Privacy

Data protection declaration

Name and contact of the person responsible according to Article 4 (7) GDPR

Zetweka Print & Production Management
Bläser GmbH & Co. KG
50931 Köln - Rautenstrauchstraße 81

T +49 (0)221.94 05 70-0
F +49 (0)221.40 11 97
info@zetweka.com

Data protection officer

Prof. Ulf Glende
Friedrich-Barnewitz-Str. 6
18119 Rostock-Warnemünde
info{at}glende-consulting.de


Security and Protection of personal data

We consider the protection of the confidentiality of your personal data as well as its protection from unauthorised access to be our primary duty. Therefore we apply the utmost care and use state-of-the-art security standards to ensure maximum protection of your personal data.

As a company under private law, we are subject to the provisions of the European Data Protection Regulation (GDPR) and the provisions of the Federal Data Protection Act (FDPA). We have taken technical and organisational measures to ensure that the data protection regulations are observed by us and our external service providers.

Definitions

The legislator requires that personal data be processed in a lawful manner, in good faith and in a manner that is comprehensible to the person concerned ("lawfulness, processing in good faith, transparency"). Therefore we hereby inform you of the specific legal definitions that are used in this data protection declaration:

1.Personal data

“Personal data“ shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment of an identifier such as a name, an identification number, location data, an online identifier or one or more distinctive characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

2.Processing

“Processing“ shall mean any operation or set of operations which is performed upon personal data, whether by automatic means or not, such as collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, disseminating or any other form of provision, collation or linkage, restriction, deletion or destruction.

3.Restriction of processing

“Restriction of processing” shall mean the tagging of stored personal data with the objective to restrict their future processing.

4.Profiling

“Profiling” shall mean any automated processing of personal data with the intent to use said personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or to predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.

5.Pseudonymisation

“Pseudonymisation” shall mean the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that this personal data cannot be attributed to an identified or identifiable natural person.

6.File system

“File system” is defined as any structured set of personal data that is accessible according to specific criteria, independent of whether the information is structured centrally, decentralised, functional or geographical.

7.Controller

“Controller” shall mean a natural or legal person, public authority, entity, agency or any other body that alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are specified by Union law or the law of the Member States, the controller or the specific criteria for their appointment may be laid down in accordance with Union law or the law of the Member States.

8.Processor

“Processor” shall mean a natural or legal person, public authority, entity, agency or any other body that processes data on behalf of the controller.

9.Recipient

“Recipient” shall mean a natural or legal person, public authority, entity, agency or any other body to whom personal data are disclosed, whether a third party or not. However, authorities which may receive personal data under Union law or the law of the Member States in the framework of a particular inquiry shall not be considered recipients; the processing of such data by said authorities shall be carried out in accordance with the applicable data protection legislation in keeping with the purposes of the processing.

10.Third party

“Third party” shall mean a natural or legal person, public authority, entity, agency or body other than the data subject, the controller, the processor, and the persons who are authorised to process the data under the direct authority of the controller or the processor.

11.Consent

The data subject’s “consent” shall mean any freely given specific, informed, and unequivocal indication of their wishes in form of a declaration or other clear affirmative act, by which the data subject signifies their agreement to personal data relating to them being processed.


Lawfulness of processing

The processing of personal data is only lawful if there is a legal basis for processing. Pursuant to Article 6(1), the legal basis for processing may be lit. a - f GDPR in particular:

a.The data subject has given their consent for processing of their personal data for one or more specific purposes;

b.processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;

c.processing is necessary for compliance with a legal obligation to which the controller is subject;

d.processing is necessary in order to protect the vital interests of the data subject or of another natural person;

e.processing is necessary for the performance of a task exercised for the public benefit or in the exercise of official authority conferred on the controller;

f.processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.

Information on the collection of personal data

(1) Below we inform you on the collection of personal data when accessing our website. Personal data are for example name, address, e-mail address, and user behaviour.

(2) If you contact us by e-mail, we will store the data you provide (e-mail address, name and telephone number if applicable) in order to answer your questions. We delete all data collected in this context after storage is no longer necessary or, in case statutory duties to preserve records exist, processing is restricted.

Collection of personal data when visiting our website

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we collect only the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website and to guarantee stability and security (legal basis is Art. 6(1)(1) lit. f GDPR):

–IP-adress

–Date and time of request

–Time zone difference to Greenwich Mean Time (GMT)

–Content of request (specific page)

–Access status/HTTP status code

–The amount of data transferred in each case

–Website from which the request originates

–Browser

–Operating system and its interface

–Language and version of browser software.

Use of Cookies

(1) In addition to the aforementioned data, cookies are stored on your computer when you access our website. Cookies are small text files that are stored on your hard-drive assigned to the browser you use and which transmit information flows to the website that placed the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective overall.

(2) This website uses the following cookies, whose scope and function are explained below:

–Transient cookies (see a.)

–Persistent cookies (see b.).

a.Transient cookies are deleted automatically when you close your browser. This includes in particular the session cookies. These store a so-called session ID which allows different requests of your browser to be assigned to one common session.This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

b.Persistent cookies are deleted automatically after a certain period of time, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.

c.You can configure your browser settings according to your wishes and for example refuse acceptance of third party cookies or all cookies. “Third party cookies” are cookies that are placed by a third party and thus not by the website you are presently visiting. Please note that by deactivating cookies you may not be able to use all functions of our website.

d.We use cookies in order to be able to identify you on future visits if you have an account with us. Otherwise you will have to log in again for each visit.

Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer a number of services you can use if you are interested. You are then generally required to give additional personal data which we use to provide the service and which are subject to the aforementioned data processing policy.

(2) In some cases we use external service providers to process your data. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are audited and checked regularly.

(3) In addition we may pass your personal data on to third parties if participation in promotions, competitions, conclusion of contracts or similar services is offered jointly with partners. You will receive further information when providing your personal data or in the fine print of the offer.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences thereof in the description of the offer.

Children

Our offer is strictly directed at adults. Persons under the age of 18 should not supply us with any personal data without consent of their parents or legal guardians.

Rights of the data subject

(1) Revocation of consent

If the processing of personal data is based on consent given by the data subject, they have the right to revoke consent at any time. The revocation of consent shall not affect the lawfulness of processing carried out on the basis of consent until revocation.

The data subject can contact us at any time to exercise their right of revocation.

(2) Right of confirmation

The data subject has the right to request confirmation from the controller as to whether their personal data is processed by us. Confirmation can be requested at any time using the above contact details.

(3) Right of information

If personal data are being processed, the data subject may at any time request access to those personal data and the following information:

a.the purpose;

b.the categories of personal data that are being processed;

c.the recipients or categories of recipients the personal data were disclosed to or will be disclosed to, in particular if recipients are located in third countries or are international organisations;

d.if possible the planned period of time that personal data will be stored or, if that is not possible, the criteria for determining this period of time;

e.the existence of the right of rectification or deletion of personal data or of restriction of processing by the controller or of objection to said processing;

f.the existence of a right of appeal to a supervisory authority;

g.if the personal data are not collected from the data subject, all available information on the origin of the data;

h.the existence of automated decision-making, including profiling under Article 22(1) and (4) GDPR and, at least in these cases, conclusive information on the logic involved and the scope and intended impact of such processing on the data subject.

If personal data are transferred to a third country or an international organisation, the data subject has the right to be informed of the appropriate securities in accordance with Article 46 GDPR related to the transfer. We provide a copy of the personal data that is the object of processing. We may charge an appropriate fee based on administrative costs for all further copies the data subject applies for. If the application is made electronically, the information shall be made available in a common electronic format, unless otherwise specified.

The right to obtain a copy under paragraph 3 shall not prejudice the rights and freedoms of other persons.

(4) Right of rectification

The data subject has the right to obtain rectification of inaccurate or incomplete personal data without delay from us. Allowing for the purpose of processing, the data subject has the right to request completion of incomplete personal data - also by means of supplementary declaration.

(5) Right of erasure („Right to be forgotten“)

The data subject has the right to request the controller to immediately delete all personal data and we are under obligation to immediately delete personal data if one of the following reasons applies:

a.The personal data are no longer necessary for the purpose for which they have been collected or otherwise processed.

b.The data subject revokes their consent to the processing which was based on Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for processing.

c.The data subject lodges an opposition against processing under Article 21(1) GDPR and there are no overriding legitimate reasons for processing or the data subject lodges an opposition against processing under Article 21(2) GDPR.

d.The personal data have been processed unlawfully.

e.Erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member states to which the controller is subject.

f.The personal data have been collected in relation to services provided by the information society under Article 8(1) GDPR.

Where the controller has made personal data public and is required to delete them under paragraph 1, he shall take appropriate measures, including technical, taking into account available technology and implementation costs, to inform the processor who processes the personal data that a data subject has requested them to delete all links to such personal data or copies or replications of such personal data.

The right of erasure („Right to be forgotten“) does not exist if processing is necessary:

–to exercise freedom of expression and information;

–for performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for performance of a task for the public benefit or in the exercise of official authority conferred on the controller

–for reasons of public interest in the field of public health under Article 9(2)(h) and (i) and Article 9(3) GDPR;

–for archiving purposes for the public benefit, for scientific or historical research purposes or for statistical purposes under Article 89(1) GDPR, where the right referred to in paragraph 1 is likely to render impossible or seriously impair the attainment of the objectives of such processing, or

–to assert, exercise or defend legal claims.

(6) Right of restriction of processing

The data subject has the right to request us to restrict processing their personal data if one of the following conditions is met:

a.the accuracy of personal data is contested by the data subject, and for a period of time that allows the controller to verify accuracy of this personal data,

b.the processing is unlawful and the data subject declines erasure of personal data and demands restriction of the use of personal data instead,

c.the controller no longer needs the personal data for the purpose of processing, but the data subject needs them for assertion, exercise or defence of legal claims, or

d.the data subject lodged an opposition against processing under Article 21(1) GDPR, until the time it has been established whether the controller’s valid reasons outweigh those of the data subject.

If processing has been restricted under abovementioned conditions, personal data will only be processed – apart from storing – with consent of the data subject or for asserting, exercising or defending legal claims and for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.

The data subject can contact us at any time to exercise their right of restriction of processing by using the contact details above.

(7) Right of data portability

The data subject has the right to receive the personal data they have provided to us in an organised, current and machine-readable format, and they have the right to transmit this data to another controller without interference by the controller to whom the personal data was provided, as long as:

a.processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) GDPR; and

b.processing is carried out by automated means.

When exercising the right of data portability under paragraph 1, the data subject has the right to have the personal data transferred directly from one controller to another, provided this is technically viable. Exercising the right of data portability does not affect the right to erasure (“right to be forgotten”). This right shall not apply to processing necessary for the performance of a task for the public benefit or in the exercise of official authority conferred on the controller.

(8) Right of objection

The data subject has the right to object at any time to the processing of their personal data taking place under Article 6(1)(e) or (f) GDPR for reasons arising from their particular situation, including profiling based on these regulations. The controller then no longer processes their personal data, unless he can prove compelling reasons worth protecting for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

In the context of using services provided by the Information Society, the data subject can exercise their right of objection by means of automated procedures using technical specifications, Directive 2002/58/EC notwithstanding.

The data subject has the right to object to the processing of their personal data for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1), for reasons arising from their particular situation, unless such processing is necessary for the performance of a task for the public benefit.

The data subject can exercise their right of objection at any time by contacting the respective controller.

(9) Automated decisions on a case-by-case basis including profiling

The data subject has the right to not become subject to a decision based exclusively on automated processing – including profiling – that has legal effects on them, or that similarly impairs them in a significant way. This right does not apply when the decision:

a.is necessary for the formation or the performance of a contract between the data subject and the controller,

b.is admissable by the law of the Union or the Member States the controller is subject to and these legal regulations contain appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject; or

c.follows the express consent of the data subject.

The controller shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, which includes at the minimum the right to obtain an intervention by a person on the part of the controller, the presentation of their own position and the appeal of the decision.

The data subject may exercise this right at any time by contacting the controller.

(10) Right of appeal to a supervisory authority

The data subject also has, without prejudice to any other administrative or judicial remedy, the right of appeal to a supervisory authority, in particular of the Member state of their residence, their workplace or of the place of the suspected infringement, if the data subject considers that the processing of their personal data is in violation of these regulations.

(11) Right to an effective judicial remedy

The data subject has, without prejudice to any other administrative or extra-judicial remedy, including the right of appeal to a supervisory authority under Article 77 GDPR, the right to an effective judicial remedy, if they consider that their rights under this regulation have been infringed as a result of processing their personal data incommensurate with this regulation.

Use of von Matomo (was Piwik)

(1) This webpage uses the web analysis service Mamoto in order to analyse and continually improve use of this webpage. The obtained statistics allow us to improve our offer and make it more interesting for the user. Legal basis for the use of Mamoto is Article 6(1)(1) lit. GDPR.

(2) For the analysis mentioned above, cookies are stored on your computer. The information collected in this manner are stored exclusively on the controller’s server in [Germany]. You can discontinue the analysis by deleting existing cookies and pre-empting the storage of cookies. If you pre-empt the storage of cookies, please note that you may not be able to use this webpage to its full extend. Pre-empting the storage of cookies is possible through adapting the settings in your browser. To prevent the use of Mamoto, uncheck the following box to activate the opt-out plug-in: [Mamoto iFrame].

(3) This webpage uses Mamoto with the “AnonymizeIP” extension, which truncates the processing of IP addresses. A direct relation to a person thereby becomes impossible. The IP address transmitted by your browser using Matomo will not be merged with other data collected by us.

(4) The programme Mamoto is an open source project. You can obtain the third party provider’s information on data protection at https://matomo.org/privacy-policy/.

Changes to our data protection regulations

We reserve the right to change our security and data protection measures if it becomes a necessity due to technical developments. In that case we will adapt our data protection information as well. So please always note the latest version of our data protection declaration.

Links

If you use external links that are supplied within the framework of our website, this data protection declaration does not apply to those links. Insofar as we supply links, we guarantee that at the time the link was placed, there were no discernible violations of prevailing law on the linked webpage. However, we have no control over or influence on whether their providers comply with privacy and data protection regulations. Therefore please check other providers’ data protection declaration on their webpages as well.

Questions, suggestions, complaints

If you have any questions regarding our privacy policy or the processing of your personal data, please contact our external data protection officer Prof. Ulf Glende, GLENDE.CONSULTING directly or send an e-mail to info {at} glende-consulting.de. Prof. Glende is also available in case of requests for information, for suggestions and complaints.

Last updated: May 2018

Transparency Declaration

Information in accordance with art. 13,14 DSGVO (German version of GDPR) (effective from May 25, 2018)

Compliance with data protection regulations is of great importance to our company. We would like to inform you below about how your personal data is collected by us:

Accountable body

Zetweka Print & Production Management, Bläser GmbH & Co KG

Rautenstrauchstr. 81, 50931 Köln

Tel: 0221-940 570 0

Fax: 0221-401 197

eMail: info@zetweka.com

Represented by: H.-Jürgen Klusch, Manfred H. Bläser

Accountable body

Prof. Ulf Glende

info@glende-consulting.de

Data we require (for the purpose of data processing and as legal basis)

For the purpose of fulfilling the agreed upon services, we in particular collect the following information from our customers and, if applicable, their employees and business partners:

  • Category of data:
  • Sources:
  • Purpose:
  • Contact details (form of address, title, given name, surname, address)
  • Communication data/contact person (e-mail address(es), telephone, fax, mobile phone number)
  • Bank details (account data)
  • VAT ID
  • IP-address for online contacts and other generally accessible data

  • Your details in the contact form, your data from e-mails or personal or telephone contact with us
  • Search results, generally accessible data, data from address acquisitions

The personal data is collected:

  • to be able to identify you as a customer
  • to be able to advise you appropriately
  • to be able to fulfil our contractual obligations to you
  • to be able to comply with our legal obligations
  • to be able to correspond with you
  • for invoicing or, if necessary, as part of the dunning process
  • for the purposes of authorised direct marketing
  • to assert any claims against you

The processing of data is done on request by the customer and is, in accordance with Art. 6 para. 1 sentence 1 lit. b DSGVO, required for the aforementioned purposes of processing the order and for the fulfilment of obligations arising from the contract on both sides.

In addition we process personal data if it is necessary to fulfil a legal obligation pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, if we have received consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO, or if processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO. Marketing purposes, administrative purposes within the corporate group, maintenance of operations and the fulfilment of warranty claims are considered legitimate interests.

As a general rule, the collected data is stringently required for establishing business relationships as well as transacting business, including the fulfilment of resulting obligations.

Consequences of not providing data

There is no obligation to provide the data on a regular basis. As a rule, not providing personal data entails that there can be no business relationship established between us as we do not have the data required to perform our task. There is, however, the possibility that on occasion the lack of some or of all data may lead to inquiries.

Data erasure

In case of no retention period, the data will be deleted as soon as storage is no longer necessary or legitimate interest in storage has expired. Failing appointment, this will usually be six months after the end of the application process at the very latest. The length of storage then depends on the statutory duty to preserve records, e.g. the revenue code (6 years) or the German Commercial Code (10 years). If you have not been hired but your application is still of interest to us, you will be asked for permission to retain your application for future appointments.

Confidential treatment of your data

The data will only be used internally and passed on to the relevant departments. Transmission of personal data to third parties as defined by the data protection law does not occur on principle.

Exceptions to this only apply insofar as they are necessary for the processing of our contractual relationship with you. This includes in particular the transfer to service providers commissioned by us (so-called data processors) or other third parties whose actions are required for the performance of the contract (e.g. shipping companies or banks). The transferred data may only be used by the third parties for this express purpose. The contractors are under obligation to us pursuant to Art. 28 DSGVO and are subject to our right of instruction. In the process, your data leaves neither the EU nor the EEA.

Your privacy rights

In accordance with EU General Data Protection Regulation (DSGVO), you have the following rights:

If your personal data is processed, you have the right to obtain information about personal data that has been stored (Art. 15 DSGVO).

If incorrect personal data is processed, you have the right of rectification (Art. 16 DSGVO). In case legal requirements are met, you can request the deletion or restriction of processing (Art. 17, 18 DSGVO).

You have the right to object to the processing (Art. 21 DSGVO).

If you do not provide the required data:

  • your inquiry cannot be processed,
    • we cannot enter into a contract with you,
    • the following steps cannot be taken … (etc.)

If you have consented to data processing or a contract for data processing exists and data is processed by automated processes, you may have a right to data portability (Art. 20 DSGVO).

If you exercise your abovementioned rights, we will check whether legal requirements for this are met.

Automated decision making or profiling

We do not use automated decision making including profiling.

How to complain

You may complain about the processing of your personal data to:

The State Representative for Data Protection and Freedom of Information Northrhine Westfalia, Federal Republic of Germany


PO Box 20 04 44
40102 Düsseldorf

Germany

Tel.: +49 211/38424-0
Fax: +49 211/38424-10
E-Mail: poststelle@ldi.nrw.de

Information in accordance with art. 13,14 DSGVO download as PDF document