elanders Print & Packaging Logo
Bildmarke von elanders Print & Packaging

Privicy Policy

A. General Information

I. Controllers and Data Protection Officers
The controllers within the meaning of Art. 4 (7) of the General Data Protection Regulation (GDPR) are:

 

Elanders Kaisheim GmbH
Gewerbepark 5
86687 Kaisheim
Germany
Tel.: +49 9099 9695-0
E-mail: info@elanders-kaisheim.com

 

Data Protection Officer: reachable at dsb@elanders-kaisheim.com or by post at the above address, with the addition “To the Data Protection Officer”.

 

Elanders Waiblingen GmbH
Anton-Schmidt-Str. 15
71332 Waiblingen
Germany
Tel.: +49 7151 9563-0
E-mail: info.germany@elanders.com

 

Data Protection Officer: reachable at datenschutz@elanders-germany.com or by post at the above address, with the addition “To the Data Protection Officer”.

 

Elanders Donauwörth GmbH
Am Stillflecken 4
86609 Donauwörth
Germany
Tel.: +49 906 70634–0
E-mail: donauwoerth@elanders.com

 

Data Protection Officer: reachable at datenschutz@schaetzl.com or by post at the above address, with the addition “To the Data Protection Officer”.

II. Categories of Processed Data

 

When visiting and using our online services, personal data is processed. Personal data means all data that can be related to you personally, such as name, address, e-mail address.

 

If you provide us with personal data, we store and use this data in accordance with statutory provisions – for example, to fulfil contracts, respond to inquiries, or take steps prior to entering into a contract.

In addition, when visiting our website, usage data (e.g. access times, pages visited) and metadata (e.g. IP addresses, information about the operating system and internet service provider) may also be processed.

III. Legal Basis for the Processing of Personal Data

 

Your data is only processed if one of the legal bases listed in Art. 6 (1) GDPR applies, in particular:

 

  • with your consent (Art. 6 (1) (a) GDPR),
  • for the performance of a contract or in order to take steps prior to entering into a contract (Art. 6 (1) (b) GDPR),
  • to comply with a legal obligation (Art. 6 (1) (c) GDPR),
  • to safeguard our legitimate interests or those of a third party (Art. 6 (1) (f) GDPR), unless your interests, fundamental rights, or freedoms override those interests.

The specific legal basis applicable to each processing activity is explained in this privacy policy in the relevant sections. A processing activity may also be based on multiple legal grounds.

IV. Disclosure of Data and Transfers to Other Countries

 

Disclosure to Processors and Third Parties

 

If, in the course of processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission – in particular:

 

  • if you have expressly consented,
  • if such transfer is required for contract performance or pre-contractual measures (Art. 6 (1) (b) GDPR),
  • if a legal obligation exists (Art. 6 (1) (c) GDPR),
  • if disclosure is necessary to safeguard our legitimate interests (e.g. use of contractors, web hosting), or
  • if it is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest in the non-disclosure of your data.

If we commission third parties to process data on the basis of a so-called “data processing agreement”, this is done in accordance with Art. 28 GDPR.

 

Transfers to Third Countries

 

If data is processed lawfully in a third country (outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing/transferring data to third parties, this is only carried out if the special conditions of Art. 44 et seq. GDPR are met.

 

Processing is based in particular on special safeguards such as the official recognition of an EU-equivalent level of data protection or the use of EU Standard Contractual Clauses.

V. Rights of Data Subjects

 

If personal data concerning you is processed, you have the following rights under the GDPR:

 

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

 

Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.

 

A list of supervisory authorities can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

VI. Right to Withdraw Consent and Right to Object

 

Right to Object to Processing

 

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you carried out on the basis of Art. 6 (1) (e) or (f) GDPR (Art. 21 GDPR). This applies in particular where processing is not required for the performance of a contract with you.

 

If you object, please state your reasons why we should not process your personal data as carried out. In the event of a justified objection, we will review the situation and either stop or adapt the processing, or demonstrate compelling legitimate grounds for the continuation of processing that override your interests, rights, and freedoms, or that serve the establishment, exercise, or defence of legal claims.

 

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

 

Right to Withdraw Consent

 

You have the right to withdraw your consent to data processing at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

 

You may inform us of your objection or withdrawal using the contact details provided above.

VII. Data Deletion and Storage Duration

Unless otherwise expressly stated in this privacy policy, data stored by us is deleted as soon as it is no longer required for its intended purpose and there are no statutory retention obligations preventing deletion.

 

For example, data required to be retained for commercial or tax law reasons must be kept for up to 10 years under German law.

VIII. SSL or TLS Encryption

 

For security reasons and to protect the transmission of confidential content (such as orders or inquiries you send to us as the site operator), this site uses SSL or TLS encryption.

 

You can recognise an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock symbol in your browser bar.

 

When SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

B. Spezifische Datenverarbeitungsaktivitäten

Collection of personal data when using our website for information purposes

 

When you use our website purely for information purposes, i.e. if you do not register, log in, or otherwise transmit further information to us when using a service offered, our system automatically collects data and information that your browser transmits in order to enable you to visit the website. This data is also stored in the log files of our system. It is not linked to other visitor data. The legal basis for the temporary storage is Art. 6 (1) (f) GDPR. Our legitimate interest lies in providing the core functionalities of the website, which are essential for the qualitative, secure, and stable operation of the site.

 

The following data is collected:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not combined with other data sources.

 

When using our online services, we also store the IP address and the time of the respective user action. Storage takes place on the basis of our legitimate interests as well as those of users in protection against misuse and unauthorised use.

 

The collection of log data for the provision of the website, including its storage in log files, is absolutely necessary for the operation of the website. There is therefore generally no possibility for users to object. Different provisions apply to log data that are processed in connection with various services offered on our website beyond purely informational use. Further information on this can be found in the notes on the individual services in this privacy policy.

 

The hosting services we use from our third-party provider serve to provide infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use for the operation of this website. The legal basis for this is Art. 6 (1) (f) GDPR. We have a legitimate interest in the technically error-free presentation and optimisation of our website, as well as in the functional and secure provision of this website.

II. Cookies

 

This website uses so-called cookies. Cookies do not cause any harm on your computer and do not contain viruses. Cookies help to make our offering more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser. Some functions of our website cannot be provided without the use of cookies.

 

We use the following types of cookies on our website:

  • Temporary cookies
  • Permanent cookies
  • Third-party cookies

 

Most of the cookies we use are so-called temporary “session cookies” or “transient cookies”. They are automatically deleted after the end of your visit to our website, when you close your browser. For example, the contents of a shopping basket in an online shop or a login status can be stored in such a cookie.

 

Other cookies, known as “permanent” or “persistent” cookies, remain stored on your device even after you close the browser until you delete them. These cookies allow us to recognise your browser the next time you visit. In such a cookie, user interests can also be stored and used for reach measurement or marketing purposes.

 

“Third-party cookies” are cookies that are offered by providers other than the controller operating the online service (otherwise, if they are only the controller’s cookies, these are referred to as “first-party cookies”).

 

If you do not want cookies to be stored on your computer, you can deactivate the relevant option in your browser’s system settings. Saved cookies can be deleted in the browser’s system settings. If cookies are deactivated, the functionality of this website may be restricted. A general objection to the use of cookies used for online marketing purposes, especially in the case of tracking, can be declared for many services, particularly via the US site http://www.aboutads.info/choices/
or the EU site http://www.youronlinechoices.com/.

 

Cookies necessary for carrying out the electronic communication process or for providing certain functions you wish to use (e.g. shopping basket function) are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies to analyse your browsing behaviour) are stored, these are treated separately in this privacy policy.

III. Contact

 

If you contact us by e-mail, contact form or telephone, the personal data you provide will be collected and processed by us for the purpose of handling your enquiry. When using our contact form, the data transmitted in this way is processed (e.g. gender, first and last name, address, company, e-mail address and time of transmission).

 

The legal basis for this is Art. 6 (1) (f) GDPR. Our legitimate interest lies in processing the enquiry. If your contact is aimed at concluding or carrying out a contract, the legal basis is Art. 6 (1) (b) GDPR.

 

E-mail enquiries and other contact requests will be deleted by us within a reasonable period of time, during which no contract conclusion or similar is to be expected.

 

IV. Registration on this website

 

You can register on our website to use additional functions on the site. The data entered for this purpose will only be used for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

 

For important changes, for example to the scope of the offer or for technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

 

The processing of the data entered during registration is based on your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time. A simple notification by e-mail to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation.

 

The data collected during registration will be stored by us as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

 

V. Comment function on this website

 

For the comment function on this page, in addition to your comment, details of the time the comment was created, your e-mail address and, if you are not posting anonymously, the username you have chosen will also be stored.

 

Storage of IP address
Our comment function stores the IP addresses of users who post comments. As we do not check comments on our site before they are released, we require this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.

 

Subscribing to comments
As a user of the site, you can subscribe to comments after registering. You will receive a confirmation e-mail to check whether you are the owner of the specified e-mail address. You can unsubscribe from this function at any time via a link in the information e-mails. The data entered when subscribing to comments will be deleted in this case; if you have transmitted this data to us for other purposes and in another context (e.g. newsletter subscription), it will remain with us.

 

Retention period for comments
Comments and the associated data (e.g. IP address) are stored and remain on our website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).

 

Legal basis
The storage of comments is based on your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time. A simple notification by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

VI. Google Analytics 4

 

If you have given your consent, Google Analytics, a web analysis service of Google LLC, is used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

 

Scope of processing
Google Analytics uses cookies and similar tracking technologies (JavaScript, pixels) that allow an analysis of your use of our website. According to Google, artificial intelligence (AI) and machine learning are applied for the evaluation of data. These algorithms automatically measure individual user behaviour based on event data. Based on this data, cross-session and cross-device behavioural analysis is possible. Google can then consolidate this data into a unified cross-device user experience.

 

The information collected about your use of this website is generally transferred to a Google server in the USA and stored there.

 

We use the User ID function. With the help of the User ID we can assign a unique, permanent ID to one or more sessions (and the activities within those sessions) and analyse user behaviour across devices. In this context, AI is also used.

 

We use Google Signals. With Google Signals, additional information about users who have activated personalised ads is collected in Google Analytics (interests and demographic data), and ads can be delivered to these users in cross-device remarketing campaigns.

 

Google Analytics uses the function ‘anonymizeIP’ (IP masking): Due to the activation of IP anonymisation on this website, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

 

During your website visit, the following data, among others, is collected:

  • the pages you visit, your “click path”
  • achievement of “website goals” (conversions, e.g. newsletter registrations, downloads, purchases)
  • your user behaviour (e.g. clicks, time spent, bounce rates)
  • demographic characteristics, such as your language and approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the devices you use (e.g. language setting, screen resolution)
  • your internet provider
  • the referrer URL (via which website or advertising medium you came to this website)
  • usage/event data: scrolls on the page, clicks on external links, downloads, page views

 

Purposes of processing

On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The AI used can analyse customer needs and predict future usage patterns, including likelihood of purchase or bounce. Further information is available at https://support.google.com/analytics/answer/9443595
. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.

 

Recipient
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, acting as a processor. For this purpose, we have concluded a data processing agreement with Google. Google LLC, based in California, USA, and possibly US authorities may have access to the data stored by Google.

Transfer to third countries
A transfer of data to the USA cannot be ruled out.

 

Storage period
The data we send and that is linked to cookies will be automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

 

You can also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by:

 

a. not granting your consent to the setting of the cookie, or
b. downloading and installing the browser add-on to deactivate Google Analytics HERE.

 

You can also prevent the storage of cookies by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, this may lead to restrictions in functionality on this and other websites.

 

Legal basis and possibility of withdrawal
The legal basis for this data processing is your consent, Art. 6 (1) (a) GDPR, § 25 (1) TTDSG. You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there.

 

Further information on the terms of use of Google Analytics and on data protection at Google can be found at https://marketingplatform.google.com/about/analytics/terms/
and at https://policies.google.com/
.

VII. Facebook Pixel

 

Within our website we use the so-called “Facebook Pixel” and associated marketing services of the social network Facebook for the purposes of analysis, optimisation and the economic operation of our online offering. The responsible service provider in the EU for this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

 

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR. Consent can be revoked at any time with effect for the future.

 

(1) The following data processing takes place:
With the help of the Facebook Pixel, Facebook is able to identify visitors to our online offering as a target group for the display of advertisements (“Facebook Ads”), by allowing us to track the behaviour of site visitors after they have viewed or clicked on a Facebook advertisement and have been redirected to our website. Accordingly, we use the Facebook Pixel to display the Facebook Ads we place only to such Facebook users who have also shown an interest in our online offering, or who have certain characteristics (e.g. interests in specific topics or products determined by the websites visited) that we transmit to Facebook. This allows the effectiveness of the Facebook advertisements to be evaluated for statistical and market research purposes and to optimise future advertising measures.

 

With the help of the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to the potential interests of users and do not appear intrusive. The Facebook Pixel also allows us to track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook advertisement (“conversion”).

 

Insofar as personal data is collected on our website using the tool described here and transmitted to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The subsequent processing by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in an agreement on joint processing. This agreement can be found at: https://www.facebook.com/legal/controller_addendum
. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in compliance with data protection law. Facebook is responsible for the security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.

 

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy. This allows Facebook to place advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

 

(3) Furthermore, when using the Facebook Pixel we use the additional function “advanced matching”. In this process, data such as telephone numbers, e-mail addresses of newsletter recipients or Facebook IDs of users are transmitted (encrypted) to Facebook for the formation of target groups (“Custom Audiences” or “Lookalike Audiences”).

 

The upload serves solely to determine recipients of our Facebook Ads. We want to ensure that the ads are shown only to users who have an interest in our information and services. The data collected in this way is anonymous to us. However, the data is stored and processed by Facebook so that a connection to your Facebook account is possible and Facebook can use the data for its own advertising purposes in accordance with the data usage policy. This includes the username, cookie ID, user ID and advertising ID. Further information on “advanced matching” can be found at https://www.facebook.com/business/help/611774685654668
. Facebook processes this data on our behalf. Details can be found in Facebook’s terms of use: https://www.facebook.com/legal/terms/customaudience
and https://www.facebook.com/legal/terms/dataprocessing
.

 

(4) Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server when you visit our website. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: By integrating the Facebook Pixel, Facebook receives the information that you have called up the relevant page of our website or clicked on an advertisement of ours. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is the possibility that the provider will learn your IP address and other identifying characteristics and use them to create a profile.

 

The information collected is transferred to and stored on Facebook’s servers in the USA or also in other third countries. These data transfers are necessary to provide the services set out in Meta’s terms of use. For these cases, according to its own statements, the provider has committed itself to a standard equivalent to the former EU-US Privacy Shield and has pledged to comply with applicable data protection laws when transferring data internationally. For this purpose, Facebook uses standard contractual clauses approved by the European Commission (see https://www.facebook.com/legal/EU_data_transfer_addendum
and https://www.facebook.com/help/566994660333381?ref=dp
) or adequacy decisions (see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
).

 

(5) General information about the display of Facebook Ads can be found in Facebook’s data usage policy at https://www.facebook.com/policy.php
. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section: https://www.facebook.com/business/help/651294705016616
.

 

In addition to the option of revoking your consent at any time with effect for the future via our consent banner, you have the following options to object to the collection of data by the Facebook Pixel and its use for the display of Facebook Ads:

 

To set which types of advertisements are shown to you within Facebook, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings/ads
, https://de-de.facebook.com/help/568137493302217
.

 

If you do not have a Facebook account, you can object to the use of cookies that serve reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/
) and additionally the US website (http://www.aboutads.info/choices
) or the European website (http://www.youronlinechoices.com/de/praferenzmanagement/
).

 

VIII. Google Tag Manager

 

Google Tag Manager is a solution with which we can manage website tags via an interface and thus integrate other services into our online offering. With regard to the provisions on the individual services, we refer to further details in this privacy policy. With the Tag Manager itself (which implements the tags), no user profiles are therefore created nor are cookies stored. Google only receives the user’s IP address, which is necessary to execute the Google Tag Manager.

 

The legal basis is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR. This lies in the demand-oriented design in terms of effective control of the implementation of tags and the optimisation of the service.

 

The service provider for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this purpose, we have concluded a data processing agreement with Google. Google LLC, based in California, USA, and possibly US authorities may have access to the data stored by Google. To safeguard the transfer of data to the USA, we have concluded the EU standard contractual clauses.

 

Further information can be found at: https://marketingplatform.google.com
and https://policies.google.com/privacy
.

VIIII. LinkedIn

 

When visiting this website, personal data is processed. The categories of data processed include: data on the use of the website and the logging of clicks on individual elements. Purpose of processing: analysis of usage behaviour, evaluation of the effectiveness of online marketing measures and selection of online advertising on other platforms, which is automatically selected using real-time bidding based on usage behaviour. The legal basis for processing: your consent pursuant to Art. 6 (1) (a) GDPR. Data is transferred to the independent controller LinkedIn Ireland Unlimited Company, Wilton Place, Dublin, D02 X527, Ireland. The legal basis for the data transfer to LinkedIn Ireland Unlimited Company is your consent pursuant to Art. 6 (1) (a) GDPR. This may also involve a transfer of personal data to a country outside the European Union. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the adequacy decision C(2023) 4745 of the European Commission, as the data recipient has committed to complying with the principles of the Data Privacy Framework (DPF).

 

IX. Newsletter

 

4.1 Newsletter Data

If you would like to subscribe to the newsletter offered on our website, we require your e-mail address as well as information that allows us to verify that you are the owner of the specified e-mail address and that you consent to receiving the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form takes place solely on the basis of your consent (Art. 6 (1) lit. a GDPR). You may withdraw your consent to the storage of the data, the e-mail address, and its use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the withdrawal.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you have unsubscribed. Data stored for other purposes remains unaffected.

 

4.2 Use of E-Mail Delivery Service Providers

For sending and analysing our newsletters, we use services provided by external providers (“e-mail delivery service providers”). Some of these e-mail delivery service providers are located outside the EU/EEA. However, we work exclusively with companies that provide an adequate level of data protection in accordance with the requirements of the GDPR. Further information on the transfer of data to companies in third countries can be found in section 10.3. We currently work with the following e-mail delivery service provider:

 

“Brevo” (formerly “Sendinblue”), a service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

 

The e-mail addresses of our newsletter recipients and other data described in this section 5 are stored on the servers of the e-mail delivery service provider. Our e-mail delivery service providers use this information on our behalf for sending and analysing newsletter usage. Under no circumstances are our e-mail delivery service providers permitted to use the data of our newsletter subscribers to contact them directly or to pass this data on to third parties.

 

4.2.1 Brevo (Sendinblue)

We use the service Brevo (formerly Sendinblue) for sending e-mails and newsletters.

The provider is SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin, a subsidiary of the French parent company SendinBlue SAS, 55 rue d’Amsterdam, 75008 Paris, France.

The data you enter to receive the newsletter is stored and processed on Brevo’s servers.

Brevo enables us to analyse the behaviour of newsletter recipients (e.g. open rates, click rates). The links used in e-mails are tracking links that allow clicks to be counted.

 

You can unsubscribe from our newsletter at any time – in this case, no further data will be processed by Brevo and no e-mails will be sent.

Further information can be found here: https://www.brevo.com/de/legal/privacypolicy/

We have an agreement with Brevo that obliges Brevo to protect our customers’ data and not to disclose it to third parties.

 

4.2.2 Brevo Tracker and Marketing Automation

We use the Brevo Tracker or Brevo Tracking Script to collect more detailed information about user behaviour on our website. The Brevo Tracker records various types of actions and interactions you perform on our website. These may include, for example, the purchase of products or clicks on specific products. This data is then linked to your e-mail subscriber profile, provided you are already registered on our e-mail list or use other forms of identification.

 

By linking this data, we are able to make our marketing automation more targeted. This allows us to send e-mails that are better tailored to your previous interactions with our company. The aim of this automation is to provide you with more relevant and useful content based on your individual needs and interests.

 

The Brevo Tracking Script enables us to carry out this type of personalised marketing on a data-driven basis. Please note that you have the option to object to the use of the Brevo Tracker by adjusting the relevant settings in your browser or by using the opt-out options described in our privacy policy.

 

5.4 Newsletter Tracking

If you consented to this when registering for the newsletter, we may evaluate your use of the newsletter using tracking technology provided by the e-mail delivery service provider. For this purpose, a so-called tracking pixel (also referred to as a web beacon or tracking pixel) is embedded in the HTML e-mails sent with the newsletter. When the newsletter is opened, the external server of the e-mail delivery service provider can collect certain data of the recipient through this tracking pixel.

 

The name of the image file is individualised for each newsletter recipient by appending a unique ID. The sender of the e-mail can therefore determine which newsletter recipient has opened the e-mail when the image is accessed. The following data is collected via the tracking pixel when the e-mail is opened:

  • Information about your browser and system
  • Your IP address
  • Time and frequency of e-mail opening
  • Clicked links

 

If you have given your consent, we combine the data about your use of our newsletter with other usage data stored under a pseudonymous user profile as part of your general use of the website (see section 3.2). This means that your previously collected data will be de-pseudonymised. This combined record helps us to better understand your needs and preferences so that we can tailor the content of the newsletter and our website more precisely to your personal interests. The exact wording of any declarations of consent you may have given when subscribing to the newsletter can be found at the end of this privacy policy.

 

X. YouTube with extended privacy mode

 

Our website uses the YouTube service to embed videos. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

 

The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR.

 

We use YouTube in extended privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, data transfer to YouTube partners is not necessarily excluded by the extended privacy mode. For example, YouTube connects to the Google DoubleClick network regardless of whether you watch a video.

 

As soon as you start a YouTube video on our website, a connection to YouTube’s servers is established. This informs the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behaviour with your personal profile. Data may also be transferred to the USA and linked with other data from other Google services, especially if you are logged into your Google account. To secure the data transfer, we have concluded the EU standard contractual clauses. If you do not want such a transfer of this information to YouTube and Google, you must log out of your Google account.

 

The processed data includes:

– information about the devices and browsers used (e.g. unique identifiers, IP address, Google user ID, YouTube ID, type and settings, operating system, mobile network)
– your activities (videos viewed, date and time of visiting the relevant page, visited website, interactions)
– location data

 

In addition, YouTube can store various cookies and similar technologies on your device after starting a video. With their help, YouTube can obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve usability, and prevent fraud attempts. The cookies remain on your device until you delete them.

 

Further data processing operations may be triggered after starting a YouTube video, over which we have no control.

 

We have no influence on the storage duration of the data and further data processing by YouTube and Google. You have the right to object to the creation of user profiles by YouTube, whereby you must contact YouTube to exercise this right.

 

To reduce the transfer of data before actually starting a video, we use the extended privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about the visitors to this website before they watch the video. However, data transfer to YouTube partners (Google DoubleClick network) is not necessarily excluded. Thus, YouTube connects to the Google DoubleClick network as soon as our website is accessed.

 

We also embed videos on our website in such a way that a transfer of your data to YouTube partners (the Google DoubleClick network) only begins once you actively click on the video.

 

Further information about privacy at YouTube and Google can be found in their privacy policies at: https://www.youtube.com/static?gl=DE&template=terms&hl=de
and https://policies.google.com/privacy?hl=de
.

 

XI. Google Maps

 

We integrate the interactive maps of the “Google Maps” service on our website to display interactive maps directly and to enable you to use the map function conveniently. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

 

To ensure data protection on our website, Google Maps is deactivated when you first enter our website. A direct connection to Google’s servers is only established when you activate Google Maps independently (consent pursuant to Art. 6 (1) (a) GDPR). In this way, it is prevented that your data is transmitted to Google the first time you enter the site.

 

If you call up a subpage of our website on which Google Maps is integrated after activation, your browser establishes a direct connection to Google’s servers. In doing so, information about the use of this website may be transmitted to Google servers in the USA and linked with further data from other Google services, particularly if you are logged into your Google account. Especially in the USA, there is the risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to take legal action.

 

The processed data includes information about the devices and browsers used (e.g. unique identifier, IP address, date and time of visiting the relevant page, internet address or the URL of the visited website) and further user data specified within the route planner function (e.g. location data, entered addresses, route description).

 

The legal basis for data processing is your consent pursuant to Art. 6 (1) (a) GDPR.

 

The transfer of data takes place regardless of whether Google provides a user account via which you are logged in, or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or the demand-oriented design of its website. Such evaluation is carried out in particular (even for non-logged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

 

We have no influence on the storage duration and further data processing by Google.

 

Further information on data processing by Google can be found at https://www.google.com/intl/de_US/help/terms_maps/
and https://policies.google.com/?hl=de
.

XII. HubSpot

 

We use HubSpot for our online marketing activities. This is an integrated software solution that allows us to cover various aspects of our online marketing.

 

These include, among others:

  • Content management (website and blog)
  • E-mail marketing (newsletters as well as automated mailings, e.g. for the provision of downloads)
  • Reporting (e.g. traffic sources, access, etc.)
  • Contact management (e.g. user segmentation & CRM)
  • Contact management (e.g. user segmentation & CRM)
  • Landing pages and contact forms

 

Our registration service allows visitors to our website to learn more about our company, download content and provide their contact details and other demographic information. This information, as well as the content of our website, is stored on the servers of our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information collected by us is subject to this privacy policy. We use all information collected solely for the purpose of optimising our marketing.

 

HubSpot is a software company from the USA with an office in Ireland.

 

Contact:
HubSpot
2nd Floor 30 North Wall Quay
Dublin 1, Ireland
Phone: +353 1 5187500

 

HubSpot is certified under the conditions of the “EU – U.S. Privacy Shield Framework” and is subject to TRUSTe’s Privacy Seal as well as the “U.S. – Swiss Safe Harbor” Framework.

 

»More information about the cookies used by HubSpot can be found here & here »

XIII. Own Services

 

Applications

We offer you the opportunity to apply to us (e.g. by e-mail, post or via an online application form). Below we inform you about the scope, purpose and use of the personal data collected during the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other legal provisions, and that your data is treated with strict confidentiality.

 

Scope and purpose of data collection
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes during job interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-new under German law (initiation of an employment relationship), Art. 6 (1) (b) GDPR (general contract initiation) and – if you have given consent – Art. 6 (1) (a) GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

 

If the application is successful, the data you have submitted will be stored in our data processing systems on the basis of § 26 BDSG-new and Art. 6 (1) (b) GDPR for the purpose of carrying out the employment relationship.

 

Retention period of the data
If we are unable to offer you a job, if you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained for a maximum of 6 months after the end of the application process (retention period) in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 (1) (f) GDPR).

 

YOU MAY OBJECT TO THIS STORAGE IF YOU HAVE LEGITIMATE INTERESTS THAT OUTWEIGH OUR INTERESTS.

 

After expiry of the retention period, the data will be deleted, unless there is a statutory retention obligation or other legal reason for further storage. If it is foreseeable that the storage of your data will be necessary after the retention period has expired (e.g. due to an impending or ongoing legal dispute), deletion will not take place until the data has become irrelevant. Other statutory retention obligations remain unaffected.

 

XIV. Borlabs Cookie

To obtain the necessary consents for the use of the respective cookies and similar tracking technologies on this website, we use Borlabs Cookie. The provider is Borlabs GmbH (Hamburger Str. 11, 22083 Hamburg). The cookie set by Borlabs is technically necessary (borlabs-cookie), as it serves exclusively for the purpose of obtaining and documenting consent. Our legitimate interest lies therein in accordance with the legal basis of § 25 (2) no. 2 TTDSG.

 

Borlabs Cookie does not process any personal data.
In the borlabs-cookie, your consents given when you entered the website are stored. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.

 

Further information about the provider can be found at https://borlabs.io/borlabs-cookie/
.

 

Status of this privacy policy: June 2023