DE EN FR US ES

Data protection information

 

The Pöppelmann Group attaches great importance to acting responsibly when handling personal data and complying with data protection regulations.

This privacy policy informs you about the type, scope and purpose of the collection and processing of personal data by the Pöppelmann Group and your rights in accordance with Art. 12 ff GDPR. The contact details provided in this data protection notice can be used to exercise these rights.

Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes, for example, a person's name, email address, telephone number or IP address.
 

If personal data is collected by us, we process and use it only for our internal purposes to fulfill the purpose of the company, if it is necessary for the conclusion or execution of a contract and only if there is a legal basis or the data is provided to us voluntarily on the basis of your consent.

Personal data is only collected, used and passed on by companies in the Pöppelmann Group if this is permitted by law or on the basis of your voluntary consent.

As a rule, the legal bases are

if consent to the processing of personal data has been given (Art. 6 para. 1 lit. a GDPR),

if personal data must be processed to fulfill a contract or to initiate a contract (Art. 6 para. 1 lit. b GDPR),

if the processing of personal data is necessary to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR) or

if we process personal data on the basis of a legitimate interest or on the basis of a legitimate interest of a third party (Art. 6 para. 1 lit. f GDPR).


Under no circumstances will the data collected be sold or passed on to third parties for other purposes.


This data protection information does not apply to content, applications, products, services, websites or social media functions of third parties not belonging to the Pöppelmann Group that are offered via links on our websites www.poeppelmann.com or the websites of the online stores or to which we refer there. If you follow these links, you will leave our website. It may happen that third parties collect or pass on data about you. We have no influence on this and accept no responsibility for the content or data protection practices of such external websites. Therefore, please always check the data protection declarations of all third-party providers before you enter your personal data there.

This privacy policy informs you about the type, scope and purpose of the collection and processing of personal data by the Pöppelmann Group and your rights in accordance with Art. 12 ff GDPR. To exercise these rights, you can use the contact details provided in this data protection notice.

We recommend that you check our privacy policy regularly for updates. As soon as we adapt our data processing processes or due to legal requirements, we will also adapt this declaration accordingly. Addresses or contact information of specified companies and organizations may change. Please check that they are up to date and correct before contacting us.

A. Notes on accessing the Pöppelmann website

1. data collected

The Pöppelmann Group automatically collects and stores information on the web server with log files for statistical evaluation, which your browser transmits to us when you access the website. These are Browser type and version, operating system used, visitor IP address, date and time of access, pages visited, amount of data transferred, notification of successful access and the requesting provider. The IP address is only used by us to defend against attacks and to optimize our website and is deleted after seven days. When you visit our website, we process information in so-called server log files, which your browser automatically transmits to us. The purpose of data processing is to ensure that the website is displayed correctly and to guarantee the secure operation of the website.

The legal basis for data processing is Article 6 para. 1 lit. f GDPR, § 25 para. 2 no. 2 TTDSG. As the website operator, we have a legitimate interest in the correct presentation of the website and in ensuring the secure operation of the website.

The data processed in connection with the collection of server log files is stored for as long as is necessary for the aforementioned purposes. The IP address is only used by us to defend against attacks and to optimize our website and is deleted after seven days.

2. cookies

When you access the Pöppelmann GmbH & Co KG website as a user, one or more cookies are stored on your computer. A cookie is a small file that contains a specific character string and can be used, for example, to uniquely identify your browser. We use cookies to improve the convenience and quality of our service, for example by storing user settings and to carry out the electronic communication process or to provide our services. Cookies are stored as small text files on your computer and saved by your browser. "Session cookies" are automatically deleted at the end of your visit. Cookies do not damage your computer and do not contain viruses.

It is also possible to use the website without cookies. You can deactivate the storage of cookies in your browser, restrict it to certain websites or set your browser so that it notifies you before a cookie is stored. You can delete cookies from your computer's hard disk at any time using your browser's data protection functions. In this case, however, the functions and user-friendliness of our website may be restricted. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this data protection information and only processed after prior consent.

3. contact forms

When you contact the Pöppelmann Group via the website or the online stores (e.g. via contact form, chat or email), the information you provide there, including the contact details you provide, will be stored for the purpose of processing the inquiry and in the event that follow-up questions arise.

You can revoke your consent to the storage of the personal data stored by us at any time by e-mail, fax or letter. Please send your objection on behalf of all companies in the Pöppelmann Group to :
 

The following categories of personal data are processed for an inquiry via the contact form:

Your request

customer number

your name

e-mail address

Telephone number

Your message

The mandatory data will be processed for contract purposes or contract initiation. The processing of the data voluntarily provided by you is carried out on the basis of Art. 6 para. 1 lit. f GDPR. According to this, processing is permitted if it is necessary to safeguard our legitimate interests. Our legitimate interest is to have contact with you and our customers, to improve the quality of our advice and to be able to contact you more easily in the event of any queries.

The data you enter in the contact form will remain with us until you ask us to delete it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Statutory retention obligations remain unaffected. Please address your objection on behalf of all companies in the Pöppelmann Group to:
 

Pöppelmann GmbH & Co.
Plastics plant toolmaking
Bakumer Str. 73
49393 Lohne
Fax: 0 44 42 / 982-1003
E-Mail: datenschutz@poeppelmann.com

 

4. website services, tracking and retargeting

Below we explain the website services, tracking and retargeting tools we use. These are tools that we use, for example, to measure the reach or use of our website and for advertising. The legal basis for the processing of your personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR, provided that you have given us this consent via cookie opt-in when visiting our website and no other legal basis is specified below.

 

You can revoke this consent at any time for the future by clicking on this link, then clicking on "Select cookies" and unchecking the box next to "Performance and tracking cookies".

4.1 Live chat tool Social Intents

We use the Social Intents live chat tool to offer you the opportunity to contact us spontaneously. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. A connection to the Social Intents servers is established to enable contact to be made and the service to be integrated. All data collected when using the chat tool is processed on its servers and then deleted.

You can find further information on data protection on the Social Intents homepage at https://www.socialintents.com/privacy.html.

4.2 Google services

We use various services of Google LLP, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"), which are described individually below. The legal basis for this is Art. 6 para. 1 lit. a GDPR. The European Commission's standard contractual clauses for the transfer of data for online advertising and personal data originating from the European Economic Area, Switzerland and the United Kingdom have been concluded with Google.

Further information can be found in the following linked entry:

https://privacy.google.com/intl/de/businesses/compliance/.

Further information on data protection at Google can be found at the following link http://www.google.de/intl/de/policies/privacy.

4.2.1 Google Analytics

The Pöppelmann Group website uses Google Analytics, a web analysis service from Google for the statistical evaluation of user access. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

You can also prevent data collection by Google Analytics and thus revoke your consent by clicking on the link below. An opt-out cookie will be set to permanently prevent the future collection of your data when you visit this website: Click here to object to the processing of your data by Google Analytics.

You can find more information on terms of use and data protection at Google Analytics at: https://www.google.com/analytics/terms/de.html. Please note that on this website Google Analytics has been extended by the code "gat._anonymizeIp();" in order to ensure an anonymized collection of IP addresses (so-called IP masking).

4.2.2 Google Dynamic Remarketing

Google Dynamic Remarketing enables us to show you our advertisements when you continue to use the internet after visiting our website. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your usage behavior when you visit various websites. This enables Google to determine your previous visit to our website. According to Google, the data collected in the context of remarketing is not merged with your personal data, which may be stored by Google. In particular, according to Google, pseudonymization is used in remarketing.

We use Google Dynamic Remarketing for marketing and optimization purposes, in particular to display ads that are relevant and interesting to you, to improve campaign performance reports and to achieve a fair calculation of advertising costs.

4.2.3 Google Maps

We use Google Maps, an online map service from Google, on our website. This enables us to show you interactive maps directly on the website and allows you to use the map function conveniently. When you visit our website, Google receives the information that you have accessed the corresponding subpage of our website. Your IP address will be transmitted. This occurs regardless of whether you have a Google user account that you are logged in to or whether you do not have a user account. If you are logged in to Google, your data, such as your visit to our site, can be assigned to your account. To avoid this, you can log out of Google before using our website.

4.2.4 Google Fonts

We use Google Fonts to design our websites with various fonts. To integrate these fonts, Google servers are accessed, whereby your IP address is transmitted to these Google servers. The servers may be located in the USA or other servers outside the European Union. According to its own statement, Google does not use your IP address to track your activities, but only to statistically evaluate the use of fonts. Google does not draw any conclusions about individual visitors. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Further information on data protection with regard to Google Fonts can be found here at Google.

4.2.5 Google Display & Video 360 (formerly Doubleclick Bid Manager)

On this website, we use the Display & Video 360 tool from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which collects data for analysis, marketing and optimization purposes and thus helps us to improve our marketing measures and our website. The data collected is used by Display & Video 360 to link advertising contacts and clicks on advertisements with the resulting use of our website. In this way, we can determine whether Internet users who see our ads visit our website or which products they are interested in. This helps us to use our advertising budget more efficiently. The data collected may also be used by us to deliver advertising based on your interests (e.g. products viewed).

 

Pseudonymous online identification numbers (such as cookie IDs or IP addresses) are used for data collection. No unique user-related data such as name or address is stored. All of the IDs we use merely enable us to recognize your end device and your Internet browser. The data collected will not be used by us to personally identify you as a user of our website without your separate consent.

 

We would like to point out that Google may link the visit to this website with the registered data for users who have registered with Google. You can find out exactly what Google does with your data on Google's data protection pages by clicking on the following link:

 

https://privacy.google.de/intl/de/take-control.html?categories_activeEl=sign-in

 

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

 

Under the following link you will find an explanation of how you can deactivate data collection by Google on your computer or mobile device: https://support.google.com/ads/answer/7395996

4.2.6 Campaign Manager (formerly DoubleClick by Google)

This website continues to use the online marketing tool Campaign Manager from Google. Campaign Manager uses cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Campaign Manager can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and makes a purchase there. According to Google, Campaign Manager cookies do not contain any personal information.

 

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Campaign Manager, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.

 

In addition, the Campaign Manager (DoubleClick Floodlight) cookies used enable us to understand whether you perform certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or on another platform via Campaign Manager (conversion tracking). Campaign Manager uses this cookie to understand the content you have interacted with on our websites in order to be able to send you targeted advertising later.

 

You can prevent participation in this tracking process in various ways:

 

(a) by setting your browser software accordingly; in particular, suppressing third-party cookies will result in you not receiving ads from third-party providers;

 

b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com,https://www.google.de/settings/ads, whereby this setting will be deleted if you delete your cookies;

 

c) by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies;

 

d) by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin;

 

e) by means of a corresponding cookie setting. We would like to point out that in this case you may not be able to use all functions of this website to their full extent.

 

In addition, you can prevent Google from collecting the data generated by the cookies about your use of the websites and the processing of this data by Google by downloading and installing the browser plug-in available at https://support.google.com/adsense/answer/142293?hl=de under "Display settings", "Campaign Manager deactivation extension".

 

Further information on Campaign Manager can be found at https://www.google.de/doubleclick and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

4.2.7 Google Tag Manager

This website uses Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags, does not set cookies and does not collect any personal data. The Google Tag Manager triggers other tags that may collect personal data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it will remain in place for all tracking tags if they are implemented with Google Tag Manager.

4.3 LinkedIn services

We use various services of LinkedIn Ireland Unlimited Company (hereinafter "LinkedIn") with which a data processing agreement has been concluded. (https://de.linkedin.com/legal/l/dpa).

 

Insofar as personal data is transferred to countries outside the European Union or EEA during this use, LinkedIn has undertaken to ensure legal data protection by complying with the EU standard contractual clauses.

 

Further information on data protection at LinkedIn can be found at :

https://www.linkedin.com/legal/privacy-policy?_l=de_DE

 

The LinkedIn services use cookies, among other things. We use LinkedIn services for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. When you visit our website, a connection is established with the LinkedIn servers. These servers may also be located outside the European Union. If you have a LinkedIn account, LinkedIn can assign your visit to our site to your account. You can prevent this by logging out of LinkedIn beforehand.

 

We use the following LinkedIn services:

 

LinkedIn Ads / LinkedIn Marketing Solutions to process information about your user behavior for advertising purposes in order to show you targeted advertising. LinkedIn Analytics to process information about your user behavior on our website in order to measure the reach of our website

4.4 Outbrain

We use various tools from Outbrain UK Ltd (5 New Bridge Street, London, EC4V6JA, UK, hereinafter referred to as: "Outbrain") on our website. Outbrain uses cookies that enable us to analyze your use of our website.

Outbrain enables us to refer you to further content on our website that may also be of interest to you, as well as to third-party websites. The reading recommendations, for example, are determined on the basis of the content you have previously read. The content displayed by Outbrain is automatically controlled and delivered by Outbrain in terms of content and technology. The display of reading recommendations by Outbrain based on the information transmitted by the cookies is only pseudonymized, i.e. by a generated character string that is assigned to you. Personal data is not stored beyond this. Outbrain collects the following data:
 

Device source

browser type

anonymized IP address of the user.


To anonymize the IP address, the last octet of the IP address is removed.

In addition to Outbrain, we use "Outbrain Amplify" and "Outbrain Pixel" for marketing and optimization purposes on our website. These tools allow us to analyze your usage behavior and improve our offering.

Where data is provided to Outbrain and/or transferred to Outbrain Inc. or to another recipient outside the EU/EEA, Outbrain will ensure that the transfer is carried out in accordance with EU data protection laws by ensuring an adequate level of protection and that appropriate safeguards are in place to protect the data. (https://www.outbrain.com/legal#data-processing-agreement).

You can find more information about Outbrain's data protection at http://www.outbrain.com/de/legal/privacy.

4.5 Facebook

We use various tools from Facebook Ireland Ltd (hereinafter referred to as "Facebook"), including Instagram, to show you interest-based advertising by having it delivered to Facebook target groups and to inform you about our training offers. Our data processing in in connection with our Facebook and Instagram presence is carried out in accordance with Art. 6 para. 1f GDPR based on our legitimate interest in public relations and communication. To integrate the Facebook tools, a connection is established with the Facebook server so that Facebook can assign the visit to our site to your account. These servers may also be located outside the European Union. You can prevent this by logging out of Facebook before visiting our website, deleting the relevant cookies and closing and reopening the browser. However, even after you log out, your IP address will still be transmitted to Facebook and Facebook may be able to find out further identifying features about you.

 

We have concluded an agreement with Facebook Ltd. on joint data protection responsibility in accordance with Art. 26 GDPR. This agreement, the so-called "Page Insights Addendum" or "Page Insights Controller Addendum" can be found here: de-de.facebook.com/legal/terms/page_controller_addendum. With regard to the so-called "Facebook Insights data" (hereinafter referred to as "Facebook Insights"), Facebook Ltd. assumes essential obligations on the basis of this agreement, in particular to inform data subjects and to safeguard data subjects' rights.

 

If processing is not carried out within the scope of joint responsibility, it is carried out in accordance with a data processing agreement ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing) the "Data Security Terms" (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum" https://www.facebook.com/legal/EU_data_transfer_addendum).

 

Further information on data protection at Facebook can be found here: https://www.facebook.com/about/privacy.

4.5.1 Insights

We receive statistical data about visitors to our Instagram pages from Facebook via the "Insights" function. This data is pseudonymized, i.e. we cannot assign it to a specific person. This function enables us to better analyze our site and adapt it to the interests of our users. Our legitimate interest in operating our Instagram page and using Insights in accordance with Article 6(1)(f) GDPR is to conduct effective marketing via a frequently used platform. You can find more information about the "Insights" function here: https://www.facebook.com/iq/tools-resources/audience-insights/

4.5.2 Interaction with us via Instagram

Depending on the user's privacy settings on Instagram, we may be able to see if a particular Instagram user has liked, shared or subscribed to one of our Instagram pages/posts/comments. We can also assign comments on our Instagram pages to specific Instagram users. The legal basis for this data processing is Art. 6 para. 1 f GDPR. Our legitimate interest lies in communicating and interacting with you via Instagram.

4.9 Clarity

Our website uses "Clarity", a tool from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA for statistical behavioral analysis of the use of the website and user interaction on our website.

 

Behavioural metrics, heat maps and session replays, in particular user interactions such as mouse movements and other interactions with content and functions of the website, are created as well as pseudonymized usage profiles, graphical representations and session recordings for evaluation.

 

We process usage data (e.g. websites visited, access times, geographical origin of the page view, language setting, interaction events and behavior metrics, in particular in the form of clicks, scrolls and, for example, mouse movements including stack trace, selection, window sizes, etc.),   

 

We use Clarity for the needs-based design and continuous improvement of our online offering, for tracking and optimizing the functionality of the website and for error analysis.

 

The data collected by Clarity will not be used to personally identify the visitor to the website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym.

 

The data and information collected is transmitted to Microsoft servers in the USA and stored there. Microsoft reserves the right to use the transmitted information for any purpose in accordance with the Microsoft data protection regulations, including the provision of the offer, the improvement of Microsoft products and services, including reporting and performance analysis and the creation of user profiles for purposes that include advertising.

 

The data collected by Clarity will be deleted after 13 months at the latest.

 

The legal basis for the processing of your data is your consent - Art. 6 para. 1 lit. a GDPR.  You can withdraw your consent at any time. To exercise your revocation, deactivate the Clarity service in the "Cookie Consent Tool" provided on the website. In addition, we would like to point out the possibilities of the data protection functions of your browser and the deletion of cookies from your hard disk as well as the possibility of an opt-out at https://choice.microsoft.com/de-DE/opt-out.

 

The provider of Clarity is headquartered in the USA. For data transfers to the USA, the European Commission has issued an adequacy decision under the EU-US Data Privacy Framework (EU-US DPF) in accordance with Art. 45 (1) GDPR; the level of data protection in the USA for certified organizations has therefore been assessed as equivalent to in the EU. The provider Microsoft is certified on the EU-US DPF list of the US Department of Commerce.

 

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active

 

Microsoft also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. These clauses are based on an implementing decision of the EU Commission.

 

Through the EU-US Data Privacy Framework and the standard contractual clauses, the provider of Clarity undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA.

 

You can find more information on terms of use and data protection at https://privacy.microsoft.com/de-de/privacystatement

4.10 Sentry

Our website uses "Sentry", an application performance and error tracking tool from Functional Software, Inc. We use Sentry to improve our online offering and to track errors in the functionality of our website. We process your IP address, details of the device and browser used and any steps that led to a technical error in the code (in the form of clicks, scrolls and e.g. mouse movements including stack trace).

 
The legal basis for the processing of your data is your consent - Art. 6 para. 1 lit. a GDPR.  You can withdraw your consent at any time.
Your data will only be processed to monitor and ensure the technical stability of our website. The data logged by Sentry will be stored until the error that triggered it has been rectified, but will be deleted after 90 days at the latest.

 
The provider of Sentry is headquartered in the USA. For data transfers to the USA, the European Commission has issued an adequacy decision under the EU-US Data Privacy Framework (EU-US DPF) in accordance with Art. 45 para. 1 GDPR; accordingly, the level of data protection in the USA for certified organizations has been assessed as equivalent to that in the EU. The provider of Sentry is certified on the EU-US DPF list of the US Department of Commerce. https://www.privacyshield.gov/participantid=a2zt0000000YdenAAC&status=Active

 

Sentry also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there . These clauses are based on an implementing decision of the EU Commission.

 

Through the EU-US Data Privacy Framework and the standard contractual clauses, the provider of Sentry undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA.
Further information on terms of use and data protection can be found at https://sentry.io/privacy/.
 

4.5.3 Facebook Custom Audience

This service enables us to deliver targeted and interest-based advertising to visitors to our website when they visit Facebook or other websites that also use Facebook Custom Audience.

4.6 Mouseflow

This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to record randomly selected individual visits (only with anonymized IP addresses). This creates a log of mouse movements, mouse clicks and keyboard interaction, with the intention of randomly reproducing individual visits to this website as so-called session replays and evaluating them in the form of so-called heat maps and deriving potential improvements for this website. The data collected by Mouseflow is not personal and is not passed on to third parties. The data collected is stored and processed within the EU. If you do not wish your data to be collected by Mouseflow, you can object to this on all websites that use Mouseflow by clicking on the following link: https://mouseflow.de/opt-out/.

4.7 YouTube

We occasionally use YouTube videos on our website. These videos are integrated in YouTube's "extended data protection mode", whereby, according to YouTube, no information about visitors to the website is stored as long as the video is not played. If you play the video, you agree that the data will be processed by YouTube as the responsible party and that we cannot influence this processing any further. For further information, please refer to YouTube's privacy policy, which can be found at the following link: https://www.youtube.com/privacy/.

4.8 Foxbase Digital Product Selector

The Digital Product Selector component from Foxbase GmbH is integrated on our website. With the help of the Digital Product Selector, our customers and interested parties can enter their requirements via a questionnaire and receive a corresponding product selection. FoxBase stores the data collected in this process completely anonymously. The resulting statistics are only accessible to us.

Information on data protection at Foxbase can be found at: https://www.foxbase.de/de/datenschutz/.

B. Information on the use of artificial intelligence (AI) at Pöppelmann for customers, suppliers and other service providers

We use AI-supported software in our business areas and use the AI systems to optimize internal procedures and work processes, to make them more efficient and to improve the quality of our services, especially in the processing of inquiries and orders. AI is used exclusively to support our employees in the course of their work for the Pöppelmann Group.

This applies in particular to
            - Chatbots or virtual assistants, in particular ChatGPT, Copilot, ASKLIO
            - AI-supported search or analysis functions
            - Automated image and text suggestions
 

Depending on the type of interaction with us, the following data in particular may be processed
            - Master data,
            - content data
            - Communication content
            - Technical data
 

Data processing using AI-supported systems takes place on the basis of:
            - Art. 6 para. 1 lit. b GDPR
            - Art. 6 para. 1 lit. f GDPR

- Art. 6 para. 1 lit. a GDPR

Only authorized employees have access to the data processed via AI-supported systems. External providers only receive data if this is necessary for the operation of the systems and within the scope of our corporate purposes. We ensure the protection of your data through contracts in accordance with Art. 28 GDPR. Data is only transferred to third countries if there is an adequate level of data protection.

Note on automated decision-making in accordance with Art. 22 GDPR

In connection with the cooperation or use of our digital systems, we expressly point out that no exclusively automated decision-making within the meaning of Art. 22 GDPR - including profiling - takes place that has a legal effect on you or significantly affects you in a comparable manner.

Any suggestions, evaluations or summaries generated by AI-supported systems, analysis tools or automated processes serve exclusively to support our employees and have no direct legal effects for you.

The final decision on contractual, personnel or other relevant processes is always made by a human being. If automated decision-making pursuant to Art. 22 GDPR is provided for in individual cases, we will inform you of this separately and - if required by law - obtain your express consent in advance.

Likewise, no emotion recognition (e.g. for voice input) takes place.

Prohibited AI practices pursuant to Section 5 AI Regulation (see Annex 2) are strictly prohibited.

C. Use of M365

For informal communication, collaboration, data exchange, support and IT control, we use various applications from M365 from Microsoft Corp, in particular Teams, SharePoint, One, Bookings, Outlook, Forms, Copilot, the cloud computing platform "Azure", Copilot and the Azure OpenAI service from Microsoft, hosted in the Azure EU region (Germany or Western Europe).

The legal basis is Art. 6 para. 1 lit. f GDPR.

Our legitimate interest in processing is to enable effective and efficient communication and collaboration between our employees, applicants, interested parties, customers, suppliers, service providers and other business and communication partners. These interests are derived from our right to freedom to conduct a business and freedom to choose an occupation. Further legal bases for processing using M365 are

if consent to the processing of personal data has been obtained (Art. 6 para. 1 lit. a GDPR)

if personal data must be processed for the performance of a contract or the initiation of a contract (Art. 6 para. 1 lit. b GDPR)

if the processing of personal data is necessary to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR) or

The full scope of data processing in the context of using M365 depends on what data you provide for processing  in connection with participation in the respective applications or what information you provide. 

Certain information is already processed automatically as soon as M365 applications are used:

IP address used to access the M365 applications.

User name (access data to the M365 applications), data within the scope of the so-called multi-factor authentication, which you have stored yourself

Identification features: Personal information that identifies you as a user, sender, recipient of data within the M365 applications

Meta/communication data (e.g. device/hardware information, location data if approved by the user, live transmission of sound and images)

This also includes the following master data in particular: Last name, first name, contact data such as telephone number, e-mail address, fax number, if provided by you. Further data (such as a profile picture you have stored) can also be viewed in your profile at any time.

Data required for authentication and license use in the M365 applications is processed for all user activities, such as time of access, date, type of access, information on the data/files/documents accessed and all activities in connection with use, such as creating, changing, deleting a document, setting up a team (and channels in teams and SharePoint rooms), starting a chat, replying in the chat.

Data processing in a third country outside the European Union does not take place as part of our data processing under M365, as we have limited the storage location to data centers in the European Union. However, it cannot be ruled out that Microsoft or companies affiliated with Microsoft outside the EU may gain access to the data (so-called third countries) or that it may be transferred. In particular, Microsoft applications often transmit technical data on user experience and functionality (diagnostic data, telemetry data) to the USA.

On July 10, 2023, the European Commission adopted an adequacy decision (EU-U.S. Data Privacy Framework - DPF) for transfers of personal data from the EU to companies in the USA. This means that from this date, data from companies in the EU can be transferred to companies in the USA covered by the adequacy decision without further additional guarantees. This adequacy decision only applies if the corresponding recipient of data in the USA has submitted to the DPF and the associated data protection obligations as part of a self-certification process. In these cases, a corresponding transfer of data to this recipient is considered secure.

Microsoft has such a certification, which can be found here https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active. Although no further measures are required, we have also concluded the so-called standard contractual clauses with Microsoft as part of the order processing agreement and have undertaken to comply with the Microsoft Products and Services Data Protection Addendum (DPA). These represent a further guarantee for third country transfers and are part of the license agreement.

When communicating with us, it may be necessary for you to install a corresponding Microsoft application on your end device or to access the Microsoft website or the respective app store. In the case of online meetings, it is usually also possible to participate via your Internet browser or without a browser by telephone. In these cases, we are not responsible for the processing of your data by Microsoft.  Information on data protection from Microsoft at:

https://privacy.microsoft.com/de-de/privacystatement

Online meeting or telephony via TEAMS :

User details: e.g. display/user name, e-mail address if applicable, profile picture (optional), preferred language

Meeting metadata: e.g. date, time, meeting ID, telephone number, location

Text, audio and video data: You have the option of using the chat function in an online meeting. In this respect, the entries you make are processed (usually text contributions, files uploaded by you) in order to display them in the online meeting. If you activate the microphone function, all acoustic contributions that you make during the online meeting will be recorded. If you activate the camera function, the video image. All participants in the online meeting can then hear and/or see you. You can deactivate the camera or microphone yourself at any time. If a recording is to take place, you will be informed transparently in advance and, if necessary, asked for your consent.

Recordings of the video conference are only available to participants or authorized persons. If a recording is made, a visual warning will appear for all participants for the entire duration, which also contains a link to Microsoft's privacy policy. If participants in online meetings are located in a third country, we cannot rule out the possibility that data will be routed via internet servers located outside the EU. However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.

Teams usually offers the option of making the background unrecognizable by blurring it or using background images. If you do not want your spoken or written words to be recorded, leave your microphone switched off and do not write anything in the chat. You can deactivate the camera or microphone yourself at any time. The recordings are stored for as long as they are needed for the purpose.

SharePoint

SharePoint, OneDrive or Teams make it possible to store data and share it with other users. This makes it possible to work together on documents and exchange information using the comment function. For example, files can be stored in OneDrive, shared with other people and accessed from any device connected to the internet.

The scope of data processing depends on the content and data you enter and that is contained in the documents that are shared and edited. The following data is processed as a minimum during use Display/user name, e-mail address if applicable, profile picture (optional), preferred language,

Bookings

M365 applications such as Bookings are planning tools that can be used to plan, arrange and manage appointments.

The scope of data processing depends on which data is relevant for booking an appointment and is provided in order to record and arrange the appointment.

For reasons of allocation and traceability, at least contact data such as name, e-mail IP address and/or telephone number are processed.

Microsoft Forms

Survey tools such as Microsoft Forms can be used for surveys as well as registrations for various events. As the forms are created and customized individually, the scope of data processing depends on the purpose for which the form is to be used and what data you enter.

D. Use of WhatsApp Broadcast

We use WhatsApp Broadcast messages from WhatsApp Inc, 1601 Willow Road Menlo Park, California 94025 to inform you about TEKU news. The encrypted communication is transmitted to WhatsApp Inc. servers in the USA. After you have registered for the service by sending the message "Start" to our phone number with your consent, you will receive information from the Pöppelmann TEKU division directly on your smartphone. Your telephone number will only be used for this purpose and will be stored for the duration of receipt of the messages. If you no longer wish to receive messages, send the message "Stop" (without quotation marks) to the same number. The receipt of messages will then be paused. If you do not resume receiving messages within six months by clicking "Start", we will delete all your data stored in this context. If you wish to completely unsubscribe from the service immediately, please send us a message with the content "Remove all data". You will then receive no further messages and your personal data will be deleted from our system.

E. Online stores

You can register in one of our b2b online stores to use additional functions. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.

The following data is processed when you use the online store:

Company details

Company name

Name Owner in case of sole proprietorship

Street/house number

Country

ZIP CODE

Town

Sales tax identification number

Personal details

Salutation

First name

Last name

Language

Position

e-mail address

Phone number

Mobile phone

Fax

The processing of the mandatory data (marked with "*") when registering in our online store serves data processing for contractual purposes.

The processing of the mandatory data provided by you is carried out on the basis of Art. 6 para. 1 lit. f GDPR and Art. 6 para. 1 lit. b GDPR for the fulfillment or initiation of a contract. Our legitimate interest is to improve the quality of our advice and to be able to contact you more easily in the event of any queries.

For the ordering process and important changes, such as to the scope of the offer or in the event of technically necessary changes or malfunctions, we use the e-mail address provided during registration to inform you in this way.

The data collected during registration will be stored by us for online shop access for as long as you have a business relationship with us . After termination of the business relationship, your access data will be deleted. After deletion of your access for the online store, your customer account will be retained and your customer data will continue to be stored. Statutory retention periods remain unaffected.

 

If you as a customer or prospective customer or their employees carry out activities at one of our contact points, we combine data that is stored and processed in our central systems via the various communication channels (in particular field service, branch office, telephone sales and online store) and also use the data when contacting you via another communication channel (e.g. authorized employees receive access to data about goods you have searched for in the online store).

Categories of processed data

The data you provide when you register (in the online store or another point of contact)

Activity-related data (e.g. items purchased, items marked as favorites, items saved in the shopping cart)

The data collected will be stored by us for as long as you have a business relationship with us. After termination of the business relationship, your access data will be deleted. After deletion of your access to the online store, your customer account will be retained and your customer data will continue to be stored. Statutory retention periods remain unaffected.

F. Newsletter

We use the newsletter to inform you about us and our offers. If you would like to receive the newsletter, we require a valid email address from you for the double opt-in procedure as well as information that allows us to verify that you are the owner of the email address provided or that the owner agrees to receive the newsletter. The legal basis for sending the newsletter is your consent, which you gave us when you registered. No other data is collected. This data is only used for sending the newsletter and is not passed on to third parties. When you register for the newsletter, we store your IP address for a period of 7 days and the date of registration. This storage serves solely as proof in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorized person. You can revoke your consent to the storage of the data, the email address and its use for sending the newsletter at any time. The revocation can be made via a link in the newsletters themselves or in your profile area.

F. Video surveillance

Pöppelmann monitors factory and sales premises in Lohne, France, Spain

by means of video surveillance for the purpose of exercising domiciliary rights, asserting claims and prosecuting criminal offenses. This is done on the legal basis of the legitimate interest of the controller pursuant to Art. 6 para. 1 lit. f GDPR for the protection of property

Storage period: 72 hours. In the event that the recorded data is used to enforce claims in the event of infringement of the controller's property (e.g. theft), the storage period depends on the period for which the data is required to enforce the claims.

In the event that the recorded data is used to enforce claims in the event of infringement of the controller's property (e.g. theft)

Recipients or categories of recipients of the data (if data transfer takes place):

Authorized employees, works council, lawyers, law enforcement authorities, courts, insurance companies

Data protection information according to Art. 12 ff. GDPR

Information obligations and rights of data subjects

Data controller
The controller responsible for data collection and processing on the website and online stores, as well as vicariously responsible for data processing by the respective company of the Pöppelmann Group, which alone or jointly with others decides on the purposes and means of processing personal data outside the website and online stores, is us, the

 

Pöppelmann GmbH & Co.
Plastics plant toolmaking
Bakumer Str. 73
49393 Lohne
Fax: 0 44 42 / 982-1003
E-mail: datenschutz@poeppelmann.com

We are also jointly responsible for data processing with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Facebook").

Name and contact details of the data protection officer

Mr. Peter Suhren
FIRST PRIVACY GmbH
Konsul-Smidt-Strasse 88
28217 Bremen
office@first-privacy.com

Purpose of the processing - voluntary information
In principle, we only collect, process and use the personal data that is required by law, for the fulfillment of the purpose of the company, for the conclusion of the contract and for the execution of the contract and if there is a legal basis or if it is provided to us voluntarily on the basis of consent.

The provision of further information is voluntary. There are no negative consequences associated with the non-provision of this data. However, in individual cases, failure to provide this data may prevent, impede or delay subsequent communication or the execution of the contract.

 

Data processing for contract fulfillment:
We process the data collected in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of contract fulfillment or in accordance with Art. 6 para. 1 lit. f GDPR with the interest of contract execution if you are a contact person of one of our business partners. This also includes the associated customer support. If necessary, personal data will be passed on to the companies involved in the processing of this contract, e.g. credit institutions for payment processing. The data required to fulfill the contract will be deleted after the purpose has been fulfilled and will only be kept available for any queries. The data will not be deleted if receivables are still outstanding and are to be collected after termination of the contract. If statutory retention periods exist, the data concerned will be archived for the duration of these periods.

 

Data processing to protect legitimate interests:
We only process your data to protect legitimate interests if there is no corresponding consent and no other legal basis for data processing is evident and only if the requirements of Art. 6 para. 1 lit. f GDPR are met, i.e. if our interests in data processing or the interests of a third party outweigh your interests, or fundamental rights and freedoms in individual cases. The data will be deleted if the legitimate interest no longer exists, but at least for the duration of any statutory retention obligations. You have the right to object to data processing. You can find out more under the following point "Rights of the data subject".

 

Data processing on the basis of consent:
If you have given your consent to receive information from us by telephone or e-mail about our company's own products and services, the corresponding processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Your consent can be withdrawn at any time without affecting the lawfulness of the processing carried out to date. If consent is withdrawn, we will cease the corresponding data processing. You can find out more under the following point "Rights of the data subject".

 

Data processing for direct marketing:
Irrespective of the order and your consent to a newsletter being sent, your data will - to the extent permitted by law - be used by companies of the Pöppelmann Group for the purpose of direct advertising, in particular for sending our advertising, such as product information or event information. Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR and in the interest of informing you about new products, events and services. Every customer has their own right to object to this processing, the exercise of which leads to the termination of processing for the purpose of direct advertising. If data is stored exclusively for direct marketing purposes, it will be deleted after an objection has been made.

 

Data processing to fulfill legal obligations:
Where necessary, we process your data in order to comply with any legal obligations, e.g. vis-à-vis tax authorities and social security institutions . Data processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. A legal obligation arises, among other things, from Section 147 of the German Fiscal Code (AO). The data will be deleted after the legally prescribed period, unless there is a legitimate interest in further storage.

 

Data recipients:
We only transfer your data to third parties (e.g. to lawyers or debt collection agencies to enforce outstanding claims) insofar as this is necessary for the fulfillment of the company's purpose and only insofar as there is an authorization to transfer data under data protection law (e.g. according to the case groups mentioned above). In particular, your data may also be passed on by us to external service providers (e.g. IT service providers, companies that destroy or archive data, print service providers, cloud providers) who support us in data processing within the framework of order processing strictly in accordance with instructions. Data processing outside the EU or the EEA does not take place. If such a data transfer does take place, it will only take place in countries for which an adequacy decision of the EU exists on the basis of an EU standard contract in accordance with Art. 46 para. 2 lit c GDPR or such a transfer is permitted under data protection law due to other legal provisions. At your request, we will be happy to provide you with a copy of the contract or provide you with a copy. We will neither sell your personal data to third parties nor market it in any other way.

 

Rights of the data subject (Art. 12 ff GDPR):
You have the right to request confirmation as to whether personal data concerning you is being processed by companies in the Pöppelmann Group.

If this is the case, you have the right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
 

As the data subject, you also have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data (Art. 16 GDPR).

As the data subject, you also have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to deletion).

As the data subject, you have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you as the data subject have objected to the processing, for the duration of the examination by the controller. You also have a right to data portability in the cases set out in Art. 20 GDPR.

In addition, data subjects have the right to know whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether the person is obliged to provide this personal data and what the possible consequences of non-provision would be.

For inquiries of this kind or information about stored data, please contact the data protection officer Mr. Peter Suhren (office@first-privacy.com) or the internal data protection coordinator (e-mail: datenschutz@poeppelmann.com). Please note that we must ensure that we are actually dealing with the data subject in the case of such requests.

Reference to the right to object pursuant to Art. 21 GDPR
If data is collected on the basis of Art. 6 para. 1 lit. f (data processing to safeguard legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defense of legal claims. If possible, please address your objection to: datenschutz@poeppelmann.com or the data protection officer.

Information on presentation and contestation pursuant to Art. 22 GDPR

You have the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision in the event of a decision based solely on automated processing - including profiling - to which you are subject by us, which produces legal effects concerning you or similarly significantly affects you in accordance with Art. 22 GDPR. If possible, please address your objection to: datenschutz@poeppelmann.com or the data protection officer.

Information on the right to object to direct advertising
We process your data for the purpose of direct advertising. You have your own right to object to this processing, the exercise of which will result in the termination of processing for the purpose of direct marketing. Please send your objection to: marketing@poeppelmann.com or to datenschutz@poeppelmann.com or the data protection officer.

Information on the right to withdraw consent

Some data processing operations are only possible with your voluntary consent. You can withdraw your consent at any time. All you need to do is send an informal e-mail to datenschutz@poeppelmann.com. or the data protection officer. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to lodge a complaint with a supervisory authority:
Every data subject has the right to lodge a complaint with a supervisory authority if he or she considers that the processing of data relating to him or her infringes data protection regulations. The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of the data subject's place of residence or the place of the alleged infringement. In Lower Saxony, the competent supervisory authority is the State Commissioner for Data Protection, Prinzenstr. 5, 30159 Hanover.