This data protection declaration (Version: GDPR 1.0 from 2018-05-23) was produced by:
Deutsche Datenschutzkanzlei Datenschutz-Office Munich – www.deutsche-datenschutzkanzlei.de
We, IWK Verpackungstechnik GmbH, are responsible for this online offering and, as the provider of a teleservice, must inform you at the beginning of your visit to our online offering, about the type, scope and purpose of the collection and use of personal data in a precise, transparent, understandable and easily accessible way, in clear and simple language. The contents of the information must be retrievable for you at all times. We are therefore obliged to inform you of which personal data will be collected or used. Any information relating to an identified or identifiable natural person is described as personal data.
We place great value on the security of your data and compliance with the data protection regulations. The collection, processing and use of personal data is subject to the regulations of the European and national laws currently in force
We would like to show you in the following data protection declaration how we handle your personal data and how you can make contact with us:
IWK Verpackungstechnik GmbH
Telephone: +49 7244 968 0
Commercial register-No.: HRB 10 27 76
Managing director: Dr. Heinrich Sielemann
Our data protection officer
If you have questions, you can contact our data protection officer as follows:
Alissa Lenz, Deutsche Datenschutzkanzlei – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50, 87435 Kempten, Germany
For the sake of easier reading, no gender-specific distinction is made in our data protection declaration. The terms used apply, in the context of equal treatment, to both genders.
The meaning of the terminology used, for example ‘personal data’ or its ‘processing’ can be taken from Article 4 of the EU-General Data Protection Regulation (GDPR).
The users’ personal data processed in the context of this online offering, include inventory data (e.g. customer’s name and address), contract data (e.g. services used, name of person responsible, payment information), usage data (e.g. Websites of our online offering visited, interest in our products) and content data (e.g. input into the contact form).
‘User’ includes all categories of persons affected by the data processing. These include, for example, our business partners, customers, interested parties and other visitors to our online offering.
Data protection declaration
We guarantee that we only collect, process, store and use your incoming data in connection with the processing of your request, as well as for internal purposes and providing the services that you have requested or to make content available..
Basis of data processing
We process the user’s personal data only in compliance with the relevant data protection regulations. The user’s data are only processed when the following statutory permission exists:
- in order to deliver our contractual performance (e.g. Processing orders) and online services
- processing is required by law
- your consent is given
- on the basis of our legitimate interests (i.e. interest in the analysis, optimization, and economic operation and security of our online offering in the sense of Art. 6 para. 1 lit. f. GDPR, in particular range measurement, production of profiles for advertising and marketing purposes, as well as the collection of access data and the use of services from third party providers)
We would like to show you where the main legal grounds are regulated in the GDPR:
- Art. 6 para. 1 lit. a. and Art. 7 GDPR
- Processing to deliver our contractual performance and carrying out contractual measures
- Art. 6 para. 1 lit. b. GDPR
- Processing to fulfil our legal obligations
- Art. 6 para. 1 lit. c. GDPR
- Processing to safeguard our legitimate interests
- Art. 6 para. 1 lit. f. GDPR
Data transfer to third parties
Data is only passed to third parties within the framework of the legal provisions. We only pass user’s data to third parties when this is, for example, necessary for contractual purposes or based on our legitimate interest in the economic and the effective operation of our business.
In the event that we use subcontractors to provide our services, we take suitable legal precautions, as well as appropriate technical and organizational measures, to provide protection for personal data in accordance with the relevant legal provisions.
Data transfers to third countries or an international organization
Third countries are countries in which the GDPR is not a directly applicable law. This basically includes all countries outside the EU, respectively, the European Economic Area.
No data is transferred to a third country or an international organization without your consent or without a statutory basis.
Length of storage of your personal data
We adhere to the principles of data economy and data avoidance. This means the data you make available to us is only retained as long as it is needed to fulfil the previously named purposes or as laid down by the manifold storage periods provided for by the legislator. If the relevant purpose no longer exists, or after expiry of the appropriate period, your data is routinely blocked, or erased, in accordance with the statutory provisions
We have developed a company-internal concept to guarantee this procedure.
If you make contact with us by email, you consent to electronic communication. Personal data will be collected in the context of contacting us. Which data is collected in the case of a contact form, can be seen on the respective contact form. Your data are transmitted with SSL encryption. The statements which you make will be stored exclusively for the purpose of processing your inquiry and for possible follow-up questions.
We would like to tell you the legal grounds:
- Processing to fulfil our performance and carry out contractual measures
- Art. 6 para. 1 lit. b. GDPR
- Processing to safeguard our legitimate interests
- Art. 6 para. 1 lit. f. GDPR
We use software to maintain our customer data (CRM system) or comparable software on the basis of our legitimate interests (processing users’ enquiries efficiently and quickly)
For this, we have concluded an order processing contract which the provider, in which the provider is obliged to process user data only in accordance with our instructions and in compliance with the EU level of data protection.
We would like to advise you that emails can be read or changed, unnoticed and without authorization, during transmission. We would also like to bring to your attention that we use software to filter unwanted emails (spam filter). Emails can be rejected by the spam filter if they are wrongly identified as spam due to the presence of certain characteristics.
What rights do you have?
a. Right to information
You have the right to obtain information about your stored data without charge. On request, we will tell you in writing, in accordance with current law, what personal data about you we have stored. This also includes the origin and recipient of your data as well as the purpose of the data processing..
b. Right to rectification
You have the right to have your data which is stored by us, corrected, if it is incorrect. You can demand a limitation to the processing of your personal data, e.g. if the accuracy of your personal data is contested
c. Right to blocking
Furthermore, you can have your data blocked. So that a blocking of your data can be taken into account at any time, the data must be held in a lock file for control purposes.
d. Right to erasure
You can also demand the erasure of your personal data, so long as no legal storage obligation exists. If such an obligation exists, we will block your data on request. If appropriate statutory requirements are present, we will also erase your personal data without a request from yourself.
e. Right to data transferability
You are entitled to demand that the personal data transferred to us is made available in a format which enables it to be transferred to another location.
f. Right to complain to a supervisory authority
You have the option of approaching a data protection supervisory authority with a complaint.
g. Right to object
You have the option to object at any time to the use of your data for internal purposes with future effect. For this, it is sufficient to send an appropriate email to Alissa.firstname.lastname@example.org
However, such an objection does not affect the legality of processing procedures which we have already carried out. This does not affect data processing in respect of other legal bases, for example, such as contract initiation (see above).
Protection of your personal data
We take state of the art contractual, organizational and technical security measures to ensure compliance with the provisions of the data protection laws and therefore, to protect the data which we process against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons.
In particular, our security measures include the encrypted transfer of data between your browser and our server. 256-bit-SSL (AES 256) encryption technology is used for this. This includes our IP address.
Thereby your personal data is protected in the context of the following points (extract):
a.) Ensuring the confidentiality of your personal data
To ensure the confidentiality of the personal data which we store, we have taken various measures to control access.
b.) Ensure the integrity of your personal data
To ensure the integrity of the personal data which we store, we have taken various measures to control transfer and input.
c.) Ensure availability of your personal data
To ensure the availability of the personal data which we store, we have taken various measures to control orders and availability.
The security measures employed are continually improved in accordance with technical development. Despite these precautions, because of the insecure nature of the internet, we are unable to guarantee the security of your data transfers to our online offering. For this reason, all data transfers from you to our online offering, are made at your own risk.
Protection of minors
Persons who are under 16, are not allowed to provide us with their personal information without the express consent of the person having parental responsibility. These data will be processed in accordance with our data protection declaration.
Our internet offering uses: Browser cookies/flash cookies
Control of cookies by the user
Browser cookies: All browsers can be set so that cookies are only accepted upon request. Also, per set-up, cookies can only be accepted for sites which are currently being visited. All browsers offer functions which make the selective deletion of cookies possible. The acceptance of cookies can also be deactivated generally, however in that case, limitations in the online offering’s user friendliness must be accepted.
Flash cookies: Flash cookies are (locally) stored Flash Player settings. However, these are not browser cookies which are managed through the relevant browser settings but are managed separately through the Flash Player settings manager. External link: www.macromedia.com/support/documentation/de/flashplayer/help/settings_manager03.html
Use of first party cookies (Google Analytics Cookie)
Google Analytics Cookies record:
- Unique user– Google Analytics Cookies collect and group your data. All activities during a visit are collected. A distinction between users and unique users is made by using Google Analytics Cookies.
- User’s activities– Google Analytics Cookies also store data about the beginning and end times of your visit to the online offering and how many pages you have looked at. The user session is ended by closing the browser or after long user inactivity (Standard 30 minutes), and the cookies records that the visit has ended. The total number of visits per unique user is also recorded. External link: http://www.google.com/analytics/terms/de.html
You can prevent the collection of the data produced by the cookie in reference to the use of the inline offering (including your IP address), by Google and the processing of the data by Google, by downloading and installing the following browser plugin: External link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information can be found under the point “Web analysis Google Analytics / Universal Analytics”.
Lifespan of the cookies employed
Cookies are managed by our internet offer’s website. The internet offering uses:
Transient cookies/Session cookies (single use)
Life spam: Until the online offer is closed
Persistent cookie (permanent browser recognition)
Life span: 30 days
Deactivate or remove cookies (Opt-Out)
Every browser offers the option of limiting or deleting cookies. Further information about this can be obtained from the following websites:
- Internet Explorer: http://windows.microsoft.com/en-GB/windows7/How-to-manage-cookies-in-Internet-Explorer-9
- Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Safari: https://support.apple.com/de-de/HT201265
Web analysis service Google Analytics / Universal Analytics
We use Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses “Cookies”, text files that are stored on your computer and allow the use of the online offering to be analyzed. The information produced by the cookie about the use of the online offering, is normally transmitted to a server in the USA belonging to Google and stored there. Therefore, data is transmitted to a third country. It is considered that relevant suitable/appropriate guarantees are present and enforceable rights and effective legal remedies are available to you.
You can obtain a copy of the suitable guarantees under the following links:
- Privacy-Shield: https://www.privacyshield.gov/list
- Standard contract clauses: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF
In the event that the IP anonymization is activated in our online offering, your IP address will be shortened inside the European Union member states or in other contracting states to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a server belonging to Google in the USA and shortened there. Google will use this information on our behalf to evaluate the use of the online offering and compile reports about the online offering’s activities and in order to provide us with other services connected to the use of the online offering and the internet use. The IP addresses transmitted by your browser in the context of Google Analytics, are not combined with other data by Google. You can prevent the storing of cookies with an appropriate setting in your browser software. However, we point out that in this case, it is possible that not all the functions of the online offering can be used to the full extent.
We point out that this online offering uses Google Analytics with the “_anonymizeIp()” extension and IP addresses are therefore only further processed in a shortened form to exclude a direct personal reference.
Furthermore, we use Google Analytics reports for the collection of demographic characteristics and interests.
The data sent by us and linked to cookies, user recognition (e.g. User-ID) or advertising ID, is automatically erased. Data which has reached the end of its retention period, is automatically erased once a month. More detailed information about conditions of use and data protection, can be found under https://www.google.com/analytics/terms/de.html or under https://policies.google.com/?hl=de
In addition, you can prevent the collection of the data produced by the cookie in reference to the use of the inline offering (including your IP address) by Google and the processing of the data by Google, by downloading and installing the following browser plugin: http://tools.google.com/dlpage/gaoptout?hl=de.
Amendments to our data protection policy
We reserve the right to adapt our data protection declaration on occasions, so that it always meets the current legal requirements or to implement changes in our services in the data protection declaration. This could apply e.g. to the introduction of new services. The new data protection declaration would then apply to your return visit
Each firm or trade mark named here is the property of the respective firm. The naming of brands and names is purely for informative purposes.
- Specific provisions for Russia
The following applies to users who are residents of the Russian Federation:
The services of our online offer listed above, are not intended for citizens of the Russian Federation who are resident in Russia.
If you are a Russian citizen resident in Russia, you are expressly informed that all personal data that you make available to us over our internet offering, is exclusively at your own risk and on your own responsibility. You further agree that you will not hold us responsible for a possible breach of Russian Federation law.