REGISTER NOW FOR THE EXCLUSIVE WEBINAR (12.03.): Data, not drama: How market leaders digitise their packaging management — now with packa
>
Last updated on: 05.10.2021
1. Introduction
In the following, we provide information about the processing of personal data when using
Personal data is all data that can be related to a specific natural person, such as their name or IP address.
1.1. contact details
The controller within the meaning of Article 4 (7) of the EU General Data Protection Regulation (GDPR) is Packmatic GmbH, Pappelallee 78/79, 10437 Berlin, Germany, e-mail: tools@packmatic.io. We are legally represented by Matthias Geiß, Jonas Boland.
Our data protection officer is HeyData GmbH, Gormannstr. 14, 10119 Berlin, www.heydata.eu, e-mail: info@heydata.de.
1.2. Scope of data processing, processing purposes and legal bases
The scope of data processing, processing purposes and legal bases is set out in detail below. In principle, the following can be considered as the legal basis for data processing:
1.3. Data processing outside the EEA
Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data when transferred, where available (e.g. for Great Britain, Canada and Israel), guarantees the security of the data (Art. 45 (3) GDPR).
If there is no adequacy decision (e.g. for the USA), the legal basis for the transfer of data is usually standard contractual clauses, i.e. unless we provide otherwise. These are rules adopted by the EU Commission and are part of the contract with the respective third party. In accordance with Article 46 (2) (b) GDPR, they guarantee the security of data transfer. Many of the providers have provided contractual guarantees that go beyond the standard contractual clauses, which protect the data beyond the standard contractual clauses. These include, for example, guarantees with regard to the encryption of data or with regard to an obligation on the part of a third party to notify data subjects when law enforcement agencies want to access data.
1.4. Storage period
Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its purpose and the deletion does not conflict with any legal storage requirements. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we must store for commercial or tax reasons.
1.5. Rights of those affected
Data subjects have the following rights vis-à-vis us with regard to personal data concerning them:
Data subjects also have the right to complain to a data protection supervisory authority about the processing of their personal data.
1.6. Commitment to provide data
As part of a business relationship or other relationship, customers, interested parties or third parties must only provide us with the personal data that is necessary to establish, carry out and end the business relationship or another relationship or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude a contract or provide a service or will no longer be able to carry out an existing contract or other relationship.
Mandatory information is marked as such.
1.7. No automatic decision-making in individual cases
In principle, we do not use fully automated decision-making in accordance with Article 22 GDPR to establish and carry out a business relationship or other relationship. Should we use these procedures in individual cases, we will inform you of this separately, provided this is required by law.
1.8. contacting
When you contact us, e.g. by e-mail or telephone, the data provided to us (e.g. names and e-mail addresses) is stored by us in order to answer questions. The legal basis for processing is our legitimate interest (Art. 6 (1) (f) GDPR) to answer inquiries addressed to us. We delete the data arising in this context after storage is no longer necessary, or restrict processing if there are legal storage obligations.
1.9. customer surveys
From time to time, we conduct customer surveys to get to know our customers and their needs better. In doing so, we collect the data requested in each case. It is our legitimate interest to get to know our customers and their wishes better, so that the legal basis for the associated data processing is Art. 6 (1) (f) GDPR. We delete the data when the results of the surveys have been evaluated.
2nd newsletter
We reserve the right to inform customers who have already used our services or bought goods about our offers from time to time by e-mail or other means electronically, if they have not objected to this. The legal basis for this data processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in direct marketing (recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time at no additional cost, for example via the link at the end of each email or by sending an email to our email address mentioned above.
Based on the consent of recipients (Art. 6 (1) (a) GDPR), we also measure the opening and click rate of our newsletters in order to understand which content is relevant to our recipients.
3. Data processing on our website
3.1. Informational use of the website
When using the website for informational purposes, i.e. when site visitors do not provide us with separate information, we collect the personal data that the browser transmits to our server to ensure the stability and security of our website. This is our legitimate interest, so that the legal basis is Art. 6 (1) (f) GDPR.
This data is:
This data is also stored in log files. They are deleted when they are no longer required to be stored, at the latest after 14 days.
3.2. Web hosting and website delivery
Our website is hosted by Webflow, Inc. 208 Utah, Suite 210, San Francisco, CA 94103, USA (privacy policy: https://webflow.com/legal/eu-privacy-policy). In doing so, the provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication data or contact data. It is our legitimate interest to provide a website, so the legal basis for data processing is Art. 6 (1) (f) GDPR.
3.3. contact form
When you contact us via the contact form on our website, we save the data requested there and the content of the message. The legal basis for processing is our legitimate interest in answering inquiries addressed to us. The legal basis for processing is therefore Article 6 (1) (f) GDPR. We delete the data arising in this context after storage is no longer necessary, or restrict processing if there are legal storage obligations.
3.4. job advertisements
We publish jobs that are vacant in our company on our website, on pages connected to the website, or on third-party websites.
The data provided as part of the application process is processed to carry out the application process. Insofar as these are necessary for our decision to establish an employment relationship, the legal basis is Article 88 (1) GDPR in conjunction with Section 26 (1) BDSG. We have marked the data required to carry out the application process accordingly or refer to them. If applicants do not provide this information, we will not be able to process the application. Further data is voluntary and not required for an application. If applicants provide further information, the basis is their consent (Art. 6 (1) (a) GDPR).
We ask applicants to refrain from including political opinions, religious beliefs and similarly sensitive data in their curriculum vitae and cover letter. They are not required to apply. If applicants nevertheless provide appropriate information, we cannot prevent their processing as part of processing the resume or cover letter. Your processing is then also based on the consent of the applicants (Art. 9 para. 2 lit. a GDPR).
Finally, we process applicants' data for further application processes if they have given us their consent to do so. In this case, the legal basis is Art. 6 (1) (a) GDPR.
We pass on the applicants' data to the responsible personnel department, to our contract processors in the area of recruiting and to the other employees involved in the application process.
If we enter into an employment relationship with the applicant following the application process, we will only delete the data after the employment relationship has ended. Otherwise, we will delete the data no later than six months after an applicant has been rejected.
If applicants have given us their consent to also use their data for further application processes, we will only delete their data one year after receipt of the application.
3.5. Booking appointments
Site visitors can book appointments with us on our website. For this purpose, we process meta or communication data in addition to the data entered. We have a legitimate interest in offering interested parties a user-friendly way to arrange appointments. The legal basis for data processing is therefore Art. 6 (1) (f) GDPR. If we use a third-party tool for the agreement, the information about this can be found under “Third-party tools.”
3.6. Third party tools
3.6.1. Google Analytics
We use Google Analytics for analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.
3.6.2. Typeform
We use Typeform for digital forms. The provider is Typeform S.L., 163 Carrer de Bac de Roda, Barcelona, Spain. The provider processes content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in requesting information from customers and other people in a simple and appealing way.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://admin.typeform.com/to/dwk6gt.
3.6.3. Hotjar
On the basis of an order processing contract (Art. 28 GDPR), we use the Hotjar web analysis service provided by Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (hereinafter “Hotjar”). Hotjar uses cookies, among other things, which are stored locally in the cache of the web browser of site visitors and which enable an analysis of the use of our website by site visitors. As a result, personal data can be stored and evaluated. This includes the site visitor's activity (e.g. which pages they visited and which elements they clicked on), device and browser information (in particular the IP address and operating system) and a tracking code in the form of a pseudonymized user ID. The information collected in this way is transmitted by Hotjar to a server in Ireland and stored there anonymously.
Further information on the processing of data by Hotjar can be found at https://www.hotjar.com/legal/policies/privacy.
By using Hotjar, we can better understand the needs of our site visitors and optimize the offerings on this website. The legal basis for processing users' personal data is generally the user's consent in accordance with Article 6 (1) (a) GDPR. Site visitors can withdraw their consent by contacting us using the contact details provided above. The revocation does not affect the lawfulness of processing up to the revocation.
The data mentioned will be stored for as long as is necessary to fulfill the purposes described in this privacy policy or as required by law.
4. Data processing on social media platforms
We are represented on social media networks to present our company and our services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to show advertising on network sites and elsewhere on the Internet that meets the interests of users. For this purpose, network operators store information on usage behavior in cookies on the user's computer. In addition, it cannot be ruled out that operators may combine this information with other data. Users can obtain further information and advice on how users can object to processing by the site operators in the data protection declarations of the respective operators listed below. It may also be that the operators or their servers are located in non-EU countries so that they process data there. This can result in risks for users, for example because it is difficult to enforce their rights or because government agencies gain access to the data.
When users of the networks contact us via our profiles, we process the data provided to us in order to answer the inquiries. This is our legitimate interest, so that the legal basis is Article 6 (1) (f) GDPR.
4.1. facebook
We maintain a profile on Facebook. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. One way to object to data processing is via settings for advertisements: https://www.facebook.com/settings?tab=ads. On the basis of an agreement within the meaning of Art. 26 GDPR with Facebook, we are jointly responsible for processing the data of visitors to our profile. Facebook explains exactly which data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights both against us and against Facebook. However, according to our agreement with Facebook, we are required to forward inquiries to Facebook. Those affected will therefore receive faster feedback if they contact Facebook directly.
4.2. linkedin
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE. One way to object to data processing is via the settings for advertisements: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
5. Changes to this privacy policy
We reserve the right to change this privacy policy with effect for the future. A current version is always available here.
6. Questions and comments
If you have any questions or comments regarding this privacy policy, please use the contact details provided above.
.png)