1. GENERAL INFORMATION
The following information is intended to give you an overview of how we process your personal data when you use our website https://www.cellofoam.de and to inform you of your data privacy rights. As a basic principle, the use of our website is possible without entering any personal data.However, if you wish to make use of special services or other ways of interacting with us, processing ofsome  personal data may be necessary.

2. CONTROLLER
Cellofoam International GmbH & Co. KG
Freiburger Straße 44
88400 Biberach, Germany
Telefon: +49 7351 573-0
E-Mail: sales@cellofoam.de

Further information can be found in our Legal Information section.

3. DATA PROTECTION OFFICER
If you have any questions about data processing or data privacy at Cellofoam GmbH, you can also contact our external data protection officer at DAISECO GmbH at any time.<o:p></o:p> You can contact data protection officer by letter to the above address (please write "For the attention of the Data Protection Officer" on the envelope), by e-mail to datenschutz@cellofoam.de or confidentially via our Data Privacy Portal.

4. LEGAL GROUNDS OF DATA PROCESSING
Article 6 (1) (a) GDPR (in conjunction with Section 25 (1) TTDSG (German Telemedia Data Protection Act) serves as the legal basis for data processing operations for which we requested and obtained consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which you are party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of any other service or performance, the processing is based on Art. 6 (1) (b) GDPR. The same applies to such processing operations that are necessary for the execution of pre-contractual measures, for example in the case of inquiries about our products or services.

Insofar as our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) (c) GDPR.

Ultimately, processing operations can be based on Art. 6 (1) (f) GDPR. This provision is the legal basis for processing operations which are not covered by any of the aforementioned legal bases in cases where processing is necessary for the purpose of the legitimate interests pursued by our company or by a third party, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislation authorities. In this respect, the authorities have taken the view that a legitimate interest on our part can be assumed if you are a client of our company (Recital 47 (2) GDPR).

5. TECHNOLOGY
a) SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the website operator. The use of an encrypted connection is indicated by the switch from "http://" to "https://" in the browser’s address bar (URL) and the appearance of the lock icon in your browser bar. We use this technology to protect your transmitted data.

b) Data collected when you visit our website
If you use our website solely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (as part of so-called "server log files"). Our website collects a range of general data and information items each time you or an automated system accesses a page. This general data and information is stored in the server log files. The following data may be recorded: 

1. browser types and versions used,
2. operating system used by the accessing system,
3. website from which an accessing system reaches our website (the so-called referrer),
4. sub-websites that are accessed on our website via an accessing system,
5. date and time of access to the website,
6. internet protocol ADDRESS (anonymized IP address) and
7. internet service provider of the accessing system.

When processing this general data and information, we do not draw any conclusions regarding your person. Rather, this information is required in order to:

1. deliver the content of our website in the correct form,
2. optimize the content of our website and the related marketing measures,
3. ensure the continued functioning of our IT systems and the technology of our website for the long term, and
4. in the event of a cyber-attack, provide law enforcement authorities with the information necessary for prosecution.

This collected data and information is therefore analyzed by us both in statistical terms and with the aim of maximizing data privacy and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The data of the server log files are stored separately from all personal data provided by a data subject and are deleted after 10 days.

The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the data collection purposes listed above.

6. HOSTING BY ALL-INKL
We host our website at ALL-INKL.COM - Neue Medien Münnich (owner; René Münnich), Hauptstrasse 68, 02742 Friedersdorf, Germany (hereinafter referred to as All-Inkl). When you visit our website, your personal data (e.g. IP addresses in log files) are processed on All-Inkl's servers. The use of All-Inkl’s services is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the most reliable presentation, provision and security of our website. We have concluded a data processing agreement (DPA) with All-Inkl in accordance with Art. 28 GDPR. This is a contract required by data privacy law, which ensures that All-Inkl processes the personal data of any visitors to our website exclusively in accordance with our instructions and in compliance with the GDPR. You can find more information about All-Inkl's privacy policy at https://all-inkl.com/datenschutzinformationen/

7. CONTENT AND CONTACT OPTIONS
As a leading supplier of high-quality sound-insulation and sound-attenuation products as well as sealing products for industrial and technical applications, flame and dry-adhesive lamination, products for the sound-conditioning of rooms as well as many specially developed solutions based on flexible foam and nonwovens for a wide variety of industrial applications, we inform you on our website about our company, our locations and our products, our range of services, applications and offers as well as any company news. As a service accompanying our products, we offer brochures and product flyers, certificates and processing instructions and provide information about our purchasing conditions and general terms and conditions.We also provide information about job vacancies on our website. We offer you various additional options for contacting us and communicating with us, for example via contact forms: 

a) Contact via contact form
If you have any questions, you can contact us using the general contact form provided on our website. In the scope of the contacting process, personal data will be collected. As a minimum, a valid e-mail address and your name are required to process the information in the contact form. Which further data is collected when you use a contact form can be seen from the respective contact form, e.g. in the case of product inquiries; any mandatory information is marked with an (*) where applicable. This data is stored and used exclusively for the purpose of responding to your inquiry resp. for contacting you, as well as for the purpose of the necessary technical administration of your request. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your request has the ultimate aim of concluding a contract, the additional legal basis for processing is Art.6 (1) (b) GDPR. 

Your data will be deleted after your request has been dealt with conclusively; this is the case if it can be inferred from the circumstances that the matter in question has been fully resolved, and provided that the deletion does not conflict with any statutory obligations to retain the data. As an alternative, you can contact us informally and ask us to delete your data.

b) Contact via e-mail
If you contact us via one of the e-mail addresses listed by us, the personal data that you provide will be used exclusively for the purpose of processing your respective inquiry, for correspondence with you, as well as for the initiation and establishment of a contract, as the case may be, for inquiries in regard to products and complaints, etc. with you in accordance with Art. 6 (1) (b) GDPR. The personal data collected will be deleted automatically after your request has been dealt with conclusively; this is the case if it can be inferred from the circumstances that the matter in question has been fully resolved, and provided that the deletion does not conflict with any statutory obligations to retain the data. 

c) Job applications
If you apply for a position at our company, we process your personal data for the purpose of your application for employment, insofar as this is necessary for the decision on the establishment of an employment relationship between you and us. 

The legal basis is the performance of the contract resp. of any steps taken prior to entering into a contract with regard to the employment relationship, pursuant to Art. 6 (1) (b) GDPR. Furthermore, we may process your personal data insofar as this is necessary to defend the company against legal claims asserted against us in the application process. The legal basis for this is Art. 6 (1) (f) GDPR; the legitimate interest could be, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). In case that an employment relationship between you and us is established, we may process the personal data already received from you for the purposes of the employment relationship in accordance with Art. 6 (1) (b) GDPR if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of existing statutory rights and obligations. For this we can process data that are related to your application. This includes, in particular, general personal data such as your name, address and contact details, information on your professional qualifications and formal education or information on further professional training, or any other data that you provide to us in connection with your application.

We do not use any external applicant management systems in which we store the application data. Your data as a applicant will not be transferred to a third country. We store your personal data for as long as this is necessary to make a decision regarding your application. If no employment relationship between you and us is established, we may continue to store certain data insofar as this may be necessary for our defense against possible legal claims. 

The application documents will be deleted two months after we have notified you that your application has been rejected, unless (impending) legal disputes make a longer storage period necessary.

8. OUR ACTIVITIES IN SOCIAL NETWORKS
We have our own pages on social networks for the purpose of communicating with you and informing you about our services. If you visit one of our social media pages, we share joint responsibility with the provider of the respective social media platform for the processing operations triggered by your visit, within the meaning of Art. 26 GDPR.

We are not the original provider of these pages, but only use them within the scope of the options offered to us by the respective providers.

As a precautionary measure, we would therefore like to point out that, as the case may be, your data may also be processed outside the European Union or the European Economic Area, in particular in the USA. The use of our social media pages may therefore be associated with data privacy risks for you, as it may be more difficult for you to protect your rights, e.g. your right to information, erasure, objection, etc., and due to the fact that the providers of social network platforms often carry out data processing directly for advertising purposes or for the analysis of user behavior, without us being able to influence these processing steps. Insofar as the providers create user profiles, they often use cookies or may also link your usage behavior to the member profile that you have created on the respective social network.

The operations for processing personal data are carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider to communicate with you in a modern manner and/or to provide you with information on our products and services. If the respective providers request you to give your consent as a user to data processing, the legal basis for processing is Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR.

As we do not have access to the providers' databases, we would like to point out that your rights (e.g. the right to information, correction, erasure, etc.) are best exercised directly with the respective provider. Further information on the processing of your data in social networks is provided below, listed for the respective providers of the social networks that we use:

a) Instagram
(Joint) controller for data processing in Germany:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Data privacy statement (Data Policy): https://instagram.com/legal/privacy/

b) LinkedIn
(Joint) controller for data processing in Germany: 
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Data privacy statement: https://www.linkedin.com/legal/privacy-policy

c) XING (New Work SE)
(Joint) controller for data processing in Germany:
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Data privacy statement: https://privacy.xing.com/de/datenschutzerklaerung
Information requests by XING members: https://www.xing.com/settings/privacy/data/disclosure

d) YouTube
(Joint) controller for data processing in Germany:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data privacy statement:  https://policies.google.com/privacy

9. WEB ANALYSIS 
For web analysis purposes, we have integrated the Matomo component of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, on this website.

Web analysis comprises the collection, compilation and analysis of data about user behavior during their visit to websites. Among other things, a web analysis tool collects data on which subpages of the website have been accessed or how often and for how long an individual subpage has been viewed. Web analysis is mainly used for the purpose of optimizing a website and for a cost-benefit analysis of Internet advertising.

The software is operated on our server and any log files with sensitive data in the sense of the GDPR are stored exclusively on this server. 

The purpose of the Matomo component is to analyze the visitor flows on our website. We use the information to understand the behavior of the visitors when viewing our site and to analyze the use of our subpages in order to make possible improvements. 

We are not interested in our visitors’ identity or in collecting additional data. We have adapted the settings of the Matomo component to prevent it from setting cookies. We also do not make use of so-called "device fingerprinting". 

Each time you access one of the individual pages of this website, the Matomo component automatically prompts your internet browser on your electronic device to transmit data to our server for the purpose of online analysis. 

Your browser transmits personal information such as the access time, the location from which the access has been made, including the IP address of the Internet access you are using, to our server. This personal data is stored by us in anonymized form. We do not pass this personal data on to third parties. No data is transferred to third countries. 

 Matomo processes the following data:

- anonymized IP addresses (anonymization is done by removing the last 2 bytes), 
- pseudo-anonymized location (based on the anonymized IP address),
- date and time,
- title of the page accessed,
- URL of the page accessed,
- URL of the previous page (if this page allows it),
- screen resolution,
- local time,
- files that have been clicked on and downloaded,
- external links,
- the time that the page needed to fully load,
- country, region, city (with low precision since based on the anonymized IP address),
- main language of the browser and
- user agent of the browser.

You have the option to object to Matomo collecting data on your use of this website, as well as to the processing of this data by Matomo and to exclude such activities. To do this, you simply need to set (check) the "Do not track" option in your browser.We have set up Matomo on our server so that the system will take this setting into account. 

If, for whatever reason, you wish to block the collection of usage data, please deactivate the checkbox below. This will prevent the analysis and linking of data about your activities on our website. While tis setting will protect your privacy, it will also prevent us from learning from your actions and from improving the usability for you and other users. 

[x] Your visit to this website is currently being tracked by Matomo Web Analytics. Deselect this checkbox in order to opt out. 

Deselcting the checkbox will set a Matomo cookie that remembers your settings. You can return to this site at any time and change your settings.

Further information and the relevant data protection policy of Matomo can be retrieved from https://matomo.org/privacy-policy.

10. PLUGINS AND OTHER SERVICES
a) Microsoft Teams
We use the "Microsoft Teams" ("MS Teams") tool to communicate with customers and suppliers, both in written form (chat) and in the oral form of telephone conferences, online meetings and video conferences. This service is operated by Microsoft Ireland Operations ("Microsoft"), Ltd, 70 Sir John Rogerson's Quay, Dublin, Ireland. Microsoft Ireland Operations, Ltd. is part of the Microsoft group of companies based at One Microsoft Way, Redmond, Washington, USA. 

When you use MS Teams, the following personal data is being processed: meetings, chats, voicemails, shared files, recordings and transcripts; data that is shared about you  (examples for such data are your e-mail address, your profile picture and your telephone number); a detailed history of the telephone calls you make; call quality data; support/feedback data (such as information related to troubleshooting tickets or feedback sent to Microsoft); diagnostic and service data (diagnostic data related to your use of the service). 

To enable the display of video clips and the playback of audio files, data from the microphone on your end device and from a video camera on your end device is processed for the duration of the meeting. You can switch off the camera and/or mute the microphone yourself at any time via the "Microsoft Teams" applications. If a corresponding consent has been requested and given, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR. In the context of an employment relationship with us, employment-related data processing is carried out on the basis of Section 26 BDSG (German Federal Data Protection Act), unless it is already carried out in accordance with Art. 6 (1) (b) GDPR as required for the performance of a contract (employment contract). The legal basis for the use of "MS Teams" in the context of contractual relationships is Art. 6 (1) (b) GDPR. In all other cases, the legal basis for the processing of your personal data is Art. 6 (1) (f) GDPR. Our interest in this context is the ability to ensure that online meetings are conducted effectively. In case we record online meetings, we will inform you of this before the start and, if necessary, ask for your consent to the recording. If you do not wish to give your consent, you can leave the online meeting. As a cloud-based service, "MS Teams" processes the aforementioned data as part of the provision of the service. To the extent that "MS Teams" processes personal data in connection with Microsoft's legitimate business operations, Microsoft is an independent data controller for such use and as such is responsible for compliance with the applicable laws and any data controller obligations. When and if you access the MS Teams website, Microsoft is responsible for data processing. If you want to download the MS Teams software you need to access their website. If you do not want to or are unable to download the software, the service can be provided via your browser and, as a consequence, via the Microsoft website. This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that the transfer of personal data does not require further guarantees or additional measures. Detailed information on data privacy protection by Microsoft in connection with "MS Teams" can be found at: https://docs.microsoft.com/en-en/microsoftteams/teams-privacy. 

b) Vimeo (Videos)
Our website integrates plugins from the Vimeo video portal of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Vimeo servers. Vimeo transmits the content of the plugin directly to your browser for incorporation into the page presentation. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted directly from your browser to a Vimeo server in the USA and stored there. If you are logged in to Vimeo, Vimeo can directly connect your visit to our website with your Vimeo account. If you interact with the plugins (e.g. by clicking the start button of a video), this information is also transmitted directly to a Vimeo server and stored there. If you do not want Vimeo to connect the data collected via our website directly to your Vimeo account, you must log out of Vimeo before visiting our website. 

Before you play a video on our site, you will be informed that Vimeo will send you some cookies when you click on the play icon. If you do not give your consent by clicking on Accept & Play, this data will not be sent, but neither will the presentation of the video work. You can find Vimeo's privacy policy here: https://vimeo.com/privacy.

c) Google Ads
We use Google Ads. Google Ads is an online advertising scheme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to place advertisements in the Google search results of the Google search engine or on websites of other companies, which are displayed to users when they enter certain search terms (keywords) when searching via the search engine. This is a means for us to make our company and our products better known. Furthermore, based on the user data available at Google (e.g. location data and interests), advertisements can be displayed in a targeted manner (target group targeting). As a website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms have led to the display of our advertisements and how many display instances have led to corresponding clicks. For this purpose, Google provides us only with statistical analyses. We do not receive any detailed data; in particular, we cannot identify users on the basis of this information.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and §25 (1) TTDSG (German Telemedia Data Protection Act). You can revoke your consent at any time. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that the transfer of personal data does not require further guarantees or additional measures. You can view the data privacy provisions and further information on Google Ads at https://www.google.com/policies/technologies/ads/ as well as policies.google.com/privacy/frameworks.

11. COOKIES
a) General information about cookies
Cookies are data records for information purposes that your browser creates automatically and that are stored on your IT system or terminal device (laptop, tablet, smartphone, etc.) when you visit a website. The information stored in the cookie in a given instance depends on the specific terminal device used. However, this does not mean that this enables the direct identification of user identities. The purpose of cookies is to optimize website usability for the visitor. Session cookies allow the system to detect whether you have already visited a given page. 

Temporary cookies, which are stored on terminal devices for a defined period of time, are used to optimize user-friendliness. If you visit a given page again, for instance to make use of services, the system automatically recognizes that you have already been there as well as any settings and entries that you made the previous time so that you do not need to enter them again. Cookies also serve as the basis for statistic records and the analysis of webpage use for the purpose of optimization. These cookies are automatically deleted after a defined period of time.

If you wish to object to the use of cookies for online marketing purposes you can set your browser accordingly and/or declare your objection via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. By means of the settings of the browser you are using you can delete cookies, allow only selected cookies or completely deactivate the setting of cookies at any time.

b) Use on our site
We do not use cookies or comparable technologies provided by third parties on our website. We also do not use any tools or other technologies that store information in the end user's terminal device. As a result, on our webpage you will not find a cookie banner or CMP for managing consents. 

12. YOUR RIGHTS AS A DATA SUBJECT
Right to confirmation - You have the right to request confirmation from us as to whether or not personal data concerning you is being processed by us.

Right to information Art. 15 GDPR - You have the right to receive free-of-cost information from us at any time about the personal data that we have stored about you and a copy of this data in accordance with the legal provisions.

Right to rectification Art. 16 GDPR - You have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data.

Right to erasure Art. 17 GDPR - You have the right to request us to erase personal data concerning you without undue delay where one of the grounds defined by the legal provisions applies and insofar as the processing or storage of the data is no longer necessary.

Right to restriction of processing Art. 18 GDPR - You have the right to demand that we restrict processing if one of the grounds defined by the legal provisions applies.

Right to data portability Art. 20 GDPR - You have the right to receive the personal data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us as the recipient of the personal data you have provided, where the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 (1) GDPR, you have the right to have your personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

Right to object Art. 21 GDPR - You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) (data processing carried out in the public interest) or (f) (data processing necessary for the purposes of legitimate interests) GDPR. This also applies to profiling based on these provisions within the meaning of Art. 4 (4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

In some cases, we may process personal data for direct marketing purposes. You can object to the processing of your personal data for the purpose of such marketing at any time. This also applies to profiling to the extent that it is related to such direct marketing.If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. 

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which we carry out for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Right to withdraw your consent to data processing - You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

Right to lodge a complaint with a supervisory authority - You have the right to lodge a complaint with a supervisory authority responsible for data protection about our processing of personal data relating to you. A list of the contact details of the data protection officers in the German federal states and of the supervisory authorities for the non-public sector and in other states can be found on the website of the Bundesbeauftragten für den Datenschutz und die Informationsfreiheit (BfDI = Federal Commissioner for Data Protection and Freedom of Information) in the Service – Addresses and Links rubric.

Automated decision-making including profiling - We do not use profiling within the meaning of Art. 22 GDPR in regard to the use of our websites.

13. STORAGE, ERASURE AND BLOCKING
We process and store your personal data only for the period of time that is required to achieve the purpose of storage or insofar as this is stipulated by the statutory provisions to which our company is subject.

When the storage purpose no longer applies or when the stipulated storage period expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

14. STORAGE PERIOD
The basis for the duration of the storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data is routinely erased, provided it is no longer required for the performance or the initiation of a contract.

15. QUESTIONS REGARDING DATA PRIVACY ISSUES
If you have any further questions, comments or other requests regarding your personal data that are not answered in the scope of this statement, please contact us at any time via one of the communication channels listed above.