Data protection declaration
in accordance with the GDPR

 

I. Name and address of responsible party

The responsible party in the sense of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

HK COSMETIC PACKAGING GmbH
Fabrikweg 3
96450 Coburg-Creidlitz
Deutschland
Tel.: +49 9561 240-0
E-Mail: info@hkoch.de
Website: www.hkoch.de

II. Name and address of the data protection officer

The data protection officer of the responsible party is:

datenschutz@hkoch.de

III. General information concerning data processing

1. Scope of the processing of personal information

We basically only process the personal information of our users if this is required to provide a functional web site and our content and services. The personal information of our users is processed at regular intervals only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons, and the processing of the data is permitted by law.

2. Legal basis for the processing of personal information

If we obtain the consent of the affected person for the processing of personal information, Article 6 Para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

If personal information that is required to fulfil a contract to which the affected person is a party is processed, Article 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are required to carry out pre-contractual measures.

If the processing of personal information is required to fulfil a legal obligation to which our company is subject, Article 6 Para. 1 lit. c GDPR serves as the legal basis.

If the vital interests of the affected person or another natural person require the processing of personal information, Article 6 Para. 1 lit. d GDPR serves as the legal basis.

If processing is required to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the affected person do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and storage duration

The personal information of the affected person will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data in order to conclude or fulfil a contract.

IV. Provision of the web site and the production of log files

1. Description and scope of the data processing

Whenever our web site is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

(1) Information about the type of browser and the version that was used
(2) The user’s operating system
(3) The user’s IP address
(4) Date and time of access
(5) Web sites from which the user’s system accesses our web site
(6) Web sites which are accessed by the user’s system from our web site

The data is also stored in the log files of our system. This data is not stored together with other personal information belonging to the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit.f GDPR.

3. Purpose of the data processing

Temporary storage of the IP address by the system is required to allow the web site to be delivered to the user's computer. In order to do this, the user's IP address must be stored for the duration of the session.

Storage in log files takes place in order to ensure the functionality of the web site. We also use the data to optimize the web site and ensure the security of our information technology systems. Evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit.f GDPR lies in these purposes.

4. Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for providing the web site, this is the case when the respective session has ended.

The log files are stored for 6 months. As soon as the log file reaches a size of 10 MB it is rotated, whereby IP addresses are anonymised so that assignment of the calling client is no longer possible.

5. Objection and removal option

The collection of the data for providing the web site and storing the data in log files is essential for operating the web site. As a result, the user cannot object.

VII. Plugins, embedded functions and content

We integrate functional and content elements into our online content which are obtained from the servers of their respective providers (henceforth referred to as "third-party providers"). These can be graphics, videos or city maps, for example (henceforth uniformly referred to as "content").

A prerequisite for integration is that the third-party providers of this content process the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required to display these contents or functions. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this web site. The pseudonymous information can also be stored in cookies on the user's device and contains technical information about the browser and the operating system, referring web sites, the time of the visit and other information about the use of our online content, among other things, and can also be linked to similar information from other sources.

• Types of data processed: Usage data (e.g. Web sites visited, interest in content and access times); Metadata/communication data (e.g. device information, IP addresses); Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Location data (information about the geographical location of a device or a person).
• Affected persons: Users (e.g. Web site visitors, online service users).
• Purposes of the processing: Provision of our online content and user-friendliness.
• Legal grounds: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

 

We integrate the following services:

(1) Google Maps:

We integrate the maps of the “Google Maps” service from Google. In particular, the processed data may include the IP addresses and location data of the users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Web site: https://mapsplatform.google.com/; Datenschutzerklärung: https://policies.google.com/privacy.

(2) Cookiebot

Our website uses the consent management technology from Cookiebot to obtain your consent for storing certain cookies on your device and for using certain technologies, in compliance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as "Cookiebot").

When you access our website, a connection is established to Cookiebot's servers to retrieve your consents and other declarations regarding cookie use. Following this, Cookiebot stores a cookie in your browser to be able to associate your given consents or any subsequent revocations. The data collected in this way will be stored until you request us to delete it, delete the Cookiebot cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.

The use of Cookiebot is necessary to obtain the legally required consents for the use of cookies. The legal basis for this is Article 6 (1) lit. c of the GDPR.

(3) Matomo

This website uses the open source web analysis service Matomo.

With the help of Matomo we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. anonymized IP address, referrer, browsers used and operating systems) and can measure whether our website visitors carry out certain actions (e.g. clicks, downloads, etc.).

The use of this analysis tool is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit . B. Device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

When analyzing with Matomo, we use IP anonymization. Your IP address is shortened before analysis so that it can no longer be assigned to you. We have configured Matomo so that Matomo does not store cookies in your browser and host Matomo exclusively on our own servers, so that all analysis data remains with us and is not shared.

VIII.

Rights of the affected person

The following list includes all of the affected person's rights in accordance with the GDPR. Rights that are not relevant for your own web site do not have to be mentioned. In this respect, the list can be shortened.

If your personal information is processed, you are the affected person in the sense of the GDPR, and you have the following rights vis-à-vis the person responsible:

1. Right to information

You can request confirmation from the person responsible as to whether we process personal information that relates to you.

If this is the case, you can request the following information from the person responsible:

• the purposes for which the personal information is processed;
• the categories of personal information that are processed;
• the recipients or the categories of recipients to whom the personal information relating to you has been disclosed or is still being disclosed;
• the planned duration of the storage of your personal information or, if specific information is not available, the criteria for determining the duration of storage;
• the existence of a right to correction or deletion of your personal information, a right to restrict processing by the person responsible or a right to object to this processing;
• You also have the right to complain to a supervisory authority;
• all available information about the origin of the data if the personal information is not collected from the affected person;
• the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and (at least in these cases) meaningful information about the logic involved and the scope and intended effects of such processing for the affected person.

You have the right to request information about whether your personal information is being transmitted to a third country or an international organization. In this respect, you can request to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transmission thereof.

In the case of data processing for scientific, historical or statistical research purposes:

This right to information can be restricted to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously impair it and the restriction is necessary for the fulfilment of the research or statistical purposes.

2. Right to correction

You have a right to correction and / or completion vis-à-vis the person responsible if the processed personal information concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

When processing data for scientific, historical or statistical research purposes:

Your right to correction can be restricted to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously impair it and the restriction is necessary for the fulfilment of the research or statistical purposes.

3. Right to restriction of processing

Under the following conditions, you can request restriction of the processing of your personal information:

• if you dispute the accuracy of the personal information concerning you for a period of time that enables the person responsible to check the correctness of the personal information;
• the processing is unlawful and you reject the deletion of the personal information and request that the use of the personal information be restricted instead;
• the person responsible no longer needs the personal information for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
• if you have objected to the processing in accordance with Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of your personal information has been restricted, this data (except for the storage thereof) may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the Union or a Member State.

If the processing restriction has been restricted in accordance with the above-mentioned conditions, you will be informed by the person responsible before the restriction is lifted.

When processing data for scientific, historical or statistical research purposes:

Your right to restriction of processing can be restricted to the extent that it is likely to make the implementation of the research or statistical purposes impossible or seriously impair it and the restriction is necessary for the fulfilment of the research or statistical purposes.

4. Right to cancellation

a) Obligation to delete

You can ask the person responsible to delete the personal information relating to you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

1. 1. The personal information relating to you is no longer needed for the purposes for which it was collected or otherwise processed.
   2. You revoke your consent on which the processing was based in accordance with Article 6 Para. 1 lit. a or Article 9 Para. 2 lit. a GDPR, and no other legal basis for the processing exists.
   3. You object to the processing according to Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 Para. 2 GDPR.
   4. The personal information concerning you has been processed unlawfully.
   5. The deletion of your personal information is necessary to fulfil a legal obligation under Union law or the law of the member states to which the person responsible is subject.
   6. The personal information relating to you was collected with regard to services available from the information society in accordance with Art. 8 Para. 1 GDPR.

b) Information to third parties

If the person responsible has made the your personal information public and is obliged to delete it in accordance with Art. 17 Para. 1 GDPR, he must take appropriate measures, including technical measures, taking the available technology and the implementation costs into consideration, for informing the person responsible for processing the personal information that you, as the affected person, have requested them to delete all links to this personal information or copies or replications of this personal information.

c) Exceptions

The right to deletion does not exist if processing is necessary

1. 1. to exercise the right to freedom of expression and information;
   2. to fulfil a legal obligation which requires processing in accordance with the law of the European Union or the Member States to which the person responsible is subject, or for the performance of a task that is in the public interest or exercising official authority that was vested in the party responsible;
   3. for reasons of public interest in the area of ​​public health in accordance with Art. 9 Para. 2 lit. h and i as well as Art. 9 Para. 3 GDPR;
   4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it, or
   5. to assert, exercise or defend legal claims.
      
      

5. Right to be informed

If you have asserted the right to the correction, deletion or restriction of processing against the person responsible, the person responsible is obliged to notify all recipients to whom your personal information has been disclosed of this correction or deletion of the data or restriction of processing, unless this turns out to be impossible or involves a disproportionate amount of effort.

You have the right vis-à-vis the person responsible to be informed about these recipients.

6. Right to data transfer

You have the right to receive your personal information which you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal information was provided, provided that

1. 1. the processing is based on consent in accordance with Article 6 Para. 1 lit. a GDPR or Article 9 Para. 2 lit. a GDPR or on a contract in accordance with Article 6 Para. 1 lit. b GDPR and
   2. the data was processed using automated processes.

In exercising this right, you also have the right to have the personal information relating to you transmitted directly from one person in charge to another person in charge, provided that this is technically feasible. This must not have a negative impact on the freedoms and rights of other people.

The right to data portability does not apply to the processing of personal information that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.

7. Right to object

For reasons that arise from your particular situation, you have the right to object at any time to the processing of your personal information, which is based on Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The person responsible will no longer process your personal information unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your personal information is processed in order to carry out direct mailing, you have the right to object at any time to the processing of your personal information for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal information will no longer be processed for these purposes.

In connection with the use of information society services (regardless of Directive 2002/58 / EC) you have the option of exercising your right to object by means of automated procedures in which technical specifications are used.

When processing data for scientific, historical or statistical research purposes:

For reasons that arise from your particular situation, you also have the right to object to the processing of your personal information for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR.

Your right to object can be limited to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously impaired and the restriction is necessary for the fulfilment of the research or statistical purposes.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of consent-based processing that is carried out up to the point of withdrawal.

9. Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision that was based exclusively on automated processing – including profiling – which has a legal effect on you or has a considerable negative effect on you in a similar way.

This does not apply if the decision

1. 1. is required for the conclusion or performance of a contract between you and the person responsible,
   2. is permissible on the basis of legal provisions of the Union or the member states to which the person responsible is subject, and these legal provisions contain appropriate measures for safeguarding your rights and freedoms and your legitimate interests, or
   3. takes place with your express consent.

However, these decisions may not be based on special categories of personal information according to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests .

With regard to the cases mentioned in (1) and (3), the person responsible must take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain intervention by a person on the part of the person responsible, to express their own point of view and contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal information is in violation of the GDPR.

The supervisory authority to which the complaint was submitted notifies the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

 

IX.

Definition of terms

This section provides you with an overview of the terms used in this data protection declaration. Many of the terms are of a legal nature, mainly defined in Art. 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are mainly intended for understanding. The terms are sorted alphabetically.

• Personal data: "Personal data" means any information which relates to an identified or identifiable natural person (henceforth referred to as "the affected person"); a natural person is regarded as identifiable if they can be identified directly or indirectly, particularly by means of assignment to an identifier such as a name, an identification number, location data, an online identifier such as a cookie or one or more special features which are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
• Profiles containing user-related information: The processing of "profiles containing user-related information", or "profiles" for short, includes any type of automated processing of personal data which consists of using this personal data to analyse, evaluate or predict certain personal aspects relating to a natural person such as interest in certain content or products, clicking behaviour on a web site or whereabouts (depending on the type of profiling, different information concerning demographics, behaviour and interests such as interaction with websites and the content thereof etc.). Cookies and web beacons are often used for profiling purposes.
• Range measurement: The range measurement (also referred to as Web Analytics) is used to evaluate the flow of visitors to online content, and can include behaviour or the visitor’s interest in certain information such as web site content. With the aid of the range analysis, web site owners can see the time when visitors visit their website and the content that they are interested in, for example. This allows them to adapt the content of the web site to the needs of their visitors in a better way, for example. Pseudonymous cookies and web beacons are often used for range analysis purposes in order to recognize returning visitors and therefore obtain a more accurate analysis of the use of online content.
• Location data: Location data is created when a mobile device (or another device which has the technical requirements for location determination) connects to a radio cell, a WLAN or similar technical go-betweens and location determination functions. Location data is used to indicate the geographically determinable position on the planet where the respective device is located. For example, location data can be used to display map functions or other location-dependent information.
• Tracking: “Tracking” is when user behaviour can be traced across several online offerings. Normally, behavioural and interest information regarding the online offerings that are used is stored in cookies or on the servers of the tracking technology providers (known as profiling). This information can then be used to show users advertisements that are likely to match their interests, for example.
• Person responsible: The "person responsible" is the natural or legal person, authority, institution or other body which decides on the purposes and means of processing personal data, either on their own or jointly together with others.
• Processing: "Processing" is any procedure or series of procedures carried out with or without the aid of automated processes in connection with personal data. The term is wide-ranging, and covers almost every kind of data handling, be it collection, evaluation, storage, transmission or deletion.

X. Changes and updates to the privacy policy

Please obtain regular updates about the content of our data protection declaration. The data protection declaration will be adapted as soon as the changes in the data processing that we carry out make this necessary. We will inform you as soon as the changes require your involvement (e.g. consent) or other individual notification. If we provide addresses and contact information for companies and organizations in this data protection declaration, please note that the addresses can change over time, and would recommend that you check the information before contacting us.

XI. Further Informationen for Download

Data Protection for Applicants
Information about data processing for customers, interested parties and suppliers