As of: March 2025 | Kastner GmbH, Wolnzach

1. Privacy at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified.

Data collection on this website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator (Kastner GmbH). You will find their contact details in the section "Note on the controller".

How do we collect your data?
Your data is collected partly because you provide it to us (e.g. via the contact form). Other data is collected automatically by our IT systems when you visit the website (technical data such as browser, operating system, time of access).

What do we use your data for?
Some data is collected to ensure the website is provided without errors. Other data may be used to analyse user behaviour or to process enquiries.

What rights do you have regarding your data?
You have the right at any time to receive free information about the origin, recipient and purpose of your stored personal data. You also have the right to request rectification or erasure. If you have given consent to data processing, you can revoke that consent at any time. You can contact us at any time regarding this and any other questions on the subject of data protection.

2. Hosting

External hosting

This website is hosted externally. The hosting provider is:

The personal data collected on this website is stored on the hosting provider's servers. External hosting is carried out for the purpose of contract performance (Art. 6(1)(b) GDPR) and in the interest of providing our online offering securely and efficiently (Art. 6(1)(f) GDPR). We have concluded a data processing agreement (DPA) with the hosting provider.

3. General information and mandatory disclosures

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the applicable data protection laws and this privacy policy.

Note on the controller

Data protection officer

We have appointed a data protection officer:

Storage duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for erasure or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for retaining it.

General legal bases

Where you have consented to data processing, we process your data on the basis of Art. 6(1)(a) GDPR. Where your data is necessary for the performance of a contract, we process it on the basis of Art. 6(1)(b) GDPR. Further processing may be based on Art. 6(1)(f) GDPR (legitimate interest).

Revocation of your consent

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. The lawfulness of the data processing carried out prior to the revocation remains unaffected.

Right to lodge a complaint with the supervisory authority

In the event of infringements of the GDPR, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority in Bavaria is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach.

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://".

Objection to promotional e-mails

We hereby object to the use of contact data published as part of the legal notice obligation for the purpose of sending unsolicited advertising materials.

4. Data collection on this website

Cookies

Our website uses cookies. Cookies are small data packets stored on your device. You can configure your browser to inform you when cookies are set and to allow cookies only in individual cases.

Technically necessary cookies are stored on the basis of Art. 6(1)(f) GDPR. For all other cookies (analytics, external media) we obtain your consent (Art. 6(1)(a) GDPR). You can change your cookie settings at any time via the "Cookie settings" link in the footer.

Server log files

The provider of the pages automatically collects and stores information in server log files:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

Legal basis: Art. 6(1)(f) GDPR. This data is not merged with other data sources.

Contact requests via Klara (AI assistant)

This website offers Klara, an AI-powered assistant through which you can submit contact requests. Using Klara requires your express consent (checkbox before starting the conversation). Legal basis: Art. 6(1)(a) GDPR.

Content entered during a conversation with Klara (in particular your enquiry, your name and your e-mail address when confirming the request) is processed to handle your enquiry and forwarded to our team by e-mail. The data is deleted once the purpose of storage no longer applies and no statutory retention obligations stand in the way.

For AI processing we use the Anthropic Claude API (see Section 7). Your data is not used for training AI models.

Enquiries by e-mail or phone

When you contact us by e-mail or phone, your enquiry including all resulting personal data is stored with us for the purpose of handling it. Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR.

5. Analytics and advertising

Matomo

This website uses the open-source web analytics service Matomo. With the help of Matomo we are able to collect and analyse data about the use of our website.

This analytics tool is used on the basis of Art. 6(1)(a) GDPR (consent). You can deactivate Matomo via our cookie banner at any time or withdraw your consent via the opt-out below.

Matomo opt-out: If you do not wish your visit to be analysed, you can disable the analytics cookies via the Cookie settings.

6. Newsletter

If you wish to subscribe to the newsletter offered on this website, we require an e-mail address from you. Your newsletter subscription is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time.

Newsletter subscriptions are forwarded by e-mail directly to info@kastner.de. No third-party newsletter services are used to process your data.

7. Plugins and tools

Google Fonts (local hosting)

This site uses Google Fonts for consistent font rendering. The Google Fonts are installed locally on our servers. No connection to Google's servers takes place.

Google Maps

This site uses the Google Maps mapping service via a link. Clicking the link will redirect you to Google Maps, where your IP address and other data may be transmitted to Google. Google Maps is only invoked when the link is actively clicked and does not set cookies on your website.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Further information: https://policies.google.com/privacy

YouTube

Where YouTube videos are embedded on this website, this is done using enhanced privacy mode. YouTube does not store any information about visitors to this website before they watch the video. Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Klara AI assistant (Anthropic Claude API)

For the AI assistant "Klara" we use the Anthropic Claude API provided by Anthropic, PBC, 548 Market St, PMB 90375, San Francisco, CA 94104, USA.

When you start a conversation with Klara and give your consent, the conversation content you enter is transmitted to Anthropic's servers for AI processing. The processing is used exclusively for real-time responses to your enquiry and the subsequent forwarding of your request to our team.

Legal basis: Art. 6(1)(a) GDPR (your express consent before the conversation begins). You can refuse consent at any time by simply not starting the conversation.

Transfer to third countries: Anthropic is based in the USA. The data transfer is carried out on the basis of Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR and on the basis of the EU–U.S. Data Privacy Framework. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with Anthropic.

Anthropic Privacy Policy: https://www.anthropic.com/privacy
Data Processing Addendum (DPA): https://www.anthropic.com/legal/data-processing-addendum

8. eCommerce and payment providers

Processing of customer and contract data

We collect, process and use personal customer and contract data to establish, define the content of and amend our contractual relationships. Legal basis: Art. 6(1)(b) GDPR.

PayPal

PayPal may be used for payment processing. Provider: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

9. Our own services

Handling of applicant data

We offer you the opportunity to apply to us (by e-mail or via the contact form). We process your application data exclusively for the purpose of deciding whether to establish an employment relationship. Legal basis: § 26 BDSG, Art. 6(1)(b) GDPR.

If we are unable to make you a job offer, the transmitted data will be deleted after the completion of the application process, at the latest after 6 months.