Privacy Policy

Please select:

General privacy policy
Privacy Policy Employees / Applicants
Privacy Policy Business partner

General Privacy Policy

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

Moritz J. Weig GmbH & Co. KG
Polcher Straße 113
56727 Mayen · Germany

Phone +49 (0) 2651 84-0
Fax +49 (0) 2651 84-490
This email address is being protected from spambots. You need JavaScript enabled to view it.

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

3. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

Processing is carried out in accordance with Art. 6 Para. 1 letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files subsequently if there are any concrete indications of illegal use.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Registration on this website

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.

4. Plugins and tools

Google Fonts (local embedding)

This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.

For more information on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Google Maps

This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.

5. Analysis tools and advertising

Google Analytics

This website uses the Google Analytics web analysis service, provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Google Analytics uses so-called cookies. These are text files that are saved to your computer and which permit an analysis of site use. The information generated by the cookies on your use of this website, including your IP address, are generally transmitted to a server belonging to Google in the USA, where the information is then stored.

The storage of Google Analytics cookies and the use of this analysis tool are based on GDPR Article 6 (1) point f. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If the relevant consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of GDPR Article 6 (1) point a, and consent may be revoked at any time.

IP anonymisation

We have enabled the IP anonymisation function for this website. This means that, within Member States of the European Union and European Economic Area, your IP address is truncated by Google before being sent to the USA. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to assess your use of the website on the webmaster’s behalf to compile reports regarding website activities and provide other services associated with the use of the website and the Internet for the webmaster. Google will not associate your browser’s IP address, transmitted for Google Analytics purposes, with any other data held by Google.

Browser plug-in

You can prevent cookies from being stored by using a corresponding setting in your browser software; however, be advised that you may not be able to make full use of all the website’s functions in such a case. Furthermore, if you wish to prevent the collection of data generated by cookies and concerning your site use (incl. your IP address) and if you wish to opt out of such data being sent to and processed by Google, you can download and install a browser plug-in from the following link: https://tools.1d5920f4b44b27a802bd77c4f0536f5a-gdprlock/dlpage/gaoptout?hl=en.

Objection to the collection of data

To prevent data collection by Google Analytics, click on the link below. This sets an opt-out cookie, which prevents the collection of your data when you visit our website in the future: Disable Google Analytics.

Further details about how Google Analytics treats user data can be found in the Google privacy policy: https://support.1d5920f4b44b27a802bd77c4f0536f5a-gdprlock/analytics/answer/6004245?hl=en.

Contract processing

We have concluded a contract processing agreement with Google, and we fully apply the strict specifications of the German data protection authorities for the use of Google Analytics.

Demographics under Google Analytics

This website uses the demographics function of Google Analytics, which makes it possible to generate reports showing details of site visitors’ ages, genders and interests. These data relate to interest-related Google advertising as well as visitor data of third-party suppliers. They do not permit the tracking of individual persons. However, you can disable this function via the display settings in your Google account at any time, or you can stop the recording of your data by Google Analytics, as detailed under “Objection to the collection of data”.

Duration of storage

Any user data and event-specific data saved by Google and associated with cookies, user IDs or advertising IDs (e.g. DoubleClick cookies or Android advertising IDs) are anonymised or erased after 14 months. Details are available via the following link: https://support.1d5920f4b44b27a802bd77c4f0536f5a-gdprlock/analytics/answer/7667196?hl=en

6. Applicant Portal

For the operation of the applicant portal WEIG will cooperate with an external partner. The external partner works according to the GDPR.

Privacy Policy Employees / Applicants

A. General Information

I. Controller

With this privacy policy notice, the following parties:

  • Weig Holding GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Cederwald Holding GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Weig Technical Liner GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Moritz J. Weig GmbH & Co. KG.,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Tecnokarton GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Weig-Casack GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/84182, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Weig Packaging GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Weig-Packaging Holding GmbH,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Nord-Westdeutsche Papierrohstoffe GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/95720, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Neuhaus Handels GmbH & Co. KG,
    Polcher Str. 113. 56727 Mayen, Germany, Tel.: 09191/978750, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Alpa Rohstoffhandel, Logistik und Spedition GmbH,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/84500, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,

and

  • Buchmann GmbH,
    Wasgaustraße 5, 76855 Annweiler, Germany, Tel.: 06346/9270, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

- jointly referred to as the “WEIG Group” -

are complying with their statutory obligation to provide information in accordance with Article 13 of the EU General Data Protection Regulation (GDPR) with respect to the processing of personal data of customers, interested parties, business partners and suppliers.

In our privacy policy notice, we will therefore outline below how we process personal data and which personal data are processed. Please contact us if you have any questions.

II. Personal Data

Personal data in the meaning of Article 4 No. (1) GDPR is all information relating to an identified or identifiable natural person. A natural person is regarded as identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, information such as a name, address, telephone number, email address or bank details especially of contact persons and employees of our customers, interested parties, business partners and suppliers.

If you are acting as a sole trader or a one-man company with limited liability or one-man stock company, all data that we process in connection with your business is considered as personal data.

III. Processing of Personal Data

Processing of personal data in the meaning of Article 4 No. (2) GDPR is constituted by any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. Data processing is in particular constituted by the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or by making data otherwise available, alignment or combination, restriction, erasure or destruction of personal data.

Processing, e.g. collection, storage, transmission, use or personal data, is admissible if such operations are permitted by law or if you have granted your consent. Below, we will introduce the legal bases on which we process data. The extent to which your personal data is processed is restricted by the respective purpose of processing.

We do not carry out any automated individual decision-making including profiling as set forth in Article 22 GDPR.

B. Purpose of Processing of Personal Data

We process personal data according to the below-described parameters and prerequisites in the scope of automated processing.

The primary legal basis for our authorisation to process personal data for employment-related purposes is Section 26 German Federal Data Protection Act (BDSG).

Below, we will outline the corresponding legal framework for other activities of data processing.

Pursuant to Section 26 (8) clause 2 BDSG, applicants are regarded as employees, i.e. they are subject to the same data protection provisions.

Data processing for employment-related purposes based on the legal grounds of Section 26 BDSG may take place under the following conditions: Data processing is necessary with respect to the establishment, exercise and termination of an employment relationship, or it is necessary for the exercise or compliance with the rights and duties in connection with the representation of employee interests under statutory law or a collective agreement (purposes under works constitution law).

Furthermore, data processing may serve for the detection of criminal offences or serious breaches of duty in the scope of employment relationships, or if a collective agreement allows such data processing.

All the data processed by us are required for achieving these purposes. Therefore, you are obliged to provide us with such personal data when concluding and exercising an employment contract. Otherwise, we will be unable to establish an employment relationship with you.

With regard to the fulfilment of statutory obligations, Article 6 (1) clause 1 c) GDPR is the legal basis for authorisation.

Furthermore, data processing may take place in accordance with Article 6 (1) clause 1 (f) GDPR if we have a legitimate interest. Such legitimate interest is always given if we have an economic, legal or non-material interest and your protection-worthy interests do not prevail.

Unless based on a statutory authorisation basis, your personal data is processed by us only if you have given your express consent in accordance with Article 6 (1) clause 1 (a) in connection with Article 7 GDPR. For this purpose, you have the possibility to issue a voluntary declaration of consent. If you do not grant your consent, this will not entail any disadvantages for you. You may at any time revoke your consent by an email or letter directed to us. Such revocation of your consent will have no effect on the data processing performed until your revocation. Our contact data can be found at the end of this privacy policy notice. According to legislation, such consent may in particular be granted by you in accordance with Section 26 (2) BDSG in order to gain a legal or economic advantage, e.g. the introduction of occupational health management, the permission to use the employer’s IT system for private purposes or in cases where the employer and employees are pursuing mutual interests, e.g. by including names and dates of birth in a birthday list or using photos of employees on the Internet/intranet. Only in these cases we may ask you to grant a voluntary consent under observance of the above-described prerequisites.

We do not carry out any automated individual decision-making including profiling as set forth in Article 22 GDPR.

The extent to which your personal data is processed is limited to the respective purpose as described.

C. Additional Note on Communication via Microsoft Teams

We use Microsoft Teams for online meetings.

We inform you on the processing of your personal data in the scope of our online meetings using the video conference tool Microsoft Teams.

If you are not able or willing to use the Microsoft Teams app, you may use Microsoft Teams within your browser. Insofar, the service will be performed via the web site of Microsoft Teams.

In the scope of our online meetings under use of Microsoft Teams, we process the following personal data:

- communication data, e.g. your email address if indicated in connection with your person

- audio and video data: in order to enable the replay of videos and audio records, the data from your video camera and microphone of your terminal device is processed for the duration of the meeting

- log files, protocol data

- metadata, e.g. IP address, time and date of participation, meeting ID, telephone numbers etc.

- profile data, e.g. your user name if indicated by you

The scope of data processing depends, however, on the information you provide before or during an online meeting. Thus, a profile photo is optional. Furthermore, you have the opportunity to use the chat feature during an online meeting. If you do so, the text you insert will be processed in order to display it in the online meeting. If necessary for recording the results of the online meeting, we will log the contents of chats.

You may at any time turn off or mute the camera and/or microphone within the Microsoft Teams application. Likewise, you may at any time stop using the chat feature.

The legal basis for the foregoing is Section 26 BDSG or, alternatively, Article 6 (1) clause 1 (f) GDPR, “legitimate interest”.

As a matter of principle, meetings are not recorded. The recording of meetings is possible only in exceptional cases where the participants have been informed on such intended recording in advance explicitly and transparently and the participants have granted their consent, as necessary, and have been provided with additional data protection notices on the specific purpose of recording and the addressees who will receive the record. The legal basis, as necessary, shall be the consent of the parties concerned, Article 6 (1) clause 1 (a) GDPR, which is a voluntary consent. You may at any time revoke your consent. Such revocation of your consent will have no effect on the data processing performed until your revocation.

Personal data processed in connection with the participation in online meetings are, as a matter of principle, not forwarded to third parties.

Microsoft Teams is part of the cloud application Office 365. Microsoft Office 365 is a software of the company Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Data processing with Office 365 is performed on servers in data centres in the EU. We have concluded a data processing agreement, “DPA”, with Microsoft in accordance with Article 28 GDPR, including provisions on extensive technical and organisational measures such as the encryption of data.

In exceptional cases, Microsoft may solicit access for the purposes of remote maintenance. We will review such request and grant access if approved. In some cases, access may take place by affiliated companies of Microsoft outside the EU. For such cases, we have taken measures to assure an adequate level of data protection.

We cannot exclude that routing of data is effected via servers located outside the EU.

The transmission of data to companies in the USA is performed on the basis of an adequacy decision of the European Commission within the meaning of Article 45 (3) GDPR, in which it has been established that an adequate level of protection is given in the USA.

Microsoft reserves the right to process customer data for its own business purposes. We have no influence on such data processing by Microsoft, for which Microsoft is the sole responsible party. Therefore, please contact Microsoft for further information.

Further information: privacy.microsoft.com/de-de/privacystatement and docs.microsoft.com/de-de/microsoftteams/teams-privacy

D. Application Process

If you submit an application to us, e.g. by email, by mail or online, the data thus transmitted by you are processed in order to review whether we want to establish and exercise an employment relationship with you.

Our software partner d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, has been obliged by us to comply with the provisions of Article 28 GDPR, “DPA”, and will process your data only in line with the provisions of statutory law and in the scope of its tasks as a data processor.

During the application process, we will store your salutatory address, name and first name, the usual contact data such as postal address, email address and telephone numbers. Furthermore, application documents such as letter of motivation, CV, certificates of professional qualification and trainings, the degree of severe disability, if applicable, and employer references are captured. As a matter of principle, the applicant data transmitted or inserted by you will be processed only up to the point in time where a decision on hiring is made if no employment relationship is established.

Four months after issuance of a refusal and, if applicable, return of the application documents to the applicant, the data will be erased.

Storage in an applicant pool will only take place if you grant your express consent in accordance with Article 6 (1) clause 1 (a) GDPR in connection with Article 7 GDPR. For this purpose, you have the possibility to issue a voluntary declaration of consent. If you do not grant your consent, this will not entail any disadvantages for you. You may at any time revoke your consent by an email or letter directed to us. Such revocation of your consent will have no effect on the data processing performed until your revocation. Our contact data can be found at the end of this privacy policy. Your data will be stored for a period of no more than two years in this respect.

If we enter into an employment relationship with you, the data transmitted or made available by you will be processed for the establishment, exercise and, possibly, for the termination of the employment relationship. The data may be processed for statistical purposes (e.g. reporting). In this case, no conclusion on individual persons will be possible. Such statistical processing is based on the legal ground of Section 26 (8) clause 2 BDSG.

E. Duration of Data Processing

The maximum period for which data is stored depends on the purpose of data processing. As a matter of principle, the time of data storage depends on how long data processing is required to reach the purpose. After you leave the company as an employee, the data are erased in accordance with data protection law after expiry of three years as of the end of a year, whereas the year in which you leave is not counted. Applicant data are generally only processed until a decision on hiring is made if no employment relationship is established. Four months after issuance of a refusal and, if applicable, return of the application documents to the applicant, the data will be erased. These periods for erasure are not applicable if and to the extent statutory retention requirements, for example with respect to social security, commercial law or tax law, lead to longer retention periods.

F. Recipients of Personal Data

Within our organisation, data transmission takes place within the competent departments, in particular the management, human resources, payroll accounting, IT, as may be necessary to fulfil the intended purposes.

Data transmission may take place within our company group. The primary legal basis for such intra-group data transmission is laid down in Article 6 (1) clause 1 (f) GDPR. In this respect, processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. In the recitals of the GDPR, which are meant as an aid for interpretation of the GDPR, the legitimate interest for transmission within a company group is concretised in recital (48). According to this, the transmission and processing of employee and applicant data within a company group for internal administration purposes is covered by a legitimate interest in the meaning of Article 6 (1) clause 1 (f) GDPR.

The companies of the WEIG Group entered into a Joint Control Agreement within the meaning of Article 26 GDPR, “JCA”, for the area of human resources. The above-listed contractual parties cooperate in determining the respective purposes and essential means for the processing of personal data. Personal data are mainly processed in the context of the establishment and exercise of employment relationships and the scope of application procedures. Within the WEIG Group, the mainly responsible entity is Weig Holding GmbH & Co. KG, where the human resources department is implemented and that, together with the respectively concerned companies of the WEIG Group determines the purposes and essential means for processing personal data in this context. The entity Cederwald Holding GmbH & Co. KG is furthermore responsible for the centralised travel planning and, if required, assistance and staff functions for the companies of the WEIG Group.

With this joint privacy policy notice, we are complying with our statutory obligation of disclosure of the essential points of the contract on joint responsibility as set forth in Article 26 (2) clause 2 GDPR. You as a data subject may assert your rights towards Weig Holding GmbH & Co. KG, but of course also towards any of the other companies listed above. If required, we may provide you with further information on the specific contracts on joint responsibility free of charge.

We would like to mention the following systems:

We use Microsoft Office 365 as a cloud application, a software from the company Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, whereas the headquarters of Microsoft are located in the USA. Reference is made to the information given in Section C hereof. The contract of joint controllership within the meaning of Article 26 GDPR between the companies of the WEIG Group in the area of human resources also refers to this topic. The transmission of data to companies in the USA is performed on the basis of an adequacy decision of the European Commission in the meaning of Article 45 (3) GDPR, in which it has been established that an adequate level of protection is given in the USA.

The legal basis for this is Section 26 BDSG, or, alternatively, Article 6 (1) clause 1 (f) GDPR.

We furthermore use Microsoft Sharepoint Online as our intranet, where the following types of personal data of employees are processed: first name, surname, business email address and telephone number, business mobile phone number (if any), company, department, function. All companies of the WEIG Group have access. This is also subject to the contract of joint controllership within the meaning of Article 26 GDPR of the individual companies of the WEIG Group for the area of human resources as described above. Microsoft Sharepoint Online is part of the cloud application Office 365. Reference is made to the provisions on "Office 365" as well as the provisions in Section C above.

The legal basis for this is Section 26 BDSG, or, alternatively, Article 6 (1) clause 1 (f) GDPR.

We furthermore use the group-wide HR system "SuccessFactors" from the manufacturer SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, with whom we have concluded a data processing agreement, “DPA”, with regard to SAP SuccessFactors and SAP Cloud in accordance with Article 28 GDPR. In “SuccessFactors”, we are in particular processing personal data of applicants and employees. All companies of the WEIG Group have access, whereas each company may only access the data of its own employees. This is also subject to the contract of joint controllership within the meaning of Article 26 GDPR of the individual companies of the WEIG Group for the area of human resources as described above.

The legal basis for this is Section 26 BDSG, or, alternatively, Article 6 (1) clause 1 (f) GDPR.

Any further transmission of personal data to third parties takes place only if this is necessary for achieving the respective purpose and if such processing is covered by an appropriate legal basis, in particular our legitimate interest in the meaning of Article 6 (1) clause 1 (f) GDPR, e.g. to credit institutions, tax offices, social security carriers, employment agencies, health insurances, pension funds or pension insurance carriers as far as necessary and legally admissible for fulfilling the respective purpose.

Data processing is partly done by external services providers. We have carefully selected and instructed these service providers. They are bound to our directions and are regularly audited. All the provisions of Article 28 GDPR are observed.

G. Place of Data Processing

The entire processing of your personal data by us takes place in Germany. Unless provided to the contrary in this document, no data are transferred to states outside the member states of the EU, so-called third countries.

H. Security / Technical and Organisational Measures

We are taking all necessary technical and organisational measures under observance of Articles 24, 25 and 32 GDPR in order to protect your personal data against loss, destruction, access, alteration, unauthorised disclosure and abuse. Thus, we observe the legal requirements for pseudonymisation and encryption of personal data, confidentiality, integrity, availability and resilience of processing systems and services in connection with processing, accessibility of personal data and the ability to restore such accessibility in a timely manner in the event of a physical or technical incident, as well as the implementation of a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. We furthermore also comply with the provisions of Article 25 GDPR with regard to the principles of “privacy by design”, data protection by technical measures, and “privacy by default”, data protection by data-protection-friendly default settings.

I. Your Rights / Contact Data of the Data Protection Officer

You are entitled to request information on your personal data free of charge and, if the legal requirements are given, a right to rectification, blocking or erasure of your data, restriction of the processing, transferability as well as a right of objection.

To the extent we base the processing of your personal data on the assessment of interests in accordance with Article 6 (1) clause 1 (f) GDPR, you may object to the data processing. This is the case if the processing is in particular not required for the fulfilment of a contract with you. When exercising your right of objection, please indicate the reasons why we should not process your personal data the way we do. In the event of a justified objection, we will review the facts of the case and cease or adjust the data processing or substantiate to you the compelling legitimate grounds on which we will continue processing.

You have furthermore the possibility to lodge a complaint with a competent supervisory authority, e.g. the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate (Landesbeauftragter für den Datenschutz und Informationsfreiheit Rheinland-Pfalz, Hintere Bleiche 34, 55116 Mainz).

If you have any questions on the processing of your personal data as well as the above-described rights and the assertion thereof or if you have any suggestions, please direct to the above contact data or the Data Protection Officer:

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Phone: 0049 2651 84-0

Version: 2, effective as of December 2023.

Our Privacy Policy is always applicable in the current version.

In case of contradictions between the English and the German version of this document the German version of this privacy policy shall prevail.

Privacy Policy Customers / Interested Parties / Business Partners / Suppliers

A. General Information

I. Controller

With this privacy policy notice, the following parties:

  • Weig Holding GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Cederwald Holding GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Weig Technical Liner GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Moritz J. Weig GmbH & Co. KG.,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Tecnokarton GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Weig-Casack GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/84182, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Weig Packaging GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Weig-Packaging Holding GmbH,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/840, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Nord-Westdeutsche Papierrohstoffe GmbH & Co. KG,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/95720, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Neuhaus Handels GmbH & Co. KG,
    Polcher Str. 113. 56727 Mayen, Germany, Tel.: 09191/978750, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,
  • Alpa Rohstoffhandel, Logistik und Spedition GmbH,
    Polcher Str. 113, 56727 Mayen, Germany, Tel.: 02651/84500, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.,

and

  • Buchmann GmbH,
    Wasgaustraße 5, 76855 Annweiler, Germany, Tel.: 06346/9270, E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

- jointly referred to as the “WEIG Group” -

are complying with their statutory obligation to provide information in accordance with Article 13 of the EU General Data Protection Regulation (GDPR) with respect to the processing of personal data of customers, interested parties, business partners and suppliers.

In our privacy policy notice, we will therefore outline below how we process personal data and which personal data are processed. Please contact us if you have any questions.

II. Personal Data

Personal data in the meaning of Article 4 No. (1) GDPR is all information relating to an identified or identifiable natural person. A natural person is regarded as identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, information such as a name, address, telephone number, email address or bank details especially of contact persons and employees of our customers, interested parties, business partners and suppliers.

If you are acting as a sole trader or a one-man company with limited liability or one-man stock company, all data that we process in connection with your business is considered as personal data.

III. Processing of Personal Data

Processing of personal data in the meaning of Article 4 No. (2) GDPR is constituted by any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. Data processing is in particular constituted by the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or by making data otherwise available, alignment or combination, restriction, erasure or destruction of personal data.

Processing, e.g. collection, storage, transmission, use or personal data, is admissible if such operations are permitted by law or if you have granted your consent. Below, we will introduce the legal bases on which we process data. The extent to which your personal data is processed is restricted by the respective purpose of processing.

We do not carry out any automated individual decision-making including profiling as set forth in Article 22 GDPR.

B. General Procedures of Processing

I. Purpose of the Processing of Personal Data of Customers, Interested Parties, Business Partners and Suppliers

We process data that we collect from you or that is given to us by you, especially in order to establish a contractual relationship with you and to be able to fulfil such contractual relationship, Article 6 (1) clause 1 b) GDPR.

The foregoing also includes precontractual measures that take place upon your request.

Any personal data collected by us directly from you when concluding a contract is required for the conclusion of such contract.

To be able to provide you with an offer and to exercise the respective contract, you are contractually obliged to provide us with the required data. If the required personal data is not provided, it may not be possible to fulfil a contract.

In this respect, we process particularly data of your organisation, the respective contact data also of contact persons at your organisation, financial data, especially payment details, as well as certain data in connection with the respectively concluded contract as far as it may be necessary to obtain the respective purpose. If you and/or your employees order a product and/or service, we will process your contact data also for purposes of communication and for the provision of the ordered products and services.

Furthermore, we process your data in order to provide you with suitable offers, for evaluation purposes, to handle orders or to perform support services.

The same applies also if we acquire products or services from you as our supplier.

With regard to the fulfilment of statutory obligations, Article 6 (1) clause 1 c) GDPR is the legal basis for authorisation. We process your personal data depending on the respective statutory obligation, e.g. with respect to the provisions of money laundering law.

Furthermore, data processing may take place in accordance with Article 6 (1) clause 1 (f) GDPR if we have a “legitimate interest”. Such legitimate interest is always given if we have an economic, legal or non-material interest in data processing and protection-worthy rights, interests or basic rights of data subjects do not prevail.

Personal data may be processed by us also if you grant your consent as set forth in Article 6 (1) clause 1 (a) GDPR. If a consent is not granted or is revoked, a recourse to statutory bases of authorisation, in particular Article 6 (1) clause 1 b) GDPR, “necessity for the performance of a contract”, Article 6 (1) clause 1 c) GDPR, “legal obligation” as well as Article 6 (1) clause 1 f) GDPR, “legitimate interest”, will remain unaffected with respect to data processing. Your declaration of consent is granted on a voluntary basis. If you do not grant your consent, this will not entail any disadvantages for you. You may at any time revoke your consent by an email or letter directed to us. Such revocation of your consent will have no effect on the data processing performed until your revocation.

II. Orders via WOS - WEIG Online Services

If you wish to place orders in our online shop "WOS - WEIG Online Services", which is accessible only for entrepreneurs, it is necessary for the conclusion of contracts that you enter your personal data that we need for handling your order and fulfilling the contract with you.

For details, reference is made to the document "Agreement on WEIG Online Service", which will be sent to you when you register for "WOS - WEIG Online Services".

Since we have to verify your status as an entrepreneur, we cannot offer you to place orders as a guest without creating a customer account at our sales department.

In your customer account, we may store your data for future purchases. You always have the possibility to delete all other data including your user account in our customer area.

We may furthermore process your data in order to inform you about other interesting products from our portfolio or to send you emails with technical information.

When you place orders within your customer account, we will process the data inserted by you. Mandatory fields are marked accordingly. The respective information is required and used for achieving the purpose pursued by your personal access and your order. Further personal data, e.g. your date of birth, may be entered on a voluntary basis. We will store and process your personal data in order to complete your order.

The legal basis for the foregoing is Article 6 (1) clause 1 b) GDPR, “performance of a contract”, and, with regard to the customer administrator, Article 6 (1) clause 1 f) GDPR, “legitimate interest”.

For the shipment of your ordered goods, we cooperate with shipping providers. For the purposes of shipment and delivery, we will provide the respective shipping provider with your name and delivery address.

The legal basis for the foregoing is Article 6 (1) clause 1 b) GDPR, “performance of a contract”.

To be able to inform you on the status of your order, we will forward your email address to our shipping providers. You may at any time object to the forwarding of your email address by sending a message to us or the respective shipping provider. If you do so, it will not be possible to provide you with a notice of delivery or adjust upon a delivery date.

The legal basis for the foregoing is Article 6 (1) clause 1 f) GDPR, “legitimate interest”.

Based on provisions of commercial law and tax law, we are obliged to store your address, payment and ordering data for a period of ten years. However, after expiry of three years, we will implement a restriction on processing, e.g. from that time on, your data will only be used for the compliance with statutory obligations.

To protect your personal data against unauthorised access by third parties, the order procedure is encrypted by TLS technology.

C. Contact

I. General

When you enter into contact with us via email, mail, contact forms, telephone or telefax, the data transmitted by you, e.g. your email address, name and telephone number, are recorded by us in order to answer your questions. If your enquiry is allocated to an existing contact, the data thus recorded will be deleted after expiry of the respective periods corresponding to the term of such contract. If your enquiry is not allocated to a contract, such data will be deleted when no longer required, or, if statutory storage periods are applicable, the processing will be restricted.

The extent to which your personal data is processed will be limited to the respective purpose.

The legal basis for the foregoing is Article 6 (1) clause 1 f) GDPR, “legitimate interest”.

II. Additional Note on Communication via Microsoft Teams

We use Microsoft Teams to hold meetings online.

With this additional note, we are informing you on the processing of your personal data in the scope of our online meetings using the video conference tool Microsoft Teams.

If you do not wish to communicate with us via Microsoft Teams, you may reach us by all our other communication channels. Furthermore, you are free to invite us to online meetings with our own conferencing tools.

If you are not able or willing to use the Microsoft Teams app, you may use Microsoft Teams within your browser. Insofar, the service will be performed via the web site of Microsoft Teams.

In the scope of our online meetings via Microsoft Teams, we process the following personal data:

- communication data, e.g. your email address if indicated in connection with your person

- audio and video data: in order to enable the replay of videos and audio records, the data from the video camera and microphone of your terminal device is processed for the duration of the meeting

- log files, protocol data

- metadata, e.g. IP address, time and date of participation, meeting ID, telephone numbers etc.

- profile data, e.g. your user name if indicated by you

The scope of data processing depends, however, on the information you provide before or during an online meeting. Thus, a profile photo is optional. Furthermore, you have the opportunity to use the chat feature during an online meeting. If you do so, the text you insert will be processed in order to display it in the online meeting. If necessary for recording the results of the online meeting, we will log the contents of chats.

You may at any time turn off or mute the camera and/or microphone within the Microsoft Teams application. Likewise, you may at any time stop using the chat feature.

The legal basis for the foregoing is Article 6 (1) clause 1 f) GDPR, “legitimate interest”.

As a matter of principle, meetings are not recorded. The recording of meetings is possible only in exceptional cases where the participants have been informed on such intended recording in advance explicitly and transparently and the participants have granted their consent, as necessary, and have been provided with additional data protection notices on the specific purpose of recording as well as the addressees who will receive the record. The legal basis, as necessary, shall be the consent of the parties concerned, Article 6 (1) clause 1 (a) GDPR. You may at any time revoke such consent. Such revocation of your consent will have no effect on the data processing performed until your revocation.

Personal data processed in connection with the participation in online meetings are, as a matter of principle, not forwarded to third parties.

Microsoft Teams is part of the cloud application Office 365. Microsoft Office 365 is a software of the company Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Data processing with Office 365 is performed on servers in data centres in the EU. We have concluded a data processing agreement with Microsoft in accordance with Article 28 GDPR, including provisions on extensive technical and organisational measures such as the encryption of data.

In exceptional cases, Microsoft may solicit access for the purposes of remote maintenance. We will review such request and grant access if approved. In some cases, access may take place by affiliated companies of Microsoft outside the EU. For such cases, we have taken measures to assure an adequate level of data protection.

We cannot exclude that routing of data is performed via servers located outside the EU.

The transmission of data to companies in the USA is performed on the basis of an adequacy decision of the European Commission in the meaning of Article 45 (3) GDPR, in which it has been established that an adequate level of protection is given in the USA.

Microsoft reserves the right to process customer data for its own business purposes. We have no influence on such data processing by Microsoft, for which Microsoft is the sole responsible party. Therefore, please contact Microsoft for further information.

Further information: privacy.microsoft.com/de-de/privacystatement and docs.microsoft.com/de-de/microsoftteams/teams-privacy

D. Advertising

Within an existing customer relationship or other contractual relationship subject to payment, we intend to process the data transmitted by you and/or collected by us also for advertising purposes. The legal basis for this is Article 6 (1) clause 1 f) GDPR, “legitimate interest”. According to the recitals of the GDPR, such legitimate interest is given especially with respect to direct marketing, recital (47), clause 7. The term ‘direct marketing’ means the direct approach to a potential customer by a supplier with the objective to promote the distribution of products and services against payment. Satisfaction surveys or other surveys may also be covered by the legal term of advertising. Any further provisions of statutory law, in particular Section 7 (3) of the German Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb - UWG) will, of course, be observed.

Without an existing customer relationship or other contractual relationship subject to payment, we will process your personal data for advertising purposes only if you have granted your consent on a voluntary basis. The legal basis is Article 6 (1) clause 1 a) GDPR.

With your declaration of consent, you may, for example, subscribe to our newsletter, which provides information on our current offers and events. For the subscription of our newsletter via our website, we use the double opt-in procedure. This means that after registration, we send an email to the indicated email address in which we ask you to confirm that you wish to receive the newsletter. Furthermore, we store the IP addresses and times and dates at which you have registered and confirmed your subscription. The purpose of this procedure is to procure evidence of your registration and to be able to evidence any potential abuse of your personal data. The only mandatory entry for subscription to our newsletter is your email address. The entry of any other, separately market data is optional and will be used to address you personally. After your confirmation, we will store your personal data for the above-described purpose. The legal basis for the foregoing is Article 6 (1) clause 1 a) GDPR. Such consent is granted on a voluntary basis. You may refuse it without stating reasons; this will not entail any disadvantages. You may at any time revoke your consent for the future by clicking on the link delivered in every newsletter email, by email or by a message to the contacts given in this privacy policy notice without having to expect any disadvantage.

Advertising is performed by mail, electronically, e.g. by email, social media, sms/mms or by telephone, as far as legally admissible.

Advertising measures cover in particular all of our products and services, satisfaction surveys among customers and other surveys as well as trade fairs and events.

You may declare an objection against the processing of your personal data for advertising purposes and data analyses. The corresponding contact data are given at the end of this privacy policy notice. In case of an objection, your personal data will no longer be processed for advertising purposes and will be deleted from the respective mailing lists.

E. Duration of Data Processing

The maximum period for which data is stored depends on the purpose of data processing. As a matter of principle, the time of data storage depends on how long data processing is required to reach the envisaged purpose.

Time limits for deletion under data protection law are not applicable if and to the extent statutory storage periods, e.g. with regard to social security law, commercial law or tax law, for example under Section 257 German Commercial Act (Handelsgesetzbuch – HGB) or under Section 147 German Tax Code (Abgabenordnung – AO) provide for longer time limits.

F. Recipients of Personal Data

Within our organisation, data transmission takes place within the competent departments, as may be necessary to fulfil the intended purposes.

Data transmission may take place within our company group. The primary legal basis for such intra-group data transmission is laid down in Article 6 (1) clause 1 (f) GDPR. In this respect, processing is legitimate if necessary for the purposes of legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. In the recitals of the GDPR, which are meant as an aid for interpretation of the GDPR, the legitimate interest for transmission within a company group is concretised in recital (48). According to this, the transmission and processing of customer data within a company group for internal administration purposes is covered by a legitimate interest in the meaning of Article 6 (1) clause 1 (f) GDPR. Internal administration purposes with respect to customer data may be a centralised customer management, intra-group reporting or access to data within matrix structures within a company group.

The companies of the WEIG Group entered into a Joint Control Agreement within the meaning of Article 26 GDPR, “JCA”, for the following areas: IT, marketing & communications, CRM and ERP systems, procurement and supply chain as well as EHS. The above-listed contractual parties cooperate in determining the respective purposes and essential means for the processing of personal data. Personal data is mainly processed in the context of the establishment and exercise of customer relationships and with respect to interested parties, business partners and suppliers. Within the WEIG Group, the mainly responsible entity is Weig Holding GmbH & Co. KG, where the respective departments of IT, marketing & communications, CRM and ERP systems, procurement and supply chain as well as EHS are implemented and that, together with the respectively concerned companies of the WEIG Group, determines the purposes and essential means for processing personal data in these contexts. With this joint privacy policy notice, we are complying with our statutory obligation of disclosure of the essential points of the contract on joint responsibility as set forth in Article 26 (2) clause 2 GDPR. You as a data subject may assert your rights towards Weig Holding GmbH & Co. KG, but of course also towards any of the other companies listed above. If required, we may provide you with further information on the specific contracts on joint responsibility free of charge.

We also use Microsoft Office 365 as a cloud application, a software from the company Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Reference is made to the information given in Section C II. hereof. The contract on joint responsibility in the meaning of Article 26 GDPR between the companies of the WEIG Group, as described above, also refers to this aspect. The transmission of data to companies in the USA is performed on the basis of an adequacy decision of the European Commission in the meaning of Article 45 (3) GDPR, in which it has been established that an adequate level of protection is given in the USA.

Any further transmission of data to external third parties may take place to the extent this is legally admissible and necessary to reach the respective purpose. This may refer to auditing companies, tax consulting firms, law firms, financing companies, banks, factoring companies, other assignees, advertising agencies, letter shops, print shops, postal operators, freight forwarders, authorities including tax authorities, customs, insurance companies, credit reference agencies, IT service providers, debt collection agencies, companies for the disposal of data carriers, associations for the protection of creditors as well as other credit information providers. The legal basis for the foregoing is Article 6 (1) clause 1 (f) GDPR.

Any external processor involved in data processing are contractually bound to the provisions of Article 28 GDPR. Such processors will process your data only in line with statutory law, our instructions and in the scope of their tasks.

G. Place of Data Processing

As a matter of principle, the entire processing of personal data by us takes place in Germany or in member states of the EU.

Unless provided to the contrary in this privacy policy notice, no data are transferred to states outside the member states of the EU, third countries, or other international organisations. As far as personal data should be transmitted to third countries in individual cases, this will take place only if the EU Commission has confirmed an adequate level of data protection for such third country in accordance with Article 45 (3) GDPR and other appropriate guarantees of data protection, e.g. binding in-house data protection regulations or an agreement on standard contractual terms of the EU Commission or the data subject has granted a consent in the meaning of Articles 44 et. seqq. GDPR.

H. Security / Technical and Organisational Measures

We are taking all necessary technical and organisational measures under observance of Articles 24, 25 and 32 GDPR in order to protect your personal data against loss, destruction, access, alteration, unauthorised disclosure and abuse. Thus, we observe the legal requirements for pseudonymisation and encryption of personal data, confidentiality, integrity, availability and resilience of processing systems and services in connection with processing, accessibility of personal data and the ability to restore such accessibility in a timely manner in the event of a physical or technical incident, as well as the implementation of a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. We furthermore also comply with the provisions of Article 25 GDPR with regard to the principles of “privacy by design”, data protection by technical measures, and “privacy by default”, data protection by data-protection-friendly default settings.

I. Your Rights / Contact Data of the Data Protection Officer

You are entitled to request information on your personal data free of charge and, if the legal requirements are given, a right to rectification, blocking or erasure of your data, restriction of the processing, transferability as well as a right of objection.

To the extent we base the processing of your personal data on the assessment of interests in accordance with Article 6 (1) clause 1 (f) GDPR, you may object to the data processing. This is the case if the processing is in particular not required for the fulfilment of a contract with you. When exercising your right of objection, please indicate the reasons why we should not process your personal data the way we do. In the event of a justified objection, we will review the facts of the case and cease or adjust the data processing or substantiate to you the compelling legitimate grounds on which we will continue processing.

You have furthermore the possibility to lodge a complaint with a competent supervisory authority, e.g. the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate (Landesbeauftragter für den Datenschutz und Informationsfreiheit Rheinland-Pfalz, Hintere Bleiche 34, 55116 Mainz).

If you have any questions on the processing of your personal data as well as the above-described rights and the assertion thereof or if you have any suggestions, please direct to the above contact data or the Data Protection Officer:

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Phone: 0049 2651 84-0

Version: 2, effective as of December 2023.

Our Privacy Policy is always applicable in the current version.

The customer / interested party / business partner / supplier is obliged to view this privacy policy notice regularly and make it accessible to its employee if personal data of such employees are or may be processed by us.

In case of contradictions between the English and the German version of this document the German version of this privacy policy shall prevail.