colordruck Baiersbronn W. Mack GmbH & Co. KG, Saarstraße 2 – 10, 72270 Baiersbronn (hereinafter the “OPERATOR” or “we”) supplies a comprehensive range of cross-industry packaging solutions. With the following information, the OPERATOR informs about the processing of personal data of customers and suppliers in the context of the establishment and implementation of contractual relationships with the OPERATOR. Furthermore, we inform about measures which the OPERATOR takes for the purpose of acquiring new customers.
Based on the aforementioned packaging solutions, the OPERATOR has designed and developed the internet platforms colordruck.net and designyourpackaging.de (hereinafter collectively referred to as the “PLATTFORM”). In addition, the OPERATOR maintains a corporate presence on Facebook, Instagram, LinkedIn and XING. The following notices also contain information on the processing of personal data on the PLATFORM and on the corporate presence of the OPERATOR on Facebook, Instagram, LinkedIn and XING. To make it easier for you to read the data protection information, all of the OPERATOR’s online offers are also referred to collectively as the “ONLINE OFFERS”. Unless expressly stated otherwise, the following information on data protection applies to data processing via all of the OPERATOR’s ONLINE OFFERS.
Via the PLATFORM, USERS can make individualised designs of the packaging solutions offered and order them directly. The OPERATOR also offers further services via the ONLINE OFFERS.
- §1 Responsible for data processing
- §2 Purpose limitation of data processing and change
- §3 Personal data
- §4 Processing of personal data when you visit the PLATFORM
- 4.2 Cookies
- 4.3 Links to other websites
- 4.4 When contacting us
- §5 Webshop under designyourpackaging.de
- 5.2 Orders
- 5.3 Registration
- 5.4 Support
- §6 Newsletter and withdrawal of consent
- §7 Contractual relations outside PLATFORM
- 7.1 Contracts with our customers
- 7.2. Contracts with our suppliers
- 7.3 Potential customers (new customer acquisition, contact verification)
- 7.4 Customer care
- §8 Disclosure of personal
- §9 Your rights as a data subject
- §10 Social Media and Analysis Tools
- 10.1 Social Media
- 10.2 Our company presence at Facebook and Instagram
- 10.3 YouTube (Videos)
- 10.4 Use and application of Xing
- 10.5 Use and application of LinkedIn
- 11 Data transfer to a third country
- §12 Security Notice
- §13 Data Protection Officer
§1 Person responsible for data processing
The person responsible for the data processing on or via the ONLINE OFFERS is the OPERATOR. With regard to the use of the Facebook page of the OPERATORS, this and Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland, partly share responsibility within the meaning of Art. 26 GDPR. For this purpose, the OPERATOR has entered into a corresponding agreement with Facebook, which you can see here:Https://www.facebook.com/legal/terms/page_controller_addendum. Details on the processing of personal data on the Facebook page of the OPERATORS are presented in the following passages of this Privacy Notice
§2 Purpose limitation of data processing and change of purpose
We will process the personal data provided by you online only for the purposes communicated to you, unless the special conditions for a subsequent change of purpose exist (Art. 6 (4) DSGVO). If a change of purpose is permissible, we will inform you of this again separately in accordance with the statutory provisions, in particular Art. 13 (3) DSGVO.
§3 Personal data
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4 No. 1 GDPR). Personal data therefore always refers only to a natural person, not to a legal entity (company).
§4 Processing of personal data when visiting the PLATTFORM
4.1 Logging
When you call up the PLATTFORM, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion, usually after one week:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the file accessed
- Website from which the access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The above data will be processed by us for the following purposes:
- Ensuring a smooth connection of the website,
- Ensuring a comfortable use of our website,
- Auswertung der Systemsicherheit und -stabilität
- Clarification of any abusive page accesses (DoS/DDoS attacks or similar) and
- for other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. As a rule, we do not use the collected data for the purpose of drawing conclusions about your person. We reserve the right to do so in the event that this becomes necessary in order to clarify abusive page accesses.
4.2 Cookies
We use cookies on the PLATTFORM. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Information is stored in the cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity. Cookies do not cause any damage to your computer and do not contain viruses. In addition, other similar technologies are used in our offers (such as web beacons or local storage technologies). The use of cookies and similar technologies serves on the one hand to make the use of our offers more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already been to our site and which entries and settings you have made so that you do not have to enter them again. In order for you to be able to order in our online shop, a so-called long-term cookie is set when you call up certain Internet pages, for example. This is a small text file that remains permanently on your computer. This file is used exclusively to be able to use certain applications, e.g. our shopping basket system.
On the other hand, we use cookies and similar technologies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies and similar technologies enable us, for example, to automatically recognise that you have already been to our website when you visit it again. These cookies are automatically deleted after a defined period of time. By means of similar technologies, we can form user profiles and use these for statistical purposes, for the purpose of analysing and optimising our website according to requirements, as well as for advertising purposes. We process the data processed by cookies and similar technologies on the basis of our legitimate interests, insofar as they serve solely to optimise your visit to our site (Art. 6 para. 1 lit f DSGVO). If the purpose of the use of cookies is to evaluate your usage and surfing behaviour (e.g. user tracking) or to improve our marketing and advertising measures (e.g. retargeting), we set the corresponding cookies exclusively on the basis of your prior consent, which you can give us voluntarily by pressing the corresponding button in the “cookie banner” when you call up the page (Art. 6 para. 1 lit. a DSGVO).
We use the UserCentrics solution to manage consent. All information on the technologies used and processing purposes with regard to the use of cookies for which we request your consent can be found directly in the UserCentrics tool on our website at any time (eye symbol).
You can also configure your browser in such a way that no cookies are (any longer) stored on your computer or a message always appears before a new cookie is created or similar technologies are no longer activated. However, the complete deactivation of cookies and similar technologies may mean that you cannot use all the functions of our website. Most browsers already accept cookies and similar technologies by default. You can allow or prohibit temporary and stored cookies and similar technologies independently in the security settings. If you disable cookies and similar technologies, certain features on our website may not be available to you and some web pages may not display properly. We will not link the data stored in our cookies and similar technologies with your personal data (name, address, etc.) without your express consent.
4.3 Links to other websites
Our ONLINE OFFERS contain links to external websites of third parties over whose content we have no influence (see also § 9.1 Social Media). Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the content of the linked pages. Please note the data protection declarations of the third parties to whose site the link is made.
4.4 When contacting us
If you have any questions, we offer you the possibility of contacting us by telephone or by e-mail or other electronic messages, e.g. via the support hotline for telephone help with the ordering process or the data service for checking or creating print data. For this purpose, we have provided our contact details in our ONLINE OFFERS.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of your voluntarily given consent or, in the case of (pre-)contractual enquiries, on the basis of Art. 6 para. 1 lit. b DSGVO. The data collected and processed in the context of your contact with us will be deleted by us after the enquiry has been dealt with and, if applicable, after the expiry of statutory retention periods.
§5 Webshop unter designyourpackaging.de
5.1. General
Within the scope of registration and renewed logins (section 5.3) as well as within the scope of orders via our webshop (section 5.2), we will store your IP address together with the time of access or the time of the respective activity (e.g. an order). We have a legitimate interest in this, namely the prevention or clarification of unauthorised access – this interest also corresponds to your interests as a user. We will only pass this data on to third parties if this is necessary due to misuse for the enforcement of legal claims or for the purposes of criminal prosecution (Art. 6 para. 1 lit. f DSGVO).
5.2 Orders
Personal data is only collected in our webshop if you provide it to us as part of your order for goods or when opening a customer account. We use the data you provide without your separate consent exclusively for the fulfilment and processing of the respective contractual services, e.g. selection and ordering of the selected products and services, their payment and delivery, or execution, consultation after data verification, return transfers. For this purpose, we process personal master data as well as data on the company for which you place the order, contact and communication data, contract data, payment data of our customers and interested parties. The processing is carried out on the basis of Art. 6 Para. 1 lit. b DSGVO, insofar as it concerns the processing of the order transactions as such, and on the basis of Art. 6 Para. 1 lit. c DSGVO, insofar as this gives rise to statutory storage obligations. The information marked as mandatory is required for the justification and fulfilment of the contract, all other information is voluntary.
We only disclose the data provided to us to third parties within the scope of delivery, i.e. we pass them on to logistics service providers.
We also use external payment service providers, namely
BS Payone GmbH, Lyoner Str. 9, 60528 Frankfurt am Main;
Klarna Bank AB (publ) Sveavägen 46, 111 34 Stockholm Sweden;
PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg;
paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main;
Visa Europe Services Inc. London Branch 1 Sheldon Square, London W2 6TT;
Mastercard Europe SA Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium;
American Express Europe S.A. Theodor-Heuss-Allee 112, 60486 Frankfurt am Main.
For orders not processed via the webshop, we have the following payment service providers:
Volksbank eG im Kreis Freudenstadt Lossburger Str. 23, 72250 Freudenstadt;
Kreissparkasse Freudenstadt Stuttgarter Str. 31, 72250 Freudenstadt;
Landesbank Baden-Württemberg Am Hauptbahnhof 2, 70173 Stuttgart;
Banque Européenne du Crédit Mutuel (BECM) 4 rue Frédéric-Guillaume Raiffeisen, F-67000 Strasbourg;
The data protection notices of the respective providers can be found on the respective websites of the listed companies.
These transfers are made within the scope of contract processing on the basis of Art. 6 para. 1 lit. b GDPR.
For the purpose of payment processing, the payment service providers process
not only the information required for registration for the service, but also your account data, contract data and information about the recipient of the payment. However, only the payment service provider receives this information – we do not receive any information about your account when using the payment service providers listed above. Please note the terms and conditions of the payment service provider for the further conditions of use – in particular for possible credit checks. Third country transfers of personal data are not provided for, unless this would be necessary, for example, because you wish to be delivered to a third country or if you choose a bank account in a third country for payment. Payments via American Express can be transferred to the USA. The Company provides with standard contractual clauses of the EU the adequacy of the level of data protection also when processing data in the United States. We will delete your data from the contractual relationship after expiration of legal warranty and other obligations.In addition, if necessary, we will also retain data for a longer period, namely until the expiry of statutory retention obligations, which may extend to six years in respect of commercial letters, with regard to tax-relevant information for ten years.
5.3 Registration
If you register for our portal, you can, in particular, view your order history and thus experience more convenience for future orders. In this context, we process the mandatory information requested during registration in order to set up your user account. Passwords are generated automatically, which you should always change after creating the user account. If you delete the user account, we will also delete the registration information, unless this conflicts with legal obligations to retain data and further storage is therefore necessary in accordance with Art. 6 Para. 1 lit. c DSGVO.
5.4 Support
After sending a quotation request in the calculator, we may contact you about this request using all the contact details provided to us (i.e. by e-mail, telephone or post, if applicable), for example in order to clarify any ambiguities before preparing the quotation or carrying out the order. We have a legitimate interest in this, namely the avoidance of misunderstandings and the facilitation of order processing, Art. 6 para. 1 lit. f DSGVO.
§6 Newsletter and revocation of consent
If you are interested in receiving a newsletter from our company for information purposes about our company and our products and services, we only need your e-mail address. We process this on the basis of your consent given to us when you sent your request to be included in the newsletter distribution list, Art. 6 para. 1 lit. a DSGVO. After your registration, our system will send you an email with an activation link, with which you confirm the registration. In this way, we ensure that you are indeed the owner of the e-mail address provided and that you agree to receive the newsletter. Only from this point on will you receive the newsletter. You can revoke your consent to the storage of your e-mail address and its use for sending the newsletter at any time. You will find a corresponding note with a link in the newsletter.
In order to better understand how our newsletter is used, we evaluate your user behaviour when sending the newsletter. For this evaluation, the emails sent contain so-called tracking pixels. These are single-pixel image files that link to our website and thus enable us to evaluate your user behaviour. This evaluation includes information on whether the e-mail sent as a newsletter was delivered and opened and whether you clicked on links within the e-mail (see next paragraph). In doing so, we process information such as your IP address, the browser, the type of email client and other similar data. We use this information to measure the performance of our email campaigns, to generate and evaluate analytical information and thus in particular to improve the effectiveness of our newsletters.
You can object to this tracking at any time by clicking on the separate link provided in each email. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.
If you click on links to our PLATTFORM contained in a newsletter, we will only evaluate this if you have given us separate consent to do so within the meaning of Art. 6 Para. 1 lit. a DSGVO. Diese Einwilligung fragen wir beim Besuch unserer PLATTFORM über die Lösung von UserCentrics (dazu oben unter Ziff. 4.2) ab. Sie können diese gesonderte Einwilligung jederzeit über die Lösung von UserCentrics verwalten.
Die bei der Anmeldung zu unserem Newsletter erfassten Daten verwenden wir nur für eigene Informations-/Werbezwecke. Für den Versand des Newsletters setzen wir MailChimp als unsere Marketing-Plattform ein. Auch in der Lösung von UserCentrics finden Sie die für die Auswertung relevanten Informationen (wie vorstehend im Zusammenhang mit UserCentrics beschrieben) in der Rubrik zu MailChimp.
MailChimp ist ein Dienst der The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp wird für uns als Auftragsverarbeiter tätig und verarbeitet Ihre Daten für uns gemäß den Bestimmungen des MailChimp „Data Processing Addendums“ https://mailchimp.com/legal/data-processing-addendum/ Wenn Sie unseren Newsletter abonnieren, bestätigen Sie, dass Ihre Daten zur Verarbeitung an MailChimp übertragen werden. MailChimp verarbeitet Ihre Daten dann auch in den USA und möglicherweise in weiteren Ländern außerhalb der EU bzw. des EWR. MailChimp stellt mit Standardvertragsklauseln die Einhaltung eines angemessenen Datenschutzniveaus auch bei einer Verarbeitung personenbezogener Daten in den USA sicher. Darüber hinaus sind die EU-Standardvertragsklauseln für Auftragsverarbeiter Bestandteil unserer Vereinbarung mit MailChimp, sodass auch bei einer Verarbeitung in anderen Drittstaaten die Einhaltung europäischer Datenschutz-Standards vertraglich abgesichert ist. Bitte besuchen Sie https://mailchimp.com/legal/privacy/ um mehr über die Datenschutzpraktiken von MailChimp zu erfahren.
§7 Contractual relations outside the PLATFORM
7.1 Contracts with our clients
If you instruct us or act on behalf of a company or other organisation that instructs us, or we contact you as a result of a contractual relationship, or you contact us with a pre-contractual enquiry, we may collect the following information:
- Salutation, first name, last name;
- a valid e-mail address;
- Address;
- Telephone number (landline and/or mobile);
- If applicable, position in the company / organisation, authority to sign, power of attorney;
- Contract data
- Invoice and payment data
- other contractually relevant information, if applicable.
The collection of this data takes place:
- to be able to identify you as our client or as a natural person acting on behalf of our client or as our contact person;
- in order to be able to advise you as a customer appropriately;
- for correspondence with you;
- for invoicing.
The processing is necessary according to Art. 6 (1) lit. b DSGVO for the processing of (pre-) contractual enquiries or for the establishment and implementation of contractual relationships to which you are a party. If you are not yourself a party to a contract with us, but are an employee of one of our customers, we process your personal data on the basis of our legitimate interest in operating, expanding and developing our business (Art. 6 para. 1 lit. f DSGVO). With regard to data processing in the context of contacting us or through us, please also note the information under §4.4 of this data protection notice.
Subject to the following paragraphs, your data will be deleted as soon as the contract has been concluded and all liability and warranty periods arising from the contractual relationship have expired.
We will also process your data if and to the extent necessary to comply with our legal obligations (Art. 6 para. 1 lit. c DS-GVO). The personal data collected for the performance of the contractual relationship will therefore be stored for a period of up to ten years until the expiry of the retention and documentation obligations under tax and commercial law (from HGB, UStG or AO).
If, in the course of the contractual relationship, it becomes necessary for us to defend ourselves against liability claims or if we have to make a claim against one of our customers due to outstanding invoices, the processing of personal data required for this purpose is carried out on the basis of our legitimate interest in being able to adequately defend our legal position, Art. 6 (1) lit. f DS-GVO.
7.2 Contracts with our suppliers
If we engage you or you act on behalf of a company or other organisation that we engage, or we contact you as a result of a contractual relationship, or you contact us with a pre-contractual enquiry, we may collect the following information:
- Salutation, first name, last name;
- a valid e-mail address;
- Address;
- Telephone number (landline and/or mobile);
- If applicable, position in the company / organisation, authority to sign, power of attorney;
- Contract data
- Invoice and payment data
- other contractually relevant information, if applicable.
The collection of this data takes place:
- to be able to identify you as our client or as a natural person acting on behalf of our client or as our contact person;
- in order to be able to advise you as a customer appropriately;
- for correspondence with you;
- for invoicing.
The processing is necessary according to Art. 6 (1) lit. b DSGVO for the processing of (pre-) contractual enquiries or for the establishment and implementation of contractual relationships to which you are a party. If you are not yourself a party to a contract with us, but are an employee of one of our suppliers, we process your personal data on the basis of our legitimate interest in operating, expanding and developing our business (Art. 6 para. 1 lit. f DSGVO). With regard to data processing in the context of contacting us or through us, please also note the information under §4.4 of this data protection notice.
Subject to the following paragraphs, your data will be deleted as soon as the contract has been concluded and all liability and warranty periods arising from the contractual relationship have expired.
We will also process your data if and to the extent necessary to comply with our legal obligations (Art. 6 para. 1 lit. c DS-GVO). The personal data collected for the performance of the contractual relationship will therefore be stored for a period of up to ten years until the expiry of the retention and documentation obligations under tax and commercial law (from HGB, UStG or AO).
If, in the course of the contractual relationship, it should become necessary for us to defend ourselves against liability claims or if we have to file a claim against one of our suppliers due to outstanding or defective deliveries, the processing of personal data required for this purpose is carried out on the basis of our legitimate interest in being able to defend our legal position appropriately, Art. 6 (1) lit. f DS-GVO.
7.3 Potential customers (new customer acquisition, contact verification)
We process your name and professional contact details to contact you with information about our products and services that you either request or that we think may be of interest to you.
We may receive certain of your personal data from third parties, e.g. marketing agencies. In accordance with Art. 14 of the GDPR, we would like to inform you below about the sources and categories of data we use when researching or collecting from third parties. Apart from for the purpose of acquiring new customers, we may also use this data to check that the information we hold about you is up to date and to correct it if necessary.
Hier nutzen wir Dienste der Echobot Media Technologies GmbH, Karlsruhe. Diese sucht in eigener Verantwortlichkeit in öffentlich verfügbaren Daten aus Online-Nachrichten, Blogs, Firmenwebseiten, Registerdatenbanken und Social-Media Netzwerken mit geschäftlichem Bezug auch personenbezogene Daten heraus und stellt uns diese zur Verfügung. Weitere Informationen zur Datenverarbeitung bei Echobot finden Sie unter https://www.echobot.de/datenschutz.
The legal basis for the aforementioned data processing is our legitimate interests in the verification and updating of our database as well as the development of our business through the acquisition of new customers pursuant to Art. 6 (1) f DSGVO. The data will only be used within the scope of the purposes stated in this data protection declaration.
You have the right to object to the advertising approach by us and the processing of your data for this purpose. We will delete your data if you object to the processing for advertising purposes. Please note that we may continue to store your data after your objection has been lodged, insofar as this is necessary for our legitimate interest within the meaning of Art. 6 (1) f DSGVO in ensuring compliance with your objection (e.g. creation of a blacklist). You can find more detailed information on your right to object under §8 of this data protection notice.
Notwithstanding the above, your data will be deleted after a period of five years at the latest, calculated from the last feedback from you or the last personal contact with you, unless a continuing interest in a future contractual cooperation is specifically foreseeable at this time.
7.4 Customer care
We may also process the information mentioned in sections 7.1 and 7.3 of this privacy notice for customer care purposes in addition to the purposes stated there. Furthermore, we process additional information about your interests, previous contacts and contracts as well as communication with you for this purpose. This data processing serves our legitimate interest in maintaining the existing customer relationship with you, to be able to offer you suitable additional products and services if necessary, and to further develop our business (Art. 6 para. 1 lit f. DSGVO).
You have the right to object to the advertising approach by us and the processing of your data for this purpose. We will delete your data if you object to the processing for advertising purposes. Please note that we may continue to store your data after your objection has been lodged, insofar as this is necessary for our legitimate interest within the meaning of Art. 6 (1) f DSGVO in ensuring compliance with your objection (e.g. creation of a blacklist). You can find more detailed information on your right to object under §8 of this data protection notice.
Notwithstanding the above, your data will be deleted after a period of five years at the latest, calculated from the last feedback from you or the last personal contact with you, unless a continuing interest in a future contractual cooperation is specifically foreseeable at this time.
§8 Disclosure of personal data
We will not sell or market your personal information to third parties or disclose it for any other reason, except as otherwise provided herein. We will only share your personal information collected through this website with third parties thereafter if:
- you have given your express consent to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO,
- the disclosure is necessary in accordance with Art. 6 (1) p. 1 lit. f DSGVO for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, as well as
- this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.
§9 Your rights as a data subject
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details. We may only refuse to provide you with information if and insofar as the information would disclose information that must be kept secret in accordance with a legal provision or by its nature, in particular due to the overriding legitimate interests of a third party (§ 29 para. 1 sentence 2 BDSG), the competent public authority has determined to us that disclosure of the data would endanger public security or order or otherwise be detrimental to the welfare of the Federal Government or a Land (Section 34 para. 1 no. 1 BDSG in conjunction with Section 33 para. 1 no. 2 lit. b BDSG), or the data is only stored because it may not be deleted due to legal or statutory storage regulations, or exclusively serves the purpose of data security or data protection control and the provision of information would require disproportionate effort and processing for other purposes is precluded by appropriate technical and organisational measures (Section 34 (1) no. 2 BDSG).
- demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 DSGVO;
- pursuant to Art. 17 DSGVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
- pursuant to Art. 20 DSGVO to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent for the future,
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you may object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
In addition, you have a general right of appeal to the data protection supervisory authority responsible for you. The authority responsible for us is
the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, Königstraße 10a, 70173 Stuttgart, Germany
Tel.: 0711/615541-0
Fax: 0711/615541-15
E-mail: poststelle@lfdi.bwl.de
If you wish to exercise your right of revocation or objection, simply send an e-mail to datenschutz@colordruck.net.
§10 Soziale Medien und Analyse-Tools
10.1 Social Media
We use links to the social networks XING, Pinterest, YouTube, LinkedIn, Facebook and Instagram on our website on the basis of Art. 6 (1) sentence 1 lit. f DSGVO in order to present ourselves via these platforms and make us better known. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the DSGVO. The responsibility for the data protection-compliant operation of the social network is to be ensured by their respective operators.
When a user visits our site, the links do not initially transmit any personal data to the operators of the social networks. Only when a user clicks on the marked field and thereby opens the link, does the respective operator receive the information that a user has accessed the corresponding website of our online offer. In addition, personal data (in particular the IP address) is then transmitted to the operator of the respective social network. We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods with the operators of the social networks. We also have no information on the deletion of the collected data by the operators of the social networks. Further information on the purpose and scope of the data collection and its processing by the operators of the social networks is contained in the data protection declarations of these providers communicated below. Further information on the rights of users and the setting options for protecting privacy within these networks can also be found there.
For users from the EU, Facebook and Instagram are services of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Information on data protection on Facebook is available at , data protection information for Instagram at https://help.instagram.com/519522125107875?helpref=page_content. Pinterest provides its services for users from the EU through Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street Dublin 2, Ireland.
Pinterest and Facebook also process their users’ data through affiliated companies in the USA; both companies use standard contractual clauses to ensure the adequacy of the level of data protection even when data is processed in the USA (Art. 45 GDPR).
10.2 Our company presence at Facebook and Instagram
What is described here for Facebook also applies in the same way to Instagram. In part, we are jointly responsible with Facebook for data processing in connection with our corporate presence there (see §1 above), namely to the extent described below: When you visit our Facebook page, Facebook collects, among other things, your IP address as well as other information that is present on your PC in the form of cookies. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this under the following link: https://de-de.facebook.com/help/pages/insights. You have consented to this form of evaluation of your visit (also) by us by accepting the terms of use of Facebook, Art. 6 para. 1 lit. a DS-GVO. However, we would like to point out that the statistical evaluations do not allow us to draw any conclusions about specific users.
In addition, we inform you about our own data processing on Facebook as follows: We may use your comments and ratings as an opportunity to respond to them with comments of our own. For this purpose, we claim our legitimate interest in interacting with active users of our Facebook page (Art. 6 para. 1 lit. f DS-GVO). In case of questions of any kind, we offer you the possibility to contact us via personal messages on Facebook. In doing so, we are automatically informed of your Facebook username (for the rest, see § 4.4).
Facebook also processes data of its users through affiliated companies in the USA; Facebook uses standard contractual clauses to ensure the adequacy of the level of data protection even when processing data in the USA (Art. 45 DSGVO). Facebook also processes your personal data in third countries (see “§11 Data transfer to a third country” below).
10.3 YouTube (Videos)
The controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.
YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. As part of the processing described below, data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or other companies of the Google Group. Google Ireland Limited and Google LLC are herein jointly referred to as “Google”. Google uses standard contractual clauses to ensure the adequacy of the level of data protection even when data is processed in the USA. YouTube videos are all embedded in “enhanced data protection mode”, i.e. no data about users is transmitted to YouTube if they do not play the videos. Only when a user plays the videos is the data mentioned below transmitted. As part of this technical procedure, YouTube and Google receive information about which specific sub-page of our website is visited by the data subject.
If you play a YouTube video, the information that you have visited this page with your IP address is transmitted by your browser directly to the YouTube server and stored there. By interacting with the YouTube plugins (e.g. clicking, start.), the information caused by the interaction is transmitted to YouTube and stored there. If you have a YouTube user account and do not want YouTube to collect data about you via this PLATFORM and link it to your membership data stored with YouTube, you must log out of YouTube before visiting this PLATFORM. The privacy policy for YouTube and Google with further information on the collection and use of your data by YouTube, your rights in this regard and the settings options for protecting your privacy can be found at https://www.google.com/intl/de/policies/privacy/. YouTube also processes your personal data in third countries (see “§11 Data transfer to a third country” below).
10.4 Use and application of XING
The controller has integrated components of Xing on this website. Xing is an Internet-based social network that allows users to connect with existing business contacts and to make new business contacts. Individual users can create a personal profile of themselves on Xing. Companies can, for example, create company profiles or publish job offers on Xing.
The operating company of Xing is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
Each time one of the individual pages of this website operated by the controller is called up and on which a Xing component (Xing plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins. Within the scope of this technical procedure, Xing receives information about which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to Xing at the same time, Xing recognises which specific sub-page of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the data subject. If the data subject activates one of the Xing buttons integrated on our website, for example the “Share” button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.
Xing always receives information via the Xing component that the data subject has visited our website if the data subject is simultaneously logged into Xing at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, he or she can prevent the transmission by logging out of his or her Xing account before accessing our website.
The data protection provisions published by Xing, which can be accessed at https://www.xing.com/privacy, provide information on the collection, processing and use of personal data by Xing. Furthermore, Xing has published data protection information for the XING Share button at https://www.xing.com/app/share?op=data_protection. XING also processes your personal data in third countries (see “§11 Data transfer to a third country” below).
10.5 Use and application of LinkedIn
On our website we use a reference (link) to the social network LinkedIn. LinkedIn services are provided by: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
The link is identified by the LinkedIn logo (no LinkedIn plug-in). When you click on the LinkedIn logo, your browser establishes a direct connection with the LinkedIn servers. If you are already logged in to LinkedIn via your personal user account, the information about your visit to our website is automatically forwarded to LinkedIn. It is then possible that LinkedIn assigns the visit to the website to your account. We would like to point out that we have no knowledge of the content of the transmitted data or its use by LinkedIn.
Information on data protection by LinkedIn, contact options and available setting options (e.g. objection/opt-out for advertising tracking) are available here https://de.linkedin.com/legal/privacy-policy?. In addition, LinkedIn provides information on worldwide data transmission here https://www.linkedin.com/help/linkedin/answer/a1343190.
§11 Data transfer to a third country
Insofar as personal data is transferred to a country that is neither a member state of the European Union nor a state party to the Agreement on the European Economic Area (third country) in accordance with this data protection information, this is done, as far as possible, on the basis of adequacy decisions of the EU Commission or using standard data protection clauses. When using standard data protection clauses, we aim to implement additional measures to protect your data where necessary.
§12 Security notice
We make every effort to store your personal data in such a way that it is not accessible to third parties by taking all technical and organisational measures.
We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
When communicating via an unencrypted e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by post.
§13 Data Protection Officer
For questions, comments, complaints as well as requests for information in connection with our declaration on data protection and the processing of your personal data, you can contact our data protection officer in writing at the following address:
colordruck Baiersbronn W. Mack GmbH & Co. KG.
To the data protection officer
Saarstrasse 2 – 10
72270 Baiersbronn
datenschutz(at)colordruck.net