Privacy Policy
Please select:
General Privacy Policy
1. An overview of data protection
General
The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory information
Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.
If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Moritz J. Weig GmbH & Co. KG
Polcher Straße 113
56727 Mayen · Germany
Phone +49 (0) 2651 84-0
Fax +49 (0) 2651 84-490
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data collection on our website
Cookies
Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
Processing is carried out in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files subsequently if there are any concrete indications of illegal use.
Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
4. Plugins and tools
Google Fonts (local embedding)
This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Fonts, please follow this link: https://developers.1d5920f4b44b27a802bd77c4f0536f5a-gdprlock/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.1d5920f4b44b27a802bd77c4f0536f5a-gdprlock/privacy?hl=en.
Google Maps
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.
5. Analysis tools and advertising
Google Analytics
This website uses the Google Analytics web analysis service, provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.
Google Analytics uses so-called cookies. These are text files that are saved to your computer and which permit an analysis of site use. The information generated by the cookies on your use of this website, including your IP address, are generally transmitted to a server belonging to Google in the USA, where the information is then stored.
The storage of Google Analytics cookies and the use of this analysis tool are based on GDPR Article 6 (1) point f. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If the relevant consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of GDPR Article 6 (1) point a, and consent may be revoked at any time.
IP anonymisation
We have enabled the IP anonymisation function for this website. This means that, within Member States of the European Union and European Economic Area, your IP address is truncated by Google before being sent to the USA. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to assess your use of the website on the webmaster’s behalf to compile reports regarding website activities and provide other services associated with the use of the website and the Internet for the webmaster. Google will not associate your browser’s IP address, transmitted for Google Analytics purposes, with any other data held by Google.
Browser plug-in
You can prevent cookies from being stored by using a corresponding setting in your browser software; however, be advised that you may not be able to make full use of all the website’s functions in such a case. Furthermore, if you wish to prevent the collection of data generated by cookies and concerning your site use (incl. your IP address) and if you wish to opt out of such data being sent to and processed by Google, you can download and install a browser plug-in from the following link: https://tools.1d5920f4b44b27a802bd77c4f0536f5a-gdprlock/dlpage/gaoptout?hl=en.
Objection to the collection of data
To prevent data collection by Google Analytics, click on the link below. This sets an opt-out cookie, which prevents the collection of your data when you visit our website in the future: Disable Google Analytics.
Further details about how Google Analytics treats user data can be found in the Google privacy policy: https://support.1d5920f4b44b27a802bd77c4f0536f5a-gdprlock/analytics/answer/6004245?hl=en.
Contract processing
We have concluded a contract processing agreement with Google, and we fully apply the strict specifications of the German data protection authorities for the use of Google Analytics.
Demographics under Google Analytics
This website uses the demographics function of Google Analytics, which makes it possible to generate reports showing details of site visitors’ ages, genders and interests. These data relate to interest-related Google advertising as well as visitor data of third-party suppliers. They do not permit the tracking of individual persons. However, you can disable this function via the display settings in your Google account at any time, or you can stop the recording of your data by Google Analytics, as detailed under “Objection to the collection of data”.
Duration of storage
Any user data and event-specific data saved by Google and associated with cookies, user IDs or advertising IDs (e.g. DoubleClick cookies or Android advertising IDs) are anonymised or erased after 14 months. Details are available via the following link: https://support.1d5920f4b44b27a802bd77c4f0536f5a-gdprlock/analytics/answer/7667196?hl=en
6. Applicant Portal
For the operation of the applicant portal WEIG will cooperate with an external partner. The external partner works according to the GDPR.
Privacy Policy Employees / Applicants
A. General
I. Responsible person
This data protection notice is issued by
- Weig Holding GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Cederwald Holding GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Weig Technical Liner GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Moritz J. Weig GmbH & Co. KG.,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Tecnokarton GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Weig-Casack GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/84182, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Weig Packaging GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Weig-Packaging Holding GmbH,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Nord-Westdeutsche Papierrohstoffe GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/95720, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Neuhaus Handels GmbH & Co. KG,
Polcher Str. 113. 56727 Mayen, Germany, Tel.: 09191/978750, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Alpa Rohstoffhandel, Logistik und Spedition GmbH,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/84500, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. ,
and the
- Buchmann GmbH,
Wasgaustraße 5, 76855 Annweiler, Germany, Tel.: 06346/9270, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it.
- together also referred to as the "WEIG Group" -
fulfills its existing legal obligation to provide information in accordance with Art. 13 of the General Data Protection Regulation, "GDPR", with regard to the processing of personal data in the employment relationship or in the context of applications.
In the following, we therefore use our data protection notice to explain which of your personal data we process and how. Please contact us if you have any further questions.
II. Personal data
Personal data according to Art. 4 No. 1 GDPR is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, information such as your name, address, telephone number, language, e-mail address, bank details and date of birth.
III. Processing of personal data
Processing of personal data pursuant to Art. 4 No. 2 GDPR is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. Data processing includes, in particular, the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
B. Purpose of the processing of personal data
We process personal data in accordance with the specifications and requirements set out below as part of automated processing.
The primary legal basis for the processing of personal data in the employment relationship is Section 26 BDSG.
Corresponding legal bases for other data processing are presented below.
In accordance with Section 26 (8) sentence 2 BDSG, applicants are treated in the same way as employees, i.e. identical data protection requirements apply to them.
Under the following conditions, data processing may be carried out in the employment relationship based on the legal authorization basis of § 26 BDSG: Data processing is necessary with regard to the establishment, implementation or termination of an employment relationship, or it is necessary for the exercise or fulfillment of the rights and obligations of the employee's representation of interests arising from a law or a collective agreement (purposes under works constitution law).
In addition, data may be processed to uncover criminal offenses or serious breaches of duty in the employment relationship or if a works agreement should permit this.
All data processed by us is required to achieve these purposes. You are therefore obliged to provide us with this personal data when concluding and executing the contract, otherwise we will not be able to establish an employment relationship with you.
With regard to the fulfillment of legal obligations, Art. 6 para. 1 sentence 1 lit. c GDPR is the relevant basis for authorization.
Furthermore, data processing may take place in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR if we have a legitimate interest in doing so. Such a legitimate interest always exists if we have an economic, legal or idealistic interest and your interests worthy of protection do not outweigh this.
Your personal data will only be processed by us, unless this is based on a legal authorization basis, if you give your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a DS-GVO in conjunction with. Art. 7 GDPR for this purpose. For this purpose, you have the option of giving your consent voluntarily. There are no disadvantages for you if you do not give your consent. You can withdraw your consent at any time by sending us an email or post. Withdrawing your consent does not affect the permissibility of the processing carried out up to the point of withdrawal. You will find our contact details at the end of this data protection notice. In the opinion of the legislator, such consent can be given by you in accordance with Section 26 (2) BDSG, in particular if a legal or economic advantage is achieved for you, e.g. the introduction of a company health management system to promote health, permission for private use of the company IT systems or if the employer and employees pursue similar interests, e.g. the inclusion of name and date of birth in a birthday list or the use of photos of employees on the Internet/intranet. Only in these cases will we obtain voluntary consent from you in compliance with the above conditions.
Automated decision-making in individual cases, including profiling in accordance with Art. 22 GDPR, does not take place.
The scope of the processing of your personal data is limited by the respective purposes described.
C. Additional information for communication via Microsoft Teams
We use Microsoft Teams to conduct online meetings.
With this supplementary information, we inform you about the processing of your personal data in the context of our online meetings using the Microsoft Teams video conferencing solution.
If you cannot or do not want to use the Microsoft Teams app, it is possible to use Microsoft Teams via your browser. The service is then provided via the Microsoft Teams website.
As part of our online meetings using Microsoft Teams, we process the following personal data:
- Communication data, e.g. your e-mail address, if you provide it on a personal basis
- Audio and video data, in order to enable the playback of videos and audio, the data from the video camera and microphone of your end device are processed for the duration of the meeting
- Log files, protocol data
- Metadata, e.g. IP address, time of participation, meeting ID, telephone numbers, etc. - Profile data, e.g. your user name, if you provide this yourself
However, the scope of data processing also depends on the information you provide before or during participation in an online meeting. For example, a profile picture is optional. You may also have the option of using the chat function in an online meeting. If you make use of this, your text entries will be processed in order to display them in the online meeting. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content.
You can switch off or mute the camera and/or microphone yourself at any time via the Microsoft Teams application. You can also stop using the chat function at any time.
The legal basis for this is § 26 BDSG, alternatively Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest".
In principle, meetings are not recorded. Recording may only take place in exceptional cases if the participants have been expressly and transparently informed of the planned recording in advance, have given their consent where necessary and have received additional data protection information, including on the specific purpose of the recording and the recipients to whom the recording is to be made available. If necessary, the legal basis is the consent of the data subject, Art. 6 para. 1 sentence 1 lit. a GDPR, which is voluntary. You can withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Personal data processed in connection with participation in online meetings will not be passed on to third parties.
Microsoft Teams is part of the Office 365 cloud application. Microsoft Office 365 is software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
Data processing with Office 365 takes place on servers in data centers in the EU. We have concluded an order processing contract with Microsoft in accordance with Art. 28 GDPR. This also includes extensive technical and organizational measures, such as the encryption of data.
In exceptional cases, Microsoft may request access for the purpose of remote maintenance. This access will then be checked by us and granted if approved. Access may be granted by affiliated Microsoft companies outside the EU. In this case, we have taken measures to ensure an appropriate level of data protection.
We cannot rule out the possibility that data may be routed via servers located outside the EU.
Data is transferred to companies in the USA on the basis of an adequacy decision of the European Commission within the meaning of Art. 45 para. 3 GDPR, which stipulates that an adequate level of protection exists in the USA.
Microsoft reserves the right to process customer data for its own business purposes. We have no influence on this data processing by Microsoft. Microsoft is independently responsible for these data processing activities, so you can contact Microsoft for further information.
Further information: privacy.microsoft.com/en/privacystatement and docs.microsoft.com/en/microsoftteams/teams-privacy
D. Application
If you apply to us, for example by e-mail, post or online, the data you provide will be processed by us in order to check whether we wish to establish and implement an employment relationship with you.
Our software partner d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, has been obliged by us to comply with the requirements of Art. 28 GDPR and will only process your data in accordance with the legal requirements and only in the context of order fulfillment as a processor.
During the application process, the usual correspondence data such as postal address, e-mail address and telephone numbers will be stored in addition to salutation, surname and first name. In addition, application documents such as letters of motivation, curriculum vitae, professional, training and further education qualifications, degree of severe disability and job references are recorded. The applicant data sent or entered by you will only be processed up to the time of the recruitment decision if an employment relationship does not materialize.
The data will be deleted four months after the rejection has been sent or after the application documents have been returned to the applicant.
Data will only be stored in an applicant pool if you give us your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR. For this purpose, you have the option of submitting your voluntary declaration of consent. There are no disadvantages for you if you do not give your consent. You can withdraw your consent at any time by sending us an email or post. The revocation of consent does not affect the permissibility of the processing carried out up to the revocation. You will find our contact details at the end of this data protection notice. This data will be stored for a maximum period of two years.
If we enter into an employment relationship with you, the data you have provided to us will be processed to establish, implement and, if necessary, terminate the employment relationship. The data may be processed for statistical purposes (e.g. reporting). It is not possible to draw conclusions about individual persons. The basis for authorization is § 26 para. 8 p. 2 BDSG.
E. Duration of data processing
The maximum duration of storage depends on the purpose of the data processing. The duration of storage generally depends on the period for which processing is required to fulfill the purpose. After you leave the company as an employee, the data will be deleted under data protection law after three years at the end of the year, not counting the year in which you left. Applicant data is generally only processed up to the point at which a decision on employment is made if an employment relationship does not materialize. The data will be deleted four months after the rejection has been sent or after the application documents have been returned to the applicant. The above deletion periods do not apply if and insofar as statutory retention obligations, such as those under social security, commercial or tax law, require longer deletion periods.
F. Recipients of the personal data
At our company, data is transferred within the specialist departments, in particular the management, HR department, payroll accounting, IT, insofar as this is necessary to achieve the purpose.
We may transfer data within the Group. The primary authorization basis for data transfer within the Group is Art. 6 para. 1 sentence 1 lit. f GDPR. This states that data processing is lawful if processing is necessary for the purposes of the legitimate interests pursued, except where such interests are overridden by the interests or fundamental rights of the data subject. Recital 48 of the recitals to the GDPR, which are to be regarded as interpretative aids to the GDPR, specifies the legitimate interest for a transfer within a group of companies. Accordingly, such a transfer within the group for internal administrative purposes with regard to the processing of data of employees and applicants is to be qualified as a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.
An agreement has been concluded between the companies of the WEIG Group on joint responsibility within the meaning of Art. 26 GDPR for the area of HR / personnel management. The contracting parties listed above jointly determine the corresponding purposes and essential means of processing personal data. Personal data is processed primarily in connection with the establishment and implementation of employment relationships and in the context of job applications. The central company for this within the WEIG Group is Weig Holding GmbH & Co. KG with regard to the HR department implemented there, which together with the respective group companies of the WEIG Group determines the purposes and main means of processing personal data in this context. On the part of Cederwald Holding GmbH & Co. KG also carries out centralized travel planning and, if necessary, assistance and staff unit activities for employees of the WEIG Group companies.
We comply with our legal obligation with regard to the provision of the essential points of the contract on joint responsibility in accordance with Art. 26 para. 2 sentence 2 GDPR with this joint data protection notice. You can exercise your rights as a data subject vis-à-vis Weig Holding GmbH & Co. KG, but of course also against each of the companies listed above. We will be happy to provide you with further information regarding the individual contracts on joint responsibility free of charge.
We would also like to draw your attention to the following systems:
We use Microsoft Office 365 as a cloud application, software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, with Microsoft's headquarters in the USA. Reference may be made to the statements made under C. above. The agreement on joint responsibility within the meaning of Art. 26 GDPR of the individual companies of the WEIG Group for the area of HR / personnel management also refers to this, as described above. Data is transferred to companies in the USA on the basis of an adequacy decision of the European Commission within the meaning of Art. 45 para. 3 GDPR, which stipulates that an adequate level of protection exists in the USA.
The legal basis for this is § 26 BDSG, alternatively Art. 6 para. 1 sentence 1 lit. f GDPR.
We also use Microsoft Sharepoint Online as an intranet, whereby the following types of personal data of employees are processed: First name, last name, business e-mail address and telephone number, business cell phone if applicable, company, department, function. Access is possible for all companies in the WEIG Group. The agreement on joint responsibility within the meaning of Art. 26 GDPR of the individual companies of the WEIG Group for HR / Human Resources also refers to this, as described above. Microsoft Sharepoint Online is part of the Office 365 cloud application. Reference may be made to the information provided above on "Office 365" and under C.
The legal basis for this is Section 26 BDSG, alternatively Art. 6 para. 1 sentence 1 lit. f GDPR.
We also use the Group-wide HR system "SuccessFactors" from SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, with whom we have concluded an order processing agreement with regard to SAP SuccessFactors and SAP Cloud in accordance with Art. 28 GDPR. In particular, personal data of applicants and employees will be processed in "SuccessFactors". All companies in the WEIG Group have access, although each company only has access to employees working for it. The agreement on joint responsibility within the meaning of Art. 26 GDPR of the individual companies of the WEIG Group for the area of HR / personnel management also refers to this, as described above.
The legal basis for this is § 26 BDSG, alternatively Art. 6 para. 1 sentence 1 lit. f GDPR.
Any further transfer of personal data to third parties will only take place if it is necessary to fulfill the respective purpose and we can rely on a corresponding legal basis for this, in particular on our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. This includes, for example, credit institutions, tax offices, social insurance institutions, employment agencies, health insurance companies, pension funds or pension insurance institutions, insofar as it is necessary and legally permissible to fulfill the purpose.
In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. All requirements of Art. 28 GDPR are observed.
G. Location of the data processing measures
All processing of your personal data by us takes place in Germany. We do not transfer your personal data to countries outside the member states of the European Union, so-called third countries, unless otherwise stated in the document.
H. Security / Technical and organizational measures
We take all necessary technical and organizational measures, taking into account the requirements of Art. 24, 25 and 32 GDPR, to protect your personal data from loss, destruction, access, modification or dissemination by unauthorized persons and misuse. For example, we comply with the legal requirements for the pseudonymization and encryption of personal data, the confidentiality, integrity, availability and resilience of systems and services in connection with processing, the availability of personal data and the ability to restore it quickly in the event of a physical or technical incident, and the establishment of procedures to regularly review, assess and evaluate the effectiveness of technical and organizational measures to ensure the security of processing. Furthermore, we also observe the requirements of Art. 25 GDPR with regard to the principles of "privacy by design" and "privacy by default", i.e. data protection through data protection-friendly default settings.
I. Your rights / contact details of the data protection officer
You have a right to free information about your personal data and, if the legal requirements are met, a right to rectification, blocking and erasure of your data, to restriction of processing, to data portability and a right to object.
Insofar as we base the processing of your personal data on the balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you can object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.
You also have the option of lodging a complaint with a competent supervisory authority, e.g. State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz.
If you have any questions about the processing of your personal data or questions relating to the aforementioned rights and their assertion, or if you have any suggestions, please use the contact details above or contact the data protection officer:
E-mail:
Version: 2, valid from December 2023.
Our latest version of this data protection notice applies.
Privacy Policy Business partner
A. General
I. Responsible person
This data protection notice is issued by
- Weig Holding GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Cederwald Holding GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Weig Technical Liner GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Moritz J. Weig GmbH & Co. KG.,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Tecnokarton GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Weig-Casack GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/84182, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Weig Packaging GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Weig-Packaging Holding GmbH,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Nord-Westdeutsche Papierrohstoffe GmbH & Co. KG,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/95720, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Neuhaus Handels GmbH & Co. KG,
Polcher Str. 113. 56727 Mayen, Germany, Tel.: 09191/978750, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. , - Alpa Rohstoffhandel, Logistik und Spedition GmbH,
Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/84500, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it. ,
and the
- Buchmann GmbH,
Wasgaustraße 5, 76855 Annweiler, Germany, Tel.: 06346/9270, E-Mail:This email address is being protected from spambots. You need JavaScript enabled to view it.
- together also referred to as the "WEIG Group" -
fulfills its existing legal obligation to provide information in accordance with Art. 13 of the General Data Protection Regulation, "GDPR", with regard to the processing of personal data of customers, interested parties, business partners and suppliers.
In the following, we therefore use our data protection notice to explain which of your personal data we process and how. Please contact us if you have any further questions.
II. Personal data
Personal data according to Art. 4 No. 1 GDPR is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, information such as name, address, telephone number, e-mail address or bank details, in particular of the contact person and employees of our customers, interested parties, business partners and suppliers.
If you operate as a sole trader or as a one-man GmbH or one-man AG, all data that we process about your company is also considered personal data.
III. Processing of personal data
Processing of personal data according to Art. 4 No. 2 GDPR occurs in any operation or series of operations, whether or not by automated means, concerning personal data. Data processing includes, in particular, the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.
Processing, such as collection, storage, transmission, and use, of personal data is permissible if these processes are legally permitted or if you have consented. We will provide you with the respective legal bases for our data processing below. The scope of processing of your personal data is limited by the respective purpose.
Automated decision-making on an individual basis, including profiling according to Art. 22 GDPR, does not take place.
B. General processing operations
I. Purpose of processing personal data of customers, prospects, business partners, and suppliers
We process your data, which we collect from you or you provide to us, in particular, to establish a contractual relationship with you and to fulfill the existing contractual relationship with you, Art. 6 para. 1 sentence 1 lit. b GDPR.
The aforementioned also includes the performance of pre-contractual measures requested by you.
Personal data directly collected from you by us at the conclusion of the contract are necessary for the conclusion of the respective contract.
In order to create an offer for you and to be able to carry out the respective contract, you are contractually obliged to provide the necessary data. Failure to provide the required personal data may result in the contract not being fulfilled.
In this context, we particularly process data of your organization, including relevant contact details and the contact persons, financial data, especially payment information, as well as data related to the respective concluded contract, as far as they are necessary to achieve the respective purpose. When you and/or your employees order a product and/or service, we also process your contact details for communication purposes and to provide the ordered products and services.
Furthermore, we process your data to submit or evaluate corresponding offers, manage an order, or provide support services.
The same applies when we procure products or services from you as a supplier.
In terms of fulfilling legal obligations, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the corresponding legal basis. We process your personal data depending on the respective legal obligation, for example, regarding requirements of the Money Laundering Act.
Furthermore, Article 6(1) sentence 1 lit. f GDPR, "legitimate interest," serves as our legal basis for processing when we have a legal, economic, or ideological interest in data processing and the legitimate rights, interests, or fundamental rights of the data subjects do not override.
Personal data is also processed by us when you give your consent in accordance with Article 6(1) sentence 1 lit. a GDPR. However, failure to provide this consent or its withdrawal does not affect the possibility of resorting to legal authorization grounds, in particular Article 6(1) sentence 1 lit. b GDPR, "necessity for the performance of a contract," Article 6(1) sentence 1 lit. c GDPR, "legal obligation," as well as Article 6(1) sentence 1 lit. f GDPR, "legitimate interest," regarding data processing. Your consent is voluntary. Failure to provide consent does not disadvantage you. You can revoke your consent at any time by email or by post to us. Revoking consent does not affect the lawfulness of processing carried out before the withdrawal.
II. Orders WOS - WEIG Online Services
If you wish to place an order in our webshop "WOS - WEIG Online Services," which is exclusively available to entrepreneurs, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the purpose of processing your order and fulfilling the contract concluded with you.
Regarding details, we refer to the document "Agreement for WEIG Online Service," which we will provide to you regarding registration for "WOS - WEIG Online Services."
Since we need to verify your status as an entrepreneur, we cannot offer you the option to place an order as a guest without creating a customer account through our sales department.
Through the customer account, we can store your data for future purchases. You can always delete all other data, including your user account, in the customer area.
Furthermore, we may process the data provided by you to inform you about other interesting products from our portfolio or to send you emails with technical information.
When ordering from your customer account, we process the data you provide. Mandatory information is marked accordingly and is necessary for the purpose, which is used for personal access and ordering. You can provide further personal data on a voluntary basis, such as your date of birth. Your personal data is stored and processed by us in order to process your order.
The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR, "contract performance," and if applicable, regarding the customer administrator, Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest."
For the delivery of your ordered goods, we cooperate with shipping service providers. For the purpose of delivery, we transmit your name and delivery address to the respective shipping service provider.
The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR, "contract performance."
In order to inform you about the current shipping status of your order, we provide your email address to our shipping service providers. You can object to the disclosure of your email address at any time by sending a message to us or to the respective shipping service provider. In such a case, however, notification of delivery or coordination of the delivery date is no longer possible.
The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest."
Due to commercial and tax law requirements, we are obligated to store your address, payment, and order data for a period of ten years. However, after three years, we restrict the processing, meaning your data will only be used from that point onward to comply with legal obligations.
To prevent unauthorized access by third parties to your personal data, the ordering process is encrypted using TLS technology.
C. Contact
I. Generel
When you contact us via email, post, contact form, telephone, or fax, the data you provide, such as your email address, name, and telephone number, will be stored by us to respond to your inquiries. We delete the data collected in this context if the inquiry is associated with a contract, according to the contract duration periods; otherwise, we delete it when storage is no longer necessary, or we restrict processing if there are legal retention obligations.
The scope of processing of your personal data is limited by the respective purpose.
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest".
II. Additional notes for communication via Microsoft Teams
We use Microsoft Teams to conduct online meetings.
With this supplementary information, we inform you about the processing of your personal data in the context of our online meetings using the Microsoft Teams video conferencing solution.
If you cannot or do not want to use the Microsoft Teams app, it is possible to use Microsoft Teams via your browser. The service is then provided via the Microsoft Teams website.
As part of our online meetings using Microsoft Teams, we process the following personal data:
- Communication data, e.g. your e-mail address, if you provide it on a personal basis
- Audio and video data, in order to enable the playback of videos and audio, the data from the video camera and microphone of your end device are processed for the duration of the meeting
- Log files, protocol data
- Metadata, e.g. IP address, time of participation, meeting ID, telephone numbers, etc. - Profile data, e.g. your user name, if you provide this yourself
However, the scope of data processing also depends on the information you provide before or during participation in an online meeting. For example, a profile picture is optional. You may also have the option of using the chat function in an online meeting. If you make use of this, your text entries will be processed in order to display them in the online meeting. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content.
You can switch off or mute the camera and/or microphone yourself at any time via the Microsoft Teams application. You can also stop using the chat function at any time.
The legal basis for this is § 26 BDSG, alternatively Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest".
In principle, meetings are not recorded. Recording may only take place in exceptional cases if the participants have been expressly and transparently informed of the planned recording in advance, have given their consent where necessary and have received additional data protection information, including on the specific purpose of the recording and the recipients to whom the recording is to be made available. If necessary, the legal basis is the consent of the data subject, Art. 6 para. 1 sentence 1 lit. a GDPR, which is voluntary. You can withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Personal data processed in connection with participation in online meetings will not be passed on to third parties.
Microsoft Teams is part of the Office 365 cloud application. Microsoft Office 365 is software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
Data processing with Office 365 takes place on servers in data centers in the EU. We have concluded an order processing contract with Microsoft in accordance with Art. 28 GDPR. This also includes extensive technical and organizational measures, such as the encryption of data.
In exceptional cases, Microsoft may request access for the purpose of remote maintenance. This access will then be checked by us and granted if approved. Access may be granted by affiliated Microsoft companies outside the EU. In this case, we have taken measures to ensure an appropriate level of data protection.
We cannot rule out the possibility that data may be routed via servers located outside the EU.
Data is transferred to companies in the USA on the basis of an adequacy decision of the European Commission within the meaning of Art. 45 para. 3 GDPR, which stipulates that an adequate level of protection exists in the USA.
Microsoft reserves the right to process customer data for its own business purposes. We have no influence on this data processing by Microsoft. Microsoft is independently responsible for these data processing activities, so you can contact Microsoft for further information.
Further information: privacy.microsoft.com/en/privacystatement and docs.microsoft.com/en/microsoftteams/teams-privacy
D. Advertisement
We intend to process the data you have provided or collected by us in the context of an existing customer relationship or other paid contractual relationships for advertising purposes as well. The legal basis for data processing in this case is Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest." Such legitimate interest is given according to the recitals of the GDPR, especially with regard to so-called direct advertising, recital 47 sentence 7. Direct advertising refers to the direct address of a customer by a provider with the aim of promoting the paid sale of products or services. Customer satisfaction surveys or participation in surveys can also fall under the legal term of advertising. We will of course comply with the other legal requirements, especially § 7 para. 3 of the German Act against Unfair Competition (UWG).
Without an existing customer relationship or other paid contractual relationship, we only process your personal data for advertising purposes if you have voluntarily given us your consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
With your consent, you can, for example, subscribe to our newsletter, through which we inform you about our current offers and events. For registration for our newsletter via our website, we use the so-called double opt-in procedure. This means that after your registration, we will send an email to the email address provided, asking you to confirm that you wish to receive the newsletter. Additionally, we store your respective IP addresses and the times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The mandatory information for sending the newsletter is solely your email address. The provision of other separately marked data is voluntary and is used to address you personally. After your confirmation, we will store your personal data for the aforementioned purpose. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. This consent is voluntary. You can refuse it without giving any reasons, and you will not suffer any disadvantages as a result. You can also revoke this consent at any time with future effect by clicking on the link provided in each newsletter email, by email, or by sending a message to the contact details provided in this privacy notice, without suffering any disadvantages as a result.
The advertising is carried out by postal mail, electronically, including email, social media, via SMS/MMS, or by phone, as far as legally permissible.
The advertising measures relate in particular to all products and all services offered by us, customer satisfaction surveys and surveys, as well as trade fairs and events.
You have the right to object to the processing of your personal data for advertising purposes and data analysis. The corresponding contact details are listed at the end of this privacy notice. In this case, your personal data will no longer be processed for advertising purposes and will be deleted from the respective advertising distributors.
E. Duration of data processing
The maximum duration of storage depends on the purpose of the data processing. The duration of storage generally depends on the period for which processing is necessary to fulfill the purpose.
Data protection deletion periods do not apply if and to the extent that legal retention obligations, such as those of social security, commercial, or tax law nature, for example according to § 257 HGB or § 147 AO, require longer deletion periods.
F. Recipients of the personal data
Within our organization, data may be transferred between departments as necessary to achieve the intended purpose.
Internal data transfers within our corporate group may also occur. The primary legal basis for data transfers within the group is Article 6(1) sentence 1 lit. f GDPR. According to this provision, data processing is lawful if it is necessary to pursue legitimate interests, provided that the interests or fundamental rights and freedoms of the data subject do not override those legitimate interests. Recital 48 of the GDPR specifies the legitimate interest for intra-group transfers. According to this recital, such transfers within the group for internal administrative purposes regarding the processing of customer data qualify as a legitimate interest under Article 6(1) sentence 1 lit. f GDPR. Internal administrative purposes concerning customer data may include central customer management, intra-group reporting, or access to data within matrix structures within the corporate group.
Between the companies of the WEIG Group, contracts on joint responsibility pursuant to Article 26 GDPR have been concluded for the following areas: IT, Marketing & Communication, CRM and ERP systems, Procurement and Supply Chain, as well as EHS (Environment, Health, and Safety). The above-mentioned contracting parties jointly determine the respective purposes and essential means of processing personal data. Personal data is mainly processed in connection with the establishment and implementation of customer relationships, as well as with regard to prospects, business partners, and suppliers. The central company for this within the WEIG Group is Weig Holding GmbH & Co. KG, where the relevant areas of IT, Marketing & Communication, CRM and ERP systems, Procurement and Supply Chain, as well as EHS, are located. Together with the respective group companies of the WEIG Group, it determines the purposes and essential means of processing personal data. We fulfill our legal obligation regarding the provision of essential points of the contract on joint responsibility pursuant to Article 26(2) sentence 2 GDPR with this joint privacy notice. You can assert your data subject rights against Weig Holding GmbH & Co. KG, but of course also against any of the companies listed above. Further information regarding the contracts on joint responsibility will be provided to you free of charge upon request.
Additionally, we use Microsoft Office 365 as a cloud application, a software provided by Microsoft Ireland Operations Limited, located at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The aspects outlined under Section C., II. may also be referenced in this context. This also pertains to the contract on joint responsibility under Article 26 GDPR of the individual companies within the WEIG Group, as outlined above. Data transfers to companies in the USA are based on an adequacy decision of the European Commission pursuant to Article 45(3) GDPR, which has determined that there is an adequate level of protection in the USA.
Furthermore, transfers to external third parties may be made as far as necessary and legally permissible to achieve the purpose, for example to: auditing firms, tax consulting firms, law firms, financing companies, banks, factoring companies, other assignees, advertising agencies, direct mail companies, printing houses, postal service providers, freight forwarders, authorities, including tax offices, customs, insurance companies, companies performing credit checks, IT service providers, debt collection agencies, data disposal companies, creditor protection associations, and other business information services. The legal basis for data transfers is Article 6(1) sentence 1 lit. f GDPR.
Contracted processors are contractually obligated to comply with the requirements of Article 28 GDPR. Processors will only process your data in accordance with legal requirements, our instructions, and solely for the purpose of fulfilling the contract.
G. Location of data processing measures
All processing of personal data generally takes place in Germany or in Member States of the European Union.
Transmission of personal data by us to states outside the Member States of the European Union, so-called third countries, or to other international organizations generally does not occur, unless otherwise stated in this privacy notice. If we should transmit personal data to companies in third countries in individual cases, this will only occur if the third country has been confirmed by the EU Commission to have an adequate level of data protection pursuant to Article 45(3) GDPR, or other appropriate data protection guarantees are in place, such as Binding Corporate Rules or an agreement on the Standard Contractual Clauses of the EU Commission, or if there is consent from the data subject, in accordance with Articles 44 ff. GDPR.
H. Security / Technical and Organizational Measures
We implement all necessary technical and organizational measures in accordance with the requirements of Articles 24, 25, and 32 of the GDPR to protect personal data against loss, destruction, unauthorized access, alteration, or dissemination by unauthorized persons and misuse. We adhere to legal requirements regarding the pseudonymization and encryption of personal data, confidentiality, integrity, availability, and resilience of systems and services related to processing, availability of personal data, and the ability to rapidly restore it in the event of a physical or technical incident, as well as the establishment of procedures for regular review, assessment, and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing. Furthermore, we also adhere to the provisions of Article 25 of the GDPR regarding the principles of "privacy by design," data protection by design and by default, and "privacy by default," data protection by data protection-friendly default settings.
I. Your Rights / Contact Information of the Data Protection Officer
You have the right to obtain free information about your personal data and, under the conditions set out in law, the right to rectify, block, and delete your data, to restrict processing, to data portability, and to object.
If we base the processing of your personal data on the balancing of interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, you can object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of a justified objection, we will examine the situation and either discontinue or adapt the data processing, or show you our compelling legitimate grounds for continuing the processing.
You also have the right to lodge a complaint with a supervisory authority, such as the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz, Germany.
For questions regarding the processing of your personal data, inquiries related to the aforementioned rights and their exercise, as well as for suggestions, please contact the above-mentioned contact details or the Data Protection Officer:
Email:
Version: 1, valid from December 2023.
Our most current version of this privacy notice shall apply at all times.
The customer / interested party / business partner / supplier is obligated to regularly review this privacy notice and make it accessible to their employees if personal data processed by us is or may be involved.