Welcome! Unfortunately, your browser is no longer supported. To use the full functionality of the site, we recommend that you use the latest version of Microsoft Edge, Firefox, Safari or Chrome, for example.

Select language

Data privacy statement for the cottano-vliestex website (www.cottano-vliestex.de)

The protection of your privacy during the collection, processing and use of personal data when you visit our website is very important to us. Your data are protected as required by law. This Privacy Statement explains which personal data we process on this website and how we use it in accordance with Article 13 of the EU’s General Data Protection Regulation (GDPR).

1. Data Protection Overview

General information

The following information provides a brief overview of what happens with your personal data when you visit this website. Personal data is any data that makes it possible to personally identify you. More detailed information regarding data protection can be found in our Privacy Notice below.

Data controller information

The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g. names, email addresses, etc.).

The data controller responsible for processing data on this website is:

Cottano Vlieswerk GmbH and PMG Vliestex GmbH are part of the concern run by parent company Coroplast Fritz Mueller GmbH & Co. KG.

 

Please contact our central data protection email at [email protected] for any data protection queries. Alternatively, please contact the company responsible for your data directly. Our contact details are listed below.

 

Cottano Vlieswerk GmbH
Langulaer Weg 2, 99974 Mühlhausen, Thuringia, Germany

Telephone: +49 36 02 3 / 531-0
Email: [email protected]

 

PMG Vliestex GmbH
Am Lehngut 9
9128 Chemnitz, Germany

Telephone: +49 37 26 / 78 46-0
Email: [email protected]

 

For technical issues regarding the website, you may also contact Coroplast Fritz Müller GmbH & Co. KG at [email protected].

For the sake of readability, these data controllers will hereinafter be referred to in the singular (“data controller”).

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details are available in the “Data controller information” section of this Privacy Notice.

How do we collect your data?

We collect the data that you provide to us. This may include data that you enter in a contact form, for example.

Other data is automatically collected by our IT systems when you visit our website or when you consent to it. This is primarily technical data (e.g. browser, operating system or the time a page was visited). This data is collected automatically as soon as you enter this website.

For what purpose do we use your data?

Some of the data is collected to ensure users can use the website without errors. Other data may be used to analyze your user behavior.

What are your rights regarding your data?

You have the right to receive information about the source, recipients and purpose of your stored personal data at any time, free of charge. You also have the right to request your data be rectified or erased. If you grant consent to your data being processed, you may revoke this consent at any time with future effect. In addition, under certain circumstances, you have the right to request that the operator restrict the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You may contact us at any time should you have any questions relating to data protection or how your data is handled.

Analytical tools and third-party provider tools

When you visit this website, we may use statistical analysis to analyze your browsing behavior. This is mainly done using what is known as analytics software.

Detailed information on this analytics software can be found in the Privacy Notice below.

2. Hosting

We use the following hosting provider for our website content:

Third-party hosting

This website is hosted by a third party. Personal data collected on this website is stored on the host’s (or hosts’) servers. In particular, this may include IP addresses, contact requests, metadata, communication data, contractual data, contact details, names, website access information and other information generated by a website.

We use third-party hosting for the purpose of fulfilling our contractual obligations to existing and potential customers (Article 6 Paragraph 1(b) GDPR) and in the interest of running a secure, fast and efficient web presence through a professional provider (Article 6 Paragraph 1(f) GDPR). If this kind of consent has been requested, data is processed solely on the basis of Article 6 Paragraph 1(a) GDPR and Section 25 Paragraph 1 of the German Telecommunications Telemedia Data Protection Act (TTDSG), provided this consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) as defined by the TTDSG. You can revoke your consent at any time.

Our host(s) will process your data only to the extent necessary to fulfill their service obligations, and they will only process data as per our instructions.

Data processing agreement

We have concluded a data processing agreement (DPA) regarding the use of the services listed above. This is a contract governed by data protection law, guaranteeing that the service provider only processes personal data from visitors to our website in line with our instructions and in compliance with the EU General Data Protection Regulation (GDPR).

3. General and Mandatory Information

Data protection

The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with both the statutory data protection provisions and this Privacy Notice.

If you use this website, we will collect various personal data. Personal data is data that makes it possible to personally identify you. This Privacy Notice details what data we collect and what it is used for. It also explains how this is done and for what purpose.

We would point out that sending data online (e.g. communication via email) may involve security vulnerabilities. It is therefore not possible to guarantee complete protection of data from access by third parties.

Data retention period

Unless no specific retention period is stated in this Privacy Notice, we will store your personal data until the purpose for processing this data no longer applies. If you assert a justified request for erasure or revoke your consent to data processing, your data will be erased unless we are otherwise legally permitted to store your personal data (e.g. retention periods specified under tax or commercial law). If we do have another legal reason to store your data, your data will be erased once those reasons no longer apply.

General information on the legal basis for processing data on this website

If you consent to data processing, we process your data on the basis of Article 6 Paragraph 1(a) GDPR, and/or Article 9 Paragraph 2(a) GDPR if special categories of data are processes as defined by Article 9 Paragraph 1 GDPR. Where you have expressly consented to personal data being transferred to a third country, data is also processed on the basis of Article 49 Paragraph 1(a) GDPR. If you consent to the storage of cookies or access to information on your device (e.g. using device fingerprinting), data processing is also carried out on the basis of Section 25 Paragraph 1 TTDSG. You can revoke your consent at any time. If your data is required to fulfill a contract or undertake pre-contractual measures, we process your data on the basis of Article 6 Paragraph 1(b) GDPR. If your data is required to meet a legal requirement, we also process your data on the basis of Article 6 Paragraph 1(c) GDPR. In addition, we may process data on the basis of our legitimate interests as per Article 6 Paragraph 1(f) GDPR. Information on the relevant legal basis in each case is provided below in this Privacy Notice.

Data protection officer

We have appointed a data protection officer.

SONNTAG IT Solutions Data Protection Team
SONNTAG IT Solutions GmbH & Co. KG
Schertlinstrasse 23 | 86159 Augsburg, Germany

Email: [email protected]

Recipients of personal data

As part of our business activities, we work together with a number of third-party organizations. This means that, in some cases, we may need to share some personal data with these third parties. We only disclose personal data to third parties if necessary for contractual performance, if we are legally required to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in disclosure as defined by Article 6 Paragraph 1(f) GDPR, or if we are otherwise legally permitted to disclose data. When we engage with data processors, we only disclose our customers’ personal data on the basis of a valid data processing agreement. Where we engage in joint processing, we have concluded a joint processing agreement.

Revoking your consent to data processing

Many data processing activities are only possible with your explicit consent. You can revoke this consent at any time. Revoking your consent has no bearing on the legality of the data processing that took place before you revoked your consent.

Right to object to the collection of data in certain cases; right to object to direct marketing (Article 21 GDPR)

WHERE DATA IS PROCESSED ON THE BASIS OF ARTICLE 6 PARAGRAPH 1(E) OR (F), YOU HAVE THE RIGHT TO OBJECT, ON GROUND RELATING TO YOUR PERSONAL SITUATION, AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. THIS PRIVACY NOTICE SPECIFIES THE RELEVANT LEGAL BASIS FOR PROCESSING. IF YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING AND LEGITIMATE REASONS FOR SUCH PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR WHERE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PER ARTICLE 21 PARAGRAPH 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THESE MARKETING PURPOSES AT ANY TIME. THIS ALSO APPLIES TO PROFILING, PROVIDED THIS IS CONNECTED TO THIS KIND OF DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION AS PER ARTICLE 21 PARAGRAPH 2 GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of a breach of GDPR provisions, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the European Union Member State of their residence, place of work, or place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have the data that we automatically process based on your consent or in fulfillment of a contract handed over to you or a third party in a commonly used, machine-readable format. If you request that your data be sent directly to another data controller, this will only be done where this is technically feasible.

Right of access, rectification and erasure

Under the applicable legal provisions, you have the right to receive information about your stored personal data, its origin and any recipients, as well as information about the purpose for which your data is processed. You have the right to obtain this information at any time, free of charge, and, where necessary, the right to rectification or erasure of that data. You may contact us at any time should you have any questions relating to personal data or how your data is handled.

Right to restrict processing

You also have the right to request the processing of your personal data be restricted. You may contact us at any time to request this. You have the right to restrict processing in the following cases:

  • If you wish to dispute the accuracy of your personal data, we usually need time to review this request. During this review period, you also have the right to request restriction to the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you have the right to request restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you this data them to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted.
  • If you have objected per Article 21 Paragraph 1 GDPR, the interests of all parties must be considered. During the process of determining whose interests prevail, you have the right to request restriction to the processing of your personal data.

If you have restricted the processing of your personal data, this data, with the exception of its storage, may only be processed with your consent or to assert, exercise or defend against legal claims or to protect the rights of another natural or legal person, or for reasons of major public interest to the European Union or one of its Member States.

SSL and/or TLS encryption

This page uses SSL and/or TLS encryption for security purposes as well as to protect the transmission of confidential content, such as orders or queries you send us as the website operator. You can recognize an encrypted connection because your browser’s address bar will switch from “http://” to “https://” and a lock symbol will appear.

If SSL and/or TLS encryption is enabled, you will be able to send us data in a way that prevents third parties from reading it.

Objection to marketing emails

The use of contact information published as part of legal notice requirements in order to send unauthorized advertising and informational material is hereby expressly prohibited. The website operators explicitly reserve the right to take legal action if any unsolicited promotional information, such as spam email, is sent.

4. Data collection on this website

Cookies

Our website uses cookies. Cookies are small data packets that do not harm your computer. They are either stored on your device temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically erased after your visit. Permanent cookies remain stored on your device until you delete them yourself or until your browser automatically deletes them.

Cookies may originate from us (first-party cookies) or from third-party organizations (third-party cookies). Third-party cookies allow us to incorporate certain third-party services on our website (e.g. cookies used to process payment services).

Cookies serve a number of different functions. Many cookies are technical requirements since certain website features would not work without them (e.g. shopping basket feature or embedded videos). Other cookies may be used to analyze user behavior or for marketing purposes.

Unless otherwise legally specified, cookies that are necessary (necessary cookies) for electronic communication, to provide certain functions you have requested (e.g. shopping cart) or for website optimization (e.g. cookies to measure visitor analytics) are stored based on Article 6 Paragraph 1(f) GDPR. The website operator has a legitimate interest in storing necessary cookies to ensure that it is able to provide its services in an error-free and technically optimized manner. If consent has been requested to store cookies or similar recognition technology, data is processed solely on the basis of this consent (Article 6 Paragraph 1(a) GDPR and Section 25 Paragraph 1 TTDSG). Consent may be revoked at any time.

However, you can adjust your browser’s settings such that you are informed about the use of cookies and you only permit cookies on an individual basis or in certain cases; alternatively, you can adjust these settings to generally block or automatically erase cookies when you close your browser. However, disabling cookies may limit the functionality of this website.

This Privacy Notice specifies the cookies and services used on this website.

Consent using Cookiebot

Our website uses Cookiebot’s consent management technology to obtain your consent to store certain cookies on your device or to the use of certain technologies, and to document these cookies as required under data protection law. This technology is operated by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”).

A connection to the Cookiebot servers is established each time you visit our website in order to obtain your consent and to provide other information on the use of cookies. Cookiebot then stores a cookie in your browser to be able to attribute prior cookie consents or rejections and allow you to revoke consent. The data collected is stored until you request that we erase it, you erase the Cookiebot cookie yourself, or until there is no longer any reason to store that data. This does not affect any statutory retention periods.

We use Cookiebot to obtain the consent we legally require to use cookies. The legal basis for this is Article 6 Paragraph 1(c) GDPR.

5. analysis tools and advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States. The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.
We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the data records collected and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymization

Google Analytics IP anonymization is activated. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google signals

We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.

Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Analytics e-commerce measurement
This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.

6. Audio and Video Conference Calls

Data processing

Among other things, we use online conferencing tools to communicate with our customers. The specific tools we use are listed below. If you communicate with us using a video or audio conference calls, your personal data will be collected and processed by us and the provider of the conferencing tool in question.

In the process, the conferencing tool collects all data you provide/use when utilizing the tool (email address and/or telephone number). In addition, conferencing tools process data that includes the duration of the call, the start and end times for call participants, the number of participants and other “context information” relating to the communication process (metadata).

Furthermore, the tool provider processes all technical data required for online communication purposes. In particular, this includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker and connection type.

If content is exchanged, uploaded or otherwise provided within the tool, this is also stored on the tool provider’s servers. This content includes cloud recordings, chat/instant messages, voicemail messages, uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have complete control over the data processing procedures used by these tools. Our options depend largely on each provider’s company policy. For more information on data processing by conferencing tools, please see the privacy policy for the relevant tool, listed in this Privacy Notice.

Purpose and legal basis

Conferencing tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Article 6 Paragraph 1(b) GDPR). The use of these tools also serves to generally simplify and speed up communication with us and our company (legitimate interest as defined by Article 6 Paragraph 1(f) GDPR). Where consent is requested, the tool in question is used on the basis of this consent. You can revoke your consent at any time with future effect.

Data retention period

The data we collect directly through video and conferencing tools is erased from our systems once you request its erasure, revoke your consent for its storage, or if there is no longer any reason for storing that data. Stored cookies remain on your device until you delete them. This does not affect any statutory retention periods.

We have no control over the retention period for your data stored by conferencing tool operators for their own purposes. For detailed information on that, please contact the conferencing tool operator directly.

Conferencing tools we use

We use the following conferencing tools:

Microsoft Teams

We use Microsoft Teams. The service provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing are available in Microsoft Teams’ privacy statement: https://privacy.microsoft.com/en-us/privacystatement.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to guarantee compliance with European data protection standards when data is processed in the US. Every company certified under the DPF is obligated to comply with these data protection standards. More information is available from the provider at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active.

Data processing agreement

We have concluded a data processing agreement (DPA) regarding the use of the services listed above. This is a contract governed by data protection law, guaranteeing that the service provider only processes personal data from visitors to our website in line with our instructions and in compliance with the EU General Data Protection Regulation (GDPR).

7. Internal Services

Applicant data

We offer opportunities to apply to work with us (e.g. by email, by postal mail or using an online application form). Below please find information on the scope, purpose and use of your personal data collected as part of the application process. We assure you that we collect, process and use your data in accordance with the applicable data protection laws and all other statutory provisions, and that we will treat your data with the strictest confidence.

Scope and purpose of data collection

If you send us an application, we process the personal data you included (e.g. contact and communication data, application documents, notes from interviews, etc.) to the extent required to decide whether to establish an employment relationship with you. The legal basis for this is Section 26 (Data processing for employment-related purposes) of the German Federal Data Protection Act (BDSG) under German law, and Article 6 Paragraph 1(b) GDPR (general entry into contract) and, where you have consented, Article 6 Paragraph 1(a) GDPR. You can revoke your consent at any time. Your personal data is disclosed within our organization exclusively to those persons involved in processing your application.

If your application is successful, the data you submitted will be stored in our data processing system for the purpose of conducting an employment relationship on the basis of Section 26 BDSG and Article 6 Paragraph 1(b) GDPR.

Data retention period

If we do not make you an offer of employment, if you reject an offer of employment or withdraw your application, we reserve the right to store the data you sent us on the basis of our legitimate interests (Article 6 Paragraph 1(f) GDPR) for up to six (6) months as of the application process ending (rejection or withdrawal of application). The data is then erased and any physical application documentation is destroyed. Retention of this data primarily serves an evidentiary purpose in the event of a legal dispute. If it is evident that this data will be required after this six-month (6-month) period has expired (e.g. due to an anticipated or pending legal dispute), the data will only be erased when the purpose for prolonged storage no longer applies.

Data may also be retained for a longer period of time if you have granted your consent to this (Article 6 Paragraph 1(a) GDPR) or if statutory retention requirements prevent its erasure.

Inclusion in the applicant pool

If we do not make you an offer of employment, we may then include your details in our applicant pool. If you are included, all of your documents and information from the application process will be transferred to the applicant pool so that you can be contacted if suitable job vacancies come up.

Inclusion in the applicant pool is solely on the basis of your explicit consent (Article 6 Paragraph 1(a) GDPR). Consent is voluntary and has no bearing on any ongoing application processes. Data subjects may revoke their consent at any time. In this case, data is irrevocably erased from the applicant pool, provided no statutory retention requirements prevent this.

Data from the applicant pool is erased by no later than two (2) years after consent is granted.