Contact us

DATA PROTECTION

Your data is safe

Thank you for your interest in our website. Your privacy is important to us. We see it as part of our responsibility as a Group to protect information entrusted to us in line with statutory requirements. This policy sets out how we protect your privacy on our website.

PRIVACY POLICY

Status as of April 2022

I. MAXAUER PAPIERFABRIK WEBSITE PRIVACY POLICY
General terms of use for the website

The following terms of use apply to use of the website of Maxauer Papierfabrik GmbH in general. These provisions can be modified unilaterally by Maxauer Papierfabrik GmbH at any time. By registering, users accept these general terms of use in full, as amended, also for all subsequent visits.

Maxauer Papierfabrik takes the protection of personal data very seriously. Names, residential and postal addresses, telephone numbers and e-mail addresses are known as “personal data”.

We always act pursuant to the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), the EU General Data Protection Regulation (GDPR) and the German Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz – TTDSG), and collect, use and process data exactly as prescribed by these regulations. As a matter of course, we will never sell, lend or give unauthorised access to your data to third parties.

To ensure the confidentiality of data, only select authorised employees of Maxauer Papierfabrik GmbH have access to your data. All employees are required to act in accordance with the statutory data protection provisions and comply with them at all times. We execute special “commissioned data processing agreement” prior to working with our service providers, so that they are also required to abide by the statutory provisions in the event that we have to share your personal data. This agreement gives us a guarantee that your personal data will be protected. In addition, Maxauer Papierfabrik GmbH has installed a secure IT environment and takes all the necessary steps to prevent unauthorised parties from accessing and misusing personal data.

Website

The content on the Maxauer Papierfabrik GmbH website is protected by copyright. Downloading any content from the website is permitted for private, non-commercial use only. The content cannot be utilised or exploited on other websites or networked computers without the permission of Maxauer Papierfabrik GmbH. In the event of a breach of these provisions, all printed or downloaded content must be destroyed immediately. We reserve the right to assert further claims for damages in the case of a breach. The www.maxauer-papierfabrik.com portal and its content can be shut down, modified or temporarily deactivated at any time. Permanent operation of the portal is not guaranteed. While we strive to ensure that our portal is fully functional at all times, users have no claim to the functions provided or to the use of the portal. We ask for your understanding. Users do not have any claim to damages for the loss of uploaded data and saved content.

Usage data for statistical purposes

When you visit our web pages, our web server temporarily analyses what is known as usage data in a log for statistical purposes, in order to improve the quality of our web pages. This data comprises

  • the name and address of the requested content;
  • the date and time of the query;
  • the volume of data transmitted;
  • the access status (content transmitted, content not found);
  • a description of the web browser and operating system used;
  • the referral link showing the website that directed you to ours;
  • the IP address of the querying computer, truncated so that it cannot be assigned to a specific person.

The log data is analysed on an anonymised basis only.

Storing the ip address for security reasons

We also store the full IP address transmitted by your web browser for seven days strictly for the limited purpose of detecting, limiting and repelling attacks on our web pages. At the end of this period, we either delete or anonymise the IP address. The legal basis for this is Article 6(1) sentence 1(f) GDPR.

Data security

We implement technical and organisational measures to protect your data from unauthorised access to the greatest extent possible. We use an encryption process on our web pages. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually see this in the address bar of your browser, which will show a closed padlock icon and https:// at the beginning of the URL.

Contact form/e-mail contact

As a matter of course, we treat the personal information that you provide when you fill in our contact form or via e-mail as confidential. We use your data solely for the limited purpose of processing your enquiry. The legal basis for this is Article 6(1)(f) GDPR. Moreover, you can decide for yourself whether you want to give us further optional information. This is voluntary and not mandatory for making contact. We process your voluntary data on the basis of your consent pursuant to Article 6(1) sentence 1(a) GDPR. We do not transfer the data to third parties outside of Schwarz Produktion under any circumstances. Your data is irretrievably deleted from our system after your enquiry has been answered, provided that the data is no longer required and there is no conflict with statutory retention obligations. Insofar as the data you provide on the contact form is processed on the basis of Article 6(1) sentence 1(f) GDPR, you can object to the processing at any time. You can also withdraw your consent to the processing of optional data at any time with future effect via e-mail to datenschutz@schwarz-produktion.com.

Cookies

Cookies are small text files used by websites to improve the efficiency of the user experience. By law, we may set cookies on your device if they are essential for the operation of this site (strictly necessary cookies). For all other types of cookies we require your consent. This site uses different types of cookies. Some cookies on our web pages have been placed there by third parties. You can change or withdraw your consent on our website at any time under Cookie Policy. If you wish to contact us in person about your consent, please provide your consent ID and the date of consent.

Strictly necessary cookies only contain information about certain settings and do not contain personal data. They may also be necessary for user navigation, security and page display.

Where integrating the service involves setting technically necessary cookies and similar technologies, we do this in accordance with section 25 (2) TTDSG. Subsequent data processing is performed on the basis of Article 6(1) sentence 1(f) GDPR in our legitimate interest for the purpose of setting cookies and similar technologies in compliance with data protection provisions, and to enable you to easily revoke your consent.

You can also configure your browser to ensure that a warning appears every time a new cookie is placed. This makes the use of cookies more transparent for you. You can also use your browser settings to delete cookies at any time and block new ones from being placed. Please note that if you do so, this may prevent our web pages from being displayed or may render certain functions inoperative.

You can find an overview of the cookies used along with further information (e.g., storage duration) in our Cookie Policy.

The use of optional cookies and similar technologies in the categories “preferences”, “statistics” and “marketing” is based on the provisions of section 25 (1) TTDSG. Subsequent data processing is based on your consent pursuant to Article 6(1) sentence 1(a) GDPR.

Google Analytics

We use the “Google Analytics” web analysis tool in order to design our web pages according to users’ needs. Google Analytics creates usage profiles based on pseudonyms. This involves storing permanent cookies on your end device, which are read by us. This enables us to recognise returning visitors and count them as such.

Google Ireland Limited and Google LLC. (USA) act as processors pursuant to Article 28 GDPR in the context of Google Analytics. This means that data may also be processed outside of the EU and EEA. An adequate level of data protection cannot be assumed with regard to Google LLC, due to the processing that takes place in the USA, among other locations. There is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to lodge an appeal. Please bear this in mind if you decide to consent to our use of Google Analytics.

The data is processed on the basis of your consent pursuant to Article 6(1) sentence 1(a) GDPR, if you have provided it via our consent banner. Where integrating the service involves setting optional cookies and similar technologies, we do this in accordance with section 25 (1) TTDSG. Your consent is voluntary and you can withdraw it at any time with future effect pursuant to Article 7(3) GDPR via our Cookie Policy. Data is transferred to third countries on the basis of Article 49(1)(a) GDPR. If this involves processing of data outside the EU or EEA, we also take steps during the transfer to ensure an appropriate level of data protection pursuant to Article 44 et seq. GDPR. For instance, we entered into standard contractual clauses adopted by the European Commission pursuant to Article 46(2)(c) and (5) sentence 2 GDPR and have taken further technical measures to ensure an appropriate level of data protection. These clauses will be replaced in future with standard data protection clauses adopted by the European Commission pursuant to Article 46(2)(c) GDPR. Please read the “Cookies” section above in this regard, and select the relevant settings via our banner.

An overview of the relevant cookies is also provided in the section entitled “Cookies” and via the separate Cookie Policy Cookie Policy.

Facebook marketing services (pixel, conversion tracking, ads, custom audiences)

We include Facebook marketing services in our web pages via “Facebook pixel”, offered by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. In the European Union (EU) and the European Economic Area (EEA), the services are provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

A Facebook pixel is a small image file that is loaded when you open a website and enables JavaScript code to be run in the browser on your end device. Various information can be read from the browser on your end device and the cookies stored there using this JavaScript code.

This makes it possible for us to recognise visitors to our website and their end devices. Visitors who have their own user accounts on the Facebook social media platform can be identified by Facebook via the pixel as visitors to our web pages, regardless of the device they use.

The Facebook pixel also allows us to track and analyse your interests based on the websites you visit and your interactions with our web pages.

The information that we read via the Facebook pixel includes in particular

  • information contained in the HTTP header when you open a website in your browser, in particular usage data such as the IP address, information about the web browser used, the location of the site, the files accessed, and the referral link showing the website that directed you to ours;
  • features of the end device you used to access our web pages;
  • any cookies already set on your end device by Facebook services, such as the marketing cookies “_fbp” and “fr”;
  • button click data, i.e., data showing which buttons visitors clicked on the web pages, the text displayed on these buttons, and all pages visited as a result of clicking on them. This could be a search for a certain item, adding something to a shopping basket or completing a purchase,
  • field names on forms, such as “E-mail” or “Address”.

Based on this information, Facebook creates statistics for us through Facebook conversion tracking in Facebook Ads Manager. These statistics show us how many users reacted in what way to the ads we placed on Facebook. If an ad leads to an action by the website visitor, this is known as a conversion. We can use these statistics to optimise the effectiveness of our ads and manage the strategy we use to target visitors. We also use the information obtained from the Facebook pixel on our web pages to create custom audiences via Facebook Ads Manager, and place targeted advertisements on Facebook.

The data is processed based on your consent pursuant to Article 6(1) sentence 1(a) GDPR, if you have provided it via our consent banner. Where integrating the service involves setting optional cookies and similar technologies, we do this in accordance with section 25 (1) TTDSG.

Your consent is voluntary and you can withdraw it at any time with future effect pursuant to Article 7(3) GDPR via our Cookie Policy.

Your data may be processed in countries outside the European Union (EU) or European Economic Area (EEA) in third countries without an adequate level of data protection, in particular the USA. There is a risk in such case that authorities there may access the data for security and surveillance purposes without informing you or allowing you to lodge an appeal. If this involves processing of data outside the EU or EEA, we take steps during the transfer to secure an appropriate level of data protection pursuant to Article 44 et seq. GDPR. For instance, we entered into standard contractual clauses adopted by the European Commission pursuant to Article 46(2)(c) and (5) sentence 2 GDPR and have taken further technical measures to ensure an appropriate level of data protection. These clauses will be replaced in future with standard data protection clauses adopted by the European Commission pursuant to Article 46(2)(c) GDPR.

We have no influence on further data processing by the third-party provider. Further information on how Facebook handles personal data is available at Privacy Settings.

Online job applications (job portal)

Maxauer Papierfabrik is always on the lookout for qualified and motivated employees. You can use our job portal at jobs.schwarz-produktion.com to submit an application quickly and easily. The data transmitted to us for acknowledgement is processed as part of the initial suitability assessment only, in accordance with section 26 BDSG, in order to provide you with an appropriate response. The data is made available to the HR department and the relevant decision makers at the Schwarz Produktion company that you have applied to only. The data in a specific application is deleted no later than three months after the application process for this position has been closed. In the event that your application is of great interest to us, but there is currently no suitable position for you in the company, we will contact you and request your consent to store your data for longer, so that we can consider you for an appropriate position should one become available.
Please note that applications sent to us by e-mail are transmitted unencrypted. We therefore recommend using the job portal. You also have the option of registering on our job portal, which will enable you to apply for other positions in addition to your specific application. We also provide transparent information there on how your personal data is treated.

Stepstone quick-apply

You can apply directly for specific jobs advertised on the StepStone platform using the “Quick-Apply” function. If you do this, StepStone will collect data from your application (name, address, telephone number, date of birth and details of your educational background and professional experience) and transmit it to us to further process your application. In this case, StepStone will provide transparent information to you from the very beginning about how your data is processed.

StepStone provides all the necessary information on the Quick-Apply function via this link: Stepstone General Terms and Conditions.

Press enquiries

We process data collected from press enquiries submitted by e-mail (name, business contact data such as e-mail address, and if necessary the name of the organisation you represent) or contact form (see contact form/e-mail contact) pursuant to Article 6(1) sentence 1(f) GDPR. Our legitimate interest is our public relations work, and freedom of expression and information, as we have an interest as a company in sharing news as broadly as possible.

Moreover, this data may be shared within Schwarz Group depending on the specific enquiry. This includes, but is not limited to, other press offices within the Group. The legal basis for the processing is Article 6(1)(f) GDPR. The legitimate interest arises from our interest in processing your press enquiry effectively and professionally.

Card services

We embed card services in our web pages that are not saved on our servers. We display only preview images that are stored locally in the first step, to prevent content from third-party providers being automatically downloaded when you access our web pages with embedded card services. This prevents third-party providers from accessing information.

Content from the third-party provider will not be downloaded until you click on the preview image. This informs the third-party provider that you have accessed our site and transmits the technically necessary usage data in this context. We have no influence on the further processing of data by the third-party provider. When you click on the preview image, you consent to downloading of the third-party provider’s content.

The embedding is based on your consent pursuant to Article 6(1) sentence 1(a) GDPR and section 15 (3) sentence 1 of the German Telemedia Act (Telemediengesetz – TMG), provided you have given your consent in advance by clicking on the preview image.

Please note that embedding some card services will result in your data being processed outside the EU or EEA. There is a risk in some countries that authorities may access the data for security and surveillance purposes without informing you or allowing you to lodge an appeal. If this involves processing of data outside the EU or EEA, we take steps during the transfer to secure an appropriate level of data protection pursuant to Article 44 et seq. GDPR.

Provider Maximum storage duration Appropriate level of data protection Withdrawal of consent
Google LLC An appropriate level of data protection is not provided. When data is transmitted to third countries (in particular the USA), there is a risk that authorities there may access the data for security and surveillance purposes without informing you or allowing you to lodge an appeal. We therefore take steps to ensure an appropriate level of data protection pursuant to Article 44 et seq. GDPR. For instance, we enter into standard contractual clauses adopted by the European Commission pursuant to Article 46(2)(c) and (5) sentence 2 GDPR and take further technical measures. These clauses will be replaced in future with standard data protection clauses adopted by the European Commission pursuant to Article 46(2)(c) GDPR. When you click on a preview image, the content from the third-party provider will be downloaded immediately. If you do not wish such content to be downloaded on other pages, do not click on the preview images in future.
II. PRIVACY POLICY FOR CUSTOMERS AND BUSINESS PARTNERS OF MAXAUER PAPIERFABRIK

This policy is intended to inform our customers (business partners, suppliers, prospective customers, end consumers) and their contacts about how we collect, process and share personal data. The controller of the data processing described in the following is the party named in the legal notice.

Purpose of processing/legal basis

We process personal data of our customers’ contacts, such as name, address, e-mail address, telephone/fax number, tax number, customer number and bank details, in the context of our business relationships. We process the data for unique identification purposes, and to initiate, execute, manage and process contracts, for general business correspondence, to create invoices, credit notes and refunds, to manage and assert claims, to comply with statutory provisions, for data protection purposes, and in the interest of providing comprehensive customer support. The legal basis for the data processing within the business relationship is generally the contract, and is provided for in Article 6(1)(b) GDPR. In some cases, data may be processed in order to comply with statutory obligations. Reliability in such cases is governed in Article 6(1)(c) GDPR. In a few cases, we also collect and process the contact data (surname, first name, contact date) of end consumers for the purpose of processing an enquiry relating to a complaint. This processing is done on the basis of a legitimate interest in the form of resolving the complaint, and is legitimised through Article 6(1)(f) GDPR. We address the protection of the personal data collected in such cases by deleting the data associated with the complaint as soon as it has been resolved.

Recipients and categories of recipient

We process the personal data of our customers internally and for the reasons outlined above only. We do not share data with recipients outside of the company as a rule. The only exceptions are where we are obligated due to statutory provisions, or if we commission service providers (processors) to perform tasks subject to strict instructions, which permit them to view customer data. Such service providers are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR. We do not use our customers’ data for any other purposes, particularly marketing purposes.

Storage duration / criteria for determining storage duration

We store the necessary data for the duration of our business relationship with you and until expiry of the limitation periods applicable in each case and any resulting claims, in order to comply with statutory retention obligations.

Consequences of not providing personal data

Unless otherwise stated in the preceding sections, provision of personal data is required neither by law nor by contract, and is not necessary in order to enter into a contract. Our customers are not obligated to provide personal data for any of the reasons stated above. Non-provision of the specified personal data will result, among other things, in your query not being answered and a business relationship not being possible.

III. PRIVACY POLICY FOR OUR SOCIAL MEDIA PAGES

If you visit our social media pages, it may be necessary for data relating to you to be processed. We would therefore like to explain how we handle your data and inform you of your rights in this regard, pursuant to Article 13 GDPR.

Responsibility

We, Maxauer Papierfabrik GmbH (a company of Schwarz Produktion), operate the following social media pages:

You can find our contact data in the legal notice.

In addition to us, the operator of the respective social media platform is also a controller of your personal data. Where we are to influence and parameterise the data processing, we aim, within the scope of the options available to us, to ensure that the operator of the social media platform complies with data protection requirements. Please also note the privacy policies of these social media platforms in this regard.

We have a relationship with the operators of the respective social media services pursuant to Article 26(1) GDPR (joint controllers). In connection with this relationship, the operator operates the entire IT infrastructure of the service, provides its own privacy policy, has a separate user relationship with you (if you are a registered user of the social media service) and is responsible, along with Maxauer Papierfabrik GmbH, for deleting unlawful or inappropriate posts and content on the page. The operator is also solely responsible for all questions relating to the data that makes up your user profile, which we as a company have no access to. The operator does not have any influence over the processing of your data by Maxauer Papierfabrik GmbH in the course of customer communications or prize draws.

Please contact us if you wish to exercise your rights as the data subject concerning a particular item of data processing that falls in our area of influence. We will assess your query (e.g., information request or objection) ourselves, or if necessary will pass it on to the responsible social media platform if your query relates to data processing by the operator of the social media platform.

The main content subject to joint control is explained here for cases where we are joint controllers of your data:

Data processing by us

We process data on these social media pages for the purpose of communicating company information via the brand pages (news, facts and figures, communication from certain departments), communicating information relating own brand production (new products, production cycles and processes, quality) and the sustainability strategy, publishing information on employee retention and recruitment (employee stories, employee benefits, career planning, application process, staff events, job advertisements), communicating information on corporate health management (nutrition and exercise), and communicating and/or sharing information about Schwarz Group, its divisions and companies. The data you enter on our social media pages, such as user name, comments, videos, pictures, likes, public messages, is published by the social media platform and is not processed by us at any time for other purposes. We merely reserve the right to delete content if necessary. We may share your content on our site if this is a function offered by the social media platform.

In this case the user name you use on the platform will also be visible. If you use your real name on the social network or can be recognised from photos in your profile, we cannot rule out that other users will be able to identify you. Posts that we share on our company website are saved there permanently. If you delete your post, it will also be deleted from our site. If you do not wish your content to be shared on our website, you can object as set out above. We will also communicate with you via the social media platform, such as by reacting to your comments or systematically coordinating queries.

If you submit a query on the social media platform, we may, depending on the content, also refer you to other secure means of communication that guarantee confidentiality. For instance, you can send enquiries at any time to our postal address provided in the legal notice or by e-mail to info@schwarz-produktion.com. It is up to you how you communicate with us.

The legal basis for the processing of your data is Article 6(1) sentence 1(f) GDPR. The data is processed with the legitimate interest of performing public relations work for our company and communicating with you.

Some social media platforms provide statistics based on usage data, which contain information about your interaction with our social media page. We do not have any influence over the creation or provision of these statistics, nor can we prohibit it. However, we do not make use of the social media platforms’ optional statistics.

We process this information pursuant to Article 6(1) sentence 1(f) GDPR in the legitimate interest of validating our interaction with our social media pages and improving our content with a view to target groups. We sometimes also use the social media pages listed to run targeted advertisements.

In these cases we use the target group definitions provided by the social media provider. We use anonymous target group definitions only, which define characteristics based on general demographic data, behaviour, interests and connections, among other things. The social media platform operator uses these to target appropriate ads at its users. The legal basis for this is the consent obtained by the operator of the social media platform from the users. If you wish to withdraw this consent, please use the options to withdraw consent provided by the operator of the social media platform, as the latter is the controller of your data in this case. We, and the social media platform operator, occasionally use publicly available data for target group definitions. The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest in this case is defining a target group as appropriately as possible. We never use sensitive personal data as specified in Articles 9 and 10 GDPR to define target groups.

We do not use target group definitions based on location data. We do not share any personal data with social media platform operators in the context of defining target groups.

If you wish to object to a certain type of data processing that we have influence over, please use the contact details provided in the legal notice.

Storage duration

We delete your personal data when it is no longer required for the aforementioned processing purposes, provided that there is no conflict with statutory retention obligations.

All public posts you make on a social media page remain on the timeline indefinitely unless we delete them due to an update to the underlying topic, or a violation of the law or our guidelines, or you delete them yourself.

We have no control over the deletion of your data by the operator itself. The privacy policy of the relevant operator therefore also applies in relation to the storage period.

Data processing by the operator of the social media platform

The operator of the social media platform may use web tracking methods. Web tracking may be used regardless of whether you are registered with or logged on to the social media platform.

Please be aware that it is possible that social media platforms will use your profile and user behaviour data in order to analyse, for example, your habits, personal relationships and preferences, etc. We do not have any influence as such on the processing of your data by the social media platform provider; you therefore use the social media platform under your own responsibility.

Further information on data processing by the provider of the social media platform, configuration options to protect your privacy, other methods of objecting and, if applicable and concluded, the arrangement pursuant to Article 26 GDPR, is available in the provider’s privacy policy:

IV. USER RIGHTS AND CONTACT DATA

We would like to conclude by summarising all your data protection rights:

Rights as the data subject
As a website user, you can assert the following rights against us and against the provider of the social media platform, if the requirements are met:

Right of access (Article 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the information specified in Article 15 GDPR.

Right to rectification (Article 16 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and the completion of any incomplete data.

Right to erasure (Article 17 GDPR)
You have the right to obtain the erasure of personal data concerning you without undue delay, where one of the grounds listed in Article 17 GDPR applies.

If we have not already informed you about the storage duration, we delete personal data when it is no longer required for the aforementioned processing purposes, provided that there is no conflict with statutory retention obligations.

Right to restriction of processing (Article 18 GDPR)
You have the right to obtain restriction of processing where one of the grounds listed in Article 18 GDPR applies, e.g., you have objected to processing for the duration of the controller’s assessment.

Right to data portability (Article 20 GDPR)
In certain cases as listed in Article 20 GDPR, you have the right to receive the personal data concerning you, in a structured, commonly used and machine-readable format and have the data transmitted to a third party.

Right to object (Article 21 GDPR)
If data is collected on the basis of Article 6(1) sentence 1(f) GDPR (data processing for the purpose of legitimate interests) or Article 6(1) sentence 1(e) GDPR (data processing in the public interest or in the exercise of official authority), you have the right to object, on grounds relating to your particular situation, at any time to the processing. We shall no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
You have the right pursuant to Article 77 GDPR to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes data protection law. The right to lodge a complaint can be exercised in particular with a supervisory authority in the EU member state of your habitual residence, place of work or place of the alleged infringement.

Data protection officer contact information

Our external data protection officer is available to provide any information on the subject of data protection via the following contact details:

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
office@datenschutz-sued.de

Controller contact details
Maxauer Papierfabrik GmbH
Mitscherlichstraße
76187 Karlsruhe
E-Mail: datenschutz@schwarz-produktion.com
Tel: +49 (0) 34 43 / 800-3000
Fax: +49 (0) 34 43 / 800-3990