Data Privacy Policy

We are pleased that you have visited our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.

This privacy policy statement applies to the internet offer of Ampack GmbH.

Who is responsible and how do I contact you?

Responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR):

Ampack GmbH
Lechfeldgraben 7
86343 Königsbrunn, Germany
Mail: info@ampack-solutions.com
Phone: +49 8231 6005 0

Statutory data protection officer:

PROLIANCE GmbH
Leopoldstr. 21
80802 München
Mail: datenschutzbeauftragter@datenschutzexperte.de
www.datenschutzexperte.de

What is the purpose of this privacy policy?

This data protection declaration fulfills the legal requirements for transparency in the processing of personal data. This is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or user behavior when visiting a website. Information with which we cannot (or only with disproportionate effort) relate to you personally, e.g. through anonymization, are not personal data. The processing of personal data (e.g. the collection, querying, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Regardless of this, we save your personal data in individual cases to assert, exercise or defend legal claims and if there are statutory retention requirements.

Who will get my data?

We only pass on your personal data, which we process on our website, to third parties if this is necessary for the fulfillment of the purposes and in individual cases is covered by the legal basis (e.g. consent or protection of legitimate interests). In addition, we pass on personal data to third parties in individual cases if this serves to assert, exercise or defend legal claims. Possible recipients can then be Law enforcement agencies, lawyers, accountants, courts, etc..

Insofar as we use service providers for the operation of our website who, as part of order processing on our behalf, provide personal data in accordance with Art. 28 GDPR, these service providers can be recipients of your personal data. You can find more information on the use of processors and web services in the overview of the individual processing operations.

What are my rights?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), you as the person concerned have the following rights:

Information on the data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data, according to Art. 15 GDPR, § 34 BDSG;

Correction of incorrect or incomplete data that are stored by us, according to Art. 16 GDPR;

Deletion of the data stored by us according Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

Restriction of processing according Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to delete it because you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.

Data portability according to Art. 20 GDPR, insofar as you give us personal data within the scope of a consent in accordance with. Art. 6 para. 1 lit. a GDPR or on the basis of a contract according Art. 6 para. 1 lit. b GDPR and processed by us using automated procedures. You will receive your data in a structured, common and machine-readable format or we will transmit the data directly to another person responsible, as far as this is technically feasible.

Contradiction against the processing of your personal data according to Art. 21 GDPR, insofar as this is based on Art. 6 Paragraph 1 lit. e, f GDPR takes place and there are reasons for this that arise from your particular situation or the objection is directed against direct mail. The right to object does not exist if overriding, compelling reasons worthy of protection are proven for the processing or if the processing is carried out to assert, exercise or defend legal claims. If you do not have the right to object to individual processing operations, this is indicated there.

Revocation of your given consent with effect for the future according Art. 7 para. 3 GDPR.

Complaint according to Art. 77 GDPR at a supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

How will my data be processed in detail?

In the following, we will inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Provision of the website

Type and scope of processing

When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP adress of the requesting computer
Date and time of access
Name and URL of the file accessed
Website from which the access is made (Referrer-URL)
Browser used and, if applicable, the operating system of your computer as well as the name of your access provider

Our website is not hosted by us, but by a service provider who, for the purpose of providing the website, provides the aforementioned data on our behalf in accordance with. Art. 28 GDPR.

Purpose and legal basis

The processing is carried out to safeguard our predominant legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 Para. Lit. f GDPR. The collection of data and storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception according to Art. 21 Paragraph 1 GDPR. Insofar as the further storage of the log files is required by law, the processing takes place on the basis of Art. 6 Para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is technically impossible to access our website without providing the data.

Storage period

The aforementioned data is stored for the duration of the display of the website and for technical reasons for a maximum of 7 days.

Enquiry via contact form

Description of the data processing and the purpose

If you contact us via the contact form at https://www.ampack-solutions.com/, your enquiry including all personal data resulting from it (e.g. name, email address, content of the enquiry) will be stored and processed by us in our CRM system for the purpose of processing your request.

Legal basis for data processing

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

Receiver

When contact is made via the contact form, the data collected is transmitted to the following recipients

com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany
Salesforce, Inc., 415 Mission St., San Francisco, California, USA

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA. For data transfers to the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework.

Salesforce Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

Storage duration

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Contact form for applicants

Type and scope of processing

On our website we offer you to submit an application to us using a form provided. The information that is collected via mandatory fields is required to process the request. In addition, you can voluntarily provide additional information that you believe is necessary for processing the contact request.

Insofar as you have given us your separate consent that is independent of the use of the application form, we will pass your application on to the group companies affiliated with us.

Purpose and legal basis

The processing of your data based on the use of the application form takes place for the purpose of processing your application and deciding on the establishment of an employment relationship on the basis of § 26 BDSG. There is no legal or contractual obligation to provide your data, but it is not possible to process your application without providing the information in the mandatory fields. If you do not want to provide this data, please use other options for applying to us.

Storage period

We store the data collected for the duration of the application process and, in the event of non-employment, for a period of six months from the date of rejection and, in the case of employment, for a period of three years after the end of employment.

Google Fonts

Type and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offer. To obtain these fonts, you connect to the servers of Google Ireland Limited and your IP address will be transmitted.

Purpose and legal basis

The use of Google Fonts is based on our legitimate interests, i.e. Interest in a uniform provision and optimization of our online offer in accordance with Art. 6 Para. 1 lit. f. GDPR.

Storage period

The specific storage duration of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the data protection declaration for Google Fonts: https://policies.google.com/privacy

etracker

The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time by clicking on the slider. The objection has no disadvantageous consequences. If no slider is displayed, the data collection is already prevented by other blocking means.

Further information on data protection with etracker can be found here.

Social media profiles

We maintain profiles, appearances or pages on the following social media platforms:

Platform	Profile
Xing:	https://www.xing.com/pages/ampack-gmbh
LinkedIn:	https://www.linkedin.com/company/ampack-solutions
YouTube:	https://www.youtube.com/@AmpackGmbH
Google Business:	https://g.co/kgs/jf2TMxM

Different responsibilities and roles

Depending on how the platform operators and we as the site operator are involved in the processing of your personal data, the respective responsibility or role differs.

This means that we can either be jointly responsible with the platform operator or the platform operator is solely responsible.

Shared responsibility with platform operators

Jointly responsible

There is a joint responsibility between us and the following platform operators:

Platform	Platform operator
LinkedIn:	LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland

As the site operator, we are jointly responsible with the providers of the respective platform for the processing of your personal data in connection with your visit to the presence, profile, page or fan page on the platforms if the platform operators provide aggregated information about visitors to our profiles, presences, pages or fan pages (e.g. so-called "insights" or "analytics").

In the case of joint controllership, we have concluded agreements with the platform operators in accordance with Art. 26 GDPR on joint controllership for the processing of your personal data (e.g. Page Controller Addendum or Joint Controller Addendum).

This agreement specifies the data processing operations for which we or the respective platform operator are responsible. You can view these agreements under the following links:

	Agreements on joint
LinkedIn:	https://legal.linkedin.com/pages-joint-controller-addendum

Further information on data processing by the platform operators can be found in their privacy policies:


LinkedIn:	https://www.linkedin.com/legal/privacy-policy

Contacting the data protection officers of the platform operators

You can contact the data protection officers of the platform operators here:

	Possibility of making
LinkedIn:	To contact LinkedIn's data protection officer, you can use the contact form at the link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO .

Data processing under joint responsibility

Accessing and storing information in terminal equipment

When you access our profiles on the aforementioned platforms, the platform operator uses cookies and similar technologies on your end device to store data on your end device or to read data from there. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of the services, this is done on the basis of Section 25 (1) sentence 1, (2) no. 2 TDDDG. If necessary, connection data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.

In cases in which such a process serves other purposes (e.g. the needs-based design of our website), this is only carried out on the basis of Section 25 (1) TDDDG with your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Further information on the use of cookies and similar technology and their legal basis can be found in the respective privacy policy of the platform operator. Links to the respective privacy policies can be found above. If you have any further questions, please contact the operator of the respective social media platform directly.

Data processing for advertising and market research purposes

As a rule, personal data on our social media profile is primarily processed for market research and advertising purposes of the platform operator. Insofar as the data collection also takes place directly on our social media profile, we participate in the data processing of the platform operator and are therefore jointly responsible with the platform operator in this respect

During data processing, cookies and similar technologies are used that enable the platform operator to recognise you when you visit a social media profile. For members of the social media platform, the platform operator also analyses your interactions on the platform (clicks, comments and likes) and processes the information you provide to the platform operator, such as your master data, your profile picture or name. In particular, demographic information (age, gender, country, industry, profession, etc.) from your own member profile may also be processed.

The collected data can be used to create user profiles. These are then used by the platform operator to place adverts inside and outside the platform that presumably correspond to your interests.

Although we do not have direct access to the data processed by the platform operator, we also benefit from this data processing by placing corresponding adverts within or outside the platforms based on the target groups identified by the platform operator.

The legal basis for the processing of your personal data in relation to is your consent given to the platform operator pursuant to Art. 6 para. 1 lit. a GDPR.

Please note that we have no influence on the data collection and further processing under the responsibility of the platform operator. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by the platform operator.

Further information on this can be found in the data protection information of the respective provider.

Data processing in the context of "Insights" or "Analytics"

In addition, your data will be processed jointly responsible in connection with so-called "Page Insights" or "Page Analytics".

Page Insights" or "Page Analytics" are analysis functions provided by the platform operator, by means of which the master data processed by you, in particular demographic data and the data on your interactions with our profile are collected jointly by the platform operator and us.

The platform operator then analyses this data and uses it to create summarised (so-called aggregated data) for us, from which we can see which demographic target group has visited our profile and how our profile was used by them.

In this respect, we also have no direct access to the data processed by the platform operator. This data is only made available to us by the platform operator in aggregated form. This means that we cannot recognise individual visitors or their interactions from the aggregated data.

We then use this aggregated data to tailor our social media profile to the target group and generally to optimise it in relation to the aforementioned advertising purposes (increasing the reach and awareness of our profile and evaluating the success of marketing campaigns).

The legal basis for the processing of your personal data in relation to is your consent given to the platform operator pursuant to Art. 6 para. 1 lit. a GDPR.

Further information on this can be found in the data protection information of the respective provider.

Data processing based on consent

If you are asked by the respective platform operator for consent to processing for a specific, common purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.

Recipients and data transfer to third countries

If we pass on personal data to the operators of social media platforms, the latter are recipients of the data within the meaning of Art. 4 No. 9 GDPR.

LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, Dublin 2, Ireland

LinkedIn Corp, 1000 W. Maude Ave, Sunnyvale, CA 94085,

When you visit our social media profiles, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, in particular in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies with certification in accordance with the EU-U.S. Data Privacy Framework.

	Ensuring an adequate level of protection
LinkedIn Corp.	LinkedIn Corp. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov

If your data is transferred to other third countries for which no adequacy decision exists, there is a risk that the authorities there may access your data for security and monitoring purposes without you being informed or having the right to appeal.

To ensure an adequate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. They oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to guarantee the level of protection, additional technical, contractual or organisational measures are taken to secure the transfer of data. We also regularly review and assess whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.

Exercising your rights in the event of joint responsibility

Your rights as a data subject of data processing

If, as a visitor to the site, you would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both the platform operator and us.

Settings in the account

You can (also) restrict the visibility of your LinkedIn account to us via the LinkedIn settings.

For more information on asserting your rights, please refer to LinkedIn's privacy policy at the following link: https://www.linkedin.com/legal/privacy-policy

Responsibility of the platform operators

If your personal data is processed by one of the operators of social media platforms listed below, this processing is the responsibility of the platform operator within the meaning of Art. 7 No. 4 GDPR.

	operator
YouTube:	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Google Business	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
	New Work SE, Am Strandkai 1, 20457 Hamburg

We have no influence on data processing by the platform operators. For further information, please check the privacy policy of the respective platform operator:


YouTube:	https://policies.google.com/privacy
Xing	https://privacy.xing.com/de/datenschutzerklaerung

For the assertion of your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you nevertheless require assistance, please feel free to contact us at any time.

Our own responsibility

We are solely responsible for the following data processing via our social media profiles.

Data processing through the operation of the social media profile

When you visit or interact with our social media profile, we process your personal data.

This may be information that you actively provide (comments, likes and information that you make publicly available, such as your profile picture or name). Depending on the provider and your settings on the provider's platform, we may also be informed about who has accessed our profile on the platform.

The legal basis for the processing of personal data when operating our social media profile is Art. 6 para. 1 sentence 1 lit. f GDPR.

The legitimate interest lies in addressing visitors for advertising purposes and in providing an effective means of communication and interaction with our company on the social media platform.

Data processing when contacting

We collect personal data ourselves if you contact us, for example, via a contact form or using a messenger function on the respective platform.

Which data is collected depends on the information you provide and the contact details you give or release. This data is stored by us for the purpose of processing your enquiry and in the event of follow-up questions.

The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Your data will be deleted after final processing of your enquiry, provided that there are no statutory retention obligations to the contrary. We assume that processing is complete when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Data processing for contract processing

If your contact via a social network or other platform is aimed at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the fulfilment of the contract or for the implementation of pre-contractual measures or for the provision of the desired services.

The legal basis for the processing of your data in this case is Art. 6 para. 1 sentence 1 lit. b GDPR.

Your data will be deleted if it is no longer required to fulfil the contract or if it is clear that the pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of the contact.

Please note, however, that it may be necessary to store personal data of our contractual partners even after the conclusion of the contract in order to fulfil contractual or legal obligations.

Data processing based on consent

If you are asked by us for consent to processing for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.