We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. Our data protection provisions comply with applicable statutory regulations on the protection of personal data, in particular with the provisions of the EU General Data Protection Regulation (EU-GDPR), and are in line with the country-specific data protection provisions that apply to Zapf Creation AG. Therefore, please take a moment to familiarise yourself with our data protection information. It explains which data we collect on our website, what we use it for and what options are available to you.
Responsibility in terms of data protection law lies with Zapf Creation AG, postal address:
Mönchrödener Str. 13, 96472 Rödental, Germany.
Subject of data protection
Subject of data protection is personal data. In accordance with Art. 4 EU-GDPR, this means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This includes information such as name, postal address, email address or telephone number, but also usage data such as your IP address.
In general, we do not ask for any personal data when you visit our website. We only take note of information about the name of your internet service provider and the websites you access from us. Because we only use this information for statistical purposes (e.g. the number of times individual websites are accessed), you, the internet user, remain anonymous.
Any additional information, such as your name, postal address, telephone number and email address which you provide via email as part of a contact request or job application are only processed by us for these specific purposes.
The personal data transmitted to the person responsible for processing depends on the entry fields on the contact form or is limited to the data you share yourself in the email.
Contact form / Contacting us via email (Art. 6 Para. 1 lit. a, b GDPR)
Our website contains a contact form that can be used to contact us electronically. When you use the contact form to write us, we shall process your data provided in the contact form in order to contact you and respond to your questions and wishes.
In doing so, we observe the principle of data economy and data avoidance by requiring you to provide only the data we require for contacting you. This includes your email address and the message field itself. Your IP address will also be processed, as this is a technical necessity and required for legal protection. We record the country in which you live in order to forward your enquiry to the relevant local partner. All other data submitted is optional (e.g. for a more individual response to your questions).
We implement appropriate security measures to provide the best possible protection and confidentiality for your data. Enquiries submitted via the contact form are not currently transmitted to us in encrypted form. If you prefer not to transmit your data via the contact form, you are of course welcome to use alternative means of communication (e.g. postal mail).
These cookies enable us to analyse how users use our websites, so that we can design the website content to meet the users’ needs. The cookies also give us the opportunity to measure the effectiveness of a particular advertisement and to position it depending on the topics a user is interested in, for example. The legal basis for this is Art. 6 Para. 1 lit. f EU GDPR.
We use the following cookies:
This type of cookie is controlled directly by Zapf Creation AG. Depending on their purpose, they remain permanently saved, even after the end of the session (persistent cookies, e.g. implementation of opt-out), or are deleted when the browser is closed (session cookies, only valid for a single browser session).
This can be done using temporary/permanent cookies that are automatically deleted after the specified period (usually six months). These temporary or permanent cookies are saved on your end device and are deleted automatically after the specified period. Our partner companies’ cookies also only contain pseudonymised, or usually even anonymised, data. They enable our partners to trace which products you have viewed, whether anything was purchased, which products were searched for etc. Going beyond our website, some of our advertising partners also record information about which websites you visited before or which products you were particularly interested in. This makes it possible to display customised advertising. The pseudonymised data is never combined with your personal data.
Most web browsers accept cookies automatically. Of course, you can also deactivate, limit or delete cookies on your end device manually using the settings in your browser or specific software.
Please note: If you deactivate the placement of cookies, you may not be able to use all functions of our website in their full scope.
This website uses web fonts provided by Monotype GmbH (fonts.com or fast.fonts.net) to ensure that fonts are displayed uniformly. When you access a page, your browser loads the necessary web fonts into your browser cache, in order to display text and fonts correctly.
To do this, the browser you use must connect to the fonts.com servers. This discloses to fonts.com that our website has been accessed from your IP address. fonts.com web fonts are used in order to display our website uniformly and attractively. This is a vital interest in accordance with Art. 6 Para. 1 lit. f GDPR.
We use a content delivery network (CDN) provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the Privacy Shield agreement, which guarantees adherence to European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active). A CDN is a service that enables content of our website, especially large media files such as graphics and scripts, to be delivered more quickly with the help of regional servers connected via the internet. User data is only processed for the aforementioned purposes and in order to maintain the security and function of the CDN. It is used based on our legitimate interests, i.e. interest in secure and efficient provision, analysis and optimisation of our website in accordance with Art. 6 Para 1 lit. f. GDPR. You can find more information in the Cloudflare Security Policy: https://www.cloudflare.com/security-policy.
Our website uses the Java Script add-on jQuery, which is downloaded via the website code.jquery.com. To do this, program libraries are accessed by StackPath servers. When you access a page, your browser loads the necessary program libraries into your browser cache. To do this, the browser you use must connect to the StackPath servers in the USA. jQuery is used in order to display our website in an optimised and attractive way. This is a vital interest in accordance with Art. 6 Para. 1 lit. f GDPR. You can find more information on jQuery at www.jquery.com and in the StackPath Privacy Statement www.stackpath.com/privacy-statement/.
We use the reCAPTCHA function from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on this website. This function is predominantly used to determine whether an entry has been made by a natural person or improperly through automated machine processing.
The legal basis for this processing is Art. 6 Para. 1 lit. f EU-GDPR, based on our vital interest in the security of our website and in preventing misuse and spam.
The query includes transmission of the IP address and, if applicable, further data needed by Google for the reCAPTCHA service to Google. Your entry is transmitted to Google and used there for this purpose.
Google LLC, based in the USA, is certified for the US-EU Privacy Shield, which guarantees adherence to the level of data protection applicable in the EU (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Facebook fan page
Zapf Creation AG maintains a Facebook fan page to communicate with registered customers, interested parties and users and to inform them of our latest offers.
Please note that the use of these platforms and their functions is solely your responsibility. This applies particularly to the use of interactive functions (e.g. commenting, sharing, reviewing).
Please also note that your data may be processed outside the borders of the European Union in this context. With regard to US providers certified under the “Privacy Shield”, please note that these providers have undertaken to comply with the EU’s data protection standards.
Your data may also be processed for market research and advertising purposes. For example, your usage behaviour and the resulting interests may be used to create usage profiles. This may result in advertisements thought to correspond to your interests appearing both on and outside the platforms. Generally, cookies are stored on your computer for this purpose. Irrespective of this, data which is not immediately collected on your end device can also be stored in the usage profiles (in particular when you are a member of the respective platform and are logged in).
As the provider of this information service, we only collect and process the data needed in order to respond to the messages you can send us. We do not use your data for any other purposes.
The processing of users’ personal data is based on our vital interest in effective information for and communication with users in accordance with Art. 6 Para. 1 lit. f. GDPR. If you are prompted by Facebook to provide consent for data processing (i.e. declaring your consent for example by clicking a checkbox or confirming it via a corresponding button), the legal basis for the processing is Art. 6 Para. 1 lit. a., Art. 7 GDPR.
Right to object
If you are a member of Facebook and do not want the network to collect your personal data via our website and link it to your membership data stored with the respective network, you must
- log out from the respective network before visiting our website,
- delete the cookies stored on your device and
- close and restart your browser.
However, after logging in again, you can again be identified by the network as a specific user.
Please see the links to information from Facebook below for detailed information on the types of processing and right to object (opt-out).
Please also note that information requests and assertion of user rights are most effectively directed to the respective provider. Only the providers have access to the user data and can initiate corresponding measures directly and provide related information. However, please contact us if you should nonetheless require assistance.
Use and disclosure of personal data/earmarking
We will only collect, process and use all the personal data we receive from you during your use of the Zapf Creation AG website for the stated purpose. In doing so, we ensure that this only happens in accordance with the relevant legal provisions and/or only with your permission. No data shall otherwise be provided to third parties, unless we are obligated to do so based on mandatory statutory regulations (transfer to external bodies such as supervisory authorities or law enforcement authorities).
We will not publish, sell or provide the collected personal data to third parties by any other means. This data will not be used for advertising purposes.
Recipients of the data / Categories of recipients
Within our company, we make sure that only individuals that require your data to fulfil contractual and statutory obligations are given access to your data.
In many cases, service providers support our departments in performing their tasks. All service providers have signed the required data protection contracts. Your personal data is in part transferred to the following service providers for contract processing: transport services providers, information agency (credit rating check), commercial credit insurance provider and sales representatives (for direct customer support on site).
Transfer to third countries / Intended transfer to third countries
We only transfer data to third countries (outside the European Union or the European Economic Area) if this is required to fulfil our obligations, it is prescribed by law, or you have provided us with consent to do so.
Rights of persons affected
You have the right to gain information about the personal data affecting you, as well as the right to correction or erasure, where this would not violate any statutory storage periods. You are also entitled to demand the restriction of processing from Zapf Creation AG and to assert a right of objection against the processing and the right of data portability. You may, of course, withdraw your consent at any time. In addition, you have the right to submit a complaint to the supervisory authority.
To assert these rights, please contact: Datenschutz@zapf-creation.de or write to Zapf Creation AG, subject “data protection”, Mönchrödener Str. 13, 96472 Rödental, Germany.
Routine erasure and blocking of personal data
Zapf Creation AG processes and saves personal data on the affected person only for the period required in order to achieve the purpose of the storage or for the duration of a statutory storage period. Once the purpose has been fulfilled or the period has expired, the relevant data is routinely erased, unless it is still required for contract fulfilment or prior to concluding a contract.
We are also entitled to store your data where you have granted consent to do so, or when legal disputes arise and we use evidence under the statutory limitation periods, which can be up to thirty years; the general limitation period is three years.
Data protection for applications and in application processes
Zapf Creation AG collects and processes the personal data of applicants for the purpose of conducting the application process. This data is not passed on to third parties without your permission (optional).
You are asked to provide personal data in the application form. In this, we adhere to the principles of data economy and data avoidance by requiring you to provide only the data that we need to comprehensively check your application documents, such as your CV (add if applicable) or that we have a statutory duty to collect. These mandatory fields are marked with an asterisk (*). Your IP address will also be processed, as this is a technical necessity and required for legal protection.
Without this data, we are unable to check your application documents. Our application system therefore does not allow application documents to be uploaded in this case. Needless to say, you are free to enter optional information in the application form.
We implement appropriate security measures to provide the best possible protection and confidentiality for your data. Your application documents are transmitted to us in encrypted form via our application system. To do this, a PGP key pair is created when the documents are uploaded. This encrypts the documents with an automatically created private key and the public key of Zapf Creation AG. We are the only ones who can decrypt your data.
Electronic processing is also possible. This is the case when an applicant transmits relevant application documents to Zapf Creation AG electronically, via email. We offer PGP encryption
for the secure transmission of application documents via email. To do this, we provide you with our public PGP key.
Should Zapf Creation conclude an employment contract with an applicant, the data transmitted will be saved for the purpose of conducting the employment relationship, in line with the statutory provisions. Where we do not conclude an employment contract with the applicant, the application documents are erased following announcement of the rejection in accordance with the statutory regulations, as long as such erasure does not violate any other vital interests of the company. Other vital interests in this context include a duty of evidence in proceedings under the German General Act on Equal Treatment (AGG).
We have taken appropriate technical and organizational measures in order to protect the data we store on our staff/customers/suppliers against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. The security levels are constantly reassessed and adapted to new security standards in collaboration with security experts.
The exchange of data from and to our website is encrypted. We provide a HTTPS transfer protocol for our website, always using the latest encryption protocol. We also offer our users PGP encryption for applications. We are the only ones who can decrypt your data. There is also the option of using alternative communication channels (e.g. by post).
Online services for children
Persons under the age of 16 may not provide any personal data to us without the consent of parents or legal guardians, nor may they submit a declaration of consent. We encourage parents and legal guardians to play an active role in the online activities and interests of their children.
Automated case-by-case decisions
We do not use any purely automated processing procedures to reach decisions.
Questions on data protection?
In case you have any question on data protection, please contact Datenschutz(at)zapf-creation.de or write to Zapf Creation AG, subject “data protection”, Mönchrödener Str. 13, 96472 Rödental, Germany.