Privacy Policy EU

We at CPM Extrusion Group are very pleased about your interest in our company. Data protection is a topic that’s very important to us and has a particularly high priority for the management of our company. The use of our website is possible without any indication of personal data. However, if a data subject wishes to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.

Responsible party

The responsible party within the meaning of the GDPR and other national data protection laws of the member states, as well as other data protection regulations, is
  • Extricom Extrusion GmbH Hoher Steg 10 74348 Lauffen am Neckar, Deutschland
  • E-Mail: info.extricom@cpm.net
  • Phone: +49 7133 97136 00

Data protection officer

You can reach our data protection officer as follows:

  • NeTec GmbH
    Porschestraße 4
    70435 Stuttgart, Deutschland
  • E-Mail: datenschutz@netec.de
  • Phone: +49 711 54991 333
  • Telefax: +49 711 346 05 902

Legal basis of processing

Article 6 (1) sentence 1 lit. a GDPR serves as the legal basis for our company’s processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 (1) sentence 1 lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. p. 1 lit. c GDPR. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person, Art. 6 para. p. 1 lit. d GDPR. Finally, processing operations could also be based on Article 6(1)(f) of the GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.

Scope of processing

As a matter of principle, we process personal data of our website visitors and users only in a matter that is necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

Storage and deletion of your data

We delete or block personal data of the data subject as soon as the purpose of storage is no longer given. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which our company is subject. Data will also be deleted or blocked if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Provision of the website and log files

Each time you visir our website, our system automatically records data and information from the computer system of the calling computer. This includes information such as

  • the type and version of your internet browser,
    The operating system of your computer or smartphone,
    Your Internet service provider,
    Your IP address,
    The date and time of your access,
    websites from which you have reached us,
    websites which you visit from our site.
    The legal basis for the temporary storage is Art. 6 para. 1 lit. f GDPR.

We collect such technical information in so-called “log files” so that you can view our website correctly and we can determine the causes of any technical problems, as well as for the technical optimization of our website and for the purpose of security of our computer systems and networks. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR. 

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Typically, this technical information is deleted or made unrecognizable after seven days at the latest.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Contact requests and contact form

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored and processed by us for the purpose of processing the inquiry and in case of follow-up questions. Your data will be used exclusively for the purpose of answering and processing your question. The data processing is carried out here according to Art. 6 para. 1 p. 1 lit. a GDPR on the basis of your voluntarily given consent. You can object to this at any time (right of revocation).

On our website, you can contact us via various options including contact form, job application, offer requests, or product information requests. If you use this option, the data entered in the input mask will be transmitted to us and stored.
In addition to the specific input mask data, the IP address and the date and time of the request are collected and stored. You give your consent to the processing of the data during the sending process.

Alternatively, it is possible to contact us via e-mail. In this case, the personal data of the user transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties, unless this is necessary to process the inquiry (e.g. expert contact). In any case, the data will be used exclusively for processing the conversation.

Links to third party websites

On this website, references to third-party websites are offered in the form of so-called links or hyperlinks. Only when you click on such a link will data be transmitted to the link destination. This is technically necessary.

The transmitted data are in particular: Your IP address, the time at which you clicked on the link, the website on which you clicked on the link, information about your Internet browser. If you do not want this data to be transmitted to the link destination, do not click on the link.

SSL encryption

This website uses SSL (Secure Socket Layer) encryption for the transmission of data from your browser to our server and to servers that provide files that we embed on our website.

With SSL, data is transmitted in an encrypted form. The data cannot be changed and the sender can be identified.

You can recognize the presence of SSL encryption by the prefixed “https” in front of the address of the web page that you call in the browser.

Technologies used

Vimeo Videos

Article 6 (1) sentence 1 lit. a GDPR serves as the legal basis for our company’s processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 (1) sentence 1 lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. p. 1 lit. c GDPR. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person, Art. 6 para. p. 1 lit. d GDPR. Finally, processing operations could also be based on Article 6(1)(f) of the GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.

We have embedded Vimeo videos on our website, which are stored on the provider’s servers (Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011) and can be played from our website via an embed. When you play these videos, cookies are stored on your computer and data may be transmitted to Vimeo. 

When playing videos stored on Vimeo, at least the following data is currently transmitted to Vimeo LLC: IP address and cookie, the specific address of the page accessed, system date and time of access, your browser ID. 

This data is transmitted regardless of whether you have a Vimeo user account through which you are logged in or whether you do not. If you are already logged in, this data may be directly associated with your account by Vimeo LLC. If you do not wish for it to be associated with your profile, you must log out of the Vimeo platform before activating the play button for the video.

Further information on the purpose and scope of the data collection and its processing by Vimeo can be found on this information page: https://vimeo.zendesk.com/hc/en-us/sections/203915088-Privacy.
Cookies used (lifetime in brackets): vuid (2 years), muxData (20 years)

WordPress 

We use WordPress as the content management system for our website. WordPress uses functional (necessary) cookies to ensure the login process for editors and administrators. 

In particular, a cookie called wordpress_test_cookie is set when trying to log into the WordPress administration interface. This cookie is only used for the active session and is deleted as soon as you close the browser. 

The cookie is not used to evaluate users.

Burst Statistics 

For our website we use the tool Burst Statistics, a tool which to get detailed insights into visitors’ behavior on our website. It perform services such as measuring, analyzing and data visualization of website traffic. Data is locally hosted, and anonymized, in collaboration with Complianz.

Safety Notice

We secure our website and other IT systems against loss, destruction, unauthorized access, unauthorized modification or unauthorized distribution of your data using appropriate technical and organizational measures. Despite all due care, complete protection against all dangers is not always possible. Because we cannot guarantee complete data security when communicating by e-mail, we recommend sending confidential information by post.

Terms defined

Privacy Policy of our company is based on the terms used by the European legislator for directives and regulations when the General Data Protection Regulation (GDPR) was issued. Our Privacy Policy should be legible and understandable for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this Privacy Policy:

a) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

b) Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing

Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling

Profiling is any type of automated processing of personal data, which consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, whereabouts or relocation.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data not assigned to an identified or identifiable natural person.

g) Controller or data controller

The person responsible or responsible for processing is the natural or legal person, authority, institution, or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided for by Union law or the law of the Member States.

h) Processors

Processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the person responsible.

i) Recipient

Recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

j) Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.

k) Consent

Consent is any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act, by which the data subject indicates that they consent to the processing of personal data relating to them.

Data subject rights

  • Right to information (Article 15 GDPR)

You can request confirmation of your personal data processed by us.

If such processing is done, you can request information from us in accordance with the GDPR on a variety of issues, such as:

– the purposes for which your personal data are processed;

– the categories of personal data being processed;

– the recipients or categories of recipients to whom your personal data has been or will be disclosed;

– the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage duration;

– the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by our company or a right to object to this processing;

– the existence of a right of appeal to a supervisory authority;

– all available information about the origin of your personal data, if your personal data was not collected from you;

– the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

– You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

  • Right to rectification (Article 16 GDPR)

You have the right to have your personal data corrected and/or completed if this data is incorrect or incomplete. We will make the correction immediately.

  • Right to erasure (Art. 17 GDPR)

You can request us to delete your personal data immediately, and we are then obliged to delete this data immediately if one of the following reasons applies:

– your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

– You revoke your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.

– You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.

– The personal data concerning you have been processed unlawfully.

– The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

– If we have made your personal data public and we are obliged to delete them in accordance with Art. 17 (1) GDPR, we must take appropriate measures, taking into account the available technology and the implementation costs, to inform other companies that process your personal data about it to inform you that you have requested them to delete all links to your personal data (and all copies thereof) (“right to be forgotten”).

– There is no right to erasure if processing is necessary

– to exercise the right to freedom of expression and information;

– to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

– for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 lit. h and i and Article 9 Paragraph 3 GDPR, or

– to assert, exercise or defend legal claims.

  • Right to restriction of processing (Article 18 GDPR)

Under certain circumstances, you can request that the processing of your personal data be restricted.

– if you dispute the accuracy of the personal data concerning you, for a period that enables us to verify the accuracy of the personal data;

– if the processing is unlawful and you refuse the deletion of your personal data and instead request the restriction of the use of your personal data;

– if we no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

– if you have lodged an objection to the processing and it is not yet certain whether the legitimate reasons of our group of companies and affiliated subsidiaries outweigh your reasons.

– If the processing of your personal data has been restricted, we may only process this data – apart from its storage – with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

– If the restriction of processing was restricted according to the above conditions, you will be informed by us before the restriction is lifted.

  • Right to information of third parties (Article 19 GDPR)

If you have asserted the right to correction, deletion or restriction of processing vis-à-vis with our company, we are obliged to inform all recipients to whom we have disclosed your personal data of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You also have the right to be informed by us about these recipients.

  • Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that

– the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and

– the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.

The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

  • Right to object (Art. 21 GDPR)

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

In this case, we will no longer process the personal data relating to you, unless there are compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to the processing for direct marketing purposes, we will no longer process the personal data relating to you for these purposes.

  • Right to revoke the declaration of consent under data protection law (Article 7 (3) GDPR)

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

  • Automated individual decisions including profiling (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

– is necessary for the conclusion or performance of a contract between you and us,

– is permissible on the basis of Union or Member State legislation to which the person responsible is subject and this legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

– with your express consent.

With regard to the cases mentioned, the person responsible takes appropriate measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from our company to express your point of view and to contest the decision.

  • Right to lodge a complaint with the supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.

Names and contact information of the relevant supervisory authorities:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

(English: The Federal Commissioner for Data Protection and Freedom of Information)

Graurheindorfer Strasse 153

53117 Bonn

Telephone: +49 (0)228 997799-0

Email: redaktion@bfdi.bund.de

https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Applicants

In the course of the application process, personal data is collected and processed by the applicant. The processing can also take place electronically. This is particularly the case if an applicant sends the corresponding application documents electronically, for example by e-mail, to the person responsible for processing. If the person responsible for processing concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the person responsible for processing does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the rejection decision, provided that deletion does not conflict with any other legitimate interests of the person responsible for processing. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the Allgmeines Gleichbehandlungsgesetz (AGG) – English: General Equal Treatment Act.

Changes to this Privacy Policy

We reserve the right to change this Privacy Policy if the legal situation or the manner of data collection changes. However, this only applies to policies on data processing. If the user’s consent is required or parts of the data protection declaration contain a regulation of the contractual relationship with users, the Privacy Policy will only be changed with the user’s consent.

If necessary, please inform yourself about this Privacy Policy, especially if you provide personal data.