Data Protection Statement

1. Data protection at a glance

General information
The following information provides a simple overview of what happens with your personal data when you visit this website. Personal data are all data by which you can be personally identified. You can find extensive information on the topic of data protection in the Data Protection Statement provided below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the website operator's contact data in the "Responsible Party Information" section of this Data Protection Statement.

How do we collect your data?
Your data is collected primarily in that you communicate the data to us. This may involve data that you enter into a contact form.
Other data are collected by our IT systems automatically or following your consent while visiting the website. These are primarily technical data (e.g., internet browser, operating system, or time of day of the page view). These data are collected automatically as soon as you visit the website.

What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right at any time to receive information about the source, recipient, and purpose of your stored personal data at no charge. You additionally have a right to demand correction or deletion of these data. If you have granted a consent to data processing, you can revoke this consent at any time for the future. In addition, you have the right to demand restriction of the processing of your personal data under certain circumstances. In addition, you have a right to complain to the responsible supervisory authority.

You can contact us at any time about this or any other questions about data protection.

Analysis tools and tools from third-party providers
When you visit this website, your surfing behavior may be analyzed statistically. This is done primarily using what are called analysis programs.

Detailed information on these analysis programs can be found in the following Data Protection Statement.

2. Hosting and Content Delivery Networks (CDN)

DomainFactory
Our website is hosted by DomainFactory. The provider is DomainFactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning (hereinafter DomainFactory). When you visit our website, DomainFactory records various log files including your IP addresses.
Details can be found in DomainFactory's data protection statement: https://www.df.eu/de/datenschutz/. DomainFactory is used based on Art. 6 (1)(f) of the European General Data Protection Regulation (GDPR). We have a justified interest in the most reliable presentation of our website possible. Insofar as a corresponding consent was requested, the processing occurs exclusively on the basis of Art. 6 (1)(a) GDPR and Section 25 (1) of the Telecommunications and Telemedia Data Protection Act (TTDSG) insofar as the consent covers storage of cookies or access to information in users' terminal equipment (e.g., for device fingerprinting) within the meaning of the TTDSG. This consent is revocable at any time.

Order processing
We have concluded a contract for order processing with the provider listed above. This is a contract prescribed by data protection law that ensures that the provider only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

Cloudflare
We use the "Cloudflare" service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA ("Cloudflare"). Cloudflare offers a content delivery network with DNS that is distributed worldwide. Technically, the information transfer between your browser and our website is routed through Cloudflare's network. This puts Cloudflare in a position to analyze the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the internet. In this process, Cloudflare can also use cookies or other technologies to recognize internet users, which, however, are solely used for the purpose described here.
Using Cloudflare is based on our justified interest in providing our website as free of errors and as securely as possible (Art. 6 (1)(f) GDPR).
The data transfer to the U.S. is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.
Additional information on the topic of security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

3. General information and required information

Data protection
The operators of these pages take the protection of your personal data very seriously. We handle your personal data confidentially and in compliance with the legal data protection regulations as well as this Data Protection Statement.
Various personal data are collected when you use this website. Personal data are data by which you can be personally identified. The present Data Protection Statement explains which data we collect and what we use it for. It also explains how and for what purpose this happens.
We point out that data transfer on the internet (e.g., when communicating by e-mail) may have security weaknesses. Complete protection of the data from access by third parties is impossible.

Responsible Party Information

The responsible party for the data processing on this website is:

ETIMEX Primary Packaging GmbH
Martin-Adolff-Strasse 44
D-89165 Dietenheim
Telephone: +49 (0) 7347 67-0
E-Mail: info@etimex.de

The responsible party is that natural person or legal entity that decides, alone or together with others, on the purposes and means of processing of personal data (e.g., names, e-mail addresses, etc.).

Storage period
Insofar as no more specific storage period was specified within this Data Protection Statement, your personal data remain with us until the purpose for the data processing no longer exists. If you file a justified deletion request or revoke consent to data processing, your data will be processed as long as we have no other legally permitted reasons for storing your personal data (e.g., retention periods under tax law or trade law); in the latter case, deletion occurs after these reasons lapse.

General information on the legal basis for data processing on this website
Insofar as you have consented to the data processing, we process your personal data based on Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR insofar as special data categories are processed under Art. 9 (1) GDPR. In case of express consent to the transfer of personal data to third countries, the data processing additionally occurs based on Art. 49 (1)(a) GDPR. Insofar as you have consented to the storage of cookies or to access to information in your terminal equipment (e.g., using device fingerprinting), the data processing additionally occurs based on Section 25 (1) TTDSG. This consent is revocable at any time. If your data are necessary to perform the contract or to carry out pre-contractual measures, we process your data based on Art. 6 (1)(b) GDPR. In addition, we process your data insofar as this is necessary to perform a legal obligation based on Art. 6 (1)(c) GDPR. This data processing can also occur based on our justified interest according to Art. 6 (1)(f) GDPR. Information on the legal basis relevant in each individual case is provided in the following paragraphs of this Data Protection Statement.

Data Protection Officer
We have appointed a Data Protection Officer for our company.
Alexander Matzelsberger - Matzelsberger GmbH & Co. KG
Hämpfergasse 10
D-89073 Ulm
Telephone: +49 731 153 38 97
E-Mail: a.matzelsberger@matzelsberger.com

Information on data transfer to the USA and other third countries
Among other things, we use tools from companies with registered offices in the USA or other third countries that are not secure under data protection law. When these tools are active, your personal data may be transferred to these third countries and processed there. Please note that a data protection level comparable to that of the EU cannot be guaranteed in these countries. For example, US companies are obligated to release personal data to security agencies without it being possible for you as the affected party to take court action against it. It is therefore not possible to exclude the possibility that US agencies (e.g., intelligence services) will process, analyze, and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke a consent already granted at any time. The legality of the data processing occurring until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases as well as to object to direct advertising (Art. 21 GDPR)
WHEN THE DATA PROCESSING OCCURS BASED ON ART. 6 (1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO FILE AN OBJECTION TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS THAT RESULT FROM YOUR SPECIAL SITUATION; THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. THE INDIVIDUAL LEGAL BASIS ON WHICH ANY PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION STATEMENT. IF YOU FILE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN PROVE BINDING REASONS WORTHY OF PROTECTION FOR THIS PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED IN ORDER TO CARRY OUT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO FILE AN OBJECTION TO THE PROCESSING OF PERSONAL DATA RELATED TO YOU AT ANY TIME FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR PURPOSES OF DIRECT ADVERTISING (OBJECTION UNDER ART. 21 (2) GDPR).

Right to complain to the responsible supervisory authority
In case of violations of the GDPR, the affected party has a right to complain to a supervisory authority, particularly in the member state of your habitual residence, your workplace, or the place of the suspected violation. The right to complain exists notwithstanding other legal remedies under administrative law or from a court.

Right to data portability
You have the right to have data that we automatically process based on your consent or in performance of a contract provided to you or to a third party in a common machine-readable format. Insofar as you demand direct transfer of the data to another responsible party, this will only occur insofar as it is technically feasible.

SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transfer of confidential content such as orders or inquiries that you send to us as the website operator. You can recognize an encrypted connection in that the browser address bar changes from "http://" to "https://" and from the lock symbol in your browser bar. When the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Information, deletion, and correction
Within the framework of applicable statutory regulations, you have the right at any time to information at no charge about your stored personal data, its origin and recipients, and the purpose of the data processing, and possibly a right to correction or deletion of these data. You can contact us at any time about this or any other questions about personal data.

Right to restrict processing
You have the right to demand restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases:

If you contest the accuracy of your personal data stored by us, we normally need time to review this. You have the right to demand restriction of the processing of your personal data for the duration of the review.
If the processing of your personal data occurred or is occurring unlawfully, you can demand restriction of the data processing instead of deletion.
If we no longer need your personal data, but you need them to exercise, defend, or assert legal claims, you have the right to demand restriction of the processing of your personal data instead of deletion.
If you have filed an objection under Art. 21 (1) GDPR, it is necessary to weigh your and our interests. As long as whose interests outweigh the other has not been established, you have the right to demand restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data are only permitted to be processed—except for their storage—with your consent or to assert, exercise, or defend legal claims, or to protect the rights of another natural person or legal entity, or for reasons of an important public interest of the European Union or a member state.

4. Data collection on this website

Cookies
Our web pages use what are known as "cookies." Cookies are small text files and do not cause any damage to your terminal equipment. They are stored on your terminal equipment either temporarily for the length of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal equipment until you delete them yourself or your web browser automatically deletes them.

Cookies from third-party companies may sometimes also be stored on your terminal equipment if you access our site (third-party cookies). These cookies enable us or you to use specific services of the third-party companies (e.g., cookies for processing payment services).
Cookies have various functions. Numerous cookies are technically necessary since certain website functions would not work without them (e.g., the shopping cart function or display of videos). Other cookies are used to analyze user behavior or to display advertising.
Cookies that are necessary to perform the electronic communications process, to provide specific functions desired by you (e.g., for the shopping cart function), or to optimize the website (e.g., cookies to measure the web audience) (necessary cookies) are stored based on Art. 6 (1)(f) GDPR insofar as no other legal basis is indicated. The website operator has a justified interest in storing necessary cookies for technically faultless and optimized provision of its services. Insofar as consent to storage of cookies and comparable recognition technologies was requested, the processing occurs exclusively based on this consent (Art. 6 (1)(a) GDPR and Section 25 (1) TTDSG); this consent is revocable at any time.
You can set your browser so that you are informed when cookies are set, and only allow cookies on a case-by-case basis, exclude accepting cookies for specific cases or in general, as well as activate automatic deletion of cookies when the browser is closed. Deactivation of cookies may impair the functionality of this website.
Insofar as cookies are used from third-party companies or for analysis purposes, we will inform you separately thereof within the scope of this Data Protection Statement and possibly request consent.

Consent using CookieFirst
Our website uses the CookieFirst consent technology to obtain your consent to storage of specific cookies on your terminal equipment or to the use of specific technologies, and to document this consent in compliance with data protection. The supplier of this technology is Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018DH, Amsterdam, Holland (hereinafter "CookieFirst").
When you access our website, a connection to CookieFirst's servers is established in order to obtain your consents and other statements on cookie use. Subsequently, CookieFirst stores a cookie in your browser to be able to assign the granted consents or their revocation to you. The data recorded in this way are stored until you call on us to delete them, delete the CookieFirst cookie yourself, or the purpose for the data storage lapses. This shall be without prejudice to binding legal retention obligations.
CookieFirst is used to obtain the legally required consents to the use of cookies. The legal basis for this is Art. 6 (1)(c) GDPR.

Server log files
The provider of the pages automatically collects and stores information in what are known as server log files that your browser automatically transmits to us. These are as follows:

Browser type and browser version
Operating system used
Referring URL
Hostname of the accessing computer
Time of the server request
IP address

No combination of these data with other data sources is carried out.
The collection of these data occurs based on Art. 6 (1)(f) GDPR. The website operator has a justified interest in the technically faultless display and optimization of its website—the server log files must be collected for this purpose.

Contact Form
When you send inquiries to us using a contact form, your information from the inquiry form, including the contact data provided by you there, are stored by us for the purpose of processing the inquiry and for the possibility of follow-up questions. We do not forward these data without your consent.
The processing of these data occurs based on Art. 6 (1)(b) GDPR insofar as your inquiry is related to the performance of a contract or is necessary for carrying out pre-contractual measures. In all other cases, the processing is based on our justified interest in the effective processing of the inquiries directed to us (Art. 6 (1)(f) GDPR) or on your consent (Art. 6 (1)(a) GDPR) insofar as it was requested; this consent is revocable at any time.
The data you entered in the contact form remain with us until you call on us to delete them, you revoke your consent to storage, or the purpose of the data storage lapses (e.g., after processing of your inquiry has been completed). Binding statutory regulations—particularly retention periods—remain unaffected.
Inquiries by e-mail, telephone, or fax
If you contact us by e-mail, telephone, or fax, your inquiry including all of the personal data coming from it (name, inquiry) will be stored and processed by us for the purpose of processing your concern. We do not forward these data without your consent.
The processing of these data occurs based on Art. 6 (1)(b) GDPR insofar as your inquiry is related to the performance of a contract or is necessary for carrying out pre-contractual measures. In all other cases, the processing is based on our justified interest in the effective processing of the inquiries directed to us (Art. 6 (1)(f) GDPR) or on your consent (Art. 6 (1)(a) GDPR) insofar as it was requested; this consent is revocable at any time.
The data you sent to us through a contact inquiry remain with us until you call on us to delete them, you revoke your consent to storage, or the purpose of the data storage lapses (e.g., after processing of your concern has been completed). Binding statutory regulations—particularly statutory retention periods—remain unaffected.

5. Analysis tools and advertising

Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool with which we can integrate tracking or statistical tools and other technologies into our website. Google Tag Manager itself does not create any user profiles, does not store any cookies, and does not carry out any independent analyses. It merely serves to manage and output the tools that are integrated using it. However, Google Tag Manager does record your IP address, which may also be transmitted to Google's parent company in the United States.
Use of Google Tag Manager occurs based on Art. 6 (1)(f) GDPR. The website operator has a justified interest in rapid and uncomplicated integration and management of various tools on its website. Insofar as a corresponding consent was requested, the processing occurs exclusively on the basis of Art. 6 (1)(a) GDPR and Section 25 (1) of the Telecommunications and Telemedia Data Protection Act (TTDSG) insofar as the consent covers storage of cookies or access to information in users' terminal equipment (e.g., device fingerprinting) within the meaning of the TTDSG. This consent is revocable at any time.

Matomo
This website uses the Matomo open-source web analysis service. Matomo uses technologies that enable cross-page recognition of the user for analyzing user behavior (e.g., cookies or device fingerprinting). The information recorded by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.
Using Matomo, we are in a position to record and analyze data about the use of our website by visitors to the website. In this way, we can discover which page views were done when and which region they come from, among other things. We additionally record various log files (e.g., IP address, referrer, browser and operating system used) and can measure whether our website visitors carry out particular actions (e.g., clicks, purchases, etc.).
This analysis tool is used based on Art. 6 (1)(f) GDPR. The website operator has a justified interest in analyzing user behavior to optimize both its website as well as its advertising. Insofar as a corresponding consent was requested, the processing occurs exclusively on the basis of Art. 6 (1)(a) GDPR and Section 25 (1) of the Telecommunications and Telemedia Data Protection Act (TTDSG) insofar as the consent covers storage of cookies or access to information in users' terminal equipment (e.g., device fingerprinting) within the meaning of the TTDSG. This consent is revocable at any time.

Hosting
We host Matomo at the following third-party provider:
Piwik PRO SA
ul. św. Antoniego 2/4
0
50-073 Wrocław
PL

6. Plugins and tools

Google reCAPTCHA
We use Google reCAPTCHA (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA use is intended to verify whether the data input on this website (e.g., in a contact form) is done by a human or by an automatic program. reCAPTCHA analyzes the behavior of the website visitor for this purpose using various features. This analysis begins automatically as soon as the website visitor visits the website. To perform this analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, the website visitor's length of stay on the website, or mouse movements by the user). The data recorded during analysis are forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that analysis is occurring.
The data are stored and analyzed based on Art. 6 (1)(f) GDPR. The website operator has a justified interest in protecting its website from abusive automatic spying and from spam. Insofar as a corresponding consent was requested, the processing occurs exclusively on the basis of Art. 6 (1)(a) GDPR and Section 25 (1) of the Telecommunications and Telemedia Data Protection Act (TTDSG) insofar as the consent covers storage of cookies or access to information in users' terminal equipment (e.g., device fingerprinting) within the meaning of the TTDSG. This consent is revocable at any time.
Additional information about Google reCAPTCHA can be found in the Google data protection provision and the Google terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Data processing in case of job applications
The job application process on our website occurs using software for processing job application data from softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin ("softgarden"). softgarden processes the data on our behalf.
Additional information on softgarden and the purpose and scope of the data collection and processing within the framework of the job application process can be found in the data protection statement for the job application process, accessible at: https://etimex.softgarden.io/de/data-security.

7. Audio and video conferences

Data processing
We use online conference tools, among other things, to communicate with our customers. The specific tools that we use are listed below. When you communicate with us by video or audio conference via the internet, your personal data are recorded and processed by us and the provider of the specific conference tool.

The conference tools record all data that you provide/use to use the tools (e-mail address and/or your telephone number). In addition, the conference tools process the length of the conference, the beginning and ending (time) of participating in the conference, the number of participants, and other "context information" in connection with the communications process (metadata).
Furthermore, the provider of the tool processes all technical data necessary to handle the online communication. This particularly comprises IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, as well as the type of connection.
Insofar as content is shared, uploaded, or otherwise made available within the tool, these will likewise be stored on the tool provider's servers. Such content particularly includes cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information that is shared during use of the service.
Please note that we do not have complete influence on the data processing operations of the tools used. Our possibilities essential conform to the corporate policy of the individual provider. Additional information on data processing by the conference tools can be found in the data protection statements of each tool used, which we have listed below this text.

Purpose and legal basis
The conference tools are used to communicate with potential or existing contractual partners or to offer specific services to our customers (Art. 6 (1)(b) GDPR). In addition, use of the tools serves the general simplification and acceleration of communication with us or our company (justified interest within the meaning of Art. 6 (1)(f) GDPR). Insofar as consent was requested, the use of the relevant tools occurs based on this consent; this consent is revocable at any time effective for the future.
Storage period
The data directly recorded by us through the video and conference tools are deleted by our systems as soon as you call on us to delete them, revoke your consent to storage, or the purpose for the data storage lapses. Stored cookies remain on your terminal equipment until you delete them. This shall be without prejudice to binding legal retention periods.
We have no influence on the storage period of your data that are stored by the operators of the conference tools for their own purposes. To obtain details, please obtain information directly from the operators of the conference tools.
Conference tools used
We use the following conference tools:

Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Details on data processing can be found in the data protection statement from Microsoft Teams. https://privacy.microsoft.com/de-de/privacystatement.