data protection policy
Thank you for visiting our website www.elbtal-plastics.de and your interest in our company. The protection of your personal data is important to us. Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual. Examples of this includes not only their civil name, address, phone number and date of birth, but also all data that can be obtained about a specific person.
As personal data enjoys particular statutory protection, it is only collected by us to the extent required for providing our website and service. Below we set out what personal information we collect and use during your visit to our website.
Our data protection practice is in accordance with the statutory provisions, in particular those of the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG), and the EU General Data Protection Regulation (GDPR). We will only collect, process and keep your personal data where required for operating this website and our content and services, as well as for processing enquiries and, where applicable, orders/contracts, but only where there is a legitimate interest in the sense of Article 6 (1, 1 f) GDPR or other permission. Only where you have provided your prior consent, your data is also used for other purposes in line with this consent, for example for sending promotional information via newsletter.
1. controller in the sense of article 4 (7) GDPR
In the sense of GDPR and other domestic data protection legislation of member states and other data protection provisions, the controller is:
Elbtal Plastics GmbH & Co. KG
Grenzstraße 9
01640 Coswig
phone: +49 3523 5330-0
fax: +49 3523 5330-222
e-mail: info@elbtal-plastics.de
2. name and address of the data protection officer
Supervisory Authority:
Data Protection Commissioner of Saxony
Dr. Juliane Hundert
PO Box 11 01 32
01330 Dresden
phone: +49 351 85471 101
fax: +49 351 85471 109
e-mail: saechsdsb@slt.sachsen.de
www.datenschutz.sachsen.de
Group Data Privacy Officer and External Data Privacy and Information Security Management
on behalf of KAP AG:
Jörg Schmidt
Edelzeller Straße 44
36043 Fulda
phone: +49 661 103 859
e-mail: j.schmidt@kap.de
3. provision of the website and preparation of log files
Every time our website is accessed, our system automatically records data and information of the accessing computer system. The following data is collected in doing so:
extent of data processing
- information about the browser type and version used
- the accessing device’s operating system
- the accessing device’s IP address
- date and time of access
- websites and resources (pictures, files and page content) accessed on our website.
- websites from which the user’s system reaches our website (referrer tracking)
This data is kept in our systems log files. This data together with personal data of a specific user is not stored, meaning that individual visitors to a page are not identified.
- legal basis for processing personal data
article 6 (1, f) GDPR (legitimate interest): Our legitimate interest is in guaranteeing that the following purpose set out below is achieved.
- aim of data processing
Logging takes place for maintaining the compatibility of our website for as many visitors as possible, combating misuse and troubleshooting. To do this, logging the technical details of the accessing computer is required to be able to react to display errors, attacks on our IT systems and/or faults with the functionality of our website as quickly as possible. In addition, the data serves for us to optimise the website and generally ensure the security of our IT systems.
- duration of storage
The aforementioned data is erased as soon it is no longer required for guaranteeing the compatibility of the website for all visitors, however no later than 3 months after accessing our website.
- option for objection and removal
The options for objection and removal are in line with the general provisions regarding the right to objection and entitlement to erasure under data protection legislation set out in this data protection policy.
4. particular functions of this website
Our site offers you different functions when using personal data collected, processed and stored by us. Below we set out what happens with this data:
contact form(s):
- extent of processing of personal data
data entered by you in our contact forms
- legal basis for processing personal data
article 6 (1, a) GDPR (implied consent)
- aim of data processing
We will only use data collected via our contact form(s) for processing specific contact enquiries input via the contact form.
- duration of storage
Once your enquiry has been processed, the data collected is erased without delay unless statutory retention periods are in place.
- option for objection and removal
The options for objection and removal are in line with the general provisions regarding the right to objection and entitlement to erasure under data protection legislation set out in this data protection policy.
5. automatic creditworthiness checking/scoring
Where we perform in advance, we reserve the right to obtain automatic creditworthiness information based on statistical procedures with the following company/companies to safeguard our legitimate interests. We receive information from the following named service providers about the statistical probability of payment arrears. The credit check may contain probability values (scores) calculated on the basis of recognised statistical procedures. This points to the customer’s future risk of payment arrears using criteria such as income, address details, occupation, family status and previous payment history. The result is printed out in the form of a score. The information received in this way forms the basis of our decision about the forming, performance or termination of a contractual relationship. Nevertheless, the option for selecting one of the payment options offered does not depend on such information. The options for objection and removal are in line with the general provisions regarding the right to objection and entitlement to erasure under data protection legislation set out in this data protection policy. In detail:
- Euler Hermes Deutschland, subsidiary of Euler Hermes SA:
Euler Hermes Deutschland, subsidiary of Euler Hermes SA, Friedensallee 254, 22763 Hamburg (www.eulerhermes.de): When entering into contracts and, in certain cases, where there is a legitimate interest, including with existing clients, our company checks your credit rating. To do this, we work with Euler Hermes Deutschland, a subsidiary of Euler Hermes SA, Friedensallee 254, 22763 Hamburg, from whom we receive the data required for this. For this purpose, we forward your details to Euler Hermes Deutschland, a subsidiary of Euler Hermes SA.
6. statistical evaluation of visits to our website – webtracker
We collect, process and store the following data when this website or individual files of this website are accessed. IP address, website from which the file was accessed, file name, data and time of access, quantities of data transferred, and report about the success of the access (so called weblogs). We only use these access details in a non-personalised form for constantly improving our online offer and for statistical purposes.
We also use the following web trackers for evaluating visits to this website:
Google Analytics
- extent of processing of personal data
We use the web tracking services of Google LLC, 1600 Amphitheatre Park in 94043 Mountain View, USA on our site (hereinafter: Google Analytics). With web tracking, Google Analytics uses cookies that are stored on your computer and enable analysis of the use of our website and your browsing behaviour (so-called tracking). We perform this analysis based on Google Analytics’s tracking services for continually optimising our online offer and improving its availability. When you use our website, data such as in particular your IP address and user activities is sent to servers of the company Google LLC and processed and stored outside of the European Union, for example in the USA.
The EU Commission has decreed that an appropriate level of data protection can exist if the company processing the data is subject to the US/EU Privacy Shield framework and data export to the USA is permitted in this way. Activating IP anonymisation within this website’s Google Analytics tracking code has Google Analytics anonymise your IP address before transfer. This website uses a Google Analytics tracking code with the operator gat._anonymizeIp(); added to it in order to only allow anonymised recording of IP addresses (so-called IP masking).
- legal basis for processing personal data
Article 6 (1, a) GDPR (consent), either when registering with Google (opening a Google account and accepting the privacy policy implemented there) or, where you have not registered with Google, by explicitly consenting when opening our site.
- aim of data processing
On our behalf, Google will use this information to evaluate your visit to this website, compile reports about website activities, and provide us with further services associated with use for the website and internet. The IP address provided from your browser by Google Analytics is not combined with other data from Google LLC.
- duration of storage
Google will keep the relevant data for providing web tracking for as long as it is required for performing the booked web service. Data is collected and stored in an anonymised manner. Where a person can still be identified, the data is erased without delay unless subject to statutory duties of retention. In every case, erasure take place once the duty of retention has expired.
- option for objection and removal
You can prevent the collection and forwarding of personal data to Google (in particular your IP address) as well as the processing of this data by Google by disabling the running of script code on your browser, installing a script blocker on your browser (you will find this for example under www.noscript.net or www.ghostery.com), or enabling your browser’s ‘Do Not Track’ setting. You can also prevent the collection of data generated by the cookie and referring to the use on your website (including your IP address) by Google and also the processing of this data by downloading and installing the browser plugin available via the following link (https://tools.google.com/dlpage/gaoptout?hl=de). You will find Google Analytics’s security and privacy policies under https://www.google.com/intl/de/analytics/learn/privacy.html
7. integrating external web services and processing data outside the EU.
We use active Java script content from external providers on our website, so called web services. When you access our website, these external providers will receive any personal information about your visit to our website. Where required, this enables data to be processed outside the EU. You can prevent this by installing a Java script blocker such as the ‘NoScript’ browser plugin (www.noscript.net) or disabling Java script on your browser. This may lead to operational restrictions on websites that you visit.
We use the following external web services:
- doubleclick
A web service is uploaded to our website from the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View (hereinafter: doubleclick). We use this data for guaranteeing the full functionality of our website. As such, your browser will pass personal data where required to Doubleclick. The legal basis for processing data is Article 6 (1, f) GDPR. The legitimate interest consists in the error-free operation of the website. Doubleclick has self-certified itself under the EU/US Privacy Shield framework (see https://www.privacyshield.gov/list). The data is erased as soon as the purpose of its collection has been met. You can find further information about handling the data sent in Doubleclick’s privacy policy. https://www.google.com/intl/de/policies/privacy/. You can prevent the collection and processing of your data by Doubleclick by disabling the running of script code on your browser or installing a script blocker on your browser (for example, you will find this under www.noscript.net or www.ghostery.com).
- Google
A web service is uploaded to our website from the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View (hereinafter: Google). We use this data for guaranteeing the full functionality of our website. As such, your browser will pass personal data where required to Google. The legal basis for processing data is Article 6 (1, f) GDPR. The legitimate interest consists in the error-free operation of the website. Google has self-certified itself under the EU/US Privacy Shield framework (see https://www.privacyshield.gov/list ). The data is erased as soon as the purpose of its collection has been met. You can find further information about handling the data sent in Google’s privacy policy. https://www.google.com/intl/de/policies/privacy/ . You can prevent the collection and processing of your data by Google by disabling the running of script code on your browser or installing a script blocker in your browser (for example, you will find this under www.noscript.net or www.ghostery.com ).
- Google APIs
A web service is uploaded to our website from the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View (hereinafter: Google APIs). We use this data for guaranteeing the full functionality of our website. As such, your browser will pass personal data where required to Google APIs. The legal basis for processing data is Article 6 (1, f) GDPR. The legitimate interest consists in the error-free operation of the website. Google APIs has self-certified itself under the EU/US Privacy Shield framework (see https://www.privacyshield.gov/list ). The data is erased as soon as the purpose of its collection has been met. You can find further information about handling the data sent in Google API’s privacy policy. https://www.google.com/intl/de/policies/privacy/ . You can prevent the collection and processing of your data by Google APIs by disabling the running of script code on your browser or installing a script blocker on your browser (for example, you will find this under www.noscript.net or www.ghostery.com).
- gstatic
A web service is uploaded to our website from the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View (hereinafter: gstatic). We use this data for guaranteeing the full functionality of our website. As such, your browser will pass personal data where required to gstatic. The legal basis for processing data is Article 6 (1, f) GDPR. The legitimate interest consists in the error-free operation of the website. gstatic has self-certified itself as part of the EU/US Privacy Shield framework (see https://www.privacyshield.gov/list ). The data is erased as soon as the purpose of its collection has been met. You can find further information about handling the data sent in gstatic’s privacy policy. https://www.google.com/intl/de/policies/privacy/ . You can prevent the collection and processing of your data by gstatic by disabling the running of script code on your browser or installing a script blocker on your browser (for example, you will find this under www.noscript.net or www.ghostery.com).
- YouTube
A web service is uploaded to our website from the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View (hereinafter: YouTube). We use this data for guaranteeing the full functionality of our website. As such, your browser will pass personal data where required to YouTube. The legal basis for processing data is Article 6 (1, f) GDPR. The legitimate interest consists in the error-free operation of the website. YouTube has self-certified itself under the EU/US Privacy Shield framework (see https://www.privacyshield.gov/list ). The data is erased as soon as the purpose of its collection has been met. You can find further information about handling the data sent in YouTube’s privacy policy. https://www.google.de/intl/de/policies/privacy/ . You can prevent the collection and processing of your data by YouTube by disabling the running of script code on your browser or installing a script blocker on your browser (for example, you will find this under www.noscript.net or www.ghostery.com ).
- ytimg
A web service is uploaded to our website from the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View (hereinafter: ytimg). We use this data for guaranteeing the full functionality of our website. As such, your browser will pass personal data where required to ytimg. The legal basis for processing data is Article 6 (1, f) GDPR. The legitimate interest consists in the error-free operation of the website. ytimg has self-certified itself as part of the EU/US Privacy Shield framework (see https://www.privacyshield.gov/list ). The data is erased as soon as the purpose of its collection has been met. You can find further information about handling the data sent in ytimg’s privacy policy. https://www.google.de/intl/de/policies/privacy/ . You can prevent the collection and processing of your data by ytimg by disabling the running of script code on your browser or installing a script blocker on your browser (for example, you will find this under www.noscript.net or www.ghostery.com ).
- website-check.de
A web service of the company Website-Check GmbH, Beethovenstraße 24 in 66111 Saarbrücken, DE (hereinafter: website-check.de). We use this data for guaranteeing the full functionality of our website. As such, your browser will pass personal data where required to website-check.de. The legal basis for processing data is Article 6 (1, f) GDPR (legitimate interests). The legitimate interest consists in the error-free operation of the website. The data is erased as soon as the purpose of its collection has been met. You can find further information about handling the data sent in website-check.de’s privacy policy. https://www.website-check.de/datenschutzerklaerung/. You can prevent the collection and processing of your data by website-check.de by disabling the running of script code on your browser or installing a script blocker on your browser (for example, you will find this under www.noscript.net or www.ghostery.com).
8. information about the use of cookies
- extent of processing of personal data
We use cookies on different pages to enable specific functions of our website to be used. Cookies involve small text files that your browser can save to your computer. These text files contain a characteristic series of characters that allow the browser to be clearly identified when our website is accessed again. The process for saving a cookie file is also called ‘set a cookie”.
- legal basis for processing personal data
Article 6 (1, f GDPR). (legitimate interest). Our legitimate interest consists in maintaining full functionality of our website, increasing usability, and enabling individual customer contact. The identification of individual visitors to the site with the help of cookie technology is only possible if they have provided us with corresponding personal data in advance based on septate consent.
- aim of data processing
Cookies set on our website to maintain our website’s full functionality and improve usability. In addition, cookie technology allows us to recognize individual users through pseudonyms, for example an individual random ID making it possible for us to offer individual services.
- duration of storage
Our cookies are stored until deleted on your browser or, if a session cookie is involved, until the session has expire
- option for objection and removal
You can set your browser yourself in accordance with your wishes in such a way that you prevent the setting of cookies, opt to accept cookies on a case-by-case basis, or always accept cookies. Cookies are used for different purposes, for example recognising that your PC has already been connected to our online offer (permanent cookies), or for saving recently viewed offers (session offers). We use cookies to offer you enhanced user convenience. In order to make use of this, we recommend that you allow cookies for our online offer. The options for objection and removal are also in line with the general provisions regarding the right to objection and entitlement to erasure under data protection legislation set out in this data protection policy.
9. data security and data protection, communication via email
Your personal data is protected by technical and organisational measures during collection, storage and processing in such a way that it is not accessible for third parties. With unencrypted email communication, complete data security during communication with our IT systems cannot be guaranteed by us, therefore we recommend using encrypted communication or post in the event of information with a high requirement for confidentiality.
10. automatic e-mail archiving
- extent of processing of personal data
We point out expressly that our email system has an automated archiving process. All incoming and outgoing emails are thus archived securely for audit
- legal basis for processing personal data
Article 6 (1, f) GDPR (legitimate interest). Our legitimate interest consists in complying with requirements under tax and commercial law (e.g. articles 146 and 147 of the German Tax Code).
- aim of data processing
The purpose of archiving consists in complying with requirements under tax and commercial law (e.g. articles 146 and 147 of the German Tax Code).
- duration of storage
Our email communications are stored until expiry of of duties of retention under tax and commercial law. The retention period may be up to 10 years.
- option for objection and removal
In the event of questions regarding our email archiving system, please contact our data protection officer. We would also like to point out that we only accept applications in PDF format. Zipped (WinZip, WinRAR, 7Zip, etc.) files are filtered out by our security system and not delivered. We ignore applications in Word and other file formats and delete them unread. Please note that unencrypted applications sent by email may be opened by third parties before reaching our email systems. We work on the assumption that we are also allowed to respond to application emails without encryption. Should you not want this, please advise us in your application email.
11. revocation of consent – access to information and change requests – erasure and blocking of data
In accordance with the German Federal Data Protection Act, you have the right to free access to your stored data as well as, where applicable, a right to this data being rectified, blocked or erased. Your data is then erased unless statutory provisions stand in the way. You are able to revoke at any time your consent provided for using your personal data. Please feel free to send requests to access, erase and rectify your data as well as any suggestions any time to the following address:
Elbtal Plastics GmbH & Co. KG
Grenzstraße 9
01640 Coswig
e-mail: info@elbtal-plastics.de
phone: +49 3523 5330-0
fax: +49 3523 5330-222
12. right to data portability
You are entitled to have us make the personal data that you have provided us with available to you in a structured, commonly used and machine-readable format. You are also entitled to demand that we transfer this data to a third party on your first instruction and without delay provided that the processing is bases on consent in accordance with article 6 (1, a), article 9 (2, a) GDPR, or on a contract in accordance with article 6 (1, b) GDPR, and the processing occurs as part of automated processing by us.
In exercising this right to data portability pursuant to paragraph 1, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other people may not be adversely affected by this.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
13. right to lodge a complaint with ha supervisory authority in accordance with article 77 (1) GDPR
Where you suspect that your data has been unlawfully processed on our site, you can of course request judicial clarification of the problem at any time. Regardless of this, the option of turning to a supervisory authority is available to you. The right to lodge an objection is available to you in the EU member state of your place of residence, place of work, and/or the location of the alleged breach, i.e. you are able to select the supervisory authority whom you turn to for the aforementioned locations. The supervisory authority with whom you lodge the complaint will then inform you about the state and outcome of your submission, including the possibility of judicial remedy in accordance with article 78 GDPR.
prepared by:
© IT-Recht-Kanzlei DURY – www.dury.de
© Website-Check GmbH – www.website-check.de