Protecting your privacy is very important to us. We carry out all data processing procedures (such as collection, processing and transmission) in accordance with European and German data protection law.

This Policy provides an overview of what data is requested by our website, in what way this data is used and transferred, how you can request information about the data provided to us and what security measures we use to protect your data.

1.    Who is your contact (controller) for data protection issues?

The controller in terms of data protection law for all data processing procedures which take place via our website is:

Kümmel & Co. GmbH
Lochweg 19
97318 Kitzingen

Telephone    +49 9321 38 78 40
Fax:        +49 9321 38 78 33


Data Protection Officer:

Data Protection Officer c/o Kümmel & Co. GmbH, Lochweg 19, 97318 Kitzingen, Germany


Please send any questions regarding data protection and asserting your rights (see below) to the above address for the attention of the Data Protection Officer.

2.    What data do we require from you in order to use our website? What data is collected and stored during use?

Personal data is all information which relates to an identifiable or non-identifiable natural person (“data subject”), such as your name, address, telephone number, date of birth, bank details and IP address.

We only collect and use the personal data of our users to the extent this is required to provide a functional website and the content and services of our website. Personal data of our users is only collected and used with the user’s consent. An exception is made in cases where it is not possible to obtain prior consent for factual reasons and the data processing is permitted by law.

Usage data

The following data is logged solely for internal system-related and statistical purposes (usage data) when using our website:

  1. Information about the browser type and the version used
  2. The user's operating system
  3. The user's IP address
  4. Date and time of the request
  5. The website visited before our website
  6. The websites that the user's system visited before our website

The data is stored in our system as log files. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of data and log files is Article 6 (1) (f) General Data Protection Regulation (GDPR).

It is necessary for the system to temporarily store the IP address to enable the website to be displayed on the user's computer. To do so the user’s IP address must remain stored for the duration of the session.

Log files are stored to ensure the functionality of the website. In addition the data serves to optimise the website and ensures the security of our IT systems. The data is not evaluated for marketing purposes.

These purposes also form the basis of our legitimate interest for data processing in accordance with Article 6 (1) (f) GDPR.

Data is erased when it is no longer required to fulfil the purpose for which it was collected. If data has been collected to display the website this is the case at the end of the respective session.

If data has been stored in log files it is erased after seven days at the latest. Further storage is possible. In this case the user’s IP address is erased or distorted so that assigning the re-questing client is no longer possible.

Collecting data to display the website and storing data in log files is absolutely necessary to operate the website. The user may not object to such processing.


Users are able to provide personal data in order to register on our website. Data is entered in the entry fields and transmitted to and stored by us. This data is not forwarded to third parties. The following data is processed as part of the registration process:First name and surname

  • Email address
  • Password
  • Telephone number (optional)
  • Address
  • Company and department (if the invoice address differs from the delivery address)

The following data is stored when you register:

  • Date and time of registration
  • The user's IP address

The legal basis for the processing of data with the user’s consent is Article 6 (1) (a) GDPR.

If registration is carried out for the performance of a contract entered into with the user or to take steps prior to entering into a contract the additional legal basis for processing is Article 6 (1) (b) GDPR.

Registration by a user is necessary for the performance of a contract entered into with the user or to take steps prior to entering into a contract.

Data is erased when it is no longer required to fulfil the purpose for which it was collected.

For the registration process to perform a contract or to take steps prior to entering into a con-tract, this is the case when the data is no longer required for the performance of the contract. After the conclusion of the contract it may be necessary to store the personal data of the con-tractual partner in order to comply with contractual or legal obligations.

Users may de-register at any time by sending an email to requesting this. You may make changes to the data saved about yourself at any time.

If data is necessary for the performance of a contract or to take steps prior to entering into a contract it is only possible to erase data prematurely if there are no contractual or legal obliga-tions which oppose such an erasure.

3.    How and for what purpose is my data used and, if applicable, disclosed to third parties?

Your personal data provided by yourself is used to answer your queries, process your orders in our online shop and for the technical administration of our website.

Your personal data is only disclosed, sold or otherwise transferred to third parties if such dis-closure is required for the purpose of processing the contract, for accounting purposes or to collect payment, (for example shipping companies and payment providers) or you have given your express consent. In addition we are entitled to disclose personal data for debt collection purposes and reserve the right to exchange data with credit information agencies (e.g. Schufa); this is only carried out if the legal requirements for such an action have been met.

The legal basis for the disclosure of data to third parties for the purpose of processing the contract or for accounting purposes is Article 6 (1) (b) GDPR.

Payment processing by Payone

To process payments in our online shop we use the payment system of an external payment provider, PAYONE GmbH, Fraunhoferstraße 2-4, 24118 Kiel, Germany (hereinafter referred to as “PAYONE”). If you wish to pay by credit card or PayPal, a technical interface will auto-matically establish a connection to the online payment system of PAYONE. The payment details entered by you are transmitted over an encrypted connection to PAYONE solely for the purpose of processing the payment and are stored and processed there. Data is likewise solely processed for the aforementioned purpose of processing the payment for your order where the payment details must be forwarded from PAYONE, if applicable, to the bank specified by you in your order to initiate and authorise the payment transaction. If you select PayPal as the method of payment you are routed directly to PayPal by PAYONE via a technical interface where you then authorise the payment transaction yourself by entering your PayPal access data.

Payment by immediate bank transfer

We are able to offer payment by immediate bank transfer (the “SOFORT” option) in conjunction with SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. During your order the personal data you provided as part of the order will be transmitted to SOFORT GmbH via a technical interface for the purpose of processing the payment. After the offer has been sub-mitted you will automatically be forwarded to SOFORT GmbH’s payment page. The further processing of the transaction with your bank will take place via SOFORT GmbH. SOFORT GmbH is acting as a technical service provider here, who encrypts and transmits the data you entered on the secure payment page to your bank. Further information about data protection relating to immediate bank transfers can be found on the website of SOFORT GmbH here.

Disclosure prescribed by law

Please note that in individual cases we are permitted to disclose data upon request by the responsible public bodies provided it is required for the purpose of law enforcement, hazard prevention by the police authorities of the state, to fulfil the statutory tasks of federal and state authorities in defence of the constitution, the Federal Intelligence Agency or military counter intelligence, or to enforce intellectual property rights.

4.    What security measures have been taken to protect your data?

We have implemented many security measures in order to adequately protect your personal data to a reasonable extent.

Our databases are protected by physical, technical and procedural measures which only allow specifically authorised persons to access information in accordance with this Privacy Policy. Our information system is located behind a firewall in order to prevent access from other networks which are connected to the Internet. Only employees who require the information to fulfil a specific task are granted access to personal data. Our employees receive security and data protection training.

Our web pages use the industry-standard SSL encryption technology when collecting and transferring data. Personal data transferred as part of the order process is transferred using SSL encryption which can be recognised by the padlock symbol in your browser and the prefix “https://” on the web address.

Your password to access our website must never be shared with third parties and it should be changed regularly. Furthermore you should not choose the same password to access our website that you use to access other password protected websites (email account, online banking etc.). When you leave our website you should log out and close your browser in order to avoid unauthorised users gaining access to your user account.

We cannot guarantee the complete security of data sent by email.

5.    When using our website a cookie will be placed on your computer. What does this mean?

We use cookies on our website. Cookies are text files containing a small amount of data which the web server sends to your browser. These are only saved on your hard drive. Cookies can only be read by the server which sent them and receive information about what you viewed on a website and when you viewed it. Cookies themselves only identify the IP address of your computer and do not store any personal information such as your name. Data stored in cookies is not linked to your personal data (name, address etc.).

We use cookies to improve the user-friendliness of our website. Some elements of our website require that your browser can be identified even after changing pages.

Only a session ID will be saved in the cookie, which does not contain any data of the user. Therefore it is not possible to assign this data to the user. The data is not stored together with other personal data of the user.

You can decide yourself whether to accept cookies. By changing your browser settings you have the choice to accept cookies, to be notified when cookies are placed or to reject cookies (this can normally be found under “Options” or “Settings” in the browser’s menu).

Cookies which are technically necessary are used to make it easier for users to use our web-site. Some functions of our website may not be able to be offered without the use of cookies. For this your browser must be able to be re-recognised after the page has been changed.

The user data collected by the technically necessary cookies is not used to create user pro-files.

These purposes also form the basis of our legitimate interest for processing personal data in accordance with Article 6 (1) (f) GDPR.

Cookies are stored on the user’s computer and transmitted to our website. Therefore the user has complete control over the use of cookies. By changing your browser settings you can deactivate or restrict the transmission of cookies. Cookies that have already been stored may be erased at any time. This can also happen automatically. If cookies are deactivated for our website this may mean that you are no longer able to fully use all the functions of the website.

6.    Use of services for marketing and analysis purposes

We do not use any services for marketing and analysis purposes in addition to the technically necessary session cookies.

7.    Rights of the data subject

If your personal data is processed you are a data subject in terms of the General Data Protec-tion Regulation and you have the following rights against the controller:

Access, rectification, restriction of processing and erasure

You have the right to access your personal data saved by us free of charge at any time, to be informed of the origin and recipients, and the purpose for which your data is processed via our website. In addition you have the right to require the rectification, erasure and restriction of processing of your personal data if the legal requirements for such an action have been met.

Right to data portability

You have the right to receive the personal data concerning yourself that you have provided to us as the controller in a structured, commonly used and machine-readable format. We can comply with this right by providing you with a csv export of your processed customer data.

Right to information

If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller is obligated to inform all recipients to whom your personal data was disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or would involve disproportionate expenditure.

You have the right to be informed of these recipients by the controller.

Right of withdrawal

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is carried out on the basis of Article 6 (1) (e) or (f) GDPR.

The controller will no longer process your personal data, unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If your personal data is processed for the purposes of direct marketing you have the right to object at any time to the processing of your personal data for the purpose of such marketing.

If you object to processing for the purpose of direct marketing your personal data will no longer be processed for this purpose.

Withdrawing declarations of consent made under data protection law

You also may withdraw your consent for the future by contacting us using the contact details below.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual resi-dence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the EU General Data Protection Regulation.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

8.    Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy when necessary without notice. Please check this page regularly for any potential changes to this Privacy Policy.

As at May 2018


Consumers are shown prices including VAT (gross), and Uponor are shown prices excluding VAT (net).

Privatkunden werden Preise mit MwSt. (brutto) und Uponor Preise ohne MwSt. (netto) angezeigt.