Data protection

Privacy policy

Privacy policy of Sprick GmbH & Co. pursuant to the General Data Protection Regulation (GDPR) – Status 3/2021  

Through the following information, we would like to provide you with an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the services requested or agreed. Therefore, not every aspect of this information will apply to you.  

In general, the following applies: We take the protection of your personal data very seriously. We would like to point out that this website is aimed exclusively at people of legal age.  

Who is responsible for data processing and who may I contact in this respect?  

Responsible lies with:  

Sprick GmbH & Co.  
Hanfstr. 23 
33607 Bielefeld 
Germany 

+49 932050521  
info@papier-sprick.de 

You can reach Dirk Grützner, our company Data Protection Officer, at the abovementioned address for the person responsible under the DATA PROTECTION add-on or via the following email contact:  

datenschutz@papier-sprick.de 

  

Which sources and data do we use?  

We process personal data that we receive in the context of use of our website by, among others, customers / applicants or interested parties (hereinafter: “you”).   

What do we process your data for (purpose of processing), and on what legal basis?  

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG)  

1. a) to fulfil contractual obligations (Art. 6 (1) (b) GDPR)

Processing of data can occur in the context of performance of contracts with you as our customer or to realise pre-contractual measures.   

1. b) in the context of balancing of interests (Art. 6 (1) (f) GDPR)

If necessary, we can process your data beyond actual fulfilment of the contract to safeguard our legitimate interests or those of third parties.   

Examples:  

  • Assertion of legal claims and defence in legal disputes,   
  • Ensuring IT security and IT operations of the company,   
  • Measures for business management and further development of services and products  

 

 

 

1. c) on the basis of your consent (Art. 6 (1) (a) GDPR)

If you have granted us your consent to the processing of personal data for certain purposes (e.g. marketing purposes, sending newsletters, etc.), the legality of this processing is established on the basis of your consent.  

1. d) on the basis of legal requirements (Art. 6 (1) (c) GDPR) or in the public interest (Art. 6 (1) (e) GDPR)

In addition, we are subject to various legal obligations, meaning legal requirements (e.g. tax laws). The purposes of processing include, among other things, fulfilment of tax control and reporting obligations and much more. 

1. e) in the context of establishing an employment relationship (Art. 88 GDPR in conjunction with Section 26(1) BDSG)

If you apply to us for employment, your personal data also needs to be processed.   

What does this mean in detail relative to providing this website and the services available on it?  

4.1 Provision of the website and creation of log files  

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected in this context:  

(1) Information about the browser type and the version used  

(2) The operating system of the user  

(3) The internet service provider of the user  

(4) The IP address of the user  

(5) Date and time of accessing  

(6) Websites from which the user’s system accessed our website  

(7) Websites that are accessed by the user’s system via our website  

The data is also stored in the log files of our system. This does not affect the user’s IP address or other data that enables the data to be assigned to a user. Storage of this data together with other personal data of the user does not take place.   

The legal basis for temporary storage of the data is Art. 6 (1) (f) GDPR.  

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. The user’s IP address must be saved for the duration of the session for this purpose. These purposes represent our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR.  

Data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the event of data being collected to provide the website, this is the case when the respective session has ended.  

The collection of data for provision of the website and storage of the data in log files is essential for operation of the website. Consequently, no possibility of objection is available on the part of the user.  

4.2 Use of cookies  

Technically essential cookies  

We occasionally use cookies when you visit our website.   

They serve, among other things, to make our Internet offer user-friendly, effective and secure.   

The following data is stored and transmitted in cookies: (e.g.)   

  • Language settings  
  • Items in a shopping cart  
  • Log-in information   

In the context of use of technically essential cookies, we process your personal data on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Operation of the website is impossible without the use of these technically essential cookies and, to this extent, no option exists for you to object.   

Technically essential cookies are used to make it easier for you to use our website. Some functions of our website cannot be offered without the use of cookies. For this purpose, it is necessary for the browser to be recognised, even after changing pages. We need your cookies for the following applications: (e.g.)  

  • Shopping cart  
  • Acceptance of language settings  
  • Remembering search terms  

The user data collected by technically essential cookies is not used to create user profiles.   

Cookies are generally stored on your computer and transmitted to our website from there. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be achieved automatically. It may be possible that not all functions of the website will be usable if cookies are deactivated for our website.  

Technically non-essential cookies  

In addition, we use cookies on our website which enable analysis of the behaviour of users. The following data can be transmitted in this manner: (e.g.)  

  • Entered search terms  
  • Frequency of webpage accessing  
  • Use of website function  
  • Time spent on the website 
  • Frequency of downloads 
  • Other similar data 

The data collected in this way is pseudonymised through technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user.  

Analysis cookies are used for the purpose of improving the quality of our website and its content. By using analysis cookies, we learn how the website is used, enabling us to continuously optimise our Internet offer.   

We require your consent to the use of technically non-essential cookies pursuant to Article 6 (1) (a) GDPR. You can grant your consent by ticking the appropriate box in our cookie banner when accessing the website.   

Alternative a) If consent is stored internally (without being requested again when accessing the website)  

We store your consent internally, but you may revoke your consent at any time by deactivating the tick in the corresponding check box. To change your selection later, please click on the button for the data protection settings.   

Cookies are stored on your computer and transmitted to our website from there. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be achieved automatically. It may be possible that not all functions of the website will be usable if cookies are deactivated for our website.  

General correspondence  

If you send us a message (by post, fax or email), we will use the data you have provided to contact you if necessary. Your data is usually stored in our IT system for this purpose. Contact is usually made through the same medium chosen by you to send your message to us. If no contractual relationship arises from the establishment of contact, we will delete your contact details no later than two years after ending of the correspondence with you. The data is not be passed on to third parties in this context. The data is used exclusively to process the conversation. The legal basis for temporary storage is your implied behaviour, given that you have provided us with your contact details for replying, and as well as through our legitimate interest pursuant to Article 6 (1) (f) GDPR to answer your inquiry. If the purpose of your inquiry is to conclude a contract, Art. 6 (1) (b) GDPR is an additional legal basis for processing.  

Contact form and email contact   

There is a contact form provided on our website that can be used to contact us electronically. Data entered in the input mask is transmitted to us and saved if you take advantage of this option. These data involves the following:  

  • Name 
  • Email 
  • Telephone 

The following data is also stored at the time of registration:   

  • The IP address of the user  
  • Date and time of registration  

For processing of your data, your consent is obtained as part of the sending process, and reference is made to this privacy policy.  

Alternatively, you can contact us using the email address provided. Personal data transmitted with your email is saved in this case. The data is not be passed on to third parties in this context. The data is used exclusively to process the conversation.  

If you have granted your consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.  

The legal basis for processing the data that is transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the purpose of email contact is to conclude a contract, Art. 6 (1) (b) GDPR is an additional legal basis for processing.  

The processing of personal data on the input mask serves us only to process the contact. If you contact us by email, this also constitutes the necessary legitimate interest in the processing of data. Other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.  

The data is deleted if it is no longer required to achieve the purpose for which it was collected. This is the case for personal data from the contact form input mask and data sent by email if the respective conversation with you as the user has ended. It is the case if it can be inferred from the circumstances that the matter in question has been finally clarified. Additional personal data collected during the sending process is deleted after a period of 7 days at the latest.  

You have the option of revoking your consent to processing of your personal data at any time. If you contact us by email, you can object to storage of your personal data at any time. The conversation cannot be continued in such a case.  

This is followed by a description of how you can revoke your consent and object to storage.  

All personal data stored during the course of contacting us is deleted in this case.  

Applicant management   

Would you like to apply to us? We look forward to receiving your application via email.  

In the context of applicant management, we process personal data you provide us with to initiate an employment relationship on the basis of Art. 88 GDPR in conjunction with Section 26 (1) BDSG. Alternatively, collective agreements (group, general, works and collective bargaining agreements) pursuant to Art. 88 GDPR in conjunction with Section 26 (4) BDSG and consents (e.g. for photos) pursuant to Art. 88 GDPR in conjunction with Section 26 (2) BDSG can be cited.  

  

In individual cases, we process your data in order to safeguard legitimate interests, e.g. when exchanging data within the group for administrative purposes (Art. 6 (1) (f) GDPR in conjunction with Recital 48).  

If special categories of personal data (e.g. severe disabilities) are processed, this is done on the basis of Art. 88 GDPR in conjunction with Section 26 (3) BDSG. In addition, processing of health data may be necessary to assess your ability to work pursuant to Article 9 (2) (h) GDPR in conjunction with Section 22 (1) (b) BDSG.  

We process and store your personal data as long as necessary for the fulfilment of the purposes of data processing or legal, contractual or statutory obligations. The data is then deleted or its processing restricted. In the event of employment relationship being established after completion of the application process, we will delete your data no later than 3 years after the application process has ended. After the regular 3-year limitation period pursuant to Section 195 of the German Civil Code (§ 195 BGB) has expired, this is the point in time at which any claims under the German General Equal Treatment Act (AGG) are barred by statute of limitations. If we want to save your application for more than 3 years in a so-called “applicant pool”, we would ask your permission to do this after the three year period by obtaining your consent.   

You are, of course, also free to withdraw your application at any time. In this event, your data would also be deleted if it is no longer required to achieve the purpose for which it was collected. Sending an email to us with the corresponding content is sufficient in this respect. Revocation of any consent granted is also possible at any time.   

  

SSL or TLS encryption  

This site uses an SSL and TLS encryption for security reasons and to protect the transmission of confidential content such as orders or inquiries that you send us as the website operator. You can recognise an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and by the lock symbol in your browser line.  

Data that you transmit to us cannot be read by third parties if SSL or TLS encryption is activated.  

  

  

Transfer of data to third countries 

In certain cases, your personal data (e.g. your IP address or other data) may be transferred to the United States or another third country without an adequate level of data protection. There is a risk in this context that your data could be processed by the authorities for control and monitoring purposes and that secret services may also have access to this data, without you possibly having the right to legal redress. A data transfer of this nature requires your express consent pursuant to Art. 49 GDPR. This is requested on accessing the website and documented by you by configuring the appropriate settings.   

  

Cookies and trackers    

Google Analytics   

This website uses Google Analytics, including the Google Analytics advertising functions, provided you have given us your consent. This is a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”. These are text files that are saved on your computer and enable analysis of your use of the website. 
Google Analytics is only used with activated IP anonymisation (so-called IP masking). This means that the IP address of Google users within member states of the European Union or in other contracting states to the Agreement on the European Economic Area are shortened. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases (e.g. if there are technical malfunctions in Europe).  
With the IP anonymisation method used by Google, the full IP address is at no time recorded on a hard drive, as the entire anonymisation takes place in the main memory almost immediately after the request is received.   

Google uses this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and Internet usage, in particular functions for display advertising and Google Analytics reports to provide service to the website operator according to demographic characteristics and interests. The data is stored unencrypted on servers in the USA, and both Google and state authorities have access to this data. Data can also be linked to other data of the user such as search history, personal accounts, user data from other devices and all other devices that Google has for this user. 
Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. In Google Analytics reports on performance according to demographic characteristics and interests, data and visitor data from third-party providers (e.g. age groups or interest groups) obtained from Google via interest-related advertising are used.  

The legal basis for transmission of your personal data is your express and informed consent pursuant to Art. 49 GDPR.   

You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that, in this case, you may not be able to use all functions of this website to their full extent. 
You can also prevent Google from collecting data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link:  

Download and install the Google browser plug-in   

Link: https://tools.google.com/dlpage/gaoptout  

You can also prevent Google Analytics from collecting data by clicking the following link. An opt-out cookie is set which prevents the future collection of your data when you visit this website:  

Deactivate Google Analytics   

You can find more information on terms of use and data protection at https://www.google.de/analytics/terms/de.html 
and https://www.google.de/intl/de/policies/ 

  

Google Maps  

This website uses the Google Maps product from Google Inc. Your personal data is stored / processed in the USA when you use Google Maps. From a data protection point of view, the USA is regarded as an insecure third country. Article 49 (1) (a) GDPR, in conjunction with your express and informed consent, constitutes the exception for data transmission. By clicking the button, you consent to the collection, processing and use of the data collected automatically Google Inc., their representatives and third parties. You can find the terms of use of Google Maps under “Google Maps Terms of Service”. https://www.google.com/intl/de_de/help/terms_maps.html  

reCAPTCHA  

We use the Google reCAPTCHA service to determine whether a person or a computer makes a certain entry on our contact or newsletter form. Google uses the following data to check whether you are a person or a computer:  IP address of the device used, the website that you visit with us and on which the CAPTCHA is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, the Google account if you are logged in to Google, mouse movements on the reCAPTCHA areas and tasks for which you have to identify images. The legal basis for the data processing described is Article 6 (1) (f) of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing to ensure the security of our website and protect us from automated input (attacks).  

YouTube  

We embed videos from YouTube. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.  
If you call up the subpages of our website with a YouTube plug-in, a connection to the YouTube servers is established and the plug-in is displayed. This will transmit which of our subpages you have visited to the YouTube server. If you are logged in as a member of YouTube, YouTube will assign this information to your personal user account. If you use the plug-in (e.g. if you click the start button of a video), this information is also assigned to your user account. Further information on data processing and information on data protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/  

Tidio

To communicate with you we use a chat bot and a live chat from the company Tidio. Tidio has its headquarters in San Francisco / USA and in Poland. This means that your data is stored and processed on servers in the USA.  Tidio guarantees the data protection compliant processing and storage of your data by so-called standard data protection clauses. However, due to the legislation in the USA, authorities and secret services may have access to your data. 

Tidio also uses your data for analysis and marketing purposes and also uses advertising from third party providers (third party cookies). If you click on these offers, your data will also be transferred to these third party providers. Tidio does not take any responsibility for the processing of your data by the third party providers. 

You can find Tidio’s privacy policy at the following link: https://www.tidio.com/privacy-policy/

 

For the use of the chat bot or the live chat, we need your consent, which you please give us by actively ticking the appropriate box. If you do not agree to the use of the chat bot, it cannot be used.

Hotjar

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

Use of LinkedIn plug-ins  

Functions and contents of the LinkedIn service provided by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043 United States, can be integrated into our online offer.  

This content may include photos, images, videos or texts and buttons with which users can express their favour with regard to content and subscribe to the authors of content or other contributions. If users are members of the LinkedIn platform, LinkedIn can assign the abovementioned content and functions to the profiles of users there. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy 

5. What rights can you assert?

Every data subject has the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. Restrictions pursuant to Sections 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, a right of appeal to a data protection supervisory authority exists (Article 77 GDPR in conjunction with Section 19 BDSG).  

You can revoke any consent granted to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were granted to us prior to the GDPR coming into effect (i.e. before 25 May 2018). Please note that the revocation is only effective for the future. Processing that occurred prior to the revocation is not affected.  

Please feel free to contact our data protection officer in this regard. 

6. Do I have to provide my personal data?

In the context of our business relationship, you must provide personal data necessary for the establishment and implementation of a business relationship and the fulfilment of related contractual obligations or that we are legally obliged to collect. Without this data, we will usually have to reject conclusion of the contract or execution of the order, or we will no longer be able to realise an existing contract and may have to terminate it. 

7. Is there an automated decision-making process?

No. We currently do not use fully automated decision-making pursuant to Art. 22 GDPR to establish and conduct business relationships. Profiling does not take place.   

8. Information about your right of objection pursuant to Article 21 GDPR

Right to object on a case-by-case basis  

You have the right, for reasons arising from your particular situation, to lodge an objection at any time to processing of personal data relating to you which occurs on the basis of Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) (f) GDPR (data processing based on the weighing up of interests). This also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR.  

If you lodge an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or processing serves to assert, exercise or defend legal claims.  

Right to object to the processing of data for direct marketing purposes  

We process your personal data in individual cases for direct marketing purposes. You have the right to object at any time to processing of your personal data for the purpose of such marketing. This also applies to profiling, insofar as it is associated with such direct marketing.  If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.  

Recipient of the objection  

The objection can be lodged informally citing the subject “Objection” and stating your name, address and date of birth, and it should be addressed to:  

Sprick GmbH & Co. 

Hanfstr. 23, 33607 Bielefeld 

+49 932050521 

datenschutz@papier-sprick.de 

9. Further information 

If you would like information that this data protection declaration cannot give you, or if you would like further information on a particular item, please contact our data protection officer. He will be happy to help you.