com/privacy?hl=de.

The company is certified under the EU-US Data Privacy Framework (DPF), which ensures compliance with European data protection standards for data processed in the USA. More information: https://www.dataprivacyframework.gov/participant/5780.

Google Maps

This site uses the mapping service Google Maps, provided by Google Ireland Limited (“Google”). Google Maps allows us to embed map content on our website. Using Google Maps requires the storage of your IP address, which is typically transmitted to a Google server in the USA. We have no influence on this data transfer.

When Google Maps is activated, Google may use Google Fonts for consistent font display. Your browser loads these fonts into its cache to display text correctly. Use of Google Maps serves the legitimate interest of providing an appealing presentation of our online content and easy accessibility of the locations indicated on our website (Article 6(1)(f) GDPR). Where consent has been obtained, processing occurs on the basis of Article 6(1)(a) GDPR and §25(1) TDDDG. Data transfer to the USA is based on the EU Commission Standard Contractual Clauses. More information:
https://privacy.google.com/businesses/gdprcontrollerterms/
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

Google reCAPTCHA

We use Google reCAPTCHA to verify whether data submitted on this website (e.g., via contact forms) is entered by a human or an automated program. reCAPTCHA analyzes visitor behavior based on various signals, starting automatically when a visitor enters the site. Information such as IP address, time spent on the site, or mouse movements may be analyzed and transmitted to Google.

This processing is based on our legitimate interest in protecting the website from abuse and spam (Article 6(1)(f) GDPR). Where consent has been obtained, processing occurs exclusively on the basis of Article 6(1)(a) GDPR and §25(1) TDDDG. Consent can be revoked at any time. More information: https://policies.google.com/privacy?hl=de | https://policies.google.com/terms?hl=de. The company is DPF-certified: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. Google Analytics allows us to analyze visitor behavior, including:

  • IP address (anonymized)

  • Page views

  • Time spent on the site

  • Device, operating system, and browser type

  • Visitor origin

Processing occurs solely on the basis of your consent under Article 6(1)(a) GDPR and §25(1) TDDDG. Consent can be revoked at any time. Data may be transferred to the USA. Google is certified under the EU-US Data Privacy Framework (DPF).

LinkedIn Insight Tag

We use the LinkedIn Insight Tag provided by LinkedIn Ireland Unlimited Company to:

  • Measure conversions

  • Build audiences

  • Deliver personalized advertising

Data processed may include IP address, device information, visited pages, and timestamps. Use is based solely on your consent under Article 6(1)(a) GDPR and §25(1) TDDDG.

Microsoft Bookings & Microsoft Teams

We use Microsoft Bookings to facilitate appointment scheduling. Provider: Microsoft Ireland Operations Limited. Data collected during booking may include:

  • Name

  • Email address

  • Phone number (if provided)

  • Appointment details (date, time, content)

  • IP address

Appointments are typically held via Microsoft Teams, which may also process technical connection data. Processing is based on Article 6(1)(b) GDPR (pre-contractual measures) and Article 6(1)(f) GDPR (legitimate interest). Microsoft is DPF-certified.

Mapbox

This website uses Mapbox for maps. Provider: Mapbox Inc., USA. Processing may include IP address and location data, which are transmitted to servers in the USA. Use is based on your consent under Article 6(1)(a) GDPR and §25(1) TDDDG. Mapbox is DPF-certified.

Google Search Console

We use Google Search Console to monitor the technical performance of our website in Google Search. No personal data of website visitors is collected or processed.

5. Plugins and Tools

YouTube with Enhanced Privacy Mode
This website embeds videos from YouTube. The provider of YouTube is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page with an embedded YouTube video, a connection to YouTube servers is established, informing the server which of our pages you have visited.
If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in enhanced privacy mode. According to YouTube, videos played in this mode are not used for personalizing YouTube browsing. Ads shown in enhanced privacy mode are also non-personalized. No cookies are set in this mode; however, local storage elements may be stored in the user’s browser, which function similarly to cookies and may contain personal data for recognition purposes. More details on enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780.
Activating a YouTube video may trigger further data processing over which we have no control. Use of YouTube serves the legitimate interest of presenting our online content attractively (Article 6(1)(f) GDPR). Where consent has been obtained, processing occurs exclusively on the basis of Article 6(1)(a) GDPR and §25(1) TDDDG; consent can be revoked at any time. More information on YouTube privacy can be found here: https://policies.google.com/privacy?hl=de.
The company is certified under the EU-US Data Privacy Framework (DPF), which ensures compliance with European data protection standards for data processed in the USA. More information: https://www.dataprivacyframework.gov/participant/5780.


Google Maps
This site uses the mapping service Google Maps, provided by Google Ireland Limited (“Google”). Google Maps allows us to embed map content on our website. Using Google Maps requires the storage of your IP address, which is typically transmitted to a Google server in the USA. We have no influence on this data transfer.
When Google Maps is activated, Google may use Google Fonts for consistent font display. Your browser loads these fonts into its cache to display text correctly. Use of Google Maps serves the legitimate interest of providing an appealing presentation of our online content and easy accessibility of the locations indicated on our website (Article 6(1)(f) GDPR). Where consent has been obtained, processing occurs on the basis of Article 6(1)(a) GDPR and §25(1) TDDDG. Data transfer to the USA is based on the EU Commission Standard Contractual Clauses. More information:
https://privacy.google.com/businesses/gdprcontrollerterms/
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/


Google reCAPTCHA
We use Google reCAPTCHA to verify whether data submitted on this website (e.g., via contact forms) is entered by a human or an automated program. reCAPTCHA analyzes visitor behavior based on various signals, starting automatically when a visitor enters the site. Information such as IP address, time spent on the site, or mouse movements may be analyzed and transmitted to Google.
This processing is based on our legitimate interest in protecting the website from abuse and spam (Article 6(1)(f) GDPR). Where consent has been obtained, processing occurs exclusively on the basis of Article 6(1)(a) GDPR and §25(1) TDDDG. Consent can be revoked at any time. More information: https://policies.google.com/privacy?hl=de | https://policies.google.com/terms?hl=de. The company is DPF-certified: https://www.dataprivacyframework.gov/participant/5780.


Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. Google Analytics allows us to analyze visitor behavior, including:

  • IP address (anonymized)

  • Page views

  • Time spent on the site

  • Device, operating system, and browser type

  • Visitor origin

Processing occurs solely on the basis of your consent under Article 6(1)(a) GDPR and §25(1) TDDDG. Consent can be revoked at any time. Data may be transferred to the USA. Google is certified under the EU-US Data Privacy Framework (DPF).


LinkedIn Insight Tag
We use the LinkedIn Insight Tag provided by LinkedIn Ireland Unlimited Company to:

  • Measure conversions

  • Build audiences

  • Deliver personalized advertising

Data processed may include IP address, device information, visited pages, and timestamps. Use is based solely on your consent under Article 6(1)(a) GDPR and §25(1) TDDDG.


Microsoft Bookings & Microsoft Teams
We use Microsoft Bookings to facilitate appointment scheduling. Provider: Microsoft Ireland Operations Limited. Data collected during booking may include:

  • Name

  • Email address

  • Phone number (if provided)

  • Appointment details (date, time, content)

  • IP address

Appointments are typically held via Microsoft Teams, which may also process technical connection data. Processing is based on Article 6(1)(b) GDPR (pre-contractual measures) and Article 6(1)(f) GDPR (legitimate interest). Microsoft is DPF-certified.


Mapbox
This website uses Mapbox for maps. Provider: Mapbox Inc., USA. Processing may include IP address and location data, which are transmitted to servers in the USA. Use is based on your consent under Article 6(1)(a) GDPR and §25(1) TDDDG. Mapbox is DPF-certified.
Google Search Console
We use Google Search Console to monitor the technical performance of our website in Google Search. No personal data of website visitors is collected or processed.
Wenn du willst, kann ich nun alle bisher übersetzten Abschnitte (Cookies, Kontakt, WIX, YouTube, Google Dienste, Analytics, LinkedIn, Microsoft, Mapbox) zu einer sauberen, vollständigen englischen Datenschutzerklärung zusammenführen, ready-to-publish für eure Website. Das würde ein komplettes Dokument in rechtlich sicherer, verständlicher und konsistenter Form ergeben.

6. Handling of Applicant Data

If you submit your application documents to us via email or our application form, we process your personal data solely for the purpose of conducting the recruitment process.

The data processed may include, in particular:

  • Name

  • Contact information

  • Curriculum vitae (CV)

  • Certificates

  • Other application documents

The legal basis for processing is Article 6(1)(b) GDPR and §26 BDSG (Federal Data Protection Act, Germany).

Applicant data will be deleted no later than six months after the conclusion of the recruitment process, unless there is a statutory retention obligation or you have explicitly consented to a longer retention period.

bottom of page