© 2026 — Koehler Group

Koehler Holding SE & Co. KG
Hauptstraße 2 · 77704 Oberkirch

Google Maps Google Maps

Data Privacy

Koehler Holding SE & Co. KG would like to promote user confidence in the Web and is therefore laying out its policy for handling personal data. The following section will show you what information we collect for what purposes and how we use it.

The Privacy Policy contains special instructions for applicants as well as general information both for the applicants as well as other visitors to our website.

It is a matter of course for us to deal with your data carefully and to treat it as confidential. We therefore ask you to send us only serious applications and to check attached files in advance for viruses etc. before you forward them to us.

1. Objective and responsibility

1. This Privacy Policy informs you about the type, scope, and purpose of the processing of personal data within our website and associated websites, functions, and content (hereinafter jointly referred to as “online offer” or “website”). This Privacy Policy is applicable regardless of the domains, systems, platforms, and devices (for example desktop or mobile) on which the online offer is running.

2. The provider of online content, and therefore legally responsible for data privacy, is Koehler Holding SE & Co. KG, Hauptstraße 2, D-77704 Oberkirch, Germany, Email: info@koehler.com (hereinafter referred to as “we” or “us”). For details of representatives and more contact options, please refer to our masthead: Imprint.

3. The data privacy officer appointed for the companies of the Koehler Group can be reached at the following email address: datenschutz@koehler.com

4. The term “users” used in the following includes the applicant as well as other website visitors. All terms used such as “applicants” are to be understood as gender-neutral.

2. General information regarding data processing and legal bases

1. We process the personal data of users strictly in compliance with the relevant data protection laws. This means that the data of users will only be processed if this is permitted by law, i.e., in particular, if data processing is required in order for us to perform our contractual services (e.g. process an order) and online services, where it is prescribed by law, if we have the consent of the user or if processing is based on our legitimate interests (i.e. our interest in the analysis, optimization and economic operation and security of our online service in terms of Art. 6 (1) (f) GDPR), particularly with regard to measuring coverage, creating profiles for advertising and marketing purposes, collecting access data and the use of services of third-party providers.

2. With regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR), the legal basis regarding consent is Art. 6 (1) (a) and Art 7 GDPR, the legal basis for processing in order to perform our services and contractual activities is Art. 6 (1) (b) GDPR, the legal basis for processing in order to fulfill our statutory duties is Art. 6 (1) (c) GDPR and the legal basis for processing to maintain our legitimate interests is Art. 6 (1) (f) GDPR.

3. Irrespective of the aforementioned purposes, we also process your contact data (particularly your name, address and email address) within the legally permissible scope for marketing and advertising purposes, i.e. for example in order to send you information about our products, our company, special offers or events. Finally, if we have obtained your contact data in the context of a business event, a business meeting (e.g. by exchanging business cards) or an order, we also process them to manage our business contacts and transfer them to our CRM system (customer relationship management system).

As we have a legitimate economic interest in maintaining contacts established in the course of conducting business beyond the first contact, to use the same to establish a business relationship and to maintain contact with the respective persons for this purpose, the aforementioned processing of your personal data is performed on the basis of Art. 6 (1) (f) GDPR.

3. Security measures

1. We take organizational, contractual, and technical security measures in accordance with the state of the art in order to ensure that the provisions of the data privacy laws are complied with and to ensure that the data processed by us is protected from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

2. The security measures include, in particular, the encrypted transfer of data between your browser and our server.

4. Disclosure of data to third parties and third-party suppliers

1. Forwarding of data to third parties only takes place within the framework of the legal guidelines. We forward the data of users to third parties only if this is necessary, for example, for billing purposes or for other purposes if these are necessary in order to fulfill our contractual obligations vis-à-vis the users.

2. If we use subcontractors in order to provide our services, we will take appropriate legal measures and appropriate technical and organizational measures for the protection of personal data in accordance with the relevant statutory provisions.

3. If content, tools, or other resources from other suppliers (hereinafter jointly referred to as “third-party suppliers”) are used within the framework of this Privacy Policy and the third-party supplier is located in a third country, it is to be assumed that a data transfer into the countries of the third-party supplier takes place.

4. Third countries are countries in which the GDPR is not directly applicable, i.e., in principle, countries outside the European Union (EU) or the European Economic Area (EEA)

5. The transfer of data to third countries is carried out if an adequate level of protection for the data, user consent, or otherwise legal permission exists.

5. Purpose and scope of the processing of applicant data

1. We process applicant data only for the purpose and within the framework of the application procedure in accordance with the legal requirements. The processing of applicant data is carried out in order to fulfill our contractual obligations and on the basis of our legitimate interests, as well as the interests of the applicant in the implementation of a rapid and effective application process.

2. The application process requires that applicants provide us with the applicant data. The required applicant data is marked as such in our secure online form. This includes the personal information, postal and contact addresses, and documents belonging to the application such as a cover letter, résumé, and references. Furthermore, applicants may voluntarily provide us with additional information. Upon transmission of the application to us, the applicant consents to the processing of their data for the purposes of the application procedure according to the manner and scope set out in this Privacy Policy.

6. Transfer of applicant data

1. In general, we do not pass on applicant data to third parties. In the context of the application process, however, we may receive support from external service providers or other companies within our group. In this case, the service provider may also process data of the applicant. The service providers process the data of the applicant only on our behalf and on the basis of contractual obligations that stipulate compliance with the agreed-upon organizational and technical measures.

2. Furthermore, a transfer of applicant data may also occur if a position has been expressly advertised by several companies within our group, i.e. the application procedure is carried out by several companies.

3. In all other cases, we ask the applicant for permission before we share their data.

7. Type of transmission of applications

1. Applicants can submit their applications to us by using the contact form on our website. The data is transmitted in encrypted form to us in accordance with the state of the art of technology.

2. Alternatively, applicants can submit their applications to us via e-mail. In this case, however, we note that Emails are not sent in encrypted form. We can therefore assume no responsibility for the transmission path of the application between the sender and receipt on our server. For this reason, we recommend using the online form.

3. Rather than the application via the online form or Email, applicants still have the opportunity to submit their application by mail.

8. Retention and deletion of applicant data

1. In the case of a successful application, the data provided to us by the applicant can be further processed by us for the purposes of employment.

2. Otherwise, if the application for a position is not successful, the data of the applicant will be deleted. The data of the applicant will also be deleted if an application is withdrawn, which the applicant is entitled to do at any time.

3. The deletion will be carried out, subject to a justified revocation of the applicant, after the expiry of a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations of proof arising from the General Act on Equal Treatment (AGG).

9. Contact

1. When a user makes contact with us (using the contact form, by Email, in the context of an order or, for example, by exchanging business cards), the user’s information is processed for the purpose of processing the contact request and responding to the inquiry.

2. The data of users may be stored in our customer relationship management system (“CRM system”) or similar inquiry organization systems for the further maintenance of the business relationship and, as commercial correspondence, must be kept for six years, due to statutory requirements, and, in the case of statutory tax relevance, for a period of ten years.

10. Collection of access data

1. Log file information is collected by the provider solely as part of monitoring.

2. For security reasons (e.g. for the elucidation of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data whose further retention is required for evidential purposes is excluded from deletion until the final clarification of the respective incident.

11. Cookies and audience measurement

1. Cookies are pieces of information that are transferred to the Web browser of the user by our Web server or third-party Web servers and stored there for subsequent retrieval. Cookies can be small files or other types of information storage. Users are notified about the use of cookies within the framework of pseudonymous audience measurement within this Privacy Policy.

2. If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offer.

3. You can object to the use of cookies for audience measurement and advertising purposes via the Network Advertising Initiative's opt-out page (https://optout.networkadvertising.org/) and additionally the US website (https://www.aboutads.info/choices) or the European website (https://www.youronlinechoices.com/uk/your-ad-choices/).

Necessary Cookies

These cookies are essential for the website's functionality and therefore cannot be disabled.

WSESSIONID
Duration of storageSession
Necessary standard cookie to use with PHP session data.

hideCookieNotice
Duration of storageUp to 30 days depending on the selection.
Saves that the cookie or data protection notice is not displayed again each time you access the site.

hideCookieNotice2
Duration of storageUp to 30 days depending on the selection.
Saves that the cookie or data protection notice is not displayed again each time you access the site.

allowLoadExternRessources
Duration of storageUp to 30 days depending on the selection.
Remembers the user decision whether external components may be loaded automatically.

allowTracking
Duration of storageUp to 30 days depending on the selection.
Remembers the user decision that visitor behaviour may be tracked.

Marketing/tracking Cookies

These cookies are used for marketing purposes and analyse your visitor behaviour.

_pk_id.1.3659
Duration of storage: 13 months
Saves some details about the user such as the unique visitor ID.

_pk_ref.1.3659
Duration of storage: 6 months
This cookie is used as a reference to the anonymous tracking session on the site.

_pk_ses.1.3659
Duration of storage: 30 minutes
Stores data for the visit temporarily.

_pk_testcookie..undefined
Duration of storage: Session
Checks whether the visitor's browser supports cookies.

_pk_testcookie.1.3659
Duration of storage: Session
Checks whether the visitor's browser supports cookies.

12. Social media buttons and links

1. The links and buttons to social networks and platforms (hereinafter referred to as “social media”) used within our online offer do not create a connection between social networks and the users until users click on the links or buttons and the respective networks, or their websites, are accessed. This function corresponds to the operation of a regular hyperlink.

2. The following diagram provides an overview of the linked social media providers, along with links to their respective privacy policies, which contain more information about the processing of data and, in some cases already mentioned here, objection options (so-called opt-out):

13. Web analysis by Matomo (formerly PIWIK)

Extent of personal data processing:
On our website, we use the open-source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software places a cookie on the user’s computer (regarding cookies, see above). If individual pages of our website are accessed, the following data is stored:

  • two bytes of the IP address of the accessing system of the user
  • the website accessed
  • the website from which the user accessed the website (referrer)
  • the subpages of the website that are accessed
  • the duration of the visit to the website
  • the frequency of access to the website

The software used for this purpose runs exclusively on the servers of our website. Users’ personal data is stored there only. The data is not disclosed to third parties.

2. Legal basis for processing personal data: The legal basis for the processing of personal data of the user is Article 6, Paragraph 1, Subparagraph F, of the GDPR.

3. Purpose of data processing and legitimate interest: Processing the personal data of users makes it possible for us to analyze the surfing behavior of our users. The data gained through this analysis allows us to compile information about the use of the individual components of our website. This helps us to continually improve our website and make it more user-friendly. In these purposes, we also have a legitimate interest in processing the data according to Article 6, Paragraph 1, Subparagraph F, of the GDPR. Anonymizing the IP address sufficiently takes into account the users’ interest in protecting their personal data.

You will find more information about the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/

14. Integration of third-party services and Content

1. Within our online offer, and on the basis of our legitimate interests (i.e. interest in the analysis, optimization, and economic operation of our online offer within the meaning of Article 6, Paragraph 1, Subparagraph F, of the GDPR), we use content or service offerings from third-party suppliers to embed their contents and services such as videos or fonts (hereinafter referred to uniformly as “content”). This always requires that the third-party supplier of the content learn the IP address of the user, because the content can not be sent to the browser without the IP address. The IP address is therefore required for the presentation of that content. We strive to use only such content whose respective provider only uses IP addresses for delivery of the content. Furthermore, third-party suppliers may also use so-called pixel tags (invisible graphics, also known as “Web beacons”) for statistical and marketing purposes. Through the pixel tags, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the device of the user and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offer; the information can also be connected with other information from other sources.

 

2. The following provides an overview of third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, in some cases, the opt-out options already mentioned here:

15. Rights of users

1. Users have the right to request, free of charge, information about the personal data we have stored about them. In addition, users have the right to rectification of inaccurate data, restriction of processing, and erasure of their personal data, as applicable, to exercise their right to data portability, and, in the event of suspected unlawful data processing, to lodge a complaint with the competent supervisory authority (The State Commissioner for Data Protection Baden-Württemberg, Königstraße 10a, 70173 Stuttgart).

2. Users can also, in general with future effect, withdraw their consent without giving reasons.

16. Deletion of data

1. The data stored on our servers will be deleted as soon as it is no longer required for its intended purpose and the deletion does not violate any statutory retention obligations. If the data of the user cannot be deleted because it is required for other purposes permitted by law, the processing of this data is restricted, which means that the data is locked and cannot be used for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.

2. In accordance with the legal requirements, retention is carried out for six years pursuant to Section 257, Paragraph 1, of the German Commercial Code (trade books, inventories, opening balances, annual financial statements, business letters, receipts, etc.) and for ten years pursuant to Section 147, Paragraph 1, of the German Fiscal Code (books, records, financial reports, receipts, trade and business letters, tax-related documents, etc.).

17. Right to object

Users can object to the future processing of their personal data in accordance with the statutory provisions at any time without giving reasons. The objection may relate, in particular, to processing for purposes of direct marketing.

18. Changes to the privacy policy

1. We reserve the right to amend the Privacy Policy in order to adapt it to changing legal situations or if changes are made to the service and data processing. However, this only applies with regard to explanations of data processing. If user consent is required or if components of the Privacy Policy contain provisions governing the contractual relationship with the users, the changes are made only with the consent of the user.

2. Users are asked to regularly inform themselves about the contents of the Privacy Policy.

19. Instagram company profile

We operate a publicly accessible company profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

 

When you visit our Instagram page, personal data is processed by Meta and by us as the page operator. This processing is carried out under joint controllership pursuant to Article 26 of the GDPR. The corresponding agreement with Meta can be viewed here: https://www.facebook.com/legal/controller_addendum

 

Meta provides us with so-called "Insights" data via Instagram. This data contains information about the use of our page (e.g., reach, interactions, demographic data). We use this data in anonymized form to optimize the content on our profile. It is not possible for us to draw conclusions about individual users.

 

For more information about data processing by Meta, please see the Instagram Privacy Policy: https://privacycenter.instagram.com/policy

 

When you interact with our profile (e.g., through comments, likes, messages), we process your data to respond to your requests or to communicate with you (legal basis: Art.6 para.1 lit. f GDPR).

20. Facebook company profile

We operate a publicly accessible company profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

 

When you visit our Facebook page, personal data is processed by Meta and by us as the page operator. This processing is carried out under joint controllership pursuant to Article 26 GDPR. The corresponding agreement with Meta regarding joint controllership can be viewed here: https://www.facebook.com/legal/controller_addendum

 

Meta provides us with statistical data via "Facebook Insights" that gives us insights into the use of our page (e.g., reach, page views, interactions, demographic information). We receive this data exclusively in aggregated form, which means that no direct identification of individuals is possible. We use this data to optimize our content.

 

Further information on data processing by Meta can be found in the Facebook Data Policy: https://www.facebook.com/privacy/policy

 

Interactions on our Facebook page:

When you interact with our profile (e.g., by commenting, sending messages, or clicking "Like"), we process your data to communicate with you or address your concerns. The legal basis for this is Article 6(1)(f) GDPR.

21. Youtube company profile

We operate a publicly accessible company channel on YouTube. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), a company of Alphabet Inc.

 

When you visit our YouTube channel, personal data is processed by Google and by us as the channel operator. This processing is carried out jointly in accordance with Article 26 of the GDPR, insofar as it concerns the use of YouTube Analytics in connection with our channel. Google provides us with aggregated statistical analyses of the use of our channel (e.g., viewership figures, reach, demographic data), over the collection of which we have no control.

 

Google does not currently publish its joint controllership agreement transparently. Therefore, we rely on Google's publicly available privacy information: https://policies.google.com/privacy

 

Interactions on our YouTube channel:

When you interact with our channel (e.g., by commenting or subscribing), we process your data to communicate with you or to evaluate content. The legal basis for this is Article 6(1)(f) GDPR. It is in our legitimate interest to contact users and optimize our content.

22. Xing company profile

We maintain a company profile on the career platform XING, a service of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”).

 

When you visit or interact with our XING profile (e.g., by following, commenting on, or sharing posts), personal data is processed by XING and by us as the profile operator. This processing is partly carried out under joint controllership pursuant to Article 26 GDPR, particularly in connection with so-called XING Analytics, insofar as XING provides us with aggregated usage data. We have no direct influence on the manner in which this data is collected and analyzed.

 

When you visit or interact with our XING profile (e.g., by following, commenting on, or sharing posts), personal data is processed by XING and by us as the profile operator.  

XING's privacy policy can be found at: https://privacy.xing.com/de/datenschutzerklaerung

 

Interactions with our XING profile:

When you interact with our profile, we process your personal data (e.g., profile name, message content) in order to respond to your posts or messages. The legal basis for this is our legitimate interest in communicating with users pursuant to Art. 6 para. 1 lit. f GDPR.