Papair | The bubble wrap made of paper - data privacy information

Thank you for visiting our website. As the protection of your personal data is particularly important to us, we will inform you in detail below about the data processing that takes place in connection with our website www.papair.de.

As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Act on Data Protection and Privacy in Telecommunications and Telemedia (TTDSG).

We consider it our primary task to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access. We have therefore taken technical and organizational measures to ensure that the data protection regulations are observed both by us and by our external service providers.

Below we provide you with comprehensive information about the purposes for which and the form in which we process your personal data.

Responsible person
Definition of terms
Lawfulness of the processing
Purely informational use of our website
Use of our web shop
Use of our e-mail newsletter
Data processing for advertising purposes
General inquiries
Integration of third-party services
Processors
Online offers on social media platforms
Children & young people
Obligation to provide
Profiling
Your rights
Changes

1. Responsible person

The controller under data protection law is

Papair GmbH

Fliegerstraße 1, 30179 Hanover

Phone: 0511 54619625

E-mail: datenschutz@papair.de

If you have any questions about data protection or wish to assert any of your rights, please contact us at the above address or e-mail address. We will process your request as quickly as possible.

2. Definition of terms

The legislator requires that personal data be processed lawfully, fairly and in a manner that is comprehensible to the data subject ("lawfulness, fairness and transparency"). To ensure this, we will first inform you in this section about the individual legal definitions that are also used in this privacy policy:

2.1 Personal data

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 Processing

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.3 Restriction of processing

"Restriction of processing" is the marking of stored personal data with the aim of restricting its future processing.

2.4 Profiling

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

2.5 Pseudonymization

"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

2.6 File system

"File system" means any structured set of personal data accessible according to specific criteria, whether centralized, decentralized or organized according to functional or geographical criteria.

2.7 Responsible person

"Responsible person" means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

2.8 Processors

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.9 Recipient

"Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

2.10 Third parties

"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

2.11 Consent

Consent" of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. lawfulness of the processing

The processing of personal data is only lawful if there is a legal basis for the processing. The legal basis for processing may be in particular pursuant to Art. 6 para. 1 sentence 1 letters a) to f) GDPR:

The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
processing is necessary for compliance with a legal obligation to which the controller is subject
processing is necessary in order to protect the vital interests of the data subject or of another natural person
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

4. purely informational use of our website

In this section, we inform you which data we process if you use our website purely for information purposes, i.e. if you do not actively transmit data to us when you visit our website.

4.1 Log files

When you view our website, we collect the following data in log files, which are technically necessary for us to display our website to you and to ensure stability and security:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
amount of data transferred in each case
Website from which the request originates
Operating system and its interface
Information about the browser, the version and language used
Name of your access provider

We are entitled to collect and store this data in accordance with Art. 6 para. 1 sentence 1 letter f) GDPR, as we have a legitimate interest in the security and stability of our website. They are automatically deleted after seven days at the latest, unless there is reasonable suspicion of unlawful activity.

4.2 Cookies

Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your end device and through which certain information flows to the place that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.

All information on the use of cookies - in particular information on the names of the cookie operators, explanations on the storage period and existing third-party access rights - can be found in the cookie banner.

4.2.1 Necessary cookies

We use cookies that are necessary to enable certain functions of our website in order to make your visit here as pleasant as possible. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your device to be recognized when you return to our website.

Name of	Provider	Purpose	Process	Type
__cf_bm	Hubspot	This cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports on the use of its website.	1 tag	HTTP cookie
CONSENT	YouTube	Used to determine whether the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for the website's GDPR compliance.	2 years	HTTP cookie
CookieConsent	Cookiebot	Saves the user's consent status for cookies on the current domain	1 year	HTTP Cookie
_GRECAPTCHA	Google	We integrate the "ReCaptcha" function to recognize bots, e.g. when entering data in online forms. The user's behavioral data (e.g. mouse movements or queries) are evaluated in order to distinguish humans from bots.	6 months	HTTP cookie
__cfruid	Cloudflare	Cookies that CloudFlare uses to speed up the loading times of pages	session	HTTP cookie

We are entitled to use these cookies in accordance with Art. 6 para. 1 sentence 1 letter f) GDPR, as we have a legitimate interest in the functionality and correct display of our website.

4.2.2 Tracking for reach measurement & control of advertising

We also use cookies to measure the reach of our website in order to analyze the use of our website and thus improve it. In addition, we also use cookies to control personalized advertising. In this way, we want to ensure that users are only shown advertising that is of presumed interest to the respective user and, in particular, does not have a harassing effect.

When you visit our website for the first time, we ask for your express consent to set cookies for the aforementioned purposes. The legal basis for this data processing is therefore Art. 6 para. 1 sentence 1 letter a) GDPR.

The following statistics and marketing cookies are used:

Name	Provider	Purpose	Process	Type
__hssc	Hubspot Inc	Indicates whether the cookie data in the visitor's browser needs to be updated.	1 day	HTTP cookie
__hssrc	Hubspot Inc	Used to recognize the visitor's browser when returning to the website.	session	HTTP cookie
__hstc	Hubspot Inc	Defines a unique ID for the session, enabling the website to obtain data on visitor behavior for statistical purposes.	179 days	HTTP cookie
_ga	Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years	HTTP cookie
_ga_#	Google	Collects data on how often a user has visited a website, as well as data for the first and last visit. Used by Google Analytics.	2 years	HTTP cookie
Hubspotutk	Hubspot Inc	Sets a unique ID for the session, allowing the website to obtain data on visitor behavior for statistical purposes.	179 days	HTTP cookie
__ptq.gif	Hubspot	Sends data to the marketing platform Hubspot about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.	Session	Pixel Tracker
VISITOR_INFO1_LIVE	YouTube	Attempts to estimate user bandwidth on pages with integrated YouTube videos.	179 days	HTTP Cookie
YSC	YouTube	Registers a unique ID to keep statistics of the YouTube videos the user has watched.	Session	HTTP cookie

4.2.3 Cookie settings

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

Of course, you can also visit our website without cookies. However, if you wish to use our website fully or conveniently, you should accept cookies. Most web browsers are set by default to accept cookies. However, you have the option of setting your browser to display cookies before they are saved, to accept or reject only certain cookies or to reject cookies in general. Please note that changes to settings only ever affect the respective browser. If you use different browsers or change your end device, you will have to make the settings again. You can also delete cookies from your storage medium at any time. Information on cookie settings, how to change them and how to delete cookies can be found in the help section of your web browser.

4.3 Use of Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google").

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. Google Analytics also uses so-called tracking pixels (also known as "web beacons"). These are usually invisible graphic elements on our website that can be used to register page views and collect further information about the page view.

The information generated about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are further processed in abbreviated form, so that they cannot be linked to a specific person. If the data collected about you is personally identifiable, it is immediately excluded and the personal data is deleted immediately.

We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.

Google Analytics is only used if you expressly consent to its use. As it cannot be ruled out that personal data may be transferred to servers located in the USA, we also ask for your express consent to your personal data being transferred to the USA. We would like to point out that the USA has been classified by the European Court of Justice (ECJ) as an unsafe third country for which there is no adequacy decision, no suitable guarantees and no effective legal remedies to enforce your rights. In particular, it cannot be ruled out that state (surveillance) authorities may access and process your personal data even without legal remedies.

The legal basis for the processing is Art. 6 para. 1 sentence 1 letter a) GDPR. The transfer of data to the USA takes place on the basis of Art. 44 et seq. GDPR.

Below we have compiled some links with further information for you:

Google Analytics terms of use: http://www.google.com/analytics/terms/de.html
Google Analytics & data protection: https://support.google.com/analytics/answer/6004245
Google privacy policy: http://www.google.de/intl/de/policies/privacy

4.4 Use of IONOS WebAnalytics

This website uses the analysis services of IONOS WebAnalytics (hereinafter: IONOS). The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D - 56410 Montabaur. As part of the analyses with IONOS, visitor numbers and behavior (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. which page the visitor comes from), visitor locations and technical data (browser and operating system versions) are analyzed. For this purpose, IONOS stores the following data in particular:

referrer (previously visited website)
requested website or file
Browser type and browser version
Operating system used
Type of device used
Time of access
IP address in anonymized form (only used to determine the location of access)

According to IONOS, data collection is completely anonymized so that it cannot be traced back to individual persons. Cookies are not stored by IONOS WebAnalytics.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the statistical analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information on data collection and processing by IONOS WebAnalytics can be found in the IONOS privacy policy at the following link:

https://www.ionos.de/terms-gtc/index.php?id=6

4.5 Use of SalesViewer

We use SalesViewer from SalesViewer® GmbH, Huestr. 30, 44787 Bochum, Germany, on our website. SalesViewer is a website analysis tool that enables us to collect and analyze information about the use of our website. Data is collected and stored for marketing and optimization purposes. This data can be used to create user profiles under a pseudonym. Cookies can be used for this purpose. The cookies enable us to recognize your browser when you visit our website again. The data collected with SalesViewer is not used to personally identify the visitor to this website unless the visitor has given us their express consent to do so.

Your data is processed on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimization of our online offering and our website. As the privacy of our visitors is particularly important to us, the data collected is only stored in pseudonymized form and is never used to personally identify visitors to this website.

Further information on data protection in connection with SalesViewer can be found on the website of SalesViewer® GmbH: https://www.salesviewer.com/de/plattform/datenschutz/.

5. Use of our webshop

If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. We process the data you provide to process your order. We may also pass on your payment details to our bank for this purpose.

The legal basis for this is Art. 6 para. 1 sentence 1 letter b) GDPR, according to which personal data may be processed for the performance of a contract.

5.1 Storage period

You can request the deletion of your account data at any time by using the account deletion function in the customer area. However, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after two years we will restrict the processing, i.e. your data will then only be used to comply with legal obligations.

5.2 Data transfer

In order to fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we will pass on the payment data collected for the processing of payments to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us.

6. Use of our e-mail newsletter

If you wish to receive our newsletter, we will ask you for your express consent to process your e-mail address, IP address of the accessing computer, date and time of registration and the other data provided. Your consent therefore forms the legal basis for this data processing in accordance with Art. 6 para. 1 sentence 1 letter a) GDPR. In addition, the subscription to the newsletter is based on a contractual relationship, Art. 6 para. 1 lit. b GDPR.

The only mandatory information for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter.

We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

You can revoke your consent to the sending of the newsletter at any time and thus unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail or by post.

7 Data processing for advertising purposes

With the exception of the delivery notification, we only process the telephone or mobile phone numbers and/or the e-mail addresses for our own advertising purposes and only if you have given us your express consent to do so within the meaning of Article 6(1)(a) GDPR. If you provide us with your e-mail address, we will first send you a confirmation link. Please click on this link to be added to the newsletter distribution list. You can revoke your consent at any time free of charge and separately for the respective channel. All you need to do is make a short phone call or send a message to the contact address provided. In the case of an e-mail newsletter, you can also click on "Unsubscribe" at the end of each e-mail.

8 General inquiries

If you contact us by post, e-mail, contact form, telephone or fax, we will store and process your request, including all personal data resulting from it, for the purpose of processing your request. We will not pass on this data without your consent.

8.1 Legal basis for data processing

This data is processed on the basis of Art. 6 para. 1 sentence 1 letter b) GDPR, insofar as your request is related to the fulfillment of a contract concluded with us or is necessary for the implementation of pre-contractual measures and on the basis of Art. 6 para. 1 sentence 1 letter a) GDPR, insofar as it is based on your prior consent. Otherwise, the processing is based on Art. 6 para. 1 sentence 1 letter f) GDPR, as we have a legitimate interest in the effective processing of the inquiries addressed to us. In addition, we may also be authorized pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR, as we are legally obliged to enable fast electronic contact and direct communication to or with us.

8.2 Duration of storage

Your data will only be used strictly for the purpose of processing and answering your inquiry and will be deleted after final processing, provided that we are not subject to any statutory retention obligations.

You have the option to withdraw your consent to the processing of your personal data at any time and to object to the storage of your personal data that you have transmitted to us. In this case, the conversation cannot be continued. All personal data stored in the course of contacting us will then be deleted.

We would like to point out that the confidentiality of e-mails or other electronic forms of communication on the Internet cannot be guaranteed. We recommend sending confidential information by post.

9. Integration of third-party services

9.1 Integration of social media plugins

We currently use several social media plug-ins. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. The providers of the plug-ins can recognize you by the marking on the box by its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offering. In addition, the data collected when you visit our website is transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the grayed-out box.

We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. We offer you the opportunity to interact with the social networks and other users via the plug-ins so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 letter f) GDPR.

Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you click the activated button, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.

Addresses of the respective plug-in providers used and URL with their data protection notices:

9.1.1 Meta

Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland or Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA

Data processing is carried out on the basis of an agreement on the joint processing of personal data in accordance with Art. 26 GDPR (https://www.facebook.com/legal/terms/page_controller_addendum).

Further information: http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

Opt-out: https://www.facebook.com/settings?tab=ads

9.1.2 YouTube

We use the YouTube player to integrate our own videos from our YouTube channels or videos from other providers into our pages.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Opt-Out: https://adssettings.google.com/authenticated