The owner of this website takes your data protection very seriously and treats your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

We would like to point out that data transmission over the Internet (e.g., when communicating by e-mail) can generally be subject to security vulnerabilities. It is not possible to fully protect data from access by third parties. It is possible to use our website without providing personal data. If personal data (e.g., name, address or e-mail addresses) is collected on our website, this is always done voluntarily. This data will not be passed on to third parties without your express consent.

This privacy policy explains the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online services and the associated websites, functions and content as well as external online presences, such as our social media profile (hereinafter jointly referred to as "online service(s)"). Regarding the terms used, such as "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Information on the Responsible Party

The controller responsible for the processing of your data on this website is:

ZERHUSEN Kartonagen GmbH
Roland Zerhusen
Industriestraße 9
49401 Damme
Deutschland

Telephone +49 (0) 54 91-96 88 0
E-mail info@zerhusen.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, e-mail addresses, etc.).

Link to Legal Notice: https://www.zerhusen.de/en/company-details/

—

Data Protection Representative

We have appointed a data protection officer in our company.

Sebastian von der Au
EDV-Unternehmensberatung Floß GmbH
Hopfengarten 10
33775 Versmold
Deutschland

E-mail info@floss-consult.de

—

Types of Data Processed

• Inventory data (e.g., names, addresses)

• Contact data (e.g., e-mail, telephone numbers)

• Content data (e.g., text entries, photographs, videos)

• Usage data (e.g., websites visited, interest in content, access times)

• Meta/communication data (e.g., device information, IP addresses)

—

Categories of Persons Affected

Visitors and users of the online service (hereinafter we also refer to the data subjects collectively as "users").

—

Purpose of Processing

• Providing an online service, its functions and content

• Responding to contact requests and communicating with users

• Security measures

• Reach measurement/marketing

—

Terms and Definitions

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers nearly every type of data handling.

"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

The "controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

—

Applicable Legal Principles

In accordance with Art. 13 GDPR, we hereby inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 of the GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b of the GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c of the GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f of the GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d of the GDPR serves as the legal basis.

—

Security Measures

We take appropriate technical and organizational measures in accordance with Art. 32 of the GDPR, considering the state of the technology, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

The measures include safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and its separation.

Furthermore, we have established procedures that ensure the exercise of the rights of the data subject, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

—

Cooperation with Processors and Third Parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract in accordance with Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties with the processing of data based on a so-called "order processing contract", this is done in accordance with Art. 28 of the GDPR.

—

Data Transmitted to Third Party Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre)contractual obligations, based on your consent, the basis of a legal obligation or on the basis of our legitimate interests.

Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

—

Rights of Data Subjects

• You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
  
  

• In accordance with. Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  
  

• In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately or, alternatively, to demand that the processing of the data be restricted in accordance with Art. 18 GDPR.
  
  

• You have the right to request to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transfer to other controllers.
  
  

• You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

—

Right to Withdrawal

You have the right to withdraw your consent in accordance with Art. 7 (3) GDPR with effect for the future right to object you can object to the future processing of data concerning you at any time in accordance with Art. 21 of the GDPR. In particular, you may object to processing for direct marketing purposes.

—

Deletion of Data

The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory record retention obligations.

If the data is not deleted because it is required for other and legally permissible purposes, its processing shall be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal requirements in Germany, the retention period is 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters).

According to legal requirements in Austria, the retention period is 7 years in accordance with § 132 para. 1 of the Austrian Federal Fiscal Code (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), 22 years in connection with real estate and 10 years for documents in connection with electronically provided services, telecommunications, radio and television services that are provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.

—

Hosting

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this website.

We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this website based on our legitimate interest in the efficient and secure provision of this website in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of contracts). Art. 28 GDPR (conclusion of order processing contract).

—

Collection of Access Data and Log Files

On the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR, we or our hosting provider collect data regarding every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, the notification of successful access, the browser type and version, the user's operating system, the reference URL (the previously visited page), the IP address and the requesting provider.

For security reasons, log file information (e.g., to investigate misuse or fraud) is stored for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes until final clarification of the respective incident is excluded from deletion.

—

Cookies and Right to Object to Direct Marketing

This website uses "cookies" in some cases. Cookies are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service.

Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes their browser. The content of a shopping cart in an online store or a login status, for example, can be stored in such a cookie.

Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be saved if the user visits the website after several days. The interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the controller who operates the online service (otherwise, if they are only their cookies, they are referred to as "first-party cookies").

If you allow us to use cookies through your browser settings or consent, the following cookies may be used on our websites:

EUCookiesConsent (is set by the Joomla plugin EU Cookies Consent to save the settings for cookie use). Insofar as these cookies may (also) affect personal data, we will inform you about this in the following sections.

If you as a user do not want cookies to be stored on your computer, please deactivate the corresponding option in the system settings of your browser. Saved cookies can be deleted in the browser's system settings. The exclusion of cookies can lead to functional restrictions of this online service.

You can delete individual cookies or the entire cookie inventory via your browser settings. You will also receive information and instructions on how to delete these cookies or block their storage in advance. Depending on your browser provider, you will find the necessary information under the following links:

Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de
Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectlocale=de&redirectslug=Cookies+l%C3%B6schen
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/
Edge: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/ .

Data Protection Information during the Application Process

We process the applicant data only for the purpose and in the context of the application process in accordance with the legal requirements. Applicant data is processed to fulfill our (pre-)contractual obligations in the context of the application process within the meaning of Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR if the data processing becomes necessary for us, e.g., in the context of legal proceedings (in Germany, Section 26 BDSG also applies).

The application process requires applicants to provide us with applicant data. If we offer an online form, the necessary applicant data is marked, otherwise it is derived from the job descriptions and generally includes personal details, postal and contact addresses and the documents belonging to the application, such as a cover letter, CV and certificates. Applicants can also voluntarily provide us with additional information.

By submitting their application, applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy.

Insofar as specific categories of personal data in accordance with Art. 9 para. 1 of the GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b of the GDPR (e.g., health data, such as severely disabled status or ethnic origin). Insofar as specific categories of personal data in accordance with Art. 9 para. 1 of the GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. a of the GDPR (e.g., health data if this is necessary for the exercise of the profession).

If provided, applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form in accordance with state of the art standards.

Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves.

We, therefore, cannot assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or sending it by mail. Instead of applying via the online form and e-mail, applicants still have the option of sending us their application by mail.

In the event of a successful application, we may process the data provided by applicants for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

Subject to a justified withdrawal by the applicant, the data will be deleted after a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

—

Contact Us

When contacting us (e.g., by contact form, email, telephone or via social media), the user's details are processed to process the contact request and its handling in accordance with Art. 6 para. 1 lit. b of the GDPR). The user's details may be stored in a customer relationship management system ("CRM system") or comparable inquiry organization.

We delete the inquiries if they are no longer required. We review the necessity every two years; the statutory archiving obligations also apply.

—

Integration of Third-Party Services and Content

Based on our legitimate interest in the analysis, optimization and economic operation of our online service in accordance with Art. 6 para. 1 lit. f. of the GDPR. The GDPR, content or services from third-party providers in order to integrate their content and services (e.g., videos or fonts).

This always presupposes that the third-party providers of this content are aware of the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use "pixel tags" (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online service, as well as being linked to such information from other sources.

—

Reach Measurement with CrazyStat

We integrate the CrazyStat tool from Christosoft (https://www.christosoft.de/). As part of CrazyStat's reach analysis, the following data is processed on the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online service in accordance with Art. 6 para. 1 lit. f. GDPR). GDPR, the following data is processed: the browser type and version you use and the operating system you use (user agent), your screen resolution and color depth, the date and time of the server request, the time you spend on the website and the external page from which you came to our online service (referrer). The user's IP address is anonymized before it is saved.

The information collected about your use of this website is only stored on our server and is not passed on to third parties.

Users can object to the anonymized data collection by the CrazyStat program at any time with effect for the future by activating the "Do-Not-Track" (DNT) option in their browser.

Depending on the browser, DNT is either a switch in the program settings or a module (add-on or plug-in) to be installed subsequently. If this option is activated, your browser signals to our web server that you do not wish to be tracked without your explicit consent. All tracking functions are then automatically deactivated on our server. This guarantees you the best possible data protection without you having to take any further actions regarding our website.

The procedure for activating the "do not track" option differs depending on the Internet browser you use. The following links show you the options in various browsers:

Mozilla Firefox: Anleitung zur Aktivierung von "Do not track" in den Programmoptionen
Microsoft Internet Explorer: Anleitung zur Aktivierung von "Do not track" in den Programmoptionen
Google Chrome: Anleitung zur Aktivierung von "Do not track" in den Programmoptionen
Apple Safari: Anleitung zur Aktivierung von "Do not track" in den Programmoptionen

—

Open Street Map

We use “OpenStreetMap” (OSM) on our contact page as a map service. The provider is the Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

When you visit a website on which OpenStreetMap is integrated, your IP address and other information about your behavior on this website is forwarded to the OSMF. OpenStreetMap may store cookies (see also note on cookies) in your browser for this purpose.

Your location may also be recorded if you have allowed this in your device settings, e.g., on your cell phone. The provider of this site has no influence on this data transmission. Details can be found in OpenStreetMap's privacy policy at the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

The use of OpenStreetMap enables us to present our online services in an appealing way and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest in accordance with Art. 6 para. 1 lit. f of the GDPR. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

—

HERE WeGo

On our logistics page, we have integrated a link to the “HERE WeGo” services from HERE Global B.V, c/o Privacy, Kennedyplein 222-226, 5611 ZT Eindhoven, Netherlands to create directions.

When you visit a website on which a link to HERE WeGo is integrated, your IP address and other information about your behavior on this website may be forwarded to HERE Global B.V. HERE WeGo may store cookies (see also note on cookies) in your browser for this purpose.

In addition, if you have allowed this in your device settings - e.g., on your cell phone - your location may be recorded. The provider of this site has no influence on this data transmission. For more details, please refer to the HERE WeGo privacy policy at the following link: https://legal.here.com/de-de/p..., Opt-Out: https://adssettings.google.com/authenticated.

The use of HERE WeGo serves the purpose of presenting our online services in an appealing manner and making it easy to find the locations we specify on the website. This constitutes a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing is carried out exclusively on the legal grounds of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

—

Our Social Media Presence

This privacy policy applies to the following social media sites:

Facebook: https://www.facebook.com/zerhusenkartonagen.de/?locale=de_DE
Instagram: https://instagram.com/zerhusen_kartonagen?igshid=MzRlODBiNWFlZA==
XING: https://www.xing.com/pages/zerhusenkartonagengmbh
LinkedIn: https://de.linkedin.com/company/zerhusen-kartonagen
Youtube: https://www.youtube.com/user/ZerhusenKartonagen/videos?app=desktop

—

Data Processing through Social Media Networks

We maintain publicly accessible profiles on social networks. You can find the social networks we use in detail below.

Social networks like Facebook, Twitter, etc. can usually analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In particular:

If you are logged into your social media account and visit our social media platform, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in it, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In an advertising profile, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

—

Legal Framework

Our social media profiles are intended to ensure the widest possible presence on the internet. This is a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal principles, which must be specified by the operators of the social networks (e.g., consent in accordance with Art. 6 para. 1 lit. a GDPR).

—

Responsible Party and the Assertion of Legal Rights

If you visit one of our social media platforms (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can exercise your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g., against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the company policy of the respective provider.

—

Data Retention Period

The data collected directly by us via the social media platform will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the respective social network provider directly (e.g., in their privacy policy, see below).

—

Social Networks at a Glance