Privacy Notice of Pütz GmbH & Co. Folien KG

1 Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation is:

Pütz GmbH & Co. Folien KG
Management: Christiane Pütz, Ferdinand Pütz jr.
Obere Waldstrasse 26 + 26a
65232 Taunusstein
Phone: +49 (0) 6128 / 964-0
info (at) puetz-folien.com

2 Name and Address of the Data Protection Officer

The data protection officer of the controller according to Art. 37 Para. 7 GDPR is:

Thomas Strecker
Email: datenschutz (at) tostit.net

3 Definitions

The privacy notice of Pütz GmbH & Co. Folien KG is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy notice should be legible and understandable for the general public, as well as our customers and business partners.

We use the following terms, among others, in this privacy notice and on our website:

3.1 Personal Data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2 Data Subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

3.3 Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.4 Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

3.5 Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

3.6 Controller or Controller Responsible for the Processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

3.7 Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

3.8 Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

3.9 Third Party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

3.10 Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. General Information on Data Processing

Data protection, data security, and confidentiality are high priorities for Pütz GmbH & Co. Folien KG. The permanent protection of your personal data, your company data, and your trade secrets is particularly important to us.

You can generally visit our website without providing any personal information. However, if you use services of our company through our website, it is necessary to provide your personal data. As a rule, we use the data you provide and the data collected by the website and stored during use exclusively for our own purposes, namely to implement and provide our website and to initiate, execute, and process the services/offers offered via the website (contract fulfillment). We pass this data on to external third parties if this is necessary for the fulfillment of a contract, who also use the personal data exclusively for the purpose of fulfilling their order to us. In all other cases, we obtain your separate consent.

The processing of your personal data takes place in accordance with the requirements of the General Data Protection Regulation and in compliance with the country-specific data protection regulations applicable to Pütz GmbH & Co. Folien KG. With this privacy notice, we would like to inform you about the nature, scope, and purpose of the personal data processed by us. In addition, we inform you about your rights through this privacy notice.

Pütz GmbH & Co. Folien KG has implemented technical and organizational measures to ensure adequate protection of personal data processed through this website. However, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed.

5. Collection of General Data and Information

The website of Pütz GmbH & Co. Folien KG collects a series of general data and information with every call of the website by a data subject or an automated system. This general data and information is stored in the log files of the server.

  • The following may be collected:
  • The operating system used by the accessing system
  • The subpages accessed on our website through an accessing system
  • An Internet Protocol address (IP address)
  • Other similar data and information that serve to avert danger in case of attacks on our information technology systems.

When using this general data and information, Pütz GmbH & Co. Folien KG does not draw any conclusions about the data subject. Rather, this information is needed to:

  1. Deliver the contents of our website correctly
  2. Optimize the contents of our website as well as the advertising for it
  3. Ensure the long-term functionality of our information technology systems and the technology of our website
  4. Provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

This anonymously collected data and information is therefore evaluated statistically by Pütz GmbH & Co. Folien KG, on the one hand, and furthermore with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

6. Inquiry Form and E-mail Contact

There is a contact form on our website that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. This data includes (e.g.):

  • Required fields: Company, Last name, * Postal code/City, E-mail address, * We collect postal code and city to assign your responsible sales representative to you. At the time of sending the message, the following data is also stored:
  • The IP address of the user
  • Date and time of sending

Alternatively, contact is possible via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, no data is shared with third parties. The data is used exclusively for processing the conversation.

7 Data Protection for Applications and in the Application Process

We collect and process personal data of applicants for the purpose of handling the application process. The processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically via bewerber@puetz-folien.com. If we conclude an employment contract with you as an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal regulations. If no employment contract is concluded with the applicant, the application documents will be deleted six months after the end of the application process, provided that no other legitimate interests of the controller oppose deletion.

Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

8 Data Protection Provisions on the Use of Google Analytics (with Anonymization Function)

We have integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analytics service collects, among other things, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For the web analytics through Google Analytics, the controller uses the addition “_gat._anonymizeIp”. By means of this addition, the IP address of the Internet connection of the data subject is abridged by Google and anonymized when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us. These purposes also represent our legitimate interest in data processing. The legal basis for the use of Google Analytics is § 15 Abs. 3 TMG or Art. 6 Abs. 1 f) GDPR. Data sent by us and linked to cookies, user identifiers (e.g., User-ID) are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this website, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our website, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

As previously mentioned, the data subject can prevent the setting of cookies by our website at any time by adjusting the settings of the Internet browser used, thus permanently objecting to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the data subject’s information technology system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

In addition to so-called “first-party cookies”, which are set by us as the data controller, “third-party cookies” offered by other providers are also used. We inform you about the use of “third-party cookies” and about the cooperation with external service providers who provide services such as web tracking or reach measurement for us within the individual privacy information of the respective online offers. There you will also be informed about the possibility of objection with regard to individual cookies.

A general objection to the use of cookies for online marketing purposes can be declared for a multitude of services via the EU website http://www.youronlinechoices.com/ or the US website http://www.aboutads.info/choices/. Furthermore, you can make appropriate configurations in your browser settings and, for example, reject the acceptance of “third-party cookies” or all cookies. However, this may mean that not all functions of our online offers are available to you.

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics related to the use of this website as well as the processing of this data by Google and to prevent such collection. To do this, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s information technology system is deleted, formatted, or reinstalled at a later time, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.

Further information and Google’s applicable privacy policies can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.

9. Legal Bases, Purposes of Processing, Duration of Storage, Objection and Removal Options

9.1 General Information on Legal Bases

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 b) GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 d) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 para. 1 f) GDPR serves as the legal basis for processing.

9.2 General Information on Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

10 Your Rights

If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

10.1 Right to Information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing is taking place, you can request information from the controller about the following:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
  4. the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. all available information on the source of the data if the personal data is not collected from the data subject;
  8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and intended consequences of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

10.2 Right to Rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is inaccurate or incomplete. The controller must make the correction without delay.

10.3 Right to Restriction of Processing

You can request the restriction of processing of personal data concerning you under the following conditions:

  1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or
  4. if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

10.4 Right to Erasure

10.4.1 Obligation to Erase

You can request from the controller that the personal data concerning you be erased without undue delay, and the controller is obligated to erase this data without undue delay where one of the following grounds applies:

  1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
  4. The personal data concerning you have been unlawfully processed.
  5. The deletion of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

10.4.2 Information to Third Parties

If the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

10.4.3 Exceptions

The right to erasure does not exist to the extent that processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defense of legal claims.

10.5 Right to Information

If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about these recipients by the controller.

10.6 Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
  2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

10.7 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.

The controller no longer processes your personal data unless they can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

10.8 Right to Withdraw Data Protection Consent Declaration

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

10.9 Automated Decision-Making in Individual Cases Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for entering into, or performance of, a contract between you and the controller,
  2. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  3. is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10.10 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Last updated: 25.05.2018

Responsible entity: Pütz GmbH & Co. Folien KG