Privacy policy

Data Protection Declaration

We – Impreglon GmbH – as operator of this site – take the protection of your personal data very seriously. We treat your personal data as strictly confidential and handle it in compliance with data protection laws and with this data protection declaration. This translation of the Data Protection Declaration is intended for informational purposes. Only the original German version is legally binding.

Note on responsibility

The responsibility for data processing on this website lies with:

Impreglon GmbH
Hohenhorststr. 1
21337 Lüneburg

Telephone: +49 (0) 41 31 882-10
E-mail: info@impreglon.de

Responsibility lies with the natural person or legal entity which alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.)

SSL and TLS encryption

This website uses SSL or TLS encryption to ensure security and protect transmission of confidential information, such as orders and inquiries that you send to us, the operator of this site. An encrypted connection can be recognized by the "https://" browser address instead of “http://” and by the lock symbol in the browser line. When SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

1. Definition of terms

Impreglon GmbH’s data protection declaration is based on the terminology used by the European body issuing directives and regulations upon decree of the General Data Protection Regulation (GDPR). Our data protection declaration is intended to be easy for the public, our customers and our business partners to read and understand. The terminology used will be explained here to facilitate comprehension. We use the following and other terms in this data protection declaration:

  • Personal data
    Personal data is any information relating to an identified or identifiable natural person (hereafter referred to as “data subject”). A natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, locations, an online identifier, or by reference to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
  • Data subject
    A data subject is any identified or identifiable natural person whose personal data is processed by the controller (person responsible for processing).
  • Processing
    Processing is any operation or set of operations carried out with or without the assistance of automated processes, which is performed upon personal data and serves to capture, collect, organize, sort, store, adapt or modify, to read, retrieve, use or disclose through transmission, dissemination or any other form of provision, to reconcile or link, restrict, delete or destroy data.
  • Restriction of processing
    Restriction of processing means to mark saved personal data with the objective of restricting future processing.
  • Profiling
    Profiling is any type of automated processing of personal data that consists of using personal data to evaluate certain personal aspects relating to a natural person, particularly when used to analyze or forecast aspects relating to performance at work, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or change of location of this natural person.
  • Pseudonymization
    Pseudonymization is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without providing additional information, as long as the additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data cannot be associated with an identified or identifiable natural person.
  • Person responsible or controller
    Th person responsible or the controller is a natural person or legal entity, a public authority or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of processing are determined by Union law or national law of the Member States, the controller or the specific criteria for his or her nomination may be designated by Union law or national law of the Member States.
  • Processor
    A processor is a natural person or legal entity, a public authority or any other body that processes data on behalf of a controller.
  • Recipient
    The recipient is a natural person or legal entity, public authority or any other body to whom data is disclosed, whether a third party or not. However, authorities which may receive data in the framework of a particular inquiry pursuant to Union law or the law of Member States shall not be regarded as recipients.
  • Third party
    A third party is a natural person or legal entity, a public authority or other body, with the exception of the controller, the processor and the persons reporting directly to the controller or the processor who are authorized to process personal data.
  • Consent
    Consent is any freely given specific and informed indication of the data subject’s wishes by which the data subject signifies agreement in an informed and clear manner, in the form of a declaration or other unequivocal affirmative action, to his or her personal data being processed in a specific case.

2. General notes and required information

Data subject’s rights pursuant to GDPR

Right of access to information

The data subject has the right to demand from the controller a confirmation of whether his or her personal data is being processed; if this is the case, the data subject has the right to obtain information on the personal data as well the following information:

  • Purpose of processing
  • Categories of personal data being processed
  • Recipients or categories of recipients to whom the personal data is revealed or will be revealed, particularly in regard to recipients in third countries or to international organizations
  • If possible, the planned duration of personal data storage, or if this is not possible, the criteria for determining this duration
  • Existence of the right to correct or delete personal data pertaining to themselves or to restrict processing by the controller, or the right to object to such processing
  • Right of appeal to a public authority
  • If the data was not collected from the data subject, all information available on the source of the data
  • Existence of automated decision making, including profiling pursuant to article 22(1) and (4) of the GDPR, and – at least in these cases – significant information on the logistics involved as well as the scope and intended effects on the data subject of such processing
  • If personal data is transmitted to a third country or an international organization, the data subject has the right to be informed of the appropriate guarantees pursuant to article 46 related to the transmission
  • The controller shall provide a copy of the personal data that is the object of processing. 2The controller can charge a reasonable fee to cover administrative expenses if the data subject requests additional copies. If the data subject submits the application electronically, the data shall be provided in a common electronic format, unless the data subject requests otherwise
  • The right to receive a copy pursuant to paragraph 3 may not infringe upon the rights and freedoms of other persons.

Right to correction

The data subject has the right to rectification without delay of inaccurate personal data. Taking into consideration the purposes of processing, the data subject has the right to demand completion of incomplete personal data – including by means of a supplementary statement.

Right to erasure (“right to be forgotten”)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay. The controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • The data subject revokes his or her consent that allowed processing pursuant to article 6(1)(a) or article 9(2)(a) of the GDPR and there is no other legal basis for processing.
  • The data subject withdraws the consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The personal data has been unlawfully processed.
  • The personal data has to be erased to ensure compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
  • Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) or Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and where processing is carried out by automated means.

In exercising his or her right to data portability pursuant to paragraph 1 of the GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The exercise of the right shall be without prejudice to Article 17.

That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right to data portability may not infringe upon the rights and freedoms of other persons.

Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

At the latest at the time of the first communication with the data subject, the right referred to in Article 21(1) and (2) of the GDPR shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GSPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

This does not apply if the decision:

a) Is necessary for entering into, or performance of, a contract between the data subject and a data controller

b) Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests or

c) Is based on the data subject's explicit consent.

In the cases referred to in points (a) and (c), the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. Decisions shall not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) of the GDPR applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.

Right to withdraw consent pursuant to data protection law

The data subject shall have the right to withdraw consent to the processing of personal data at any time. If the data subject would like to exercise his or her right to withdraw consent, he or she can address the controller responsible for processing. The legality of the data processed prior to withdrawal of consent is not affected.

Right to lodge a complaint with the proper supervisory authority

When data protection laws are violated, the data subject has the right to lodge a complaint with the proper supervisory authority. The proper authority for issues related to data protection is the State Data Protection Commissioner of the state in which our company is located. A list of the Data Protection Officers and their contact data can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Legal basis of processing

Article 6(1)(a) of the GDPR serves as the legal basis for processing procedures for which we obtain consent for a specific purpose. If processing personal data is necessary for the performance of a contract to which the data subject is party, e.g. as is the case for processing procedures essential to delivery of goods or provision of a service or service in return, Article 6 (1)(2) of the GDPR applies. The same applies to processing procedures required for measures prior to entering into a contract, such as regarding inquiries about our products or services. If our company is subject to a legal obligation that requires processing of personal data, such as meeting tax obligations, processing is governed by Article 6 (1)(c) of the GDPR. In rare cases processing personal data may be essential to protect the vital interests of the data subject or of another natural person. This could be the case e.g. if a visitor to our plant were to sustain an injury, and his name, age, health insurance data or other vital information would have to be given to a physician, hospital or other third party. Then Article 6 (1)(d) of the GDPR would apply to processing. Ultimately, Article 6 (1)(f) could apply to processing. This legal basis is the foundation for processing procedures that are not covered by any of the legal bases mentioned here, when processing is intended to protect the legitimate interests of our company or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to perform such processing procedures because they are specifically mentioned by the European government. It considers that a legitimate interest could be when the data subject is a client of the controller (recital 47, second sentence, GDPR).

Legitimate interests in processing pursued by the controller or a third party

When processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is conducting our business to the benefit of all of our employees and our shareholders.

Period for which personal data will be stored

The applicable legal retention period serves as the basis for the period for which the personal data will be stored. When the period expires, the respective data is routinely erased, unless it is still needed for performance or initiation of a contract.

Legal or contractual regulation regarding provision of personal data; necessity for completion of the contract; obligation of data subject to provide personal data; potential consequences of failure to provide

We apprise you of the fact that the provision of personal data is sometimes a legal obligation (e.g. tax law) or can be the consequence of contractual arrangements (e.g. information on the contracting party). It may sometimes be necessary to completing a contract that a data subject provide personal data that we would subsequently have to process. The data subject is e.g. obligated to provide to us personal data when our company signs a contract with the data subject. The consequence of failure to provide personal data would be that the contract with the data subject cannot be completed. Before the data subject provides data, he or she must contact one of our employees. Based on the specific case, our employee will inform the data subject of whether provision of the personal data is required by law or by the contract or for completion of the contracts, whether there is an obligation to provide the personal data and what the consequences of failure to provide the data would be.

Objection to advertising e-mails

The use of the published contact data within the framework of the masthead regulations for sending non-requested advertising material and information is hereby prohibited. The operator of the site expressly reserves the right to take legal action in the case of transmission of non-solicited advertising material, e.g. as spam e-mail.

3. Data protection officer

We have appointed a data protection officer for our company.

Ms. Verena Loebe
Society Solutions GmbH
Widdersdorfer Strasse 190
D-50825 Cologne, Germany

Telephone: +49 221 33 77 59 66
E-mail: datenschutz@impreglon.de

4. Compiling data on our website

Who is responsible for compiling data on this website?

Impreglon GmbH processes data on this website. Our contact information can be found in the imprint of this website.

How do we use your data?

Some of the data is collected to ensure that the website functions properly, to protect ourselves from cyber attacks or to be able to trace such attacks, or to obtain statistical information on the visitors to our website.

Cookies

This website sometimes uses so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our website more user-friendly, more effective and safer. Cookies are small text files that are placed on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your session. Other cookies remain on your terminal device until you delete them. These cookies allow us to identify your browser the next time you visit our website.

You can set your browser to: inform you when cookies are generated and prompt you to permit them only in exceptional cases; refuse to accept cookies in certain cases or always; automatically delete cookies when you close the browser. If you deactivate cookies, functioning of this website may be restricted.

Cookies that are essential to performing the electronic communication process or to providing certain functions that you would like to access (e.g. shopping cart feature) are saved in compliance with Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in saving cookies for technically sound and optimized provision of his services. If other cookies (e.g. cookies that analyze your surfing behavior) are saved, they are addressed separately in the data protection declaration.

Server log files

The provider of this website automatically captures and saves in so-called server log files information which your browser automatically sends to us.

This includes:

  • Browser type and version
  • Operating system used
  • Location (country, region, city)
  • Screen resolution
  • Device
  • Time of visit
  • IP address (anonymized)
  • Websites and sub-websites visited
  • Duration of visit
  • Number of visits (returning visitors)
  • Other similar data and information that serves to avert danger in the event of cyber attacks to our systems

This data is not consolidated with other data sources.

The data processing is based on Article 6(1)(f) of the GDPR, which permits data to be processed for the performance of a contract or in order to take steps prior to entering into a contract.

Contact via the website

In compliance with legal regulations, this website contains information that facilitates quick, electronic contact to our company as well as direct communication with us, which also includes a general e-mail address.

If you, the data subject, contact the controller responsible for processing by e-mail or via a contact form on the website, the personal data that you submit will be saved automatically. This personal data that you as the data subject submit voluntarily for processing your request or establishing contact will be saved.

Thus the data that you entered in the contact form is processed solely on the basis of your consent (Article 6(1)(a) of the GDPR). You can withdraw consent at any time. An informal notification via e-mail is sufficient. The legality of the data processing procedures prior to withdrawal of consent is not affected.

The data that you entered in the contact form remains with us until you request that we erase it, you withdraw your consent to save it or the data is no longer needed for the purpose of processing (e.g. when your inquiry has been completely processed). Mandatory legal provisions – particularly retention periods – remain unaffected.

Data protection regarding job applications and application process

This website captures and processes personal data of applicants for the purpose of the application process.

Processing can occur electronically. This applies particularly when an applicant transmits application documents electronically to the controller responsible for processing, e.g. by e-mail or via a web form on the website.

If Impreglon GmbH and the applicant complete an employment contract, the transmitted data will be saved for the purpose of handling the employment relationship, taking into consideration applicable legal regulations.

If Impreglon GmbH and the applicant do not complete an employment contract, the application documents are automatically erased two months after the rejection decision has been made, as long as erasure does not obstruct any other legitimate interests of Impreglon GmbH. Other legitimate interests in this sense could be e.g. the burden of proof in a lawsuit pursuant to the Equal Treatment Law.

5. Plug-ins and tools

Google Analytics (with anonymization feature)

This website uses Analytics (with anonymization feature) Google Analytics is a web analysis service. Web analysis means collecting, compiling and evaluating data on the behavior of visitors to websites. Among other information, a web analysis service compiles data regarding the website from which a person accesses a website (so-called referrer), which subpage the person accesses, and how frequently and how long a subpage is viewed. Web analysis is used primarily to optimize a website and to analyze the cost-benefit ratio.

The Google Analytics component is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For web analysis with Google Analytics, we use the ending "_gat._anonymizeIp." With this ending Google shortens and anonymizes the IP address of the internet connection of the data subject, if our website is accessed from a Member State of the European Union or from other Contracting States who are part of the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Among other purposes, Google uses the collected data and information to evaluate use of our website, compile online reports detailing the activities on our website, and to provide other services related to the use of our website.

Google Analytics generates cookies on the data subject’s device. Cookies were explained earlier in this agreement. Generating a cookie allows Google to analyze use of the website. Every time any page on this website operated by the controller responsible for processing and into which a Google Analytics component is integrated is accessed, the internet browser on the data subject’s terminal device is automatically triggered by the respective Google Analytics component to transmit data to Google for online analysis purposes. This technical process gives Google access to personal data such as the data subject’s IP address, which Google then uses to determine the source of the visitor and the number of clicks, thus enabling commissions to be calculated.

Cookies save personal information such as access time and place, and how frequently the data subject visits our website. For every visit to our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. The personal data is saved by Google in the United States of America. Under certain circumstances, Google may pass this personal data transmitted by technical means onto third parties.

The data subject can at any time prevent cookies from being generated by our website in the manner described above. He or she need only make the appropriate settings in the browser to permanently prevent cookies. This setting also prevents Google from generating cookies on the data subject’s terminal device. A cookie generated by Google Analytics can also be deleted at any time via the internet browser or another software program.

Furthermore, the data subject has the option of objecting to and preventing the data based of the use of this website to be compiled and processed by Google Analytics. To be able to do this, the data subject must download a browser add-on from https://tools.google.com/dlpage/gaoptout and install it. This browser add-on informs Google Analytics via JavaScript that no data and information on the visits to the websites may be transmitted to Google Analytics. Installation of the browser add-on signalizes the objection to Google. If the data subject’s information technology system (terminal device) is later deleted, formatted or re-installed, the data subject has to install the browser add-on again to deactivate Google Analytics. If the data subject or another person operating within his or her sphere of responsibility deletes or deactivates the browser add-on, the add-on can be re-installed or re-activated. Additional information and Google’s data protection regulation can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

Google Maps

This website uses Google Maps via an API. The supplier is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

It is essential to save your IP address to be able to use the Google Maps features. This information is generally transmitted to a Google server in the USA and saved there. The site provider has no influence on the data transmission.

Google Maps is used to promote an appealing presentation of our online offerings and to make it easier to find the places stated on our website. This qualifies as a legitimate interest in the sense of Article 6(1)(f) of the GDPR.

More information on how user data is handled can be found in Google’s data protection declaration. https://www.google.de/intl/de/policies/privacy/.

Google reCAPTCHA

This website used “Google reCAPTCHA” (hereafter referred to as “reCAPTCHA”). The supplier is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

reCAPTCHA is used to determine whether the data entered on our website (e.g. in the contact form) is being provided by a person or by an automated program. reCAPTCHA applied various criteria to analyze the website visitor’s behavior. The analysis begins automatically, as soon as the visitor accesses the website. reCAPTCHA evaluates various information (e.g. IP address, duration of visit to website or user’s mouse motion) for the analysis. Data compiled during the analysis is sent to Google.

reCAPTCHA analyses occur completely in the background. Website visitors are not made aware of the analysis.

Data is processed in compliance with Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting the website offerings from improper automated spying and from spam.

More information on Google reCAPTCHA as well Google’s data protection declaration can be found at: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Google Web Fonts

To ensure a uniform presentation of fonts, this website uses so-called Web Fonts provided by Google. When a website is accessed, the browser loads the required Web Fonts into your browser cache, allowing text and fonts to be displayed properly.

The browser that you use has to establish a connection to the Google servers for this purpose. This informs Google that our website is being accessed by your IP address. Google Web Fonts is used to ensure that our online offerings appear in a uniform and appealing manner. This qualifies as a legitimate interest in the sense of Article 6(1)(f) of the GDPR. If your browser does not support Web Fonts, a standard font from your computer will be used.

Additional information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s data protection declaration: https://www.google.com/policies/privacy/.

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising service supplied by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

We use so-called Conversion Tracking within the scope of Google AdWords. If you click on an ad placed by Google, a cookie for Conversion Tracking is generated. Cookies are small text files that the internet browser generates on the user’s computer. The cookies are valid for only 30 days and do not serve to personally identify the user. If the user visits certain pages of the website and the cookie is not yet expired, Google and we can detect that the user has clicked the ad and moved to the page.

Each Google AdWords customer receives a different cookie. The cookies cannot be traced through the websites of AdWords customers. The information collected with the aid of conversion cookies is used to generate conversion statistics for AdWords customers who choose to use Conversion Tracking. The customers discover the total number of users who have clicked their ad and moved to a page with a Conversion Tracking tag. The do not, however, receive any information that allows them to personally identify users. If you would not like to participate in tracking, you can easily object to the use by deactivating the Google Conversion Tracking cookie in the user settings of your internet browser. You are then no longer part of the Conversion Tracking statistics.

Conversion cookies are saved in compliance with Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the analysis of user behavior, to optimize his website offering as well as advertising.

Additional information on Google AdWords and Google Conversion Tracking can be found in the Google data protection policies: https://www.google.de/policies/privacy/. You can set your browser to: inform you when cookies are generated and prompt you to permit them only in exceptional cases; refuse to accept cookies in certain cases or always; automatically delete cookies when you close the browser. If you deactivate cookies, functioning of this website may be restricted.

6. Modification of our data protection provisions

We reserve the right to modify this data protection declaration, thus ensuring that it always meets the current legal requirements or to reflect in the data protection declaration changes in our services, e.g. upon introduction of a new service. The next time you visit our site, the new data protection declaration will apply.