Wir verwenden Cookies We use cookies

Wir verwenden Cookies, um Ihre Nutzererfahrung auf unserer Webseite zu verbessern, Inhalte und Werbung zu personalisieren sowie die Nutzung der Webseite zu analysieren. Einige Cookies werden auch von Drittanbietern verwendet, um soziale Medien Funktionen anzubieten und die Zugriffe zu analysieren. Weitere Informationen zu den verwendeten Cookies finden Sie in unserer Datenschutzerklärung

Sie können Ihre Entscheidung im Nachhinein unten rechts auf der Seite widerrufen.
We use cookies to improve your user experience on our website, to personalize content and advertising, and to analyze website usage. Some cookies are also used by third parties to provide social media features and analyze traffic. Further information about the cookies used can be found in our Privacy

You can revoke your decision afterwards at the bottom right of the page.
Revoke cookie agreementCookie-Entscheidung widerrufen
Pfleiderer Spezialpapiere - Teisnach
    
Think
     Paper
Since
1881
Textfeld für grünes Feld in Übersichten:
(nur ausfüllen, wenn auf der Übersichtsseite ein grünes Feld erscheinen soll).

Information obligation according to Art. 13 and Art. 14 GDPR for customers

The protection of your data and transparency about its processing is a very high priority for us. Therefore, we comply with our duty to inform about the circumstances of processing according to Art. 13 and Art. 14 General Data Protection Regulation (GDPR).

From the processing of your personal data, the following rights arise for you:

  1. Right to information (see Art. 15 GDPR)

  2. Right to rectification (see Art. 16 GDPR)

  3. Right to erasure (see Art. 17 GDPR)

  4. Right to restriction of data (see Art. 18 GDPR)

  5. Right to object (see Art. 21 GDPR)

  6. Right to data portability (see Art. 20 GDPR)

Right to withdraw: If the processing is based on Art. 6 GDPR paragraph 1 letter a or Art. 9 GDPR paragraph 2 letter a, you have the right to withdraw your consent at any time. Data processed so far remains unaffected by the withdrawal.

Contact details of the data protection officer: Datenbeschützerin GmbH, Unterer Sand 9, 94209 Regen, Phone: 09921 88 22 9000, Email: pfleiderer.dsb@datenbeschuetzerin.de

You have the right to complain to a supervisory authority if you believe that the processing of your personal data is unlawful.

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Telephone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-Mail: poststelle@lda.bayern.de

The responsible body for data processing is:

Pfleiderer Teisnach GmbH & Co.KG
Represented by: Rainer Koder und Andreas Noack (Managing Director)
Adolf-Pfleiderer-Straße 19
D-94244 Teisnach

Telephone: +49 9923 / 29-0
E-Mail: info@pfleiderer-spezialpapiere.de

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Data transfer to third countries (countries outside the European Economic Area - EEA) only takes place if it is necessary for the execution of the service contract or if you have given us your consent or if it is otherwise legally permissible. In this case, we take measures to ensure the protection of your data, for example through contractual arrangements. We only transfer to recipients who ensure the protection of your data according to the provisions of the GDPR for transfers to third countries (Art. 44 to 49 GDPR).


1. Communication

To contact you, we write you an email with further information to process your request, your order, or within the framework of our general business relationship. For this purpose, your email address, the email content, and the history of the communication are recorded. Furthermore, we may contact you at the phone number stored with us.

The processing of the data is based on the fulfillment of the contract according to Art. 6 paragraph 1 letter b GDPR, which allows the processing of data for the fulfillment of a contract or pre-contractual measures (customer relationship, contracts with business partners, authorities, employees).

Data is only shared if it is agreed with you or necessary for the current business transaction.

Your data is stored on our systems within the framework of the statutory retention obligation.


2. Contact and address management

To manage all contact information of business partners and customers, we store the contacts in our Navision system, in which name, if applicable, contact person, address, phone number, mobile number, and email address are stored.

The data collection is based on a legitimate interest according to Art. 6 paragraph 1 letter f GDPR to organize and manage contact information of customers and business partners.

Only our employees have access to this system.

Your contact data is stored in our system for the duration of the business relationship and beyond for one year.


3. Head office, visitor management

Distribution of incoming mail to the respective departments, persons. Personal letters are delivered unopened. Acceptance of central calls and forwarding. Reception of visitors and recording in a visitor list to have an overview of which external persons are on the premises.

For this purpose, we collect the following data from you: name of the employee, name of the business partner, attendance times of the visitor, signature of the visitor.

The data collection is based on a legitimate interest according to Art. 6 paragraph 1 letter f GDPR to allow only authorized persons on the premises.

Data is only shared if it is agreed with you or necessary for the current business transaction.

Your data is stored on our systems within the framework of the statutory retention obligation.


4. Video monitoring system

Data is recorded by video cameras at the gates to ensure that only authorized trucks and cars enter the premises. Trucks and cars are monitored, but in individual cases, people may also be visible in the transmission.

Data is recorded by video cameras at the entrance area of the company premises to provide evidence for the prosecution authority in case of trespassing.

The processing of the data is based on a business purpose according to Art. 6 paragraph 1 letter f GDPR. The responsible entity has a legitimate interest in regulating access to the premises and preventing or detecting crimes.

Access to video surveillance is granted to reception staff and logistics. The video material is deleted after one week.


5. Guest WiFi

We offer our guests the possibility of internet access. For this purpose, you receive access to our guest WLAN. You receive access by asking the managing director.

Your name and protocol data are stored in our system.

The use of the WLAN is based on voluntary consent according to Art. 6 paragraph 1 letter a GDPR.

You can withdraw your consent at any time without formalities. However, this will result in you no longer being able to use internet access.

Data is only shared if it is agreed with you or necessary for the current incident.

The protocol data is stored for three months and then deleted from the system.


6. Application

Your applications are sent to the HR department (by post or email). These are forwarded to the appropriate departments. After hiring, the data is entered into our personnel management software, and you are registered as a user in the IT systems. Applications are returned if no employment relationship is established. If applications are retained, you must actively agree that we may keep your documents. If you do not give us your consent, your data will be deleted after 6 months.

We store your application documents (resume, cover letter, certificates, etc.).

Data is only forwarded to internal departments that are needed for the application process.

The processing is based on a pre-contractual measure for the employment contract according to Art. 6 paragraph 1 letter b GDPR.


7. Order processing and handling, complaints

To process your order or your request or complaint, we collect personal data from contact persons (name, address, email address, phone number, mobile number) and store them in our Navision system.

For new customers, an additional sanctions check is carried out via various internet portals or the Chamber of Commerce.

The processing is based on a contract or pre-contractual measure according to Art. 6 paragraph 1 letter b GDPR.

Data is forwarded internally to the necessary departments and, if necessary, to external parties (e.g., shipping service providers/business partners/subcontractors) to further process the order.

Data is stored within the framework of the statutory retention obligations.


8. Ordering and shipping

To order and ship, personal data is collected to assign the goods to the customers. For direct orders through us, you receive a delivery note created by us. For the processing of the shipment, your data (name, address) is transmitted to the commissioned forwarding agent.

The processing is based on a contract or pre-contractual measure according to Art. 6 paragraph 1 letter b GDPR.

Data is forwarded to internal departments as well as to the commissioned forwarding agent and the responsible customs authority.

Data is stored within the framework of the statutory retention obligations.


9. Product Information / Advertising

We regularly send our customers information and news about products and the service offer. For this purpose, only your already existing data such as name, address, postal code, and location or email address are used.

Your data is processed by us based on a legitimate interest according to Art. 6 paragraph 1 letter f GDPR. The responsible entity has a legitimate interest in informing its customers about new technologies, application procedures, product innovations, or service offers. Sending information and advertising is allowed to our existing customers.

If you do not wish to receive advertising, you can object to the further use of your data for advertising purposes at any time by message (email, post).


10. Satisfaction survey / customer feedback

To measure and evaluate customer satisfaction (e.g., for product quality, price-performance ratio, delivery punctuality, response times, and other service criteria), we send our customers a satisfaction survey. For this purpose, we use your name and email address.

Your data is processed by us based on a legitimate interest according to Art. 6 paragraph 1 letter f GDPR. The responsible entity has a legitimate interest in determining and improving customer satisfaction through surveys. Sending the survey is allowed to our existing customers.

If you do not wish to receive surveys, you can object to the further use of your data for advertising purposes at any time by message (email, post).


11. Trade fair management / contacting

At the trade fair, you can provide us with the following data: company, name of the contact person, address, phone number, email address. Your data is stored in our system and used after the trade fair for contacting and discussing offers and their dispatch.

The processing is based on a contract or pre-contractual measure according to Art. 6 paragraph 1 letter b GDPR.

Your data is not forwarded. If no business relationship is established, your data will be deleted.


12. Financial accounting

To process financial accounting, we have mapped a process in our IT systems within the company. In the course of the process, personal data of contact persons or invoice information may be processed (name, address, email address, phone number, mobile number).

The processing is based on a legal requirement according to Art. 6 paragraph 1 letter c GDPR. The processing is necessary to fulfill a legal obligation to which the responsible entity is subject (principles of proper accounting).

Data is forwarded to our responsible tax advisor and auditor.

Data is stored within the framework of the statutory retention obligations.


13. Sanctions list check

We conduct a check of business partners and customers against national and international sanctions lists to ensure that no business relationships exist with sanctioned persons or organizations. New customers from sensitive countries are reported to customs beforehand.

For the check, name, address, date of birth, nationality, and other identification markers are compared and checked.

The processing is based on a legal requirement according to Art. 6 paragraph 1 letter c GDPR. The processing is necessary to fulfill a legal obligation to which the responsible entity is subject.

Data is transmitted to customs or through the Chamber of Commerce.

Data is deleted 5 years after the end of the business relationship.


14. Credit check

When purchasing on account or another payment method where we make an advance payment, we may conduct a credit check procedure (scoring). For this purpose, we transmit your entered data (e.g., name, address, age, or bank details) to a credit agency. Based on this data, the probability of a payment default is determined. In case of an excessive payment default risk, we may refuse the respective payment method.

The credit check is carried out based on the fulfillment of the contract (Art. 6 paragraph 1 letter b GDPR) and to avoid payment defaults (legitimate interest according to Art. 6 paragraph 1 letter f GDPR).

Your data is transmitted to the responsible credit agency Creditreform and Coface. Further information on data protection from Creditreform and Coface can be found at: https://www.creditreform.de/datenschutz.Informationen and https://www.coface.de/Home/Allgemeine-Informationen/Datenschutz.


15. Dunning

In case of outstanding claims, these are dunned and, in case of non-payment, transmitted to service providers (lawyer, collection agency). For this purpose, name, address, and the amount of the outstanding claim are required.

The processing is based on a contract or pre-contractual measure according to Art. 6 paragraph 1 letter b GDPR.

Data is forwarded to the service provider (lawyer, collection agency, etc.).

Data is stored within the framework of the statutory retention obligations.


16. Paper document disposal, files and data media

The destruction of no longer required paper documents and data carriers containing personal data is carried out. This ensures compliance with deletion periods after the retention period.

All data from the customer relationship may be contained on the documents and paper carriers.

The processing of the data is based on a legal requirement according to Art. 6 paragraph 1 letter c GDPR, the processing is necessary to fulfill a legal obligation to which the responsible entity is subject.

Data is forwarded to the certified disposer commissioned by the responsible entity for destruction and disposal.

Data is not stored.


17. Video conference tools

17.1 Data processing

For communication with our customers, we use online conference tools, among others. The tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data is recorded and processed by us and the provider of the respective conference tool.

The conference tools record all data you provide/use to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants, and other "context information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required for the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and type of connection.

If content is exchanged, uploaded, or otherwise provided within the tool, it is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy statements of the tools we use, which are listed below.

17.2 Purpose and legal bases

The conference tools are used to communicate with prospective or existing contract partners or to offer certain services to our customers (Art. 6 paragraph 1 sentence 1 letter b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest in the sense of Art. 6 paragraph 1 letter f GDPR). If consent has been requested, the use of the respective tools is based on this consent; the consent can be withdrawn at any time with effect for the future.

17.3 Duration of storage

The data directly recorded by us via the video and conference tools are deleted from our systems as soon as you request us to delete them, withdraw your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage duration of your data stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

17.4 Used conference tools

We use the following conference tools:

17.4.1 Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the privacy statement of Microsoft Teams: https://www.microsoft.com/de-de/privacy/privacystatement.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards in data processing in the USA. Every company certified according to the DPF commits to comply with these data protection standards. For further information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active.


18. File exchange via Cryptshare

For file exchange with our customers, we use the Cryptshare service.

Cryptshare enables us to exchange documents and files with you. When you upload content, it is stored on the servers of Cryptshare.

The use of Cryptshare is based on Art. 6 paragraph 1 letter f GDPR. The responsible entity has a legitimate interest in a reliable exchange system for data and documents.

Data is stored for the duration of the business relationship.


19. Communication via WhatsApp

For communication with our customers and other third parties, we use the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from accessing the communication content. However, WhatsApp has access to metadata generated during the communication process (e.g., sender, recipient, and time). We also point out that WhatsApp, according to its own statement, shares personal data of its users with its parent company Meta, which is based in the USA. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in the fastest and most effective communication possible with customers, prospects, and other business and contract partners (Art. 6 paragraph 1 letter f GDPR). If consent has been requested, data processing is carried out exclusively based on consent; this can be withdrawn at any time with effect for the future.

The communication content exchanged between you and us on WhatsApp remains with us until you request us to delete it, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards in data processing in the USA. Every company certified according to the DPF commits to comply with these data protection standards. For further information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/7735.


20. Data protection management

You can contact the external data protection officer at any time by E-Mail at pfleiderer.dsb@datenbeschuetzerin.de or by telephone on 09921 88 22 9000.

Your name, reason for the request, facts, and possibly data of the affected person stored in the system are collected and stored.

The processing of the data is based on the fulfillment of the contract according to Art. 6 paragraph 1 letter b GDPR, which allows the processing of data for the fulfillment of a contract or pre-contractual measures (service contract, employment contract).

Information is only shared with your consent.

Your personal data will be stored as long as needed for the purpose. Statutory retention obligations remain unaffected.

Copyright © 2016 PFLEIDERER. All rights reserved.