Privacy policy

We, the Fachverband Faltschachtel-Industrie e. V. (FFI), attach great importance to the protection, accuracy and integrity of your personal data. We process your data only in accordance with the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act („Bundesdatenschutzgesetz“, BDSG).

With this data protection declaration, we inform you about how we process your personal data when using the carton database and which rights you have in this context as a data subject according to data protection law.

1. Scope of this Privacy Policyand definitions
This privacy statement applies to the processing of personal data when visiting and using the FFI Cartonboard Database via the websites www.kartondatenbank.de and www.cartonboarddatabase.com / www.cartondatabase.com

Insofar as websites or Internet offers of other providers are linked, we have neither influence nor control over the linked content and the data protection provisions there. This data protection declaration therefore does not apply to these other websites and Internet offers. We recommend that you read the data protection statements on the websites of these other providers.

Personal data is any information relating to an identified or identifiable person ("data subject"). This includes, for example, personal information such as name, address, personalized e-mail address and telephone number, but also content data such as messages that you send us by e-mail or other means. Likewise, information about your activities when using the database (e.g. uploaded files) are personal data, as far as they can be assigned to you, e.g. by means of the user ID or IP address. With regard to the other terms used (e.g. "processing" or "controller"), we refer to the definitions in Article 4 GDPR.

2. Name and contact details of the controller
"Controller" in the sense of the applicable data protection law is Fachverband Faltschachtel-Industrie e. V., Kleine Hochstraße 8, 60313 Frankfurt a.M., Germany, Managing Director: Christian Schiffers,Tel.: 069 89012-0, Fax: 069 892-222, E-Mail: datenschutz@ffi.de, Website: www.ffi.de.

3. Data processing when using this website
The Cartonboard Database offers various functionalities. In the following, we will give you an overview of which data is processed for which purposes when using the various functions and offers.

3.1 Visiting this website / log files
When visiting the website www.kartondatenbank.de and www.cartonboarddatabase.com / www.cartondatabase.com information is automatically sent to the server of this website by the browser used on your end device. This information is temporarily stored in so-called log files. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the accessed file,
  • website from which the access is made (referrer URL),
  • browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The processing of this data is necessary for the technical provision of the website including access to the database, for its optimization and for ensuring IT security, in particular system security and stability.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the aforementioned purposes. In no case do we use the collected data for the purpose of drawing conclusions about your person.

The information is stored for security reasons (e.g. to clarify acts of abuse or attacks on our web server) for a maximum period of one month. After that, they are deleted.

In addition, we use cookies and services of external third parties on our website. You can find more detailed information on this under section 4 of this Privacy Policy.

3.2 Use of the map database by registered users
Only registered users are allowed to use the database. For registration and activation of the respective user, the following user data is required: first and last name, company name, city, country, business e-mail address, login data (user name, password),optional: telephone number. We receive this information directly from you in the course of your registration. These data are processed for the execution of the registration process and user administration (authentication and authorization of the respective users). In addition, log data is collected (i.e. login/logout of a user with timestamp, ID and IP address) to ensure system security and proper operation of the database.

The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f GDPR. We have a legitimate interest in providing registered users with smooth access to the database including its functionalities in accordance with the terms of use and to ensure the proper and safe use of the database. The provision of the aforementioned information is contractually stipulated in the Terms of Use and in cooperation agreements concluded with cartonboardmanufacturers. Without this information, the use of the database is not possible.

Under the conditions of Art. 21 GDPR, users have the right to object to this processing of their data (see section 8 of this Privacy Policy).

As a rule, we store the user data as long as your user account is active, which requires at least one use of the database within the last 12 months. In the event of inactivity or account de-registration, the data will be deleted, unless longer storage is necessary to fulfill contractual or legal obligations or to pursue legal claims. Log data is stored for a period of 30 days and then deleted.

In addition, statistical analyses are carried out in order to better understand the use of the database and its contents (e.g. number of downloads or use of the filter/search function). However, these statistics do not allow any conclusions to be drawn about individual users; no personal data is processed.

3.3 Use of the admin area by authorized staff
If a cooperation agreement exists, carton manufacturers are authorized to enter data and use the admin area of the database. For this purpose, the cartonboardmanufacturer designates the staff with name, business e-mail address and telephone number who are to have access to the admin area (so-called authorized staff). We receive this information directly from your order or employer (carton manufacturer). For the registration and activation of the respective admin, the following data is then required: first and last name, company name, city, country, business e-mail address, login data (user name, password), optional: telephone number.

This data is processed for the execution of the registration process and administration of the admin area (authentication and authorization of the respective users). The data is also used to provide authorized employees with further information about the database (e.g. update reminders).

In addition, log/record data of authorized staff is collected (e.g. login/logout as well as data entries and modifications of authorized staff including name, user ID, type of uploaded content, language setting, timestamp), as far as this is necessary for purposes of system security and proper operation of the database (e.g. identification and elimination of system errors, manipulations, unauthorized accesses and activities).

The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f GDPR. We have a legitimate interest in providing authorized users with access to the admin area of the database in accordance with the cooperation agreement and to ensure the proper and secure use of the database. The provision of the aforementioned information is contractually stipulated in the cooperation agreement. Without this information, use of the admin area of the Database is not possible.

Under the conditions of Art. 21 GDPR, authorized staff have the right to object to this processing of your data (see section 8 of this Privacy Policy).

We generally store the user data of authorized staff for as long as your admin account is active, which requires at least one use of the database within the last 12 months. In case of inactivity or logout of the account, the data will be deleted, unless a longer storage is necessary for the fulfillment of contractual or legal obligations or for the pursuit of legal claims. Log/logging data is stored for a period of 12 months and then deleted.

3.4 Contacting the FFI
You can contact us using the contact form provided on this website. You are required to provide your full name, your company, a valid e-mail address and information about your request. Further information can be given voluntarily. The information is necessary so that we know from whom the request originates and to be able to answer it.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.

If you contact us, we will process the information you provide only for the purpose of answering your questions, processing your request and subsequent communication with you. In this context, the data will not be passed on to third parties, unless this is exceptionally necessary for the fulfillment of legal obligations or the exercise of legal interests.

The legal basis for this data processing is Art. 6 (1) 1 lit. f GDPR . We have a legitimate interest in enabling you to contact us quickly and easily and to process your requests to your satisfaction.

Under the conditions of Art. 21 GDPR, authorized staff have the right to object to this processing of your data (see section 8 of this Privacy Policy).

4. Cookies and similar technologies and services of external third parties

4.1 Cookies
This website uses cookies. Cookies are small text documents or pieces of code that are stored in your web browser or by the web browser on your computer system or terminal device when you visit the website or use a mobile application and gain access to information. Such information can be -depending on the type of cookie -for example your language settings, the duration of your visit to our website, your entries made there or information about your use of the website.

We only use technically necessary session cookies and no tracking technologies. Session cookies are cookies that store a randomly generated session ID in the user's web browser, which can be used to assign various requests from your browser to the same session. This allows your terminal device to be recognized (e.g. to store certain settings such as text size, font, language or login data). The use of these cookies is necessary to provide certain website and database content in the desired manner and to maintain a user's login status between (sub-) pages. Session cookies are deleted as soon as you close the browser or end the session.

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Necessary cookies are required to protect our legitimate interest in the proper and user-friendly operation of the website including its basic functionalities.

If you would like to prevent the use of cookies in general, you can prevent the storage of cookies via your browser settings or selectively accept certain cookies. How this works in detail, please refer to the instructions of the respective browser provider. Please note that completely turning off cookies may affect your ability to use this service or its quality.

4.2 Third-party content and services
We embed YouTube videos on our website. Within the European Union, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") is the provider of this service responsible under data protection law. The integration of YouTube videos allows you to view the videos easily and conveniently directly via our website.

On our website, content from the YouTube platform is blocked by default. This means that, by default, no automated connection is established with Google's servers. This means that Google does not receive any data from you when you simply call up our website. Only when you play the video by clicking on "Start video" will the video be loaded on our website, a connection to the Google server will be established and the data required for playback (URL of the website just loaded, the IP address of the terminal device you are using and, if applicable, further device-specific information such as the browser type) will be transmitted to Google.

You can therefore decide for yourself whether a YouTube video should be started and Google enabled to collect your user data. By starting the video, you consent to the data transfer to Google triggered by this. The legal basis is therefore your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

Please note that data is transferred when the video is played, regardless of whether you have a YouTube member account or not. If you have a member account via which you are logged in, your data can also be directly assigned to your account by Google (e.g. which video you call up). You can prevent this by logging out of your member account before playing a video. In addition, after playing a YouTube video, further data processing operations may be triggered by Google, of which we have no precise knowledge and over which we have no influence. This may also result in the transmission of data by this provider to third countries.

Please also note that third-party providers such as Google also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

For the legal basis on which Google processes your data and how Google ensures the required level of protection in the case of data transfer to third countries, please refer to Google's data protection statement: https://policies.google.com/privacy?hl=en&fg=1

5. Storage of personal data
Unless an explicit storage period is specified in this Privacy Policy, we will only store your personal data for as long as is necessary to fulfill the specified purposes and to comply with legal retention obligations. If you would like more information about our retention periods, please contact us by e-mail at datenschutz@ffi.de or at the contact details provided under "Controller".

6. Recipients of your personal data
As part of the hosting and technical operation of the website and database, we are supported by IT service providers who need to access personal data of the users of this website and database on our behalf in order to provide their service, support and/or hosting services. The following IT service providers are currently commissioned with the aforementioned services within the frame-work of order processing:

  • Technical support: nord.digital, Herr Kai Lehmann, Reidholzstrasse 27, 8805 Richterswil (Schweiz), phone: +41 (0) 79 273 00 04, EMail: kai.lehmann@nord.digital, Internet: www.nord.digital
  • Hosting: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Deutschland, phone.: +49 (0)9831 505-0, Fax: +49 (0)9831 505-3, EMail: info@hetzner.com Internet: www.hetzner.com/de

In addition, we may be required by law or in the context of official or procedural proceedings to disclose personal data to authorities, courts, other public bodies or parties to proceedings.

Furthermore, in the event of unlawful use of this website or database, we may be entitled to transfer user data to the competent authorities (e.g. law enforcement agencies).

We will only transfer your personal data to the extent necessary to fulfill the respective defined purposes and legal obligations.

7. Data transfer to third countries
In the context of technical support, data transfers to the IT service provider commissioned by us, nord.digital, Mr. Kai Lehmann, based in Switzerland, may be necessary. For Switzerland, an adequate level of data protection according to Art. 45 GDPR has been established by the adequacy decision of the EU Commission (Commission Decision 2000/518/EC of 26.07.2000, Abl. 2000 L215 1).

Otherwise, a transfer of your data to a third country outside the EU/EEA or to an international organization is generally not intended. In individual cases, a transfer to third countries may be necessary due to the global nature of a business relationship. In this case, we ensure an appropriate level of data protection through corresponding guarantees (e.g. standard data protection clauses). If you would like more information about how we protect your personal data under these circumstances, please contact us by e-mail at datenschutz@ffi.de or at the contact details under Controller.

8. Your rights as a data subject
As a data subject, you have the following rights under the GDPR in connection with the processing of your personal data. To assert your rights, you can contact us by email at datenschutz@ffi.de or by using the contact details under the heading "Controller". This also applies if you would like to learn more about what these rights mean in detail.

Right to information according to Article 15 GDPR
In accordance with Art. 15 GDPR, you have the right to request information about whether or not we are processing personal data relating to you. You may also request information on the processing of your data as specified in Art. 15 (1) and (2) GDPR. As part of your right to information, you also have the right to request a copy of your personal data under the conditions of Art. 15 (3) GDPR. The restrictions of the right to information according to Art. 15para. 4 GDPR, § 34 BDSG must be observed.

Right to rectification of your data pursuant to Article 16 GDPR
You have the right to request that we correct your data if it is inaccurate, inaccurate and/or incomplete; the right to rectification includes the right to completion by means of supplementary declarations or notifications.

Right to have your data deleted in accordance with Article 17 GDPR
Under the conditions of Art. 17 (1) GDPR, you have the right to demand that we delete your personal data. According to Art. 17 (3) GDPR, this does not apply if the processing is necessary for compliance with a legal obligation or for the assertion, exercise or defense of legal claims. The further restrictions of Art. 17 para. 3 GDPR, § 35 BDSG must be observed.

Right to restrict the processing of your data pursuant to Article 18 GDPR
In the cases of Article 18 (1) GDPR, you have the right to request the restriction of the processing of your personal data. In this case, your data -apart from its storage -may only be processed with your consent or under the conditions of Article 18 (2) GDPR.

Data portability in accordance with Article 20 GDPR
You may have the right to request the return of data concerning you in a commonly used electronic, machine-readable data format. The right to data portability includes the right to transfer the data to another controller; upon request, we will therefore -as far as technically possible -transfer your personal data directly to a controller designated by you or yet to be designated. The right to data transfer exists only for data provided by you and requires that the processing is based on consent or for the performance of a contract concluded with you and is carried out using automated processes.

RIGHT OF OBJECTION PURSUANT TO ARTICLE 21 DSGVO
IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PERFORMANCE OF TASKS CARRIED OUT IN THE PUBLIC INTEREST (ARTICLE 6(1)(E) DSGVO) OR ON THE BASIS OF A LEGITIMATE INTEREST (AR-TICLE 6(1)(F) DSGVO), YOU MAY OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. IN THE CASE OF A JUSTIFIED OBJECTION, WE MUST REFRAIN FROM ANY FURTHER PROCESSING OF YOUR DATA, UNLESS IT IS NECESSARY FOR COMPELLING LEGITIMATE REASONS THAT OVERRIDE YOUR INTER-ESTS, RIGHTS AND FREEDOMS, OR FOR THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.IN THE CASE OF DIRECT ADVERTISING OR RELATED PROFILING, YOU MAY OBJECT TO THE PRO-CESSING OF DATA FOR THESE PURPOSES AT ANY TIME AND WITHOUT STATING REASONS. THE OBJECTION CAN BE SENT FORM-FREE (E.G. BY E-MAIL, FAX, LETTER) TO DATENSCHUTZ@FFI.DE OR TO THE CONTACT DATA UNDER ITEM 2.

Complaint to a supervisory authority
If you are of the opinion that the processing of personal data concerning you by us violates data protection provisions, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, pursuant to Article 77 of the GDPR. In Hesse, the Hessian Commissioner for Data Protection and Freedom of Information is the competent supervisory authority, which can be reached at the following contact details:

The Hessian Commissioner for Data Protection and Freedom of Information
represented by Prof. Dr. Alexander Roßnagel
Gustav-Stresemann-Ring 1
65189 Wiesbaden
phone: 0611-1408 0
fax: 0611-1408 611
EMail: poststelle@datenschutz.hessen.de

9. Datasecurity
For security reasons and to protect the transmission of confidential content, such as data within contact requests, this website uses SSL encryption. The installation of such a transport encryption is a recognized standard on the Internet, especially to prevent access to personal data by unauthorized persons. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

In addition, we take all necessary precautions to ensure the security, stability, integrity and operability of the IT systems and IT operations as well as the security of the stored data and data processing operations at FFI. In particular, we have implemented technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized third-party access. In this context, it may be necessary to process the personal data stored in the IT systems of FFI (e.g. by using spam filters). The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f GDPR. The legitimate interest results from the aforementioned purposes.

10. Up-to-dateness and change of this Privacy Policy
This data protection information is currently valid and was updated in March 2021.

Due to the further development of our websites and offers or due to changed legal or technical requirements, it may be necessary to change this data protection information. You can access and print out the current data protection information at any time on our website at https://cartondatabase.com/en/privacy-policy.html