Go to homepage
Toolbox €0.00
Menu

Data protection

1. general information on data protection

We attach great importance to the protection of your personal data and the preservation of your privacy. We therefore treat all personal data confidentially and in accordance with the statutory data protection regulations, in particular the EU General Data Protection Regulation (GDPR).

In this privacy policy, we inform you about which data is processed in our online mail order business, for what purposes and what rights you are entitled to in this context.

Security measures: We have taken technical and organisational measures to protect your data from unauthorised access, loss or misuse. Please note that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. We cannot guarantee complete protection against unauthorised access by third parties.

Controller: The controller responsible for data processing in our online shop is Kernlochbohrer GmbH, Geigersbühlweg 52, 72663 Großbettlingen, Germany, e-mail: info@kernlochbohrer.com , phone 07022 - 5034900

If you have any questions about data protection, you can contact us at any time.

2. collection and use of personal data when ordering, creating a customer account and contacting us

Ordering: When you order in our online shop, we collect the personal data required for ordering, payment and delivery. In particular, this includes your title, name, billing and delivery address, email address, payment information and ordered items. We process this data to fulfil the contract, i.e. to process your order, process payments and deliver the goods (Art. 6 para. 1 lit. b GDPR). We cannot fulfil the purchase contract without this data. If necessary, we use your contact details to inform you about the shipping status or to clarify queries about the order.

Customer account: If you create a customer account, we store the data you provide (e.g. name, address, email address, chosen password) to enable you to use the account and to make order processing more convenient. You can use the customer account to view your past orders or manage your data, for example. The processing is carried out to provide this function as part of the fulfilment of the contract or on the basis of your consent. If necessary, we also rely on our legitimate interest in offering you a convenient and efficient purchasing process (Art. 6 para. 1 lit. f GDPR). The provision of data in the customer account (except for the fields marked as mandatory) is voluntary. You can close the customer account at any time by sending us a message - we will then delete your stored account data, provided there are no legal obligations to retain it.

Contacting us: If you contact us (e.g. via contact form, email or telephone), we process the data you provide (such as name, email, telephone and content of the enquiry) in order to process and respond to your enquiry. The legal basis here is Art. 6 para. 1 lit. b GDPR, provided that the enquiry is related to the initiation or fulfilment of a contract, or otherwise our legitimate interest in communicating with enquirers (Art. 6 para. 1 lit. f GDPR). We use this data exclusively for correspondence with you and delete it as soon as your enquiry has finally been processed and there are no legal obligations to retain it.

Storage period (Art. 13 para. 2 lit. a GDPR): We only store personal data for as long as is necessary for the respective processing purposes. We generally store data collected for the fulfilment of contracts (e.g. orders, shipping, customer support) for the duration of the contractual relationship as well as for the statutory retention periods (e.g. commercial and tax retention periods of 6 or 10 years in accordance with Section 257 HGB and Section 147 AO). We delete data from contact enquiries as soon as the processing has been completed and there are no other legal obligations to the contrary. We store data in the customer account until you delete it or ask us to delete it, provided there are no statutory retention obligations. Your data will then be deleted or blocked.

3. data transfer to shipping and payment service providers and debt collection

We do not pass on your personal data to third parties unless this is necessary to fulfil the contract or you have expressly consented to this. Below we inform you about the cases in which data is passed on to third parties:

Shipping service provider: To ship your goods, we transmit your name, delivery address and, if applicable, your contact details (email/telephone for notification) to the transport or logistics company commissioned with the delivery (e.g. GLS, DHL, Spedition Dachser). This is done to fulfil the contract (Art. 6 para. 1 lit. b GDPR) so that your order can be delivered. The service providers use the data exclusively for dispatch and delivery notification and are contractually obliged to comply with data protection.
Payment service providers: To process payments, we pass on the necessary payment data to the payment service provider you selected in the ordering process or the responsible credit institution (e.g. to banks for SEPA direct debits, to credit card companies for card payments or to providers such as PayPal, Klarna, etc.). The transfer usually includes your name, invoice amount and means of payment data and is carried out for the purpose of payment processing (Art. 6 para. 1 lit. b GDPR). Please note that the respective payment service providers may be independent controllers of your payment data; in this case, their data protection notices also apply.
We use the external payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands ("Mollie"), to process your payments. All payment methods offered by us - with the exception of payment in advance - are technically processed via Mollie. These include, in particular, payments by credit card, instant bank transfer (instant banking), PayPal, iDEAL, purchase on account (via the provider Billie), EPS (electronic payment system, Austria) and Apple Pay. As part of the payment process, the personal data required to process the payment will be transmitted to Mollie. This includes in particular your name, your payment or account data, the invoice amount and the IP address. This data is processed and passed on exclusively for the purpose of carrying out the respective payment transaction and thus for the fulfilment of the contract (legal basis: Art. 6 para. 1 lit. b GDPR). Please note that Mollie may be an independent controller under data protection law for certain processing operations in connection with payment processing (for example, in the context of legal obligations to prevent fraud and money laundering or for credit checks). In such cases, the privacy policy of Mollie B.V. applies in addition, which you can view in Mollie's privacy policy (available at https://www.mollie.com/de/privacy).
Debt collection agencies and legal action: If you do not pay despite the due date, we reserve the right to call in a debt collection agency or a lawyer to enforce our payment claim. For this purpose, we transmit the data required for this purpose (e.g. name, contact details, outstanding claim) on the basis of our legitimate interests in the assertion of our claims (Art. 6 para. 1 lit. f GDPR). The data will only be passed on if it is necessary for enforcement and in compliance with the legal requirements.

All service providers to whom we pass on data are contractually or legally obliged to treat your data confidentially. Your personal data will only be transferred to countries outside the EU if this is necessary for the fulfilment of the contract or if we ensure appropriate guarantees in accordance with Art. 44 et seq. GDPR (see section Data transfer to third countries below).

4 Newsletter and advertising by email and post

Newsletter e-mail (upon registration): If you register for our email newsletter, we will use your email address to regularly send you our newsletter with information about our offers, news and promotions. Registration takes place using the so-called double opt-in procedure: After registering, you will receive an email in which you must click on a confirmation link to ensure that you are the owner of the email address and wish to receive the newsletter. The legal basis for sending the newsletter is your express consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time, e.g. by clicking on the unsubscribe link at the end of each newsletter or by sending us a message; cancellation is free of charge (except for any basic costs incurred for data transmission). After cancellation, you will no longer receive newsletters from us and we will delete or block your e-mail address for this purpose.

Email advertising to existing customers: If you shop with us, we may use the email address you provided during the purchase process to send you information and offers on similar products from our range without additional consent. This so-called direct advertising to existing customers is carried out in compliance with Section 7 (3) UWG on the basis of our legitimate interests in direct advertising (Art. 6 (1) (f) GDPR). This means that if you have provided your email address when making a purchase, we may send you advertising for similar goods or services unless you have objected to this. Of course, you can object to the use of your e-mail address for this purpose at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rate. You can declare your objection e.g. via an unsubscribe link in the advertising e-mail or inform us informally via one of the contact channels specified.

Postal advertising: We may also use your postal address to send you advertising by post (e.g. catalogues, product information or offers). This is also done on the basis of our legitimate interest in direct marketing (Art. 6 para. 1 lit. f GDPR). If you do not wish to receive postal advertising, you can object to this at any time (see detailed right to object in section 13). In the event of an objection, we will no longer use your address for postal advertising purposes in future.

Note: If you object to the use of your data for advertising purposes or revoke your consent to advertising, you will not incur any costs other than the transmission costs at the basic rate. Of course, we will then no longer contact you for advertising purposes.

5 Credit check for purchase on account

If you select the payment method purchase on account (or a comparable payment term), we want to ensure that we can minimise our payment risk. Therefore, we may carry out a credit check before confirming the order. For this purpose, we may involve external credit agencies (credit reference agencies), which provide us with an assessment of your creditworthiness using mathematical-statistical procedures (scoring).

For the creditworthiness enquiry, we transmit personal data - usually your name, address, date of birth if applicable and the details of the desired order (e.g. shopping basket value) - to one or more credit agencies. The credit agency uses its database (which also contains information about your previous payment behaviour) to check your creditworthiness and returns a score or recommendation to us, which indicates the statistical probability that a customer will settle their invoice.

This credit check serves our legitimate interest in avoiding payment defaults and fraud in order to be able to offer the payment method purchase on account in an economically responsible manner. The legal basis is Art. 6 para. 1 lit. f GDPR. We use the result of the enquiry (your score) to decide whether we can offer payment on account in your case. If the check shows a high risk of default, for example, we reserve the right to reject this payment method and suggest alternative payment methods. Please understand that this decision can mainly be made automatically.

Notes: You can contact us at any time to obtain information about the data used in the credit check. On request, we will also inform you of the credit agency with which we have made the enquiry. If you do not agree with a decision made, you can inform us of your reasons and we will review the process manually. You also have the right to request information from the credit agency about the data stored about you and to have incorrect data corrected. If you do not want us to carry out a credit check, please choose another payment method (e.g. prepayment, credit card or direct debit) for which we do not obtain a scoring.

6. integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated on our website. The Trustbadge displays the Trusted Shops seal of approval and any reviews we have received from customers and offers the option of registering for the Trusted Shops buyer protection products after placing an order. This serves to safeguard our legitimate interest in a transparent presentation of our shop reliability and secure shopping (Art. 6 para. 1 lit. f GDPR).

When the Trustbadge is called up by your browser, a connection to Trusted Shops servers is automatically established. The Trusted Shops web server (via which the Trustbadge is provided) stores a so-called server log file. This log file contains, for example, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the retrieval of the Trustbadge. This access data is not analysed and is automatically overwritten no later than seven days after your visit to the site. Further personal data is only transferred to Trusted Shops if you actively decide in favour of Trusted Shops after completing an order (for example, by clicking on a button offered and registering for buyer protection) or if you are already registered as a Trusted Shops customer. In this case, the agreement made directly between you and Trusted Shops applies - we ourselves transmit certain order data (e.g. order amount, order number, your name and e-mail) to Trusted Shops at this moment, insofar as this is necessary for Trusted Shops to provide its services. If you do not decide to use the Trusted Shops services and leave our site, no further data will be transmitted to Trusted Shops or stored there.

There is joint responsibility between us and Trusted Shops GmbH with regard to the display of the Trustbadge in accordance with Art. 26 GDPR. We have concluded a corresponding agreement with Trusted Shops; you can view the main contents of this agreement on the Trusted Shops website in the Help Centre. Further information on data protection at Trusted Shops can be found in the Trusted Shops data protection information (available at www.trustedshops.de/impressum/impressum/#datenschutz).

7 Use of cookies and web analytics

Our website uses cookies and similar technologies. Cookies are small text files that are stored on your end device. Some of them are technically necessary to provide the functions of our shop (e.g. save shopping basket, enable login). Other cookies are used to statistically analyse the use of the website or to improve our marketing.

We therefore differentiate between necessary cookies and optional cookies:

Necessary (essential) cookies: These cookies are necessary for our website and the ordering process to function properly. They are used, for example, to manage your shopping basket or to save your cookie settings. We set such cookies without prior consent, as we have a legitimate interest in the technically error-free provision of our website (Art. 6 para. 1 lit. f GDPR). If necessary, we also refer to § 25 para. 2 no. 2 TTDSG, which allows the storage of information in the terminal device without consent, provided it is absolutely necessary. You can deactivate essential cookies via your browser settings, although certain basic functions (such as the shopping basket) will then no longer work.
Optional cookies (analysis & marketing): We only set all cookies that are not absolutely necessary (e.g. cookies for web analysis, tracking or personalisation) with your express consent. When you visit our website for the first time, we ask you for your consent via a cookie banner as to which categories of cookies you would like to allow. For example, you can select "Accept all" or "Reject all" - both options are equivalent and immediately visible so that you have a free choice (in accordance with the current legal situation, which prohibits manipulative consent banners). Only if you select "Accept" (or allow certain cookie categories) will the corresponding non-essential cookies be set. The legal basis for the processing of the data collected is your consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG). You can withdraw your consent at any time, e.g. by deselecting certain categories in the cookie settings on our website or by clicking on "Reject all". Alternatively, you can delete or block cookies that have already been set via your browser settings.

Google Analytics: If you have given your consent, we use the Google Analytics service for web analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable your use of the website to be analysed. Information about your usage behaviour is collected - e.g. which pages you visit, click behaviour, technical information about your browser and device, approximate location data and an anonymised IP address. We use Google Analytics with IP anonymisation activated so that Google truncates the IP address of website visitors within the EU/EEA before any further processing takes place. According to Google, no complete IP addresses are usually stored in order to exclude a direct personal reference.

Google Analytics creates reports on our behalf about website usage (e.g. visitor numbers, length of stay, frequently visited pages) and thus helps us to improve our offering and optimise it for you as a user. The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR), which you give via our cookie banner. You can stop the web analysis at any time by revoking your cookie consent (e.g. via the cookie dialogue on our website). In addition, Google itself offers an opt-out browser plugin that you can use to prevent Google Analytics from collecting data (see tools.google.com/dlpage/gaoptout).

The cookies set by Google Analytics have different storage periods (sometimes only for the session, sometimes for several months or years). You can find more information on cookies and their duration in the Google privacy policy.

Data transfer to third countries with Google Analytics: Google Analytics may transfer data to Google LLC, based in the USA. We have concluded an order processing contract with Google and use the standard data protection clauses approved by the EU Commission as a suitable guarantee to ensure a level of data protection that complies with EU law. In addition, Google LLC (including its US subsidiaries) is certified in accordance with the EU-US Data Privacy Framework (DPF). Through this certification, the EU Commission has confirmed that an adequate level of data protection exists for certified US companies. However, as a precautionary measure, we would like to point out that there may still be certain risks when data is transferred to the USA without DPF certification - in particular that US authorities could access the data without European data subjects having effective legal remedies against this. Insofar as we transfer your analytics data to the USA, we base this - in addition to the aforementioned guarantees - on your express consent if necessary (Art. 49 para. 1 lit. a GDPR).

Note: Further information on the use of data by Google Analytics can be found in Google's privacy policy and in the Google Analytics documentation.

8 Google Tag Manager (GTM) and Microsoft Advertising

Google Tag Manager: We use Google Tag Manager, a service provided by Google Ireland Limited, on our website. We can use the Tag Manager to centrally manage and trigger website tags (scripts from third-party providers, e.g. tracking code from analysis or marketing tools). The Google Tag Manager itself does not create its own user profiles, does not store cookies and does not carry out any independent analyses. It is only used to technically trigger other tags, which in turn may collect data. Although the Tag Manager itself does not collect any personal data and, according to previous assessments, was not subject to consent, a connection to Google's servers is established when the Tag Manager script is loaded - at least your IP address is transmitted to Google, and Google can provide the Tag Manager from the USA. Current legal assessments and a judgement by the VG Hannover (March 2025) have made it clear that such services from the USA should only be loaded with the user's consent. We take this into account by only activating the Google Tag Manager on our website after you have consented to the "Marketing/Tracking" category in the cookie banner. Without your consent, the Tag Manager will remain inactive and no corresponding tags will be loaded. The Tag Manager is technically used on the basis of our legitimate interests in the efficient and consistent management of website tags (Art. 6 para. 1 lit. f GDPR); however, for reasons of precaution and to protect your privacy, we only activate it with your consent.

Microsoft Advertising (Bing Ads): With your consent, our website also uses the conversion and tracking tool from Microsoft Advertising, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Advertising (formerly Bing Ads) enables us to track and measure the success of our adverts. If you have reached our website via a Microsoft advert (e.g. in the Bing search), Microsoft places a so-called Universal Event Tracking (UET) cookie on your end device. This cookie makes it possible to track your user behaviour on our website after clicking on the ad - for example, whether you complete a purchase (conversion). This allows us to determine which adverts are effective and, if necessary, carry out remarketing (i.e. show you targeted adverts on Microsoft platforms if you were interested but did not make a purchase).

The data collected includes, for example, which pages you have visited on our website, for how long, which goals you have achieved (e.g. placed an order) and - if you are logged in via a Microsoft account - Microsoft may be able to establish a connection to your Microsoft profile. We ourselves do not receive any personal details about individual users from Microsoft, but only statistical analyses (e.g. total number of visitors via Bing ads and conversion rate). However, by using Microsoft Advertising, personal data (in particular the cookie ID, IP address, device and browser information) may be transferred to Microsoft in the USA. We therefore obtain your consent via the cookie banner before setting the UET cookie (category "Marketing") and base the processing on Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by deactivating the "Marketing" category in the cookie settings; this will prevent Microsoft tracking for the future.

Microsoft processes the data for us as a processor, for which we have concluded a contract in accordance with Art. 28 GDPR. This contract stipulates, among other things, that Microsoft may use the data in accordance with our instructions and not for its own purposes. Microsoft generally stores the tracking data collected via UET on servers in the EU (Microsoft offers to keep the data on European servers). However, it cannot be ruled out that some data may be transferred to the USA or accessed from there (e.g. for technical maintenance). Like Google, Microsoft is certified in accordance with the EU-US Data Privacy Framework, which confirms an appropriate level of data protection for data transfers to the USA. In addition, we have agreed the EU standard contractual clauses with Microsoft and, where necessary, carried out a data transfer impact assessment.

Despite these measures, we would like to point out that a residual risk cannot be completely excluded for data transfers to the USA (see above for Google Analytics). Insofar as we cannot secure such transfers in any other way, we will obtain your consent in accordance with Art. 49 para. 1 lit. a GDPR, which has already been given by your consent in the cookie banner.

Further information can be found in Microsoft's privacy policy. There you can also find out more about the function of the UET tag and how Microsoft uses advertising data. You can make settings for personalised advertising by Microsoft at https://account.microsoft.com/privacy/ad-settings.

9. social media presences (Facebook (Instagram), LinkedIn, YouTube, Xing)

We maintain publicly accessible profiles on social networks and platforms in order to communicate with customers and interested parties and to provide information about our products. Specifically, we operate company presences on Facebook (Instagram), LinkedIn, YouTube and Xing. When you visit such social media sites, the respective terms of use and data protection conditions of the operators apply.

Please note that personal data may be processed directly by the platform providers. This happens regardless of whether you have an account with the social network or are logged in there. As a rule, the platforms use cookies or similar tracking technologies to record your usage behaviour and, if necessary, to display personalised advertising. If you are logged into your social media account at the same time, the operator can assign your visit to our site to your user account. We have no influence on this process.

Our responsibility and your rights: With regard to our social media presences, there are in part joint responsibilities under data protection law between us and the platform providers (in accordance with Art. 26 GDPR), in particular for the usage statistics referred to as Page Insights. This means that we can, for example, view aggregated information about interactions on our site, but do not have direct access to personal profile data of individual users. We have concluded corresponding agreements with the providers, which stipulate in particular that the platform operator bears primary responsibility for the processing of Insights data. You can assert your data subject rights (see section 11 below) both with us and with the respective platform operator. However, we recommend that you contact the platform provider directly for more efficient processing, as only the platform provider has full access to the user data and can take appropriate measures. However, we will of course support you at any time if you require assistance.

Below you will find information on the individual providers:

Facebook/Instagram (Meta Platforms): The operator is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland. We have concluded an agreement with Meta on joint responsibility for Facebook pages (so-called "Page Insights Addendum"). Meta may also transfer data to the USA. Facebook privacy policy: facebook.com/about/privacy. Opt-out options for adverts: Settings in the Facebook account or via www.youronlinechoices.com (for usage-based advertising in general).
LinkedIn: The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy policy: linkedin.com/legal/privacy-policy. LinkedIn uses cookies to measure reach and personalised advertising. Opt-out: Account settings at LinkedIn or at www.youronlinechoices.com.
YouTube (Google): The operator is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. We would like to point out that Google processes data from YouTube users for its own purposes (profiling, advertising). Privacy policy: policies.google.com/privacy. Opt-out: Google account settings (advertising settings) or adssettings.google.com.
Xing: Operator is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Privacy policy: privacy.xing.com/de/datenschutzerklaerung. Xing uses your data primarily to provide the professional network. As a rule, Xing does not transfer data to third countries outside the EU.
Please note that when using these platforms, further data processing may take place over which we have no influence (for example, if you write posts on the platform yourself or send us messages). For further details, please refer to the linked data protection notices of the respective providers.

10. evaluation reminder by Trusted Shops

After your purchase, we would like to make sure that you were satisfied with our service and that you can leave a review if necessary. If you have consented to this or if it is permitted by law, we will send your e-mail address to Trusted Shops GmbH after you have completed your order so that they can send you a one-off review reminder e-mail. In this email, you will be asked to rate our shop and, if applicable, the products you have purchased.

This processing takes place either on the basis of your express consent (Art. 6 para. 1 lit. a GDPR), e.g. if you have given your consent during the ordering process or by clicking on a corresponding button ("Save and rate purchase"). In this case, you can revoke your consent at any time with effect for the future, e.g. by clicking on the unsubscribe link in the evaluation e-mail or by sending Trusted Shops or us a short message.

If you are already a member of Trusted Shops (e.g. use the buyer protection there), Trusted Shops can also send you rating requests on the basis of your contract with Trusted Shops without us obtaining separate consent for this (Trusted Shops then acts as the controller itself). However, we will inform you about this possibility in advance. You can object to such Trusted Shops invitations at any time by contacting Trusted Shops directly or by following the link in the emails.

If you do not wish to receive review invitations, you can inform us or Trusted Shops at any time. We will then ensure that no further contact is made for the purpose of evaluation. As mentioned above, you can revoke any consent you have already given without incurring any costs other than the basic communication costs.

11 Rights of the data subjects

As a data subject within the meaning of the GDPR, you have various rights that you can assert against us. We will inform you about these rights below

Right to information (Art. 15 GDPR): You have the right to obtain information about which of your personal data we have stored. Upon request, we will inform you which of your personal data we have, for what purposes it is processed, to which recipients the data may have been passed on and how long we store the data. This right of access also includes the right to receive a free copy of your personal data in a commonly used format.
Right to rectification (Art. 16 GDPR): You have the right to have incorrect or incomplete personal data about you rectified. If you realise that we are processing incorrect information about you, we will of course correct it immediately.
Right to erasure (Art. 17 GDPR): You can request the erasure of your personal data, provided that the legal requirements are met. This is the case, for example, if the data is no longer necessary for the purposes for which it was collected, if you withdraw your consent and there is no other legal basis, or if the processing is unlawful. Please note that the right to erasure may conflict with statutory retention obligations. In such cases, we will block the data from further use and delete it as soon as the retention period has expired.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your data if one of the legal requirements is met. This may be the case, for example, if you dispute the accuracy of the data, for the duration of the review, or if you would have a right to erasure but still need the data to assert legal claims. In this case, the data concerned - apart from being stored - will only be processed with your consent or for the purposes specified in Art. 18 GDPR.
Right to data portability (Art. 20 GDPR): You have the right to receive data that you have provided to us and that we process automatically on the basis of your consent or to fulfil a contract in a structured, commonly used and machine-readable format. On request - and where technically feasible - we can also transfer this data directly to another controller named by you.
Right to withdraw consent (Art. 7 para. 3 GDPR): You have the right to withdraw your consent to the processing of your personal data at any time. Such a revocation is effective for the future; the legality of the processing until the revocation remains unaffected. If, for example, you have consented to receiving our newsletter, you can withdraw this consent at any time by unsubscribing from the newsletter or notifying us.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): If you believe that the processing of your personal data violates the GDPR or other data protection laws, you have the right to lodge a complaint with a data protection supervisory authority. You can do this with the supervisory authority of your usual place of residence, your place of work or the place of the alleged infringement. The supervisory authority responsible for us is, for example, the state data protection officer of the federal state in which our company is based (for contact details, see, for example, the website of the data protection authority). Your right to lodge a complaint is independent of any other administrative or judicial remedies.


How you can exercise your rights: To exercise your rights, you can contact us informally - ideally in writing (by email to our data protection contact address, see section 12 below) so that we can process your request efficiently. Please include your name and other identifying information as well as a description of the right you wish to exercise. We will respond to your enquiry as soon as possible, at the latest within the statutory period of one month. If necessary, we may ask questions to confirm your identity to ensure that no unauthorised person receives information about your data.

12. responsible body and data protection officer - contact

Controller within the meaning of the GDPR:
Kernlochbohrer GmbH

Geigersbühlweg 52
72663 Großbettlingen, Germany
Telephone: +49 (0)7022 5034900
E-mail: info@kernlochbohrer.com

Represented by the managing directors: Guido Pillat and Karin Pillat
Register court: Stuttgart Local Court HRB 782711

Data protection officer: Karin Pillat

If you have any questions about data protection in our online shop, you can contact us or our data protection officer directly at any time.

13. right to object (direct advertising and legitimate interests)

You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that we process it on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR) or in the public interest (Art. 6 para. 1 lit. e GDPR). In this case, we will stop processing your data unless we can prove compelling reasons worthy of protection that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. In the event of such an objection, please state the reasons arising from your particular situation so that we can check this.

Irrespective of the above paragraph, you have the right to object at any time to the processing of your personal data for direct marketing purposes. If we use your data for direct marketing purposes (e.g. sending newsletters or postal advertising mailings), you can object to this processing at any time without giving reasons. This also applies to any profiling associated with direct advertising. If you object to direct marketing, we will no longer process your personal data for these purposes.

You can send your objection to us in any form - e.g. by e-mail to our above address. In the case of newsletters, you can also simply click on the unsubscribe link. You will not incur any special costs. After your objection, we will no longer use the data concerned for the purposes you have objected to.

Note: The exercise of the right to object does not affect the lawfulness of the processing carried out prior to the objection. If you only wish to restrict or object to certain processing (e.g. no e-mails, but still wish to receive postal catalogues), please let us know. We will endeavour to comply with your request.

Status of this privacy policy: June 2025.

This website uses cookies to ensure the best experience possible. More information...
Privacy policy | Imprint