Data Protection Declaration

General information

When you visit our website and access individual page contents, you entrust your data to us. The following Data Protection Declaration is intended to give you a simple overview of which data we collect and record, the purposes for which we collect the data, and what we do with the recorded data.

It concerns the collection of personal data when visiting this website. Personal data includes all data that can be related to you personally, e.g. name, address, email and user behaviour.

Panther Packaging GmbH & Co. KG takes the protection of your personal data very seriously, and we adhere strictly to the rules of the data protection laws. The following declaration gives you an overview of how we implement this protection.

Responsible Body within the meaning of the General Data Protection Regulation (GDPR)

Name/company name: Panther Packaging GmbH & Co. KG
Hereinafter “Panther Packaging”
address: Altonaer Straße, 25436 Tornesch/Germany
Commercial Register No.: HRA 968 EL / Register Court: Pinneberg County Court
Managing Directors: Axel Hilmer, Oliver Winkler, Dr. Frank Hibinger
phone: +49 (0) 4122 501-0
email: info@panther-packaging.de

The Responsible Body is the natural person or legal entity who/that takes decisions, alone or together with others, about the purposes and means of processing of personal data (e.g. names, emails etc.).

Data Protection Officer

Name: Elke Petersen
address: Altonaer Straße, 25436 Tornesch/Germany
phone: +49 (0)4122 501-0
email: datenschutz@panther-packaging.de

Data collection on our website

Every time our website is accessed, we and/or the webspace provider automatically collect and transmit data. This information, also called server log files, are of a general nature and do not allow any conclusions about to your person.

These server log files contain essentially the following details:

  • Browser type and browser version
  • The operating system being used
  • The Referrer URL (the page from which you accessed our offering)
  • The host name of the accessing computer
  • The time of day of the server request
  • File names and file sizes (e.g. of graphics)
  • The IP address

This data is not combined with other data sources.

Without this data it would be partially technically impossible to deliver and display website contents and to guarantee faultless provision of the website. To this extent the collection of data is a mandatory necessity. The legal basis for the temporary data storage is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR).

We process users’ personal data only in compliance with the relevant data protection provisions. This means that users’ data is processed only when statutory permission exists. In particular, when data processing is necessary to supply our contractual services (e.g. processing orders/enquiries) and for online services, or is prescribed by statute, a user’s consent is available, and also based on our justified interests (i.e. in the interests of the analysis, optimisation, economic operation and safety/security of our online offering within the meaning of Art. 6 para. 1 lit. f of the GDPR, especially for reach measurement, preparing profiles for advertising and marketing purposes, and to collect access data and deployment of the services of third-party providers).

Furthermore, we use the anonymous information for statistical purposes. It helps us to optimise the offering and the technology. We also reserve the right to monitor the log files retrospectively if unlawful use of our offering is suspected.

We draw attention to the fact that the legal bases for the permission are Art. 6 para. 1 lit. a and Art. 7 of the GDPR, the legal basis for processing to fulfil our services and carry out (pre-) contractual measures is Art. 6 para. 1 lit. b of the GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f of the GDPR.

Handling personal data, registration with our website/contact forms

Personal data will be collected, if you register on our website, e.g. to use the Specifications Boxx (Customer Login), or you contact us via online functions (contact form). These data include, among other things, the company name, forename and surname, address, phone and email as contact data.

We process the data in the context of your contacting us to execute the enquiry and to handle it, and we process stored data (e.g. users’ names, addresses and contact data) and contract data (e.g. services used, names of contact persons) to fulfil our contractual duties and service performances pursuant to Art. 6 para. 1 lit. b of the GDPR.

If the Specifications Boxx is used, registration enables access to services and contents that are available only to registered users. If necessary, registered users are able at any time to modify or delete the data stated in the context of registration. Of course, on request we will inform you, which personal data were collected and stored. Moreover, we will correct or delete the data on request, provided the request is not opposed by statutory preservation periods. Please use the contact data in this Data Protection Declaration for any enquiries and to request correction or deletion of data. 

If you allow us to receive data via our job application form (name, address, email, phone and the associated job application documents such as CV, covering letter, additional information), you thereby agree to electronic processing for the job application process within the Panther Group. When the user’s permission is available, the legal basis for processing is Art. 6 para. 1 lit. a of the GDPR. If the processing is for purposes of an employment relationship, an additional legal basis is Art. 88 para. 1 of the GDPR in conjunction with section 26 para. 1 of the BDSG (German Federal Data Protection Act) (new).

We use these documents exclusively in the context of the job application process. After finishing the process, the data will be deleted again unless mandatory statutory preservation periods prescribe other procedures.

If you contact us by email, we store the information you give/data you provide to reply to your enquiry and to raise possible follow-up questions.

The data you have communicated remains with us until you request deletion, revoke your consent to storage, or the purpose of the data storage ceases to exist (e.g. after the processing of your enquiry has been completed). Mandatory statutory provisions – especially preservation periods – remain unaffected.

You have a fundamental right to ask for data that we process automatically on the basis of your consent or to fulfil an enquiry to be handed over to you or to a third-party in a current machine-readable format. You are also entitled to data transferability.

Many data processing procedures are possible only with your express permission. You can at any time revoke a consent you have already given. An informal email to us is sufficient for this purpose. The legitimacy of the data processing that has taken place until revocation is unaffected by the revocation.

Your rights

On request, you have the right to receive information about the personal data we stored about you. Users are also entitled to the correction of incorrect data, restriction of processing and the deletion of your personal data, to assert your rights to data portability insofar as relevant, and to file a complaint with the responsible supervisory authority, if unlawful data processing is suspected. You can also revoke the consent, basically with effect for the future.

You can contact our Data Protection Officer (see above) at any time in this connection and in relation to any other queries on the subject of personal data.

In the event of violations of data protection law, the person concerned has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state Data Protection Officer of the federal state, in which our company is based, consequently the Independent State Center for Data Protection in Kiel (Schleswig-Holstein/Germany). A list of Data Protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Encrypted data transfer

To safeguard the security of your data during transfer, we work using encryption processes (e.g. TLS) via HTTPS reflecting the current state of the art.

For security reasons and to protect the transmission of confidential contents, e.g. contact enquiries, that you sent us as the site operator, this site uses SSL and/or TLS encryption. You can recognise an encrypted connection by the fact that http:// in the browser changes to http://https://, and by the lock symbol in your browser.

When SSL or TLS encryption is activated, third parties cannot read the data you transfer to us.

Inclusion of third-party services and contents

Our offer occasionally includes services and performances from other providers. Examples include functions to safeguard against spam (Google reCAPTCHA), YouTube videos and graphics/images from other websites. Communication of the IP address is absolutely essential to allow this data to be accessed and displayed in the user’s browser. Thus, the providers (hereinafter called “third-party providers”) become aware of the respective user’s IP address.

Although we endeavour to use exclusively third-party providers that need the IP address only to enable the delivery of contents, we have no influence on the IP address may possibly be stored. In that case, this process is intended for statistical purposes, among other things. Insofar as we know that the IP address is being stored, we inform our users.

Data is handed over to third parties only within the framework of statutory provisions. We pass on user’s data to third parties only, if this is necessary for contractual purposes, e.g. based on Art. 6 para. 1 lit. b of the GDPR, or on the basis of justified interests in the effective, economic operation of our business pursuant to Art. 6 para. 1 lit. f of the GDPR.

Cookies

This website uses cookies. These are text files originating from the server and stored on your devices. They contain information about the browser, the IP address, operating system and Internet connection. We do not forward this data to third parties, or link it to personal data without your permission.

Cookies fulfil two main tasks: They help us to make it easier for you to navigate through our offer, and they enable the website to be displayed correctly. Most of the cookies we use are so-called “session cookies” and are automatically deleted after your visit ends. Other cookies remain on your device until you delete them. These cookies enable us to recognise your browser when you visit us again.

You can adjust your browser in such a way that you are informed about the setting of cookies, that you exclude the acceptance of cookies for specified cases or in general, and that you activate the automatic deletion of cookies, when the browser is closed.

You have the option to access our offer even without cookies. The corresponding browser settings must be modified in order to achieve this. Please obtain information from your browser’s help function about, how cookies are deactivated. However, we draw attention to the fact that this may impair some of this website’s functions and may restrict the convenience of its use. The following pages will allow you to manage online advertising cookies:

www.aboutads.info/choices/ (USA) and www.youronlinechoices.com/uk/your-ad-choices/ Europe). The legal basis for processing personal data using cookies is Art. 6 para. 1 lit. f of the GDPR.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to check whether data is being entered on our website (e.g. in a contact form) by a human being or by an automated program. To do this, reCAPTCHA analyses the website visitor’s behaviour based on various characteristics. This analysis begins automatically when the visitor enters the website. To perform the analysis, reCAPTCHA assesses various information (e.g. IP address, the website visitor’s residence time on the website, or mouse movements carried out by the user). The data collected during the analysis are forwarded to Google.

reCAPTCHA analyses run entirely in background. Visitors of the website are not informed that an analysis is taking place.

Data processing takes place based on Art. 6 para. 1 lit. f of the GDPR. The website operator has a legitimate interest in protecting his web offerings against improper automated spying and against spam.

You will find more information on Google reCAPTCHA and Google’s Data Protection Declaration on the following links: www.google.com/intl/de/policies/privacy/ and www.google.com/recaptcha/intro/android.html.

Social Media plug-ins

We do not use any social media plug-ins on our website.

Presence in the social web

a) LinkedIn

The LinkedIn Ireland Unlimited Company (Ireland / EU - "LinkedIn") is sole responsible party for the processing of personal data when visiting our LinkedIn page. Further information on the processing of personal data by LinkedIn can be found at: www.linkedin.com/legal/privacy-policy.

When you visit our LinkedIn company page, follow this page or click on the links provided, or similar, LinkedIn processes personal data in order to provide us with statistics and insights in anonymous form. This gives us information about user behavior (so-called Page Insights). For this purpose, LinkedIn processes data that you have already made available to LinkedIn via the information in your profile, such as data on function, country, industry, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, for example whether you are a follower. With the Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual persons/members using the information in the Page Insights. This processing of personal data in the context of the Page Insights is carried out by LinkedIn and us as jointly responsible. The processing serves our legitimate interest in evaluating the types of actions taken or user behavior on our LinkedIn company page and to improve our website on the basis of this knowledge. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. We have reached an agreement with LinkedIn on processing as jointly responsible, in which the distribution of data protection obligations between us and LinkedIn is specified. The agreement is available on: legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:

LinkedIn and we have agreed, that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or contact LinkedIn using the contact details in the privacy policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us using our contact details to exercise your rights in connection with the processing of personal data as part of the Page Insights. In such a case, we will forward your request to LinkedIn.

We and LinkedIn have agreed that the Irish Data Protection Commission will be the lead supervisory authority overseeing the processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (www.dataprotection.ie) or any other regulatory authority.

Please note that in accordance with the LinkedIn data protection guidelines, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees under Art. 46 GDPR.

We process information that you have made available to us via our LinkedIn company page. Such information can be the username, contact details or a message to us. We are sole responsible party for this processing. We process this data on the basis of our legitimate interest in getting in contact with persons. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Further data processing can take place, if you have given your consent (Art. 6 para. 1 lit. a GDPR), or if this is necessary to fulfill a legal obligation (Art. 6 para.1 lit. c GDPR).

b) Xing

In principle, New Work SE (Germany/EU) is sole responsible party for the processing of personal data when you visit our company profile on Xing. Further information on the processing of personal data by New Work SE is available on privacy.xing.com/de/datenschutzerklaerung.

We process information that you have made available to us via our Xing company page. Such information can be the username, contact details or a message to us. We are sole responsible party for this processing. We process this data on the basis of our legitimate interest in getting in contact with inquiring persons. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Further data processing can take place, if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 lit. c  GDPR).

c) YouTube

In principle, Google Ireland Limited (Ireland/EU) is sole responsible party for the processing of personal data when the videos, that we provide on YouTube, are called up. Further information on the processing of personal data by YouTube or Google Ireland Limited can be found on the following link: policies.google.com/privacy.

We process information that you have made available to us via the YouTube platform. Such information can be, for example, the username, contact details or comments to us. We are sole responsible party for this processing. We process this data on the basis of our legitimate interest in getting in contact with inquiring persons. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Further data processing can take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR).

Embedded YouTube Videos

YouTube videos are embedded on our website. YouTube is used in the interest of a modern company presentation. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

When you visit a page on our website that contains an embedded video, your browser establishes a direct connection to the Google servers. The content of the video is transmitted directly from Google to your browser, which integrates it into the website.

By integrating the video, Google receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Google account or are not currently logged into Google. This information (including your IP address) is transmitted directly from your browser to a Google server in the USA and stored there. If you are logged in to Google, Google can assign your visit to our website directly to your YouTube/Google account. When you play the video, this information is also sent directly to a Google server and stored there.

Google can use this information for the purpose of advertising, market research and the needs-based design of Google pages. For this purpose, Google creates usage, interest and relationship profiles, for example to evaluate your use of our website with regard to the advertisements shown to you on Google and to provide other services associated with the use of Google.

If you do not want Google to assign the data collected via our website to your Google account, you must log out of Google before visiting our website.

The purpose and scope of the data collection, the further processing and the use of the data by Google as well as your related rights and setting options to protect your privacy can be found in Google's data protection information on: policies.google.com/privacy= de

d) Facebook Page

When you visit our Facebook page, certain information about you is processed. Facebook Ireland Ltd. (Ireland/EU) is sole responsible party for this processing of personal data. Further information on the processing of personal data by Facebook is available on: www.facebook.com/privacy/explanation.

Processing of Page Insights

Facebook provides us with statistics and insights for our Facebook page in anonymised form, with the help of which we obtain information about the types of actions that persons carry out on our page (so-called "Page Insights"). These Page Insights are created based on certain information on human beings who have visited our page. This processing of personal data is carried out by Facebook and us as jointly responsible. The processing serves our legitimate interest in evaluating user behavior, i.e. the types of actions taken on our page, and to improve it based on this knowledge. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. Under no circumstances we will attribute the information obtained via the Page Insights to a specific Facebook profile via the reference to "Like" information for our page.

We have reached an agreement with Facebook about the processing as jointly responsible, in which the distribution of the data protection obligations between us and Facebook is stipulated. Details about the processing of personal data for the creation of Page Insights and the agreement concluded between us and Facebook can be found on: de-de.facebook.com/legal/terms/information_about_page_insights_data.

Processing of data communicated to us via our website

We also process information that you have made available to us via our Facebook page. Such information can be the Facebook name, contact details or a message to us. We only process this personal data if we have expressly asked you to provide us with this data beforehand, for example in the context of a survey or a competition. We are sole responsible party for this processing.

If your request is aimed at concluding or executing a contract with us, Art. 6 para. 1 lit. b GDPR is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in getting in contact with inquiring persons. The legal basis for data processing is then Art. 6 para. 1 lit. f GDPR.

Objection to advertising mails

The use of contact data published within the scope of the imprint obligation as well as within this data protection declaration for the transmission of not expressly requested advertising and information materials is hereby contradicted. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, e.g. through spam emails.

Deletion of data

The data we store will be deleted as soon as it is no longer needed for its intended purpose, and no statutory preservation obligations stand in the way of deletion. Insofar as user data is not deleted because it is needed for other, statutory permissible purposes, its processing will be restricted. The data will be blocked and not processed for other purposes. This applies, for example, to user data that must be preserved for commercial or tax law reasons.

Right to object

You can object to the future processing of your personal data in accordance with the statutory provisions at any time. In particular, objection can take place against processing for direct advertising purposes.

Modification of our Data Protection Declaration

We regularly update this current Data Protection Declaration in order to adapt it to changed legal situations or to changes in the service and data processing. The current Data Protection Declaration can be accessed and printed out at any time at https://www.panther-packaging.com/en/data-protection/.