DATA PRIVACY STATEMENT
1. NAME AND CONTACT DETAILS OF THE CONTROLLER AND OF THE COMPANY PRIVACY OFFICER
This data privacy information applies to data processing by:
Verantwortlicher: Delta Packaging Services GmbH, Siemensstr. 8, 50259 Pulheim
the responsible party: Delta Packaging Services GmbH, Siemensstr. 8, 50259 Pulheim The company privacy officer of Delta Packaging Services GmbH can be contacted at the above-named address, FAO Mr. Christian Adolphy, or by e-mail at email@example.com / Tel. 0611-408096-90.
2. COLLECTION AND STORAGE OF PERSONAL DATA AND TYPE AND PURPOSE OF ITS USE
a) Upon visiting the website
When our website www.deltapackaging.de is called, information is automatically sent to the server of our website by the browser used on your terminal device. This information is temporarily stored in a so-called logfile. In this process, the following information is gathered and stored until it is automatically deleted:
- IP address of the requesting computer,
- Date and time of the accessing,
- Name and URL of the accessed file,
- Website from which access takes place (referrer URL),
- browser used and where applicable the operating system of your computer and the name of your access provider.
The named data is processed by us for the following purposes:
- Ensuring problem-free connection build-up of the website,
- Ensuring convenient use of our website,
- Analysis of system security and dependability and
- for other administrative purposes.
The legal basis for data processing is point (f) of Art. 6(1) GDPR. Our justified interest arises from the above listed purposes for data collection. Under no circumstances will we use the collected data for the purpose of drawing conclusions about your person.
b) When our contact form is used
For questions of any kind, we offer you the possibility of contacting us via a form provided on the website. It is here necessary to state a valid e-mail address so that we know from whom the enquiry is coming and in order to respond to it. Other information can be provided voluntarily.
Data processing for the purpose of contacting us takes place in accordance with Art. point (f) of Art. 6(1) GDPR on the basis of your voluntarily granted consent. The personal data collected by us for the use of the contact form is deleted at the turn of the year.
3. PASSING ON OF DATA
Your personal data is not passed on to third parties for purposes other than those listed below. We only pass your personal data on to third parties if:
- you have granted your express consent in accordance with point (f) of Art. 6(1) GDPR,
- the passing on is necessary in accordance with point (f) of Art. 6(1) GDPR for the enforcement, exercise or defence of legal claims and no reason exists for the assumption that you have an overwhelming interest worthy of protection in your data not being passed on,
- in the event that a legal obligation exists for its passing on according to point (f) of Art. 6(1) GDPR and
- this is legally permitted and required in accordance with point (f) of Art. 6(1) GDPR for the handling of contractual relationships with you
In the cookie, information is stored which arises each time in connection with the specifically used terminal device. This does not mean, however, that we thereby directly receive knowledge of your identity.
In addition to this, we also use temporary cookies to optimise user-friendliness. These are stored on your terminal device for a specific set period of time. If you visit our site again to make use of our services, it is automatically registered that you have already been with us together with the inputs and settings you made so that you do not need to enter these again.
The data processed with cookies are necessary for the named purposes for the safeguarding of our legitimate interests and those of third parties in accordance with point (f) of Art. 6(1) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notification always appears before a new cookie is created. The complete deactivation of cookies can, however, lead to you not being able to use all of the functions of our website.
5. ANALYSIS TOOLS
The tracking measures used by us and listed by us below are carried out in accordance with point (f) of Art. 6(1) GDPR. With the tracking measures used we wish to ensure the needs-based design and ongoing optimisation of our website. On the other hand, we use tracking measures to statistically record the use of our website and to analyse it for the purpose of optimising our service for you. These interests are to be regarded as legitimate for the purpose of the above-named regulation.
The respective data processing purposes and data categories can be inferred in the corresponding tracking tools.
Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to the storing of certain cookies on your terminal device and to record this in conformity with data privacy. Provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).
When you visit our website, the following personal data is transferred to Usercentrics:
- Your consent(s) and/or the revocation of your consent(s)
- Your IP address
- Information about your browser
- Information about your terminal device
- Point in time of your visit to the website
Furthermore, Usercentrics saves a cookie onto your browser in order to be able to attribute the granted consents and/or their revocation to you. The data captured in this way is saved until you call upon us to delete it, the Usercentrics cookie deletes itself or the purpose of the data storage ceases to apply. Compelling statutory obligations to preserve records are hereby unaffected.
Contract on order processing
We have concluded a contract on order processing with Usercentrics. This is a contract required by data privacy law which guarantees that Usercentrics only processes the personal data of our website visitors in accordance with our instructions and in adherence to the GDPR.
We use the open-source software Matomo for the analysis and statistical appraisal of the use of the website. Cookies are used for this (see point 4). The information generated by the cookie about the website use is transferred to our servers and compiled in pseudonymous usage profiles. The information is used to analyse the use of the website and to make possible a designing of our website in line with users’ needs. The information is not passed on to third parties.
Under no circumstances is the IP address brought into connection with other data relating to the user. The IP addresses are anonymised in such a way that correlation is not possible (IP masking).
If you do not agree to the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie is deposited in your browser, which prevents Matomo from storing usage data. If you delete your cookies, this will result in the Matomo opt-out cookie also being deleted. Upon a further visit to our site the opt-out must be activated again.
6. PLUGINS AND TOOLS
YouTube with extended data privacy
Our website uses plugins of the website YouTube. The operator of the sites is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
We use YouTube in the extended data protection mode. According to YouTube, this mode causes YouTube to not save any information about the visitors to this website before they view the video. The passing on of data to YouTube partners is on the other hand not necessarily ruled out by the extended data protection mode. For example, YouTube – regardless of whether you view a video – establishes a connection to the Google DoubleClick network.
As soon as you start a YouTube video on our website, a connection is established to the servers of YouTube. In the course of this, the YouTube server is informed which of our sites you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after the starting of a video, YouTube can place various cookies on your terminal device. By means of these cookies, YouTube can receive information about visitors to our website. This information is used, among other things, to capture video statistics, to improve user-friendliness and to prevent attempts at fraud. The cookies remain on your terminal device until you delete them.
After the start of a YouTube video, further data processing processes may be triggered upon which we have no influence.
YouTube is used in the interest of an attractive presentation of our online services. This represents a legitimate Interest within the meaning of point (f) of Art. 6(1) GDPR.
You can find more information about data privacy at YouTube in their data privacy statement at: https://www.youtube.com/t/privacy_at_youtube
7. DATA SUBJECT RIGHTS
You have the right:
- according to Art. 15 GDPR, to demand information about your personal data that has been processed by us. You can in particular demand information about the purposes of processing, the category of the personal data, the categories of recipients to whom your data has or will be disclosed, the planned storage duration, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data if this has not been collected by us, and of the existence of automated decision-making including profiling and where applicable meaningful information on its details;
- according to Art. 16 GDPR, to demand the prompt rectification, where incorrect, or completion of your personal data stored by us;
- according to Art. 17 GDPR, to demand the deletion of your personal data stored by us, provided its processing is not necessary for exercising of the right to free expression of opinion and information, for the fulfilling of a legal obligation, for reasons of the public interest or for the assertion, exercise or defence of legal claims;
- according to Art. 18 GDPR, to demand the restriction of the processing of your personal data, if the correctness of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have, in accordance with Art. 21 GDPR, lodged an objection against the processing;
- according to Art. 20 GDPR, to demand to receive your personal data, which you have provided to us, in a structured, common and machine-readable format or to demand its conveying to another responsible person;
- according to Art. 7(3) GDPR to revoke to us at any time your consent once granted. The effect of this is that we can in future no longer continue the data processing based upon this consent and to complain to a supervisory authority
- according to Art. 77 GDPR. For this, you can usually contact the regulatory authority for your normal place of residence or place of work or for the location of our law office.
8. RIGHT TO OBJECT
If your personal data is being processed on the basis of legitimate interest in accordance with point (f) of Art. 6(1)GDPR, you have the right, according to Art. 21 GDPR, to lodge an objection against the processing of your personal data, if reasons exist for this which arise from your particular situation or if the objection is directed against direct advertising. In the latter case you have a general right to object which will be implemented by us without the need for the stating of a particular situation.
If you would like to make use of your right of revocation or right to object, an e-mail to the following address is sufficient: firstname.lastname@example.org.
9. DATA SECURITY
For the contact form, within the website visit, we use the common SSL (Secure Socket Layer) process in combination with the respective highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we instead fall back on 128-bit v3 technology. You can recognise whether an individual page of our internet presence is being transmitted encrypted from whether the key or lock symbol is shown as closed in the bottom status bar of your browser.
We also make use of suitable technical and organisational security measures to protect your data against accidental or deliberate manipulations, partial or complete loss or destruction, and the unauthorised access of third parties. Our security measures are being continually improved in line with technological development.
Guidelines on data privacy for customers and suppliers of the DS Smith Group
These guidelines apply to (i) customers and suppliers of DS Smith Plc (the “Company”, “we” or “our” at the address 350 Euston Road, London, United Kingdom, NW1 3AX, or one of the group companies of DS Smith Plc and (ii) users of the website www.dssmith.com or of a corresponding subdomain (collectively referred to as “website”) that is operated by DS Smith Plc or one of the group companies.
The Company recognises the importance of open and responsible use of your personal data. In these guidelines on data privacy and cookies (“guidelines”), it is explained how the Company collects, uses and discloses your personal data both in usual commercial transactions with us and with the visiting of a DS Smith website.
What type of data does the company collect from its customers and suppliers and why?
We collect data that is required in order to contact you as a customer or supplier of DS Smith, in order to discuss and /or fulfil our contractual obligations towards you.
What kinds of personal data does the Company collect?
The categories of personal data that we collect are listed below:
- Your full name and title
- Your business contact details such as address, telephone numbers and e-mail address
- The reason you have contacted us – this can be a request or enquiry on your behalf, a request or enquiry on behalf of another person, a request to the customer service or a comment and/or information in connection with a possible or existing order and/or a service agreement
- If you create an online account – your user name, your password, your e-mail address and your full name, your address and your telephone numbers
- Your preferred contact medium and your settings for marketing notifications (after the receipt of a corresponding declaration of consent if this is legally required)
- Information that is required for adherence to legal regulations
We mainly collect data that you have voluntarily provided, but insofar as it is legally permitted, we can also obtain this from public sources, from third parties, from individuals with whom you have agreed a passing-on of personal data, from government agencies, tax or law enforcement authorities and other third parties (and to combine this with the corresponding data from these sources). We can also collect personal data from your use of services of group companies of the Company.
How does the Company use your data?
The Company can use your data for the purposes explained in these guidelines and/or made known on the website or in the framework of our services. For example, we can use your data for the following purposes:
- Reply to and/or handling of your request or enquiry
- For internal documentation
- Establishing contact with you (directly, either through the Company or through one of its affiliates and/or through a partner or representative) by e-mail or telephone for the above-named reasons
- With your consent, if this is legally required, to carry out direct marketing and/or e-mail marketing activities that you have requested
- Where necessary in the framework of a restructuring of the Company or of the sale of a business unit or of assets of the group
- Performance of contracts between you and the group
- Adherence to legal, regulatory and other government requirements
Some of the personal data that the Company stores are kept in paper format, other personal data is kept as digital files and in electronic databases in accordance with the following explanations.
In most cases, the processing of your data by the Company is necessary in order to process your enquiry, legally stipulated, necessary to fulfil contractual obligations or for the safeguarding of legitimate commercial interests and requirements of the Company. In this case, particular importance is attached to safeguarding your rights and to ensuring that such use is appropriate.
What is the legal basis for the use of personal data?
The legal basis for the processing of your personal data by us comprises the following:
- In some cases, we process your data with your consent (for example, when you consent to us placing cookies on your computer or processing data that you enter on our website).
- In other cases, we process your data if it is needed for the fulfilment of a contract with you (for example, for billing purposes) or if we are legally obliged to do so (for example, in order to adhere to the statutory obligations to preserve records).
- We also process your data if this serves our legitimate interests and if your data privacy rights have no priority over these interests (including e.g. passing the data on to our affiliates).
Does the Company pass personal data on to third parties?
Your personal data is provided on a need-to-know basis for the above-named purposes (or for the purposes of which you have been informed in some other way) and only to the management, the sales/customer service team, the legal department, the departments for logistics, auditing, compliance, IT and other company employees who must have knowledge of this data due to their function in the group. Certain individuals who view your personal data are possibly not located directly in the Company or in your country (see below).
We can pass on personal data within the group as needed if this is appropriate and necessary for administration, analysis, planning and decision-making.
Your personal data can also be made available to third parties (within or outside the group) which render corresponding services in accordance with your contract with the group (further information below), e.g. auditors and compliance managers, service providers or call centres and IT hosting and IT maintenance providers. These third parties may use your data to carry out their function on our behalf. The Company has taken numerous security and data privacy measures, including with these third parties, to protect personal data and ensures that the applicable legal requirements are adhered to.
We can disclose certain data in the case of legitimate requests from government agencies, law enforcement and regulatory authorities, if this is legally required or permitted, and for tax and other purposes. Personal data can also be passed on to third parties, and to parties to whom the Company may pass on your personal data due to their authorisation, because of legal proceedings it we have to adhere to certain laws in order to enforce our agreements, company guidelines and terms of service or to protect the rights, property or safety of the group, our employees, representatives, customers and other persons.
Your personal data is not sold to third parties; an exception is the restructuring of the group or of a business unit or of assets of the group.
Is your personal data transferred abroad?
Some transferrals of personal data have already been mentioned above. Individuals in the European Economic Area (“EEA”) should be aware that the recipients of your personal data, in the group or in the case of third parties (according to the explanations in these guidelines) are possibly not located in the EEA but in countries whose protection of personal data does not meet the standard within the EEA. In this case, it is ensured that your personal data is protected in accordance with the applicable laws. Data is, for example, appropriately protected by standard contractual clauses approved by the EU Commission, an appropriate privacy shield certification or binding company-internal regulations for the order processors of processors. A copy of the corresponding mechanism can be provided for viewing purposes upon a request being made to the following e-mail address: email@example.com.
What selection options does the Company offer with respect to direct marketing?
The Company can send you information on new products, services, advertising actions and offers which are possible of interest to you, and can invite you to marketing analysis actions and/or request your feedback on the products and services of the group. The corresponding communication can take place by e-mail, telephone, post or SMS. In the cases in which we are legally obligated to do so, we will obtain a corresponding declaration of consent from you and inform you of how you can unsubscribe from receiving these messages.
Should you have questions concerning these data privacy guidelines, contact us at the following address:
DS Smith Plc
350 Euston Road
You can contact our data protection officer for Germany, Mr Christian Adolphy, at the e-mail address firstname.lastname@example.org.