Privacy Policy in accordance with the DSGVO

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States, as well as other applicable data protection regulations, is:

POLI-TAPE Holding GmbH
Zeppelinstr. 17
D-53424 Remagen
Phone: +49 (0) 26 42 – 98 36 0
Fax: +49 (0) 26 42 – 98 36 37
E-mail: info@poli-tape.de
Website: www.poli-tape.de
Managing Directors: Federico Lanzi, Simona Molgora

POLI-TAPE Klebefolien GmbH
Zeppelinstr. 17
D-53424 Remagen
Phone: +49 (0) 26 42 – 98 36 0
Fax: +49 (0) 26 42 – 98 36 37
E-mail: info@poli-tape.de
Website: www.poli-tape.de
Managing Directors: Federico Lanzi, Simona Molgora

II. Name and address of the data protection officer

The data protection officer of the controller is:
TÜV Rheinland i-sec GmbH
Am Grauen Stein
51105 Köln
E-Mail: dsb@poli-tape.de

Notice from the Hessian State Data Protection Commissioner (LDSB Hessen):
Communication by e-mail involves security risks. Unencrypted e-mails may be viewed, duplicated or copied by unauthorised third parties on their way from the sender to the recipient, and may be altered in such a way that the legal requirements for confidentiality and secrecy can no longer be guaranteed.
Alternatively, you can also contact our Data Protection Officer (as well as the competent supervisory authority) by post at the address given above.

III. General information on data processing

• Personal data:
• Can be traced back to a natural person
• Theoretical identifiability
• Possible using “reasonable means”
• That are “likely to be used”
-> From the perspective of an objective third party in the position of the controller
• Consent: a voluntary, unambiguous and informed declaration of intent by the data subject
• Data subject: the “owner” of the data
• Anonymisation: no further connection possible
-> Data protection law no longer applies
• Pseudonymisation: identifier instead of person
-> Data protection law does apply (as a reference can be re-established)
• Verarbeitung: Erheben, speichern, verändern, verwenden, übermitteln, löschen, vernichten…
• Profiling: automated data processing used to assess certain aspects of a natural person (work performance, economic situation, preferences, interests, behaviour, etc.)
• Controller: the person, company or authority that actually determines the purposes and means of data processing (the entity to which data protection law is addressed)
• Processor: processes data on behalf of the controller (strictly bound by instructions)
• Third party: anyone who does not belong to the “inner circle of data processing” (i.e. neither controller nor processor)
• Recipient: any entity to whom the controller discloses data (information obligation towards the data subject regarding recipients)
• Supervisory authority: an independent public body established by a Member State to monitor, control and advise on data protection matters
• Sensitive data: genetic, biometric and health data, political opinions, racial and ethnic origin, religious beliefs, etc.
-> special protection (Art. 9)

3. Legal basis for the processing of personal data
Where we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
Where the processing of personal data is required to comply with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In cases where the processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person, Art. 6 (1) (d) GDPR serves as the legal basis.
Where processing is necessary for the purposes of a legitimate interest pursued by our company or by a third party, and such interests are not overridden by the interests, fundamental rights or freedoms of the data subject, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

4. Erasure of data and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Data may also be stored if this is required by European or national legislators in EU regulations, laws or other legal provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.
The following data are collected in this process:
• Browsertyp und Browserversion
• operating system used
• Referrer URL
• Hostname des zugreifenden Rechners
• Uhrzeit der Serveranfrage
• IP-Adresse
Die Daten werden ebenfalls in den Logfiles unseres Systems gespeichert. Eine Speicherung dieser Daten zusammen mit anderen personenbezogenen Daten des Nutzers findet nicht statt.

2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. In addition, the data help us to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR.

4. Duration of storage
The data are deleted as soon as they are no longer required for achieving the purpose of their collection. In the case of data collected to provide the website, this is the case when the respective session has ended.
In the case of data stored in log files, this is the case after no more than seven days. Storage beyond this period is possible. In such cases, the IP addresses of the users are deleted or anonymised so that assignment to the accessing client is no longer possible.

5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files are absolutely necessary for operating the website. The user therefore has no possibility to object.öglichkeit.

V. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the user’s internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the unique identification of the browser when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be recognised even after a page change.
We also use cookies on our website that require consent and which enable an analysis of users’ browsing behaviour.
The data collected in this way are pseudonymised by technical measures. It is therefore no longer possible to attribute the data to the accessing user. The data are not stored together with other personal data of the users.
When accessing our website, users are informed by an information banner about the use of cookies for analytical purposes and are referred to this privacy policy. In this context, users are also informed about how the storage of cookies can be prevented in the browser settings.

2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR.
The legal basis for the processing of personal data using cookies for analytical purposes is Art. 6 (1) (a) GDPR, provided the user has given their consent.

3. Purpose of data processing
The purpose of using technically necessary cookies is to make the use of websites easier for users. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary that the browser is recognised again even after a page change.
The user data collected by technically necessary cookies are not used to create user profiles.
The use of analytical cookies is intended to improve the quality of our website and its content. Analytical cookies provide information on how the website is used, enabling us to continuously optimise our services.
These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6 (1) (f) DSGVO.

4. Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted from there to our website. You therefore have full control over the use of cookies as a user. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.
If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

VI. Contact form and e-mail contact
1. Description and scope of data processing
A contact form is available on our website which can be used for electronic communication. If a user makes use of this option, the data entered in the input form are transmitted to us, stored and processed.

At the time the message is sent, the following data are also stored:
• The user’s IP address
• Date and time of registration
During the submission process, your consent to the processing of the data is obtained, and reference is made to this privacy policy.
Alternatively, contact may be made via the e-mail address provided. In this case, the personal data transmitted with the e-mail are processed.
No data are passed on to third parties in this context. The data are used exclusively for processing the conversation.

2. Legal basis for data processing
The legal basis for processing the data is Art. 6 (1) (a) GDPR, provided the user has given consent.
The legal basis for processing data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the aim of the e-mail contact is to conclude a contract, an additional legal basis for the processing is Art. 6 (1) (b) DSGVO.

3. Zweck der Datenverarbeitung
Die Verarbeitung der personenbezogenen Daten aus der Eingabemaske dient uns allein zur Bearbeitung der Kontaktaufnahme. Im Falle einer Kontaktaufnahme per E-Mail liegt hieran auch das erforderliche berechtigte Interesse an der Verarbeitung der Daten.
Die sonstigen während des Absendevorgangs verarbeiteten personenbezogenen Daten dienen dazu, einen Missbrauch des Kontaktformulars zu verhindern und die Sicherheit unserer informationstechnischen Systeme sicherzustellen.

4. Dauer der Speicherung Die Daten werden gelöscht, sobald sie für die Erreichung des Zweckes ihrer Erhebung nicht mehr erforderlich sind. Für die personenbezogenen Daten aus der Eingabemaske des Kontaktformulars und diejenigen, die per E-Mail übersandt wurden, ist dies dann der Fall, wenn die jeweilige Konversation mit dem Nutzer beendet ist. Beendet ist die Konversation dann, wenn sich aus den Umständen entnehmen lässt, dass der betroffene Sachverhalt abschließend geklärt ist. Die während des Absendevorgangs zusätzlich erhobenen personenbezogenen Daten werden spätestens nach einer Frist von sieben Tagen gelöscht.

5. Possibility of objection and removal
The user may revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
The lawfulness of the data processing carried out up to the point of revocation remains unaffected by the revocation. The data you enter in the contact form will remain with us until you request their deletion, revoke your consent to storage, or the purpose of data storage no longer applies (e.g. after your enquiry has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

VII. Plugins and tools
YouTube
Our website uses plugins from YouTube, a site operated by Google. The operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest pursuant to Art. 6 (1) (f) GDPR.
Further information on the handling of user data can be found in YouTube’s privacy policy at: www.google.de/intl/de/policies/privacy
.

Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you access a page, your browser loads the required web fonts into its cache to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font from your computer will be used.
Further information on Google Web Fonts can be found at developers.google.com/fonts/faq and in Google’s privacy policy: www.google.com/policies/privacy/
.

Google Maps
This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of Google Maps is in the interest of an appealing presentation of our online offerings and of making it easy to find the locations we list on the website. This constitutes a legitimate interest pursuant to Art. 6 (1) (f) DSGVO. …pursuant to Art. 6 (1) (f) DSGVO.
For more information on how user data are handled, please refer to Google’s privacy policy:

VIII. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the DGSVO and you have the following rights vis-à-vis the controller:

1. Right of access
You may request confirmation from the controller as to whether personal data concerning you are being processed by us.
If such processing is taking place, you may request the following information from the controller:
• the purposes for which the personal data are being processed;
• the categories of personal data that are being processed;
• the recipients or categories of recipients to whom your personal data have been disclosed or will be disclosed;
• the envisaged duration of the storage of your personal data, or, if specific information is not possible, the criteria used to determine the storage period;
• the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or a right to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• all available information about the origin of the data, if the personal data were not collected from the data subject;
• the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) DSGVO, and—at least in these cases—meaningful information about the logic involved, as well as the scope and the intended effects of such processing on the data subject.
You have the right to request information as to whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with such transfer.

2. Right to rectification
You have the right to obtain rectification and/or completion from the controller if the personal data concerning you that are being processed are inaccurate or incomplete. The controller must carry out the rectification without undue delay.

3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
• if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defence of legal claims; or
• if you have objected to processing pursuant to Art. 21 (1) DSGVO and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
If the processing of your personal data has been restricted, such data may—apart from being stored—only be processed with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important reasons of public interest of the Union or a Member State.
If the restriction of processing has been imposed according to the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure
a) Obligation to erase
You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay where one of the following reasons applies:
• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) DSGVO, and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.
• The personal data concerning you have been unlawfully processed.
• The erasure of the personal data concerning you is required for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17 (1) DSGVO, the controller shall, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers that are processing the personal data that you, as the data subject, have requested the erasure of all links to these personal data or of copies or replications of these personal data.
b) Exceptions
The right to erasure does not apply insofar as the processing is necessary
• for exercising the right to freedom of expression and information;
• for compliance with a legal obligation which requires processing under Union law or the law of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) as well as Art. 9 (3) DSGVO;
• for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 (1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
• for the establishment, exercise or defence of legal claims.

5. Right to notification
If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about these recipients.

6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data were provided, provided that
• the processing is based on consent pursuant to Art. 6 (1) (a) DSGVO or Art. 9 (2) (a) DSGVO, or on a contract pursuant to Art. 6 (1) (b) DSGVO, and
• the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) or (f) DSGVO; this also applies to profiling based on these provisions.
The controller will then no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the option, in connection with the use of information society services – irrespective of Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent under data protection law
You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal.
9. Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
• is necessary for entering into, or for the performance of, a contract between you and the controller,
• is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights, freedoms and legitimate interests, or
• is based on your explicit consent.
However, such decisions may not be based on special categories of personal data pursuant to Art. 9 (1) DSGVO, unless Art. 9 (2) (a) or (g) DSGVO applies and appropriate measures have been taken to protect your rights, freedoms, and legitimate interests.
In the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you violates the DSGVO.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 DSGVO.
The competent supervisory authority for data protection matters is the data protection officer of the federal state in which our company is based.

A list of data protection officers and their contact details can be found at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.