Data protection

Data protection

On this page you will find the data protection information of the website. Data protection information for interested parties, customers and suppliers can be accessed here (PDF).

We take the protection of your personal data very seriously when using the websites of our domain "" as well as all subdomains (hereinafter referred to as the "website"). In the following, we will inform you about the collection, processing and use of your personal data when you visit these websites and use the services offered. "Personal data" is information about a person or information that relates to a person (e.g. name, address, postal address, telephone number, IP address) and which can be used to find out persons’ identities. Personal data is all information that refers to an identified or identifiable natural person. A natural person is considered to be identifiable if he or she can be identified directly or indirectly - in particular by assigning an identifier such as a name, identification number, location data or an online identification. The data protection law of the Federal Republic of Germany protects personal data, in particular by the General Data Protection Regulation ("GDPR").

1. Data Controller Responsible

Data Controller responsible pursuant to the General Data Protection Regulation (GDPR) is:

Peter Kölln GmbH & Co. KGaA
Westerstraße 22-24
D-25336 Elmshorn
+49 (0) 41 21 64 80
+49 (0) 41 21 66 39

2. Data subject rights

Insofar as we store and process your personal data, you are entitled to the following rights:

(1) Right to information pursuant to Art. 15 GDPR about the processing of your personal data by us for processing purposes, categories of processed data, recipients or recipient categories, duration of storage or criteria for determining the duration, right to correction, deletion, restriction to processing or objection to the processing, the right to lodge a complaint with the supervisory authority, information about the origin of the data and the existence of automated decision-making and, if applicable, information about guarantees pursuant to Art. 46 GDPR when transmitted to a third country or international organisations;

2) Right to immediate rectification of incorrect or incomplete personal data pursuant to Art. 16 GDPR;

(3) Right to deletion of the stored personal data pursuant to Art. 17 GDPR if the data are no longer required in relation to the purposes for which they were collected or otherwise processed, if a given consent has been revoked and where there is no other legal ground, if there is an objection to the processing, and the data may no longer be processed pursuant to Art. 21(1) or (2) GDPR, if the data have been unlawfully processed, if the data have to be deleted for compliance with a legal obligation or if the data have been collected in relation to the offer of information society services pursuant to Art. 8 (1). This shall not apply to the extent that processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

(4) Right to restriction of processing pursuant to Art. 18 GDPR if you dispute the accuracy of the data (for the period required enabling to verify the accuracy), if the processing is unlawful, but you oppose to deletion and request the restriction of their use instead, if we no longer need the data for the purposes of processing, but you need the data to establish, exercise or defend legal claims, or if you have objected to the processing pursuant to Art. 21 (1) GDPR and pending the verification whether our legitimate reasons prevail.

(5) Right to object to the processing of your personal data pursuant to Art. 21(2) GDPR (if the data are processed for direct marketing purposes or pursuant to Art. 21(1e) or (f) GDPR) takes place on grounds relating to your particular situation unless we demonstrate compelling legitimate grounds for the processing which override your interests, or the processing serves to establish, exercise or defend legal claims ).

(6) Right to data portability pursuant to Art. 20 GDPR, i.e., to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller;

(7) Right to withdraw consent at any time pursuant to Art. 7(3) GDPR. As a result of the revocation of consent, we are no longer allowed to carry out data processing in future from the date of the revocation.

(8) Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. The supervisory authority responsible for us can be found under clause 4.

(9) All requests for information, information inquiry or objections to data processing should be directed to the address mentioned under clause 1.

3. Automated decision-making

An automated decision-making is not used here.

4. Supervisory authority

The address of the supervisory authority responsible for us is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstrasse 98
24103 Kiel
+49 (0) 431 988-1200
+49 (0) 431 988-1223

5. CookieFirst Consent Manager 

We use the consent manager CookieFirst to provide legally compliant information and to query your preferences. 
This serves to comply with the legal obligations to provide evidence, such as the storage of consent or, if you do not consent, non-consent. 

With the "CookieFirst" function, we inform you about the use of cookies on our website and enable you to make a decision about their use.
Processing by CookieFirst Consent Manager:

  • The anonymized IP number of the user;
  • The date and time of consent;
  • User agent of the end-user's browser;
  • The URL of the provider; 
  • An anonymous, random and encrypted key.
  • The approved cookies of the user (cookie status), which serves as proof of consent.

The encrypted key and the cookie status are stored on the user's device using a cookie in order to establish the corresponding cookie status when the page is accessed in the future. This cookie is automatically deleted after 12 months. 
The legal basis for using the Consent Manager is Art. 6 (1 f) GDPR (weighing of interests) in conjunction with Art. 6 (1 c) GDPR (obligation to provide evidence).

We have concluded a processing contract with CookieFirst. This is a contract required by data protection law, which ensures that CookieFirst processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

6. Storage of access data

(1) Each time our website is accessed, access data are stored in a log file on our provider's server.

(2) This data set includes for example your IP address, directory protection user, date, time of request, pages viewed, protocols, status code, amount of data, referrer, user agent and host name called up.

(3) These data are collected for technical reasons. Deletion takes place automatically after 7 days at the latest. The legal basis for the collection of this data is Art. 6 (1 f) GDPR. Our legitimate interest is to ensure the security and stability of our website.

7. Collection of personal data for informational use

(1) If you use the website for informational purposes only, i.e. if you do not log in, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data mentioned under 5.2, which your browser transmits to technically enable the visit to the website.

(2) When using the website, so-called cookies are stored on your computer. Cookies are text files which are stored on your hard drive (assigned to the browser you are using) and through which certain information flows to the person who sets the cookie (in this case, to us). Cookies cannot run programmes or transmit viruses / malware to your computer.
E.g. we use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.

This website uses cookies to the following extent:

  • Session cookies (temporary use)
  • Persistent cookies
  • Third-party cookies (from third-party providers)

Session cookies are automatically deleted when you close the browser.
The legal basis for the use of session cookies is Art. 6 (s 1. 1 f) GDPR. It is our legitimate interest to be able to use cookies to optimise our website for users. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

The legal basis for persistent cookies and third-party cookies is Art. 6 (1 S. 1 a) GDPR, i.e.  your express consent that we may set cookies on your terminal. You may give us your consent by approval to the cookie notification banner.

Persistent and third-party cookies remain on your terminal until you delete them. They allow your end device to be recognised when you return to the website.

You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your wishes and, e.g. refuse acceptance of cookies. However, we would like to point out that you may then not be able to use all functions of this website.

8. Use of functions of our website

(1) In addition to the purely informational use of our website, we can offer other services on the website to you which you can use if you are interested in. To do so, you usually have to provide personal data that we need and use to provide the respective service. If additional voluntary information are possible and requested by us, they are marked accordingly.

(2) When you contact us by e-mail, your e-mail address and, if you indicate this, your name, your telephone number and, if you select "Product complaint", optionally your country, street, house number and place of residence are stored with us in order to answer your questions and to enable us to remedy defects in the event of justified notices of defects.

(3) If you send us inquiries via the contact form, your details from the request form including the contact details you provided there for the purpose of processing the request are stored. We will not pass this data on to external third parties without your consent.
If your request is related to the fulfilment of a contract or is required to carry out pre-contractual measures these data are processed on the basis of Art. 6 (1 lit. b) GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1 lit. f) GDPR) or on your consent (Art. 6(1 lit. a) GDPR) if this was queried.
The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - especially retention periods - remain unaffected.

9. Integration of services and social media

We use the internet presence in social networks (including Facebook and Instagram, see below) to communicate with the customers, interested parties and users active there and to be able to provide them with information on us and our products.

It is possible that user data are also processed outside of the European Union. This could result in risks for the user, e.g. because it may be difficult to enforce your own rights.

Furthermore, the data of the users may possibly be processed for analysis purposes, namely by

- Google Analytics;

This way, profiles can be created from the usage behaviour and the interests of the users derive thereof. These profiles can be used to, e.g. for placing of advertisements inside and outside the platforms that are likely to serve the interests of the users. For these purposes, cookies may be stored on the users' computers, through which the usage behaviour, the interests of the users and / or the length of stay are saved.

In the event of requests for information and the assertion of user rights, we would like to point out that these can be most effectively asserted with the respective providers. The providers only have access to the relevant data of the users and can directly take appropriate measures and provide concrete information.

For a detailed description of the respective processing, we refer to the following information on the respective providers.


Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Irland).
According to Facebook, only an anonymised IP address is saved in Germany. In addition to presenting information and news about our group of companies, we also use Facebook to evaluate the Insights service. This is based on a shared responsibility. Further information is listed below:

Privacy policy:


Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland).
We use Instagram to provide information about our company and related events.

Privacy Policy:


We have a Pinterest profile. The operator is Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA ("Pinterest"). You can find details on how they handle your personal data in Pinterest's privacy policy:


We have a profile on YouTube. YouTube is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to the data protection declaration of YouTube or Google:

If a YouTube video is started, the provider uses cookies which collect information about user behaviour.

If you have deactivated the storage of cookies for the Google-Ad programme, you will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.

YouTube videos possibly integrated on

In our YouTube Channel linked on our website we present, among other things, own videos. When using YouTube through clicking on links on our website (starting with ""), you will be directed to the YouTube website. For details on how YouTube handles your personal data, please refer to the YouTube or Google privacy policy:

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. These data are summarised in a user ID and assigned to the respective end device of the website visitor.

Furthermore, and among other things, Google Analytics allows us to record your mouse and scroll movements and clicks. Moreover, Google Analytics uses various modelling approaches to supplement the data records collected and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there.

The use of this service is based on your consent according to Art. 6 (1) lit. a DSGVO [EU Datenschutz-Grundverordnung = GDPR = EU General Data Protection Regulation] and § 25 (1) TTDSG. [German Telekommunikations-Telemedien-Datenschutzgesetz = German Telecommunications-Telemedia Data Protection Act]. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link:  More information on how Google Analytics handles user data can be found in Google's privacy policy:

Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. These data come from interest-based advertising from Google as well as visitor data from third-party providers. These data cannot be assigned to a specific person.

You can deactivate this function at any time via the ad settings in your Google account or deactivate the collection of your data by Google Analytics on this website by deactivating the "Performance" and "Advertising" tabs in the cookie banner (call up by clicking on the fingerprint symbol).

Order processing

We have concluded an order processing contract with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Maps

Via an API, this website uses the mapping service Google Maps. The provider is Google Ireland Limited(“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information istransferred to one of Google’s servers in the United States, where it is archived. The operator of this websitehas no control over the data transfer.

For more information on the handling of user data, please review Google’s Data Privacy Declaration under:

Google Tag Manager

Google Tag Manager is a programme with which we can manage so-called website tags via a surface (and thus integrate e.g. Google Analytics and other Google marketing services into our online offer). The tool 'Google Tag Manager' itself is a cookie-free domain and does not collect any personal data. When you visit our website, however, provided you have given us your consent on the cookie notice banner, your IP address will be transmitted to Google as a prerequisite for the technical process.

With regard to the processing of users' personal data, reference is made to the following information about Google services. Google Tag Manager usage guidelines: 

Note on data transfers to Google

All data transfers to Google in the USA are based on the EU standard contractual clauses. Further information can be found here:

10.  Applications

The controller collects and processes the personal data of applicants for the purpose of processing the application process. These data are processed on the basis of § 26 (1) sentence 1) BDSG (decision on the establishment of an employment relationship).
If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after receipt of the application; provided no other legitimate interests of the data controller are opposing to deletion. Other legitimate interests pursuant to Art. 6 (1 f), could for example be an obligation to provide evidence in a procedure under the General Equal Treatment Act (AGG).

11. Liability for contents

The contents of our pages were created with great care. However, we cannot guarantee that the content is correct, complete and up to date. As a service provider, we are responsible for our own content on these pages in accordance with general laws pursuant to § 7 (1) TMG. Pursuant to §§ 8 to 10 TMG, we as a service provider are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information according to general laws remain unaffected. However, liability in this regard is only possible from the time we become aware of a specific legal violation. As soon as we become aware of such violations, we will remove such contents immediately.

12. Liability for links

Our pages may contain links to external third party websites, on whose content we have no influence. For this reason, we cannot accept any liability for this external content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time the link was created. No illegal content was discernible at the time the link was created. A permanent control of the content of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of legal violations, we will remove such links immediately.

13. Data security

We secure our website and other systems with suitable technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. Despite regular checks, complete protection against all risks is not possible.
Our website uses the industry standard TLS / SSL (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal data on the Internet. You can see whether an encrypted transmission is taking place by the closed key or lock symbol in the display of your browser.

We would like to point out that data transmission on the Internet (e.g. when communicating by email) can have security gaps. It is not possible to completely protect data from third-party access.

14. Disclosure of data

Your personal data will only be disclosed to third parties if you have given your express consent pursuant to Art. 6 (1 clause 1 a) GDPR;
if the disclosure is required to fulfil contractual obligations pursuant to Art. 6 (1 clause 1 b) GDPR

  • if we are legally obliged to disclose the data for the purpose of Art. 6 (1 sentence 1 c) GDPR;
  • if disclosure of the data is in the public interest for the purpose of Art. 6 (1 e) GDPR or;
  • if disclosure of the data is required pursuant to Art. 6 (1 s. 1 f) GDPR in order to protect our    legitimate interest or the legitimate interests of a third party, unless your interests in the protection of your data outweigh them.

15. Third party recipients

To deal with complaints and customer support and to enable us to process your concerns satisfactorily, we may have to pass on your personal data to third-party recipients. Third parties can be our suppliers, transport and logistics partners and our trading partners.

16. Duration of storage of personal data

Your data will be stored by us for as long as required for the respective purposes the processing is based on. In addition, we only store data if we are legally obliged to do so, e.g.  due to statutory retention requirements.

17. Information on the right to object

An objection to the processing of your personal data, based on Art. 6 (1 e) (data processing in the public interest) or (f) (data processing to protect legitimate interests based on balancing of interests) is possible at any time pursuant to Art. 21 GDPR. In the event of an objection, the personal data shall no longer be processed, unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Please direct your objection to the contact named under point 1 of this privacy policy ("Data Controller responsible").

18. Information on the right of revocation

If you have given us your consent to the processing of personal data, you can revoke this at any time. Of course, this also applies to declarations of consent given to us before May 25, 2018 (before the GDPR was in effect). The revocation of consent can only apply for the future. The lawfulness of the processing is not retrospectively removed by revocation. Please direct your revocation to the address mentioned under point 1.

19. Timeliness

This data protection declaration was last updated on January 31th, 2022. It is the current and valid version of our privacy policy.
However, we would like to point out that from time to time it may be necessary to revise this privacy policy due to actual or legal changes.

20. Data Protection Officer

If you have specific questions about the protection of your data, please contact the data protection officer of Peter Kölln GmbH & Co. KGaA:

Mrs Kerstin Lange
c / o Vater Solution GmbH
Boschstraße 5
24118 Kiel

Email: dataprotection[at]