Privacy policy of
KIRCHHOFF Automotive SE

We, KIRCHHOFF Automotive / KIRCHHOFF Group (hereinafter referred to as “KIRCHHOFF Automotive”), are pleased that you are visiting our website and are interested in our company. The protection and security of your data is very important to us. We would therefore like to inform you with this privacy policy about which data is processed during which interactions with our website and for what reasons. In this way, you can always keep an eye on how KIRCHHOFF Automotive processes your personal data.

As changes to the law or adjustments to our internal company processes may make it necessary to regularly update this privacy policy, we ask you to read it regularly to ensure that you are always up to date. The privacy policy can be accessed, saved and printed at any time under the navigation point “Data protection” on our website.

1 Controller and scope of application

The controller within the meaning of the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws
of the member states as well as other data protection regulations is:

KIRCHHOFF Automotive SE
Stefanstraße 2
58638 Iserlohn
Phone: +49 2371 820-00
E-mail: info@kirchhoff-automotive.com
Website: https://www.kirchhoff-automotive.com

This privacy policy applies to the KIRCHHOFF Group’s website, which is available at
www.kirchhoff-automotive.com and www.kirchhoff-group.com as well as the various subdomains
(hereinafter mostly referred to collectively as “our website”).

2. data protection officer (DPO)

The controller’s external data protection officer (DPO) is:

Dr. Hanni Koch
VIA Consult GmbH & Co. KG
Martinstraße 25
57462 Olpe
+49 (2761) 83668 – 0
datenschutz@via-consult.de
Website: https://via-consult.de/

You are also welcome to contact our external data protection officer (DPO) directly if you have any questions or queries relating to data protection.

3. principles of data processing

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information for which we cannot (or can only with disproportionate effort) establish a connection to your person, e.g. through anonymisation of the information, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transfer) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be complied with.

If we process your personal data for the provision of certain offers, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.

4. individual processing operations

4.1. Provision and use of the website

a) Type and scope of data processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.

When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

  • IP address of the requesting device
  • Date and time of access
  • Time zone difference to Greenwich Mean Time (GMT)
  • Website accessed or requested
  • Status of access (http status code)
  • Size of the data volume transferred in each case
  • Website from which your access is made (so-called referrer URL)
  • Browser used, end device used and, if applicable, the operating system and the name of your access provider
  • Language and versioning of the browser software

In addition, we use both technically necessary and voluntary cookies on our website, which may be used when using our web pages. Further information on this can be found under point 9 (“Use of cookies”) and in our cookie banner.

We use a service provider to host our website. For this purpose, we have concluded a processor contract (Art. 28 GDPR) with this service provider.

b) Legal basis

Art. 6 para. 1 lit. f GDPR serves as the legal basis for the aforementioned data processing. The processing of the aforementioned data is absolutely necessary for the provision of a website and thus serves to safeguard a legitimate interest of our company.

c) Storage period

As soon as the aforementioned data is no longer required to display the website, it is deleted. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Further storage may take place in individual cases if this is required by law.

4.2. Contact us

a) Type and scope of data processing

You can contact us by e-mail, telephone or form to clarify your concerns. The processing takes place exclusively for the processing of your request, for communication with you and – if necessary – for the preparation or implementation of pre-contractual measures. When you contact us, the following personal data will be processed:

  • E-Mail: Name, e-mail address, content contained in the message
  • Telephone: Telephone number, content transmitted during the call
  • Purchase contact form: title, first name, surname, telephone number, e-mail address, content of your message
  • Press contact form: First name, last name, telephone number, e-mail address, company, content of your message
  • Contact form for trainees: first name, surname, accompanying person (first name/surname), school, class, training area, e-mail address


The purpose of providing this data is to assign and process your request and to be able to respond to you.

b) Legal basis

  • Processing of the request: Art. 6 para. 1 lit. f GDPR (legitimate interest)
  • Contractual purposes (e.g. conclusion of a contract via telephone or e-mail): Art. 6 para. 1 lit. b GDPR


As a rule, there is a legitimate interest in answering your inquiries quickly and easily, which is in line with your interest in fast communication.

c) Storage period

As soon as the request you have made has been dealt with and the matter in question has been finally clarified, the personal data processed via the e-mail will be deleted. Further storage may take place in individual cases if and to the extent that there is a legitimate interest (Art. 6 para. 1 lit. f GDPR).

4.3. Chatbot / online support

a) Type and scope of data processing

We use a chatbot from Chatbase on our website to offer you a better service. Chatbots are computer-based programs that can communicate with people in real time. They can answer questions, provide information and perform tasks. When you use our chatbot, we process the data you enter to process your requests and provide you with automated or manual support.

The following personal data may be processed:

  • IP address
  • Browser type
  • Browser version
  • Operating system of your device
  • Website from which you came to our website
  • Content of your chat messages


This data is processed and stored by chatbase.co in the USA. You can find Chatbase’s privacy policy here: https://www.chatbase.co/privacy

b) Legal basis

The processing of your data is based on Art. 6 para. 1 lit. a GDPR. You can withdraw your consent to the processing and transfer of your personal data at any time with effect for the future, e.g. by closing or deactivating the chatbot. Further information on data protection and your rights can be found in our privacy policy.

c) Storage

The personal data you enter in the chatbot will be stored in the backend of the chatbot system for as long as is necessary to process your inquiries. Once your request has been processed, the data is regularly deleted, provided there are no statutory retention obligations or longer storage is required for legal prosecution. The chat histories are also stored locally on your computer via your browser until you delete them.

4.4. Contacting whistleblowing

a) Type and scope of data processing

If you provide us with information about possible violations, grievances or other relevant information, we will process the data you provide exclusively for the purpose of processing your information and communicating with you if there are any queries.

The following personal data may be processed:

  • First name
  • Surname
  • Contact details (e-mail address, telephone number) if you wish to receive feedback
  • Content of your note / message
  • Company affiliation or other information that you provide voluntarily

Processing is carried out exclusively by internal controllers for whistleblowing and an external ombudsman (legal advisor). There is no automated whistleblowing system; the data is not processed automatically. Further information on whistleblowing at KIRCHHOFF Automotive can be found at: https://kirchhoff-automotive.com/company/compliance/

b) Legal basis

The legal basis for the processing of data in the context of whistleblowing contact is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in the processing of reports and compliance with legal regulations. Insofar as personal data is processed to fulfill legal obligations (e.g. to comply with retention obligations), the processing is based on Art. 6 para. 1 lit. c GDPR.

c) Storage period

Your transmitted data will be stored for as long as is necessary to process your notification. After processing has been completed, the data will be deleted unless there are statutory retention obligations or longer storage is required for the defense of legal claims.

5. disclosure of data

We only pass on your personal data to third parties if:

  • you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • this is legally permissible and necessary for the fulfillment of a contractual relationship with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR,
  • if there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary to safeguard legitimate company interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.

6 International data transfer

If we transfer personal data to countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries), this is done exclusively in accordance with the provisions of the GDPR.

A transfer takes place in particular if

  • an adequacy decision of the European Commission pursuant to Art. 45 GDPR exists for the respective third country,
  • suitable guarantees within the meaning of Art. 46 GDPR exist (in particular the conclusion of EU standard contractual clauses), or
  • a transfer is made on the basis of express consent pursuant to Art. 49 para. 1 lit. a GDPR.


If we rely on your consent, we will inform you in advance about the possible risks of transferring data to a third country without an adequate level of data protection and obtain your consent separately. You can withdraw your consent at any time with effect for the future.

In addition, where necessary, we take appropriate technical and organizational measures to ensure an adequate level of data protection.

7. storage

The personal data transmitted by you as part of our processing operations (e.g. contact form, whistleblowing) will only be stored for as long as is necessary to fulfill the respective purposes. Once processing has been completed, the data is regularly deleted, provided there are no statutory retention obligations or longer storage is required for legal prosecution. The data is stored exclusively in our internal systems, including in the backend of this website. External processors (e.g. hosting service providers) may also be involved, who are obliged under a contract with KIRCHHOFF Automotive pursuant to Art. 28 GDPR to process your data only for the agreed purposes.

8. google fonts (local integration)

This website uses so-called Google Fonts for the uniform display of fonts. The Google Fonts are installed locally on our server so that no connection to Google’s servers is established. The local integration of the fonts means that no personal data, in particular no IP addresses, are transmitted to Google. Data is therefore not transferred to third countries, in particular to the USA.

The use of Google Fonts is in the interest of a uniform and appealing presentation of our online offering. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interest).

Further information on Google Fonts can be found at:
https://developers.google.com/fonts/faq and in Google’s privacy policy:
https://policies.google.com/privacy

9. use of tracking and analysis tools

We use tracking and analysis tools to ensure the continuous optimization and needs-based design of our website. With the help of tracking measures, it is also possible for us to statistically record the use of our website by visitors and to further develop our online offer for you with the help of the knowledge gained and thus to fulfill the tasks assigned to us. Based on these interests, the use of the tracking and analysis tools described below is justified in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The following description of the tracking and analysis tools also shows the respective processing purposes and the data processed.

9.1. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables us to analyze the behavior of website visitors and improve our online offering. In particular, the following data is processed:

  • IP address (shortened)
  • Usage behavior (e.g. page views, length of stay)
  • Device and browser information
  • Referrer URL

The IP address is truncated by Google within the European Union or other parties to the Agreement on the European Economic Area before it is stored. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Google Analytics is used exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time via the cookie settings. The data collected by Google Analytics is stored for a period of [e.g. 14 months] and then automatically deleted.

Google processes the data on our behalf and we have concluded a data processing agreement (DPA) with Google. A transfer of data to the USA cannot be completely ruled out. Google relies on the standard contractual clauses of the EU Commission and, if necessary, on additional protective measures.

You can find further information on data protection at Google Analytics at:
https://policies.google.com/privacy
https://support.google.com/analytics/answer/6004245

10. use of cookies

We use cookies on our website. Cookies are small files that are sent by us to the browser of your end device and stored there when you visit our website. This website uses cookies to improve your experience and to provide you with personalized content and functions. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses. In this notice, we would like to inform you about the different types of cookies we use and how you can manage your cookie settings. You can find more detailed information on the individual cookies in our cookie banner.

a) Required cookies:

These cookies are essential to ensure that the website functions properly. For example, they enable you to navigate the website and fill in forms. Without these cookies, certain services on our website cannot be provided. The legal basis for the use of technically necessary cookies for the associated storage of information on your end device and its subsequent reading is Section 25 (2) No. 2 TDDDG. The following processing of your personal data is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.

b) Performance and marketing cookies:

These cookies collect information about how you use our website. They help us measure and improve the performance of our website by providing statistics and analytics. We use this information to optimize the user-friendliness and relevance of our content. This enables us to make our website more user-friendly and effective for you. The legal basis for the use of performance or marketing cookies with regard to their associated storage on your end device is Section 25 (1) TDDDG. The processing of the personal data collected on this basis is carried out exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

With regard to data transfers to companies based outside the EU/EEA, your consent to the use of the corresponding cookies also includes the resulting transfer of your personal data to third countries (Art. 49 para. 1 lit. a) GDPR).

As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information is deleted. Further storage may take place in individual cases if this is required by law. You can find more detailed information on the respective storage periods in our cookie banner.

You can change your cookie settings at any time by clicking on the cookie settings option on our website. You have control over your cookie preferences. You can also configure your browser settings so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are deactivated by your browser settings on our website. You can also use your browser settings to delete cookies already stored in your browser. It is also possible to set your browser to notify you before cookies are stored.

11. hyperlinks

Our website contains so-called hyperlinks to websites of other providers. If you activate these hyperlinks, you will be forwarded directly from our website to the website of the other provider. You can recognize this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please refer directly to these websites for information on how these companies handle your personal data.

12. social media

Our social media channels

  • Meta/Facebook:
    • Global: https://www.facebook.com/kirchhoffAutomotive1785
    • Hungary: https://www.facebook.com/kirchhoffhun
    • Portugal: https://www.facebook.com/kirchhoffportugal
    • Germany: https://www.facebook.com/kirchhoffAutomotiveDeutschland
    • Poland: https://www.facebook.com/profile.php?id=100093786922062
  • TikTok: https://www.tiktok.com/@kirchhoff.karriere
  • YouTube: https://www.youtube.com/kirchhoffAutomotive
  • LinkedIn: https://www.linkedin.com/company/kirchhoff-automotive/
  • Xing: https://www.xing.com/pages/kirchhoffautomotive
  • Instagram:
    • https://www.instagram.com/kirchhoff_automotive
    • https://www.instagram.com/kirchhoff_karriere
  • WeChat: https://weixin.qq.com/r/yTqMlH7ESiM1rTr392-b

We would like to expressly point out at this point that we have no influence on the basic functionalities of the social media platforms. The operation of the respective platforms and the way in which your personal data is subsequently processed is therefore largely the responsibility of the respective operators. Further information can be found in their respective privacy policies. For further questions in this regard, you should therefore contact the respective platform operators.

13. rights of data subjects

The GDPR gives you the following rights as a data subject of personal data processing:

a) You can request information about the personal data processed by us, its purposes, recipients, storage period and the existence of a right to rectification, erasure, restriction or objection, the origin of the data and the transfer to third countries (Art. 15 GDPR).

b) You may request the rectification of inaccurate data or the completion of incomplete data (Art. 16 GDPR).

c) You can request the deletion of your data, unless the processing is necessary to fulfill legal obligations, to protect legitimate interests or for legal prosecution (Art. 17 GDPR).

d) You can request the restriction of processing, e.g. if the accuracy of the data is disputed or the data is required for the assertion of legal claims (Art. 18 GDPR).

e) You may receive the data that you have provided to us in a structured, commonly used and machine-readable format or request its transfer to another controller (Art. 20 GDPR).

f) You can withdraw your consent at any time for the future (Art. 7 (3) GDPR).

g) You can lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). As a rule, the supervisory authority of your place of residence, your workplace or our company headquarters is responsible. For KIRCHHOFF Automotive SE:

State Commissioner for Data Protection and Freedom of Information of the State of North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf

14. right to object

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right to object, which will be implemented by us without specifying a particular situation. You can send your objection to us by e-mail. Please use: kirchhoff-marketing@kirchhoff-automotive.com.

15. data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress. These include the use of recognized encryption methods (SSL encryption).However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data – e.g. when sent by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him/her against misuse through encryption or in any other way.