Data Privacy Policy
We are pleased that you have visited our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.
This privacy policy statement applies to the internet offer of Ampack GmbH.
Who is responsible and how do I contact you?
Responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR):
Ampack GmbH
Lechfeldgraben 7
86343 Königsbrunn, Germany
Mail: info@ampack-solutions.com
Phone: +49 8231 6005 0
Statutory data protection officer:
PROLIANCE GmbH
Leopoldstr. 21
80802 München
Mail: datenschutzbeauftragter@datenschutzexperte.de
www.datenschutzexperte.de
What is the purpose of this privacy policy?
This data protection declaration fulfills the legal requirements for transparency in the processing of personal data. This is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or user behavior when visiting a website. Information with which we cannot (or only with disproportionate effort) relate to you personally, e.g. through anonymization, are not personal data. The processing of personal data (e.g. the collection, querying, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data will be deleted as soon as the purpose of processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Regardless of this, we save your personal data in individual cases to assert, exercise or defend legal claims and if there are statutory retention requirements.
Who will get my data?
We only pass on your personal data, which we process on our website, to third parties if this is necessary for the fulfillment of the purposes and in individual cases is covered by the legal basis (e.g. consent or protection of legitimate interests). In addition, we pass on personal data to third parties in individual cases if this serves to assert, exercise or defend legal claims. Possible recipients can then be Law enforcement agencies, lawyers, accountants, courts, etc..
Insofar as we use service providers for the operation of our website who, as part of order processing on our behalf, provide personal data in accordance with Art. 28 GDPR, these service providers can be recipients of your personal data. You can find more information on the use of processors and web services in the overview of the individual processing operations.
What are my rights?
- Information on the data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data, according to Art. 15 GDPR, § 34 BDSG;
- Correction of incorrect or incomplete data that are stored by us, according to Art. 16 GDPR;
- Deletion of the data stored by us according Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Restriction of processing according Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to delete it because you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
- Data portability according to Art. 20 GDPR, insofar as you give us personal data within the scope of a consent in accordance with. Art. 6 para. 1 lit. a GDPR or on the basis of a contract according Art. 6 para. 1 lit. b GDPR and processed by us using automated procedures. You will receive your data in a structured, common and machine-readable format or we will transmit the data directly to another person responsible, as far as this is technically feasible.
- Contradiction against the processing of your personal data according to Art. 21 GDPR, insofar as this is based on Art. 6 Paragraph 1 lit. e, f GDPR takes place and there are reasons for this that arise from your particular situation or the objection is directed against direct mail. The right to object does not exist if overriding, compelling reasons worthy of protection are proven for the processing or if the processing is carried out to assert, exercise or defend legal claims. If you do not have the right to object to individual processing operations, this is indicated there.
- Revocation of your given consent with effect for the future according Art. 7 para. 3 GDPR.
- Complaint according to Art. 77 GDPR at a supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.
How will my data be processed in detail?
Provision of the website
Type and scope of processing
When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP adress of the requesting computer
- Date and time of access
- Name and URL of the file accessed
- Website from which the access is made (Referrer-URL)
- Browser used and, if applicable, the operating system of your computer as well as the name of your access provider
Our website is not hosted by us, but by a service provider who, for the purpose of providing the website, provides the aforementioned data on our behalf in accordance with. Art. 28 GDPR.
Purpose and legal basis
The processing is carried out to safeguard our predominant legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 Para. Lit. f GDPR. The collection of data and storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception according to Art. 21 Paragraph 1 GDPR. Insofar as the further storage of the log files is required by law, the processing takes place on the basis of Art. 6 Para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is technically impossible to access our website without providing the data.
Storage period
The aforementioned data is stored for the duration of the display of the website and for technical reasons for a maximum of 7 days.
Contact form
Type and scope of processing
On our website we offer you to contact us using a form provided. The information that is collected via mandatory fields is required to process the request. In addition, you can voluntarily provide additional information that you believe is necessary for processing the contact request.
When using the contact form, your personal data will not be passed on to third parties.
Purpose and legal basis
The processing of your data by using our contact form takes place for the purpose of communication and processing your request on the basis of your consent in accordance with. Art. 6 para. 1 lit. a GDPR. If your request relates to an existing contractual relationship with us, processing for the purpose of fulfilling the contract is based on Art. 6 Para. 1 lit. b GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not want to provide this data, please contact us by other means.
Storage period
If you use the contact form on the basis of your consent, we will store the data collected for each request for a period of three years, starting with the processing of your request or until you withdraw your consent.
Contact form for applicants
Type and scope of processing
On our website we offer you to submit an application to us using a form provided. The information that is collected via mandatory fields is required to process the request. In addition, you can voluntarily provide additional information that you believe is necessary for processing the contact request.
Insofar as you have given us your separate consent that is independent of the use of the application form, we will pass your application on to the group companies affiliated with us.
Purpose and legal basis
The processing of your data based on the use of the application form takes place for the purpose of processing your application and deciding on the establishment of an employment relationship on the basis of § 26 BDSG. There is no legal or contractual obligation to provide your data, but it is not possible to process your application without providing the information in the mandatory fields. If you do not want to provide this data, please use other options for applying to us.
Storage period
We store the data collected for the duration of the application process and, in the event of non-employment, for a period of six months from the date of rejection and, in the case of employment, for a period of three years after the end of employment.
Google Fonts
Type and scope of processing
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offer. To obtain these fonts, you connect to the servers of Google Ireland Limited and your IP address will be transmitted.
Purpose and legal basis
The use of Google Fonts is based on our legitimate interests, i.e. Interest in a uniform provision and optimization of our online offer in accordance with Art. 6 Para. 1 lit. f. GDPR.
Storage period
The specific storage duration of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the data protection declaration for Google Fonts: https://policies.google.com/privacy
We maintain profiles, appearances or pages on the following social media platforms:
|
Platform |
Profile |
|
Xing: |
|
|
LinkedIn: |
https://www.linkedin.com/company/ampack-solutions |
|
YouTube: |
https://www.youtube.com/@AmpackGmbH |
|
Google Business: |
https://g.co/kgs/jf2TMxM |
Different responsibilities and roles
Depending on how the platform operators and we as the site operator are involved in the processing of your personal data, the respective responsibility or role differs.
This means that we can either be jointly responsible with the platform operator or the platform operator is solely responsible.
Shared responsibility with platform operators
Jointly responsible
There is a joint responsibility between us and the following platform operators:
|
Platform |
Platform operator |
|
LinkedIn: |
LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland |
As the site operator, we are jointly responsible with the providers of the respective platform for the processing of your personal data in connection with your visit to the presence, profile, page or fan page on the platforms if the platform operators provide aggregated information about visitors to our profiles, presences, pages or fan pages (e.g. so-called "insights" or "analytics").
In the case of joint controllership, we have concluded agreements with the platform operators in accordance with Art. 26 GDPR on joint controllership for the processing of your personal data (e.g. Page Controller Addendum or Joint Controller Addendum).
This agreement specifies the data processing operations for which we or the respective platform operator are responsible. You can view these agreements under the following links:
|
Agreements on joint |
|
|
LinkedIn: |
Further information on data processing by the platform operators can be found in their privacy policies:
|
LinkedIn: |
Contacting the data protection officers of the platform operators
You can contact the data protection officers of the platform operators here:
|
Possibility of making |
|
|
LinkedIn: |
To contact LinkedIn's data protection officer, you can use the contact form at the link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO . |
Data processing under joint responsibility
Accessing and storing information in terminal equipment
When you access our profiles on the aforementioned platforms, the platform operator uses cookies and similar technologies on your end device to store data on your end device or to read data from there. This access or storage may involve further processing of personal data within the meaning of the GDPR.
In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of the services, this is done on the basis of Section 25 (1) sentence 1, (2) no. 2 TDDDG. If necessary, connection data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.
In cases in which such a process serves other purposes (e.g. the needs-based design of our website), this is only carried out on the basis of Section 25 (1) TDDDG with your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.
Further information on the use of cookies and similar technology and their legal basis can be found in the respective privacy policy of the platform operator. Links to the respective privacy policies can be found above. If you have any further questions, please contact the operator of the respective social media platform directly.
Data processing for advertising and market research purposes
As a rule, personal data on our social media profile is primarily processed for market research and advertising purposes of the platform operator. Insofar as the data collection also takes place directly on our social media profile, we participate in the data processing of the platform operator and are therefore jointly responsible with the platform operator in this respect
During data processing, cookies and similar technologies are used that enable the platform operator to recognise you when you visit a social media profile. For members of the social media platform, the platform operator also analyses your interactions on the platform (clicks, comments and likes) and processes the information you provide to the platform operator, such as your master data, your profile picture or name. In particular, demographic information (age, gender, country, industry, profession, etc.) from your own member profile may also be processed.
The collected data can be used to create user profiles. These are then used by the platform operator to place adverts inside and outside the platform that presumably correspond to your interests.
Although we do not have direct access to the data processed by the platform operator, we also benefit from this data processing by placing corresponding adverts within or outside the platforms based on the target groups identified by the platform operator.
The legal basis for the processing of your personal data in relation to is your consent given to the platform operator pursuant to Art. 6 para. 1 lit. a GDPR.
Please note that we have no influence on the data collection and further processing under the responsibility of the platform operator. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by the platform operator.
Further information on this can be found in the data protection information of the respective provider.
Data processing in the context of "Insights" or "Analytics"
In addition, your data will be processed jointly responsible in connection with so-called "Page Insights" or "Page Analytics".
Page Insights" or "Page Analytics" are analysis functions provided by the platform operator, by means of which the master data processed by you, in particular demographic data and the data on your interactions with our profile are collected jointly by the platform operator and us.
The platform operator then analyses this data and uses it to create summarised (so-called aggregated data) for us, from which we can see which demographic target group has visited our profile and how our profile was used by them.
In this respect, we also have no direct access to the data processed by the platform operator. This data is only made available to us by the platform operator in aggregated form. This means that we cannot recognise individual visitors or their interactions from the aggregated data.
We then use this aggregated data to tailor our social media profile to the target group and generally to optimise it in relation to the aforementioned advertising purposes (increasing the reach and awareness of our profile and evaluating the success of marketing campaigns).
The legal basis for the processing of your personal data in relation to is your consent given to the platform operator pursuant to Art. 6 para. 1 lit. a GDPR.
Please note that we have no influence on the data collection and further processing under the responsibility of the platform operator. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by the platform operator.
Further information on this can be found in the data protection information of the respective provider.
Data processing based on consent
If you are asked by the respective platform operator for consent to processing for a specific, common purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.
Recipients and data transfer to third countries
If we pass on personal data to the operators of social media platforms, the latter are recipients of the data within the meaning of Art. 4 No. 9 GDPR.
|
|
LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland LinkedIn Corp, 1000 W. Maude Ave, Sunnyvale, CA 94085, |
When you visit our social media profiles, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.
For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies with certification in accordance with the EU-U.S. Data Privacy Framework.
|
Ensuring an adequate level of protection |
|
|
LinkedIn Corp. |
LinkedIn Corp. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov |
If your data is transferred to other third countries for which no adequacy decision exists, there is a risk that the authorities there may access your data for security and monitoring purposes without you being informed or having the right to appeal.
To ensure an adequate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection.
If the standard data protection clauses are not sufficient to guarantee the level of protection, additional technical, contractual or organisational measures are taken to secure the transfer of data. We also regularly review and assess whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Exercising your rights in the event of joint responsibility
Your rights as a data subject of data processing
If, as a visitor to the site, you would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both the platform operator and us.
|
Settings in the account |
|
|
|
You can (also) restrict the visibility of your LinkedIn account to us via the LinkedIn settings. For more information on asserting your rights, please refer to LinkedIn's privacy policy at the following link: https://www.linkedin.com/legal/privacy-policy |
Responsibility of the platform operators
If your personal data is processed by one of the operators of social media platforms listed below, this processing is the responsibility of the platform operator within the meaning of Art. 7 No. 4 GDPR.
|
operator |
|
|
YouTube: |
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, |
|
Google Business |
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, |
|
New Work SE, Am Strandkai 1, 20457 Hamburg |
We have no influence on data processing by the platform operators. For further information, please check the privacy policy of the respective platform operator:
|
YouTube: |
|
|
|
https://privacy.xing.com/de/datenschutzerklaerung |
For the assertion of your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you nevertheless require assistance, please feel free to contact us at any time.
Our own responsibility
We are solely responsible for the following data processing via our social media profiles.
Data processing through the operation of the social media profile
When you visit or interact with our social media profile, we process your personal data.
This may be information that you actively provide (comments, likes and information that you make publicly available, such as your profile picture or name). Depending on the provider and your settings on the provider's platform, we may also be informed about who has accessed our profile on the platform.
The legal basis for the processing of personal data when operating our social media profile is Art. 6 para. 1 sentence 1 lit. f GDPR.
The legitimate interest lies in addressing visitors for advertising purposes and in providing an effective means of communication and interaction with our company on the social media platform.
Data processing when contacting
We collect personal data ourselves if you contact us, for example, via a contact form or using a messenger function on the respective platform.
Which data is collected depends on the information you provide and the contact details you give or release. This data is stored by us for the purpose of processing your enquiry and in the event of follow-up questions.
The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
Your data will be deleted after final processing of your enquiry, provided that there are no statutory retention obligations to the contrary. We assume that processing is complete when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Data processing for contract processing
If your contact via a social network or other platform is aimed at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the fulfilment of the contract or for the implementation of pre-contractual measures or for the provision of the desired services.
The legal basis for the processing of your data in this case is Art. 6 para. 1 sentence 1 lit. b GDPR.
Your data will be deleted if it is no longer required to fulfil the contract or if it is clear that the pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of the contact.
Please note, however, that it may be necessary to store personal data of our contractual partners even after the conclusion of the contract in order to fulfil contractual or legal obligations.
Data processing based on consent
If you are asked by us for consent to processing for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.