Data Protection Information
General
With the following data protection information, we, PTS – Institut für Fasern & Papier gGmbH, Pirnaer Straße 37, 01809 Heidenau, as controller within the meaning of the General Data Protection Regulation (GDPR), explain which personal data we process when visiting our website and using our online services. The Telecommunications Digital Services Act (TDDDG) also applies to our side. We would like to draw your attention to the fact that, by default, all data transfers related to our website are carried out by means of an encrypted connection.
We reserve the right to occasionally adapt our data protection information so that it always complies with the current legal requirements or to represent changes in our services. We therefore advise you to read the data protection information regularly to keep up to date with the protection of the personal data we process.
Logging and creating logfiles
When accessing our website, a set of technical data is logged. This general data and information are stored in the server log files. Your IP address, browser recognition and domain, name of the retrieved file, date and time of retrieval, amount of data transmitted, and successful retrieval will be recorded in a log file. The processing of personal data is carried out for the purpose of making the website available and for correcting and clarifying acts of abuse or fraud based on a legitimate interest in accordance with the first subparagraph of Art. 6 Para. 1 subpara 1 lit. f) GDPR. The logfiles shall be deleted after seven days.
Use of local storage
We use the local browser memory on our website. It stores data locally in the cache (intermediate memory) of your browser, which will continue to exist and can be read even after the browser window has been closed or the program is terminated if it does not delete the cache. We use this repository based on § 25 Para. 1 TDDDG for the purpose of storing the selected zoom level. The data stored in the local browser memory cannot be accessed by third parties. They shall not be passed on to third parties.
Use of cookies
We use cookies on our website. Using a cookie, the information and offers on our website can be optimized for the benefit of the user. Cookies allow us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website.
Cookies are used on our website in connection with the following services:
| Cookie | Storage duration |
|---|---|
| _utmb | Closing |
| _ga | 14 months |
| _gid | 1 day |
| _utma | Closing |
| _utmz | Closing |
| IDE | 13 months |
| CONSENT | 14 months |
| _utmt | 10 mins |
| _gat | 1 minute |
| _utmc | 30 mins |
| FPID | 14 months |
| FPLC | 20 hours |
The cookies set by Google Analytics process your IP address, the date and time of your visit, the click path, device information including operating system, location information, pages visited, the so-called Referrer-URL, browser information including language settings and type, interaction data, user behavior, URLs visited, the name of the host and the cookie ID on our behalf to evaluate the use of our online offer, compile reports on the activities within our online offer and provide other services linked to the use of our online offer. It is also possible to create pseudonymized user profiles.
Via Google Tag Manager, tags can be integrated centrally via a user interface. Tags are small sections of the code that can follow activities. Google Tag Manager integrates script codes of other tools. The Day Manager makes it possible to control when a specific day is triggered.
Google Analytics is used exclusively by means of IP anonymization. All personal data processed shall be erased or fully anonymized after 14 months. For more information on Google’s use of data, how to set and object, see Google’s privacy statement, as well as the settings for Google’s display of advertising displays.
- Google Recaptcha, Google Ireland Limited – Captcha Service
To check and avoid interactions on our website through automated access via so-called bots, we use Google Recaptcha, a captcha service of Google Ireland Limited (“Google”), using European server locations. To achieve the stated processing purpose, the service will deposit a cookie for the duration of the query, send your input to Google and re-use it. By using the service, Google can therefore identify from which website a request is sent and from which IP address you use the so-called ReCAPTCHA input box. In addition to your IP address, Google may collect any other information necessary to offer and guarantee this service. To use Google ReCAPTCHA, we use the following cookies:
| Cookie | Storage duration |
|---|---|
| cookie | 5 months 27 days |
Since, based on the information available to us, it cannot be unequivocally ruled out that Google will combine the personal data processed in that connection with other Google data and use them, inter alia, for advertising purposes, we bind Google ReCAPTCHA solely based on your consent pursuant to the first subparagraph of Article 6 Para. 1 subpara 1 lit. a) GDPR. In accordance with point (a) of the first sentence of Article 49 Para. 1 GDPR, its declaration of consent expressly includes the possible worldwide transfer and processing of data by other Google LLC group companies. In this regard, we would like to make explicit reference to any risks, such as difficult enforcement of data protection rights.
Please refer to Google’s privacy statement for the purpose and scope of Google’s data processing, as well as your rights and settings to protect your privacy.
- YouTube, Google Ireland Limited – Presentation of video content
Within our website, we use the YouTube embedding function to display and reproduce YouTube videos with your consent pursuant to § 25 Para. 1 of the TDDDG in conjunction with Art. 4 Nr. 11 and Art. 7 GDPR. Your personal data will be processed in conjunction with your involvement based on your consent in accordance with the third subparagraph of Article 6 Para. 1 subpara 1 lit. a) GDPR. In accordance with point (a) of the first sentence of Article 49 Para. 1 GDPR, its declaration of consent expressly includes the possible worldwide transfer and processing of data by other Google LLC group companies. In this regard, we would like to make explicit reference to any risks, such as the extensive access rights of investigating authorities and the difficulty of enforcing data protection rights. We use the following cookies to use YouTube:
| Cookie | Storage duration |
|---|---|
| YEK | 13 months |
| CONSENT | 14 months |
| DEVICE_INFO | 5 months 26 days |
| remote_sid | Closing |
| test_cookie | 1 day |
| VISITOR_INFO1_LIVE | 6 months |
| YSC | Closing |
| PREF | 8 months |
| pm_sess | 30 mins |
| CGIC | 6 months |
| UULE | 6 hours |
By displaying the video content, the user’s IP address and other browser-related information (including URL and reputable video) and device information are transferred to Google. Moreover, by embedding the videos in the enhanced data protection mode, no further personal data will be processed. It is only by clicking on the video for view that additional information is sent to Google so that the video content can be presented. If you are logged in to YouTube as a user, Google assigns this information to your personal user accounts.
Please refer to Google’s privacy statement for the purpose and scope of Google’s data processing, as well as your rights and settings to protect your privacy.
We use the consent management platform (CMP) pursuant to § 25 of the TDDDG and in relation to the subsequent processing of data based on our overriding legitimate interest in making the website available in accordance with the first subparagraph of Article 6 Para. 1 subpara 1 lit. f) GDPR covers the service of Cookiebot, a service provided by Usercentrics GmbH. Cookiebot reviews our website for the cookies and similar technologies that we use. The results are then categorized according to the potential need for consent. In line with these categories, the CMP used will be displayed to you when visiting our page. After having managed your consent to the services we use on the CMP, Cookiebot stores your information so that we do not need to ask you again about the scope of your consent when visiting our website again. In this context, the IP address shall be processed in anonymized form, including geolocation, technical browser data, the current website URL, an individual user/consent ID, language settings and the type and timing of consent given. Our legitimate interest here is to ensure that the website is made available in accordance with data protection rules (storage of the options in the cookie banner, retention period: 1 year) and full technical functionality of the website (identification of registered users, retention period: Meeting). For the use of Cookiebot, a contract for the processing of orders pursuant to Article 28 of the GDPR was concluded with Usercentrics GmbH. In addition, the Cookiebot provider uses the US-based hosting provider Akamai Technologies, Inc. Data are transferred to Akamai Technologies, Inc. under standard data protection clauses pursuant to Article 46(2)(c) of the GDPR.
Services involved
- CleverReach, CleverRech GmbH & Co. KG – email
We attach a form box from our service provider CleverReach for the provision of our newsletter offer and e-mail. To provide the newsletter service, a contract for the processing of orders pursuant to Art. 28 of the GDPR was concluded with CleverReach.
Registration to the newsletter is always made in the context of your consent pursuant to Art. 6 Para. 1 subpara 1 lit. a) GDPR. To deliver the newsletter, we need only your e-mail address. We will send you a confirmation email to ensure that your information is correct and to verify your consent. Based on previous case law, we record your email address, IP address, date and time of registration and confirmation as part of the newsletter application.
Of course, you can withdraw your consent for the future at any time. To do so, please use the unsubscribed link that you will find at the end of each email notification from us. Following this, your personal email address will be deleted, and you will not receive any further e-mail notifications in the future.
- Microsoft Dynamics CRM, Microsoft Ireland Operations Limited – CRM
We use Microsoft Dynamics CRM from Microsoft Ireland Operations Limited on our page. This is Microsoft’s customer relationship management software. It is part of Microsoft Dynamics enterprise software applications. It is used for our customer data management and, in the specific case of our event management, including the registration and management of events. Your personal data are processed based on your consent pursuant to § 25 Para. 1 TDDDG and in relation to possible downstream data processing pursuant to Art. 6 Para. 1 subpara 1 lit.a) GDPR. We process your surname and first name, device information, company information, other information provided by you, registration and contact information.
In principle, data processing takes place in data centers within the EU/EEA. However, processing of your personal data in a third country under data protection law cannot be excluded. We have concluded an order processing contract with the supplier that meets the requirements of Art. 28 GDPR. In addition, in the case of data transfers to third countries under data protection law, the conclusion of standard data protection clauses pursuant to Art. 46 Para. 2 lit. c) GDPR provides appropriate safeguards for the protection of data subjects within the meaning of Art. 46 Para. 1) GDPR. In addition, Microsoft has extended its standard contractual clauses with further safeguards. In addition, Microsoft always uses state-of-the-art encryption. In this regard, we would like to make explicit reference to any risks, such as difficult enforcement of data protection rights. Microsoft must also comply with the self-imposed obligations under the former Privacy Shield Agreement or now the EU-U.S. Data Privacy Framework.
Contact form
A contact form is available on our website, which can be used for electronic contact. It is also possible to contact the contact details provided on the Impressum by e-mail. When contacting you, we process your personal data, in particular your name, e-mail address and request, as well as the IP address and the time of use to prevent and investigate abuse. The processing of the listed personal data shall be carried out based on legitimate interest in responding satisfactorily to contacts and requests in accordance with the first subparagraph of Art. 6 Para. 1 subpara 1 lit. f) GDPR or, in the case of requests for offers and contractual matters based on the contract or pre-contractual measures pursuant to the first subparagraph of Art. 6 Para. 1 subpara 1 lit. b) GDPR.
The personal data you provide will be treated confidentially by us, will be used exclusively for the handling of your case and will not be shared with Ditte, unless the nature of your request requires in the individual case. The personal data will be deleted once your request has been finally clarified or following an objection by you. The logged IP address and the time of contact shall be deleted after seven days. The periods of erasure described here apply only in so far as there are no statutory retention periods that preclude erasure.
Social media presences
To actively communicate with users and provide information about our work, we have several different social media presences, partly under joint responsibility with the social networking operators listed below.
In the context of the user-based use of our presences on the social networks listed below, we would like to point out that users’ personal data may also be processed by social network operators outside the European Union and outside the European Economic Area. For users, this may result in possible risks, such as difficulties in the enforcement of data protection rights. At the same time, however, we would like to point out that, if the social network operators support this, we are working towards the conclusion of joint responsibility agreements pursuant to Art. 26 GDPR and standard data protection clauses pursuant to Art. 46 Para. 2 lit. c) GDPR.
We would also like to draw attention to the fact that users’ personal data are usually processed by social network operators for their own market research and advertising purposes. Any user profiles generated by usage behavior can be used to present ads that are tailored to interests also outside social networks. To this end, social network operators usually place cookies on users’ computers, so that device information, usage behavior and user interests can be processed even if the user does not have a profile on the network. Please refer to the privacy information and further information provided by the relevant social networking operators, which we have linked for you below, for further information on this issue and on any possible objection.
As regards the processing of personal data, the following shall also apply:
Categories of data processed
Categories of data processed include inventory data (e.g. names), contact details (e.g. email addresses), content data (e.g. texting), usage data (e.g. interest in content) and meta and communication data (e.g. device information and IP addresses).
Purpose and legal basis of the processing operation
Data processing is carried out to the extent that these are subject to our responsibility for the purposes of information provision, communication, marketing and scope measurement. The operation of social media presences is based on a legitimate interest in accordance with the first subparagraph of Art. Para. 1 subpara 1 lit. f) GDPR, where the interests in question derive from the above-mentioned purposes.
Storage duration
The categories of data we process are stored only within the relevant social network. In most cases, we have no influence on the specific retention period, as these are determined by the providers of social networks. Information on this can be found in the provider’s data protection notice. If the retention period can be influenced by us in individual cases, deletion is carried out after fulfilment of the purpose, in compliance with the legal retention obligations.
Services and service providers used by us and network-specific information
Please find below the services and service providers that we use, as well as network-specific information, identifying the relevant EU/EEA responsible bodies and those outside. We do not send any additional data.
Instagram, Meta Platforms Ireland Limited /Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
- LinkedIn, LinkedIn Ireland Unlimited Company /LinkedIn Corporation, 1000 W. MAUDE Avenue, Sunnyvale, CA 94085 USA
- YouTube, Google Ireland Limited /Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Twitter, Twitter International Company /Twitter Inc., 1355 Market Street, San Francisco, CA 94103, USA
- Xing/Kunu, New Work SE
Use of Microsoft Teams
We use the Microsoft Teams collaboration system to organize teleconferences, online meetings and videoconferencing (hereafter: “Online meetings”). Microsoft Teams is a service provided by Microsoft Corporation, which is based in the United States. Different types of data are processed when Microsoft Teams are used. The scope of the data also depends on what data you do before or when participating in an online meeting’. Categories of data types concerned may include user details (first name, last name, telephone, email address, etc.), meeting metadata (e.g. topic, description, subscriber IP addresses, device/hardware information, access times) and content data (e.g. text, audio and video data). If necessary for the purpose of recording results of an online meeting, we will log the chat content. However, this will normally not be the case.
We process your data in the context of the performance of the contract in accordance with the first subparagraph of Art. Para. 1 subpara 1 lit. b) GDPR. If there is no contractual relationship, we process your data based on Art. Para. 1 subpara 1 lit. f) GDPR. We have a legitimate interest in the effective organization of our online meetings. Personal data processed in the context of participation in online meetings will not, in principle, be disclosed to third parties, unless they are specifically intended for sharing. The supplier of Microsoft Teams becomes aware of the above data in so far as it is provided for in the contract processing contract with Microsoft Corporation.
Microsoft Teams is a service provided by a US provider. In principle, data processing takes place in data centers within the EU/EEA. However, processing of your personal data in a third country under data protection law cannot be excluded. We have concluded an order processing contract with the supplier that meets the requirements of Art. 28 GDPR. In addition, in the case of data transfers to third countries under data protection law, the conclusion of standard data protection clauses pursuant to Art. 46 Para. 2 lit. c) GDPR provides appropriate safeguards for the protection of data subjects within the meaning of Art. 46 Para. 1 GDPR. In addition, Microsoft has extended its standard contractual clauses with further safeguards. In addition, Microsoft always uses state-of-the-art encryption. In this regard, we would like to make explicit reference to any risks, such as difficult enforcement of data protection rights. Microsoft must also comply with the self-imposed obligations under the former Privacy Shield Agreement or now the EU-U.S. Data Privacy Framework.
Use of zoom
We also use ‘Zoom’ to organize our online meetings. This is a service provided by Zoom Video Communications, Inc, which is based in the United States. In so far as they access the ‘Zoom’ website, the provider of ‘Zoom’ is the data controller. However, a visit to the website is necessary for the use of ‘Zoom’ only to download the ‘Zoom’ software.
When using “Zoom”, we process different types of data. The scope of the data also depends on what data you do before or when participating in an online meeting. Categories of data types concerned may be: User details (first name, last name, phone, e-mail address, etc.), meeting metadata (e.g. topic, description, subscriber IP addresses, device/hardware information, access times), content data (e.g. text, audio and video data including screen releases and document uploads). To participate in an online meeting or to enter the meeting room, you must at least provide information on your name. To allow the display of video and the reproduction of audio, the data will be processed accordingly during the meeting period from the microphone of your terminal device and from any video camera of the terminal device. You can switch off the camera or microphone yourself using the “zoom” apps at any time. We process these categories of data for the purpose of conducting our online meetings. You also have the possibility to use the chat feature in online meetings. In this respect, the texts you have made are processed to display them in online meetings, to discuss questions and answer questions or to process comments. If necessary for the purpose of recording results of an online meeting, we will log the chat content. However, this will normally not be the case. We may record our online meetings. If records are made, this shall be communicated in advance in a transparent manner. A record will only be made with the explicit consent of all participants concerned. Automated decision-making within the meaning of Art. 22 GDPR is not used.
We process your data in the context of the performance of the contract in accordance with the first subparagraph of Art. Para. 1 subpara 1 lit. b) GDPR. If there is no contractual relationship in connection with the use of ‘Zoom’, but its implementation is nevertheless necessary for the purposes referred to above, we process your data based on Ar. Para. 1 subpara 1 lit. f) GDPR. We have a legitimate interest in the effective organization of our online meetings. In so far as the online meeting is recorded, we base this on the consent of the subscribers concerned in accordance with the first subparagraph of Art. Para. 1 subpara 1 lit. a) GDPR.
Personal data processed in the context of participation in online meetings are not, in principle, disclosed to third parties, unless they are specifically intended for disclosure. The provider of ‘Zoom’ necessarily becomes aware of the above data in so far as this is provided for in our contract processing contract with Zoom Video Communications, Inc.
‘Zoom’ is a service provided by a US provider. The processing of personal data is thus also carried out in a third country. We have concluded an order processing contract with the provider of ‘Zoom’. An adequate level of data protection is guaranteed by the conclusion of the EU standard contractual clauses pursuant to Art. 46 Para. 2 lit. c) GDPR. Zoom must also comply with the self-imposed obligations under the former Privacy Shield Agreement or now the EU-U.S. Data Privacy Framework.
We process and store your data for as long as it is necessary to fulfil the above-mentioned purposes, in particular contractual and legal obligations. If the data are no longer necessary for the purposes, they shall be erased on a regular basis, unless their further processing is necessary for a limited period (interference with legal retention periods). If you are registered as a user in ‘Zoom’, then online meetings (meeting metadata, questions & answers in webinars, etc.) can be saved in ‘Zoom’ for up to one month.
Processing of candidate data
If you apply to us, we process the information you receive during the application process, such as motivation letters, CVs, certificates, correspondence, telephone or oral information, or use our contact form made available on the website. In addition to your contact details, it is relevant for us to provide information on your education, qualification, work experience and skills.
Your data will initially be processed solely for the purpose of conducting the application procedure. If your application is successful, they will be used as part of your personal file and will be used to carry out and terminate the employment relationship and will be deleted in accordance with the rules applicable to personal files. Should you withdraw your application, we will of course delete your data. Please note that any false statement or omission may lead to a cancellation or subsequent contestation of the employment contract.
The legal basis for data processing in the application procedure and as an integral part of the personal file is Art. 88 Para. 1 GDPR in conjunction with the first sentence of § 26 Para. 1 BDSG and, in so far as you have given consent, for example by sending information not necessary for the application procedure, your consent pursuant to Art. 88 Para. 1 GDPR in conjunction with § 26 Para. 2 BDSG and Art. 7 GDPR. You may also withdraw your consent at any time with effect for the future. The data concerned will then be deleted immediately. In this case, please send your withdrawal to career@ptspaper.de, indicating your full name and e-mail address. Deletion may be replaced by blocking the data in the cases provided by law.
Please note that CVs, certificates or other data you submit for the purpose of applying may also contain special categories of personal data within the meaning of Art. 9 Para. 1 GDPR. We do not normally require special categories of personal data for the application process. We would ask you not to provide us with such information from the outset. Exceptionally, if such information is relevant to the application process, we process it together with your other candidate data. This may concern, for example, information about a severe disability that you can provide us voluntarily and which we will then have to process to fulfil our specific obligations regarding severely disabled people. In such cases, the processing is for the exercise of rights or the fulfilment of legal obligations arising from labour law, social security law and social protection. The legal basis for data processing is Art. 9 Para. 2 lit. b) GDPR in conjunction with § 26 Para. 3 BDSG.
The data submitted will be deleted if you withdraw your application (withdrawal to career@ptspaper.de) or if we cannot offer you a vacancy, at the earliest three months after the closure of the application procedure. This does not apply if legal provisions prevent erasure or if further retention is necessary for the purpose of evidence, or if you have consented to a longer retention.
Links to other websites
Our website contains links to other websites, known as external links. We have no influence on the compliance of operators of other websites with data protection rules. Please note that by clicking on a link from another website, you will be subject to other data protection rules. We have no influence on the processing of data there. External links are identified as such in accordance with § 19 Para. 3 TTDSG.
Section: Use of service providers to make the website available
In order to make the website available, we call on us to identify which personal data are processing on behalf of the controller or which cannot exclude access to personal data. We have concluded contract processing contracts with all these service providers in accordance with Art. 28 GDPR. In addition to the above-mentioned service providers, this is WebIT! Gesellschaft für Neu Medien mbH (technical care).
Data subjects’ rights and contact with the Data Protection Officer
Data subjects may at any time request access to personal data relating to them and, where appropriate, rectification, erasure or restriction of processing, or object to processing. There is also a right to data portability in their favor. In addition, if data processing is carried out based on consent, it may be withdrawn at any time for the future. To exercise your rights, please do not hesitate to contact our Data Protection Officer, Dresdner Institute for Data Protection at datenschutz@ptspaper.de (more contact details at www.dids.de). Furthermore, under Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if the processing of personal data is presumed to be unlawful.