Privacy Policy EU

We at CPM Extrusion Group are very pleased about your interest in our company. Data protection is a topic that’s very important to us and has a particularly high priority for the management of our company. The use of our website is possible without any indication of personal data.

However, if a data subject wishes to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.

Responsible party

The responsible party within the meaning of the GDPR and other national data protection laws of the member states, as well as other data protection regulations, is
  • Extricom Extrusion GmbH Hoher Steg 10 74348 Lauffen am Neckar, Deutschland
  • E-Mail: info.extricom@cpm.net
  • Phone: +49 7133 97136 00

Data protection officer

You can reach our data protection officer as follows:

  • NeTec GmbH
    Porschestraße 4
    70435 Stuttgart, Germany
  • E-Mail: datenschutz@netec.de
  • Phone: +49 711 54991 333
  • Telefax: +49 711 346 05 902

Legal basis of processing

Article 6 (1) sentence 1 lit. a GDPR serves as the legal basis for our company’s processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 (1) sentence 1 lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. p. 1 lit. c GDPR. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person, Art. 6 para. p. 1 lit. d GDPR. Finally, processing operations could also be based on Article 6(1)(f) of the GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.

Scope of processing

As a matter of principle, we process personal data of our website visitors and users only in a matter that is necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

Storage and deletion of your data

We delete or block personal data of the data subject as soon as the purpose of storage is no longer given. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which our company is subject. Data will also be deleted or blocked if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Provision of the website and log files

Each time you visit our website, our system automatically records data and information from the computer system of the calling computer. This includes information such as

  • the type and version of your internet browser,
  • The operating system of your computer or smartphone,
  • Your Internet service provider,
  • Your IP address,
  • The date and time of your access,
  • websites from which you have reached us,
  • websites which you visit from our site.

The legal basis for the temporary storage is Art. 6 para. 1 lit. f GDPR.

We collect such technical information in so-called “log files” so that you can view our website correctly and we can determine the causes of any technical problems, as well as for the technical optimization of our website and for the purpose of security of our computer systems and networks. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Typically, this technical information is deleted or made unrecognizable after seven days at the latest.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Information we collect

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored and processed by us for the purpose of processing the inquiry and in case of follow-up questions. Your data will be used exclusively for the purpose of answering and processing your question. The data processing is carried out here according to Art. 6 para. 1 p. 1 lit. a GDPR on the basis of your voluntarily given consent. You can object to this at any time (right of revocation).

On our website, you can contact us via various options including contact form, job application, offer requests, or product information requests. If you use this option, the data entered in the input mask will be transmitted to us and stored.

In addition to the specific input mask data, the IP address and the date and time of the request are collected and stored. You give your consent to the processing of the data during the sending process.

Alternatively, it is possible to contact us via e-mail. In this case, the personal data of the user transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties, unless this is necessary to process the inquiry (e.g. expert contact). In any case, the data will be used exclusively for processing the conversation.

Information Collected by Cookies and Other Technologies. A “cookie” is a small file placed on your device when you visit a site that can be understood by us or other parties  that issued the cookie. We use cookies and other technologies, including device identifiers, to collect information and support certain features of our website. For example, we may use these technologies to:

  • collect information about the ways visitors use our website—which pages they visit, which links they use, and how long they stay on each page;
  • support the features and functionality of our website – for example, to save you the trouble of reentering information already in our database or to prompt the settings you established on previous visits;
  • personalize your experience when you use our website; and
  • improve our marketing efforts, including through use of targeted advertising.

If you do not wish to receive cookies, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. Although you are not required to accept cookies when you visit our website, you may be unable to use all of the functionality of our website if your browser rejects our cookies.

Information about third-party cookies and interest-based advertising

In addition to the cookies we deliver to your computer or mobile device through our website, certain third parties may deliver cookies to you for a variety of reasons. For example, we may use Google Analytics, a web analytics tool that helps us understand how visitors engage with our website. To learn more about Google Analytics click here.

Other third parties may deliver cookies to your computer or mobile device for the purpose of tracking your online behaviors over time and across nonaffiliated website and/or delivering targeted advertisements either on our website or on other website.  For information about how to limit the data that third parties receive about you, please see your data subject rights below.

How we use personal data collected through the website

Generally, we use the information we collect through our website:

  • to provide the information, products and services you request; for security, credit or fraud prevention purposes;
  • to provide you with effective customer service;
  • to provide you with a personalized experience when you use our website;
  • to contact you with information and notices related to your use of our website;
  • to contact you with special offers and other information we believe will be of interest to you (in accordance with any privacy preferences you have expressed to us);
  • to invite you to participate in surveys and provide feedback to us (in accordance with any privacy preferences you have expressed to us); to better understand your needs and interests;
  • to improve the content, functionality and usability of our website; to improve our products and services and to attract investors; to improve our marketing and promotional efforts; and
  • for any other purpose identified in an applicable privacy notice, click- through agreement or other agreement between you and us.

How we share personal data with others

With Third–Party Vendors.  We share data collected through our website with third-party vendors who act on our behalf. For example, we may use third-party vendors to design and operate our website. These third-party vendors may need data about you to perform their obligations. Typically, they are required by contract to keep your information confidential and to use it only to provide services on our behalf.

With Other Companies in CPM’s Corporate Structure. We may share data collected through our website with other companies in our corporate structure, including subsidiaries, parent companies, and sister companies existing now or hereafter acquired. These affiliate companies are permitted to use your information for their own marketing purposes and in a manner otherwise consistent with this Privacy Policy.

In Aggregate or De-Identified Form. We use data collected through our website to create a compiled, aggregate view of usage patterns. We may share aggregate data with third parties so we and they can better understand our user base. We may also share with third party’s information about how particular individuals use our website, but only on a de-identified basis (“Individualized Data”). Individualized Data is not personally identifiable, but it does reflect the usage patterns of a particular website user, as opposed to website users collectively. We may provide basic demographic information (gender and age) in conjunction with providing Individualized Data. Third parties typically use this information for analytical purposes and to market their own products and services.

As Part of a Business Transfer. Your data may be transferred to successor organization if, for example, we transfer the ownership or operation of our website to another organization if we merge with or are acquired by another organization, or if we liquidate our assets. If such a transfer occurs, the successor organization’s use of your data will still be subject to this Privacy Policy and the privacy preferences you have expressed to us.

To Comply with Laws and Protection of Our Rights and the Rights of Others. We may disclose your data when we, in good faith, believe disclosure is appropriate to comply with the law, a court order or a subpoena. We may also disclose your data to prevent or investigate a possible crime, such as fraud or identity theft; to protect the security of our website; or to protect our own rights or property or the rights, property or safety of our users or others.

As Described in a Privacy Notice or Click-Through Agreement. We reserve the right to disclose your data as described in any privacy notice posted on our website, or as described in any click-through agreement to which you have agreed.

Links to third party websites

On this website, references to third-party websites are offered in the form of so-called links or hyperlinks. Only when you click on such a link will data be transmitted to the link destination. This is technically necessary.

The transmitted data are in particular: Your IP address, the time at which you clicked on the link, the website on which you clicked on the link, information about your Internet browser. If you do not want this data to be transmitted to the link destination, do not click on the link.

SSL encryption

This website uses SSL (Secure Socket Layer) encryption for the transmission of data from your browser to our server and to servers that provide files that we embed on our website.

With SSL, data is transmitted in an encrypted form. The data cannot be changed and the sender can be identified.

You can recognize the presence of SSL encryption by the prefixed “https” in front of the address of the web page that you call in the browser.

Technologies used

Vimeo Videos

We have embedded Vimeo videos on our website, which are stored on the provider’s servers (Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011) and can be played from our website via an embed. When you play these videos, cookies are stored on your computer and data may be transmitted to Vimeo.

When playing videos stored on Vimeo, at least the following data is currently transmitted to Vimeo LLC: IP address and cookie, the specific address of the page accessed, system date and time of access, your browser ID.

This data is transmitted regardless of whether you have a Vimeo user account through which you are logged in or whether you do not. If you are already logged in, this data may be directly associated with your account by Vimeo LLC. If you do not wish for it to be associated with your profile, you must log out of the Vimeo platform before activating the play button for the video.

Further information on the purpose and scope of the data collection and its processing by Vimeo can be found on this information page: https://vimeo.zendesk.com/hc/en-us/sections/203915088-Privacy.

Cookies used (lifetime in brackets): vuid (2 years), muxData (20 years)

WordPress 

We use WordPress as the content management system for our website. WordPress uses functional (necessary) cookies to ensure the login process for editors and administrators.

In particular, a cookie called wordpress_test_cookie is set when trying to log into the WordPress administration interface. This cookie is only used for the active session and is deleted as soon as you close the browser.

The cookie is not used to evaluate users.

Burst Statistics 

For our website we use the tool Burst Statistics, a tool which to get detailed insights into visitors’ behavior on our website. It perform services such as measuring, analyzing and data visualization of website traffic. Data is locally hosted, and anonymized, in collaboration with Complianz.

Safety Notice

We secure our website and other IT systems against loss, destruction, unauthorized access, unauthorized modification or unauthorized distribution of your data using appropriate technical and organizational measures. Despite all due care, complete protection against all dangers is not always possible. Because we cannot guarantee complete data security when communicating by e-mail, we recommend sending confidential information by post.

Terms defined

Privacy Policy of our company is based on the terms used by the European legislator for directives and regulations when the General Data Protection Regulation (GDPR) was issued. Our Privacy Policy should be legible and understandable for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this Privacy Policy:

a) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable if, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

b) Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing

Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as collecting, recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling

Profiling is any type of automated processing of personal data, which consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, whereabouts or relocation.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data not assigned to an identified or identifiable natural person.

g) Controller or data controller

The person responsible or responsible for processing is the natural or legal person, authority, institution, or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided for by Union law or the law of the Member States.

h) Processors

Processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the person responsible.

i) Recipient

Recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

j) Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.

k) Consent

Consent is any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act, by which the data subject indicates that they consent to the processing of personal data relating to them.

Data subject rights for United States citizens

Your Choices

In general, we respect your right to make choices about the ways we collect, use, and disclose the personal data you provide on or through our website. We strive to provide choices to you at a meaningful time and in a meaningful place. For example, if you don’t want data about your visit to our website sent to Google Analytics, you may download an Opt-out Browser Add-on by clicking here. Please note that the Add-on does not prevent information from being sent to us.

In addition, if you would like to opt out of having participating entities collect your online behavior for advertising purposes when you are browsing our website, click here for a “Website Opt Out.” You will be directed to an industry-developed website that allows you to choose whether each listed entity may collect and use data for interest-based advertising purposes. It may be that some of the third parties that collect interest-based information on our website do not participate in the Website Opt Out, in which case the best way to avoid third-party tracking of your online behaviors may be through your browser settings and deletion of cookies.

Please note that the Website Opt Out is device-specific and the Website Opt Out is browser-specific. If you wish to opt-out from having interest-based information collected by participating entities across all devices and browsers, you need to take the steps outlined above from each device and browser.

You may change previously expressed preferences regarding how we use information you provide on or through our website. For example, if you have provided your contact information and receive periodic emails from us, you may decide to stop receiving those emails by clicking the “unsubscribe” link in an email’s footer. You may be able to change other preferences through an account you create on our Portal. Otherwise, please contact us using the information provided below.

Data subject rights for European Union/United Kingdom citizens

  • Right to information (Article 15 GDPR)

You can request confirmation of your personal data processed by us.

If such processing is done, you can request information from us in accordance with the GDPR on a variety of issues, such as:

– the purposes for which your personal data are processed;

– the categories of personal data being processed;

– the recipients or categories of recipients to whom your personal data has been or will be disclosed;

– the planned duration of the storage of your personal data or, if specific information on this is not possible, criteria for determining the storage duration;

– the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by our company or a right to object to this processing;

– the existence of a right of appeal to a supervisory authority;

– all available information about the origin of your personal data, if your personal data was not collected from you;

– the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

– You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

  • Right to rectification (Article 16 GDPR)

You have the right to have your personal data corrected and/or completed if this data is incorrect or incomplete. We will make the correction immediately.

  • Right to erasure (Art. 17 GDPR)

You can request us to delete your personal data immediately, and we are then obliged to delete this data immediately if one of the following reasons applies:

– your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

– You revoke your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.

– You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.

– The personal data concerning you have been processed unlawfully.

– The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

– If we have made your personal data public and we are obliged to delete them in accordance with Art. 17 (1) GDPR, we must take appropriate measures, taking into account the available technology and the implementation costs, to inform other companies that process your personal data about it to inform you that you have requested them to delete all links to your personal data (and all copies thereof) (“right to be forgotten”).

– There is no right to erasure if processing is necessary

– to exercise the right to freedom of expression and information;

– to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

– for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 lit. h and i and Article 9 Paragraph 3 GDPR, or

– to assert, exercise or defend legal claims.

  • Right to restriction of processing (Article 18 GDPR)

Under certain circumstances, you can request that the processing of your personal data be restricted.

– if you dispute the accuracy of the personal data concerning you, for a period that enables us to verify the accuracy of the personal data;

– if the processing is unlawful and you refuse the deletion of your personal data and instead request the restriction of the use of your personal data;

– if we no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

– if you have lodged an objection to the processing and it is not yet certain whether the legitimate reasons of our group of companies and affiliated subsidiaries outweigh your reasons.

– If the processing of your personal data has been restricted, we may only process this data – apart from its storage – with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

– If the restriction of processing was restricted according to the above conditions, you will be informed by us before the restriction is lifted.

  • Right to information of third parties (Article 19 GDPR)

If you have asserted the right to correction, deletion or restriction of processing vis-à-vis with our company, we are obliged to inform all recipients to whom we have disclosed your personal data of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You also have the right to be informed by us about these recipients.

  • Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that

– the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and

– the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.

The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

  • Right to object (Art. 21 GDPR)

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

In this case, we will no longer process the personal data relating to you, unless there are compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to the processing for direct marketing purposes, we will no longer process the personal data relating to you for these purposes.

  • Right to revoke the declaration of consent under data protection law (Article 7 (3) GDPR)

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

  • Automated individual decisions including profiling (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

– is necessary for the conclusion or performance of a contract between you and us,

– is permissible on the basis of Union or Member State legislation to which the person responsible is subject and this legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

– with your express consent.

With regard to the cases mentioned, the person responsible takes appropriate measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person from our company to express your point of view and to contest the decision.

  • Right to lodge a complaint with the supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.

Names and contact information of the relevant supervisory authorities:

As it relates to European Union/United Kingdom residents:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

(English: The Federal Commissioner for Data Protection and Freedom of Information)

Graurheindorfer Strasse 153

53117 Bonn

Telephone: +49 (0)228 997799-0

Email: redaktion@bfdi.bund.de

https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

The supervisory authority to which the complaint was lodged will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Applicants

In the course of the application process, personal data is collected and processed by us. The processing can also take place electronically. This is particularly the case if an applicant sends the corresponding application documents electronically, for example by e-mail, to the person responsible for processing. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the rejection decision, provided that deletion does not conflict with any other legitimate interests of our company for processing. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the Allgmeines Gleichbehandlungsgesetz (AGG) – English: General Equal Treatment Act.

Children under the age of thirteen

Our website is not intended for children or minors under the age of thirteen years without the permission of a parent or guardian. If you believe that a child has submitted personal information on or through our website without the consent and supervision of a parent or guardian, please contact us at sales@cpm.net so that we can take appropriate action.

Changes to this Privacy Policy

We reserve the right to change this Privacy Policy if the legal situation or the manner of data collection changes. However, this only applies to policies on data processing. If the user’s consent is required or parts of the data protection declaration contain a regulation of the contractual relationship with users, this Privacy Policy will only be changed with the user’s consent.

If necessary, please inform yourself about this Privacy Policy, especially if you provide personal data.

Contact Us

For United States citizens, if you have any questions about this Privacy Policy, please contact us at:

sales@cpm.net