DE

Data protection

Information

We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. Our data protection provisions comply with applicable statutory regulations on the protection of personal data, in particular with the provisions of the EU General Data Protection Regulation (EU GDPR), and are in line with the country-specific data protection provisions that apply to MGA Zapf Creation GmbH. Therefore, please take a moment to familiarise yourself with our data protection information. It explains which data we collect on our website, what we use it for and what options are available to you.

Responsibility in terms of data protection law lies with MGA Zapf Creation GmbH.

Postal address:
Mönchrödener Str. 13, 96472 Rödental, GERMANY.

Contact information
Phone: +49 9563 725-0
Fax: +49 9563 725-116
Email: info(at)zapf-creation.com

Data protection contact
datenschutz(at)zapf-creation.de

Subject of data protection

Subject of data protection is personal data. In accordance with Art. 4 Para. 1 GDPR, personal data encompasses any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This includes information such as name, postal address, email address or telephone number, but also usage data such as your IP address.

Data that does not enable the personal identification of the user is anonymous data.

Purposes and legal basis of the data processing

When processing your personal data, the provisions of EU GDPR and all other applicable requirements according to data protection law are adhered to. The legal bases for data processing are derived from Art. 6 EU GDPR in particular.

We use your data for initiating business contact, fulfilling contractual and legal obligations, conducting the contractual relationship, offering the products and services and strengthening the customer relationship, which can also entail analyses for marketing purposes and direct marketing.

Your consent to data processing can also a represent an authorising provision under data protection law. Before you give your consent, we inform you of the purpose of the data processing and of your right to withdraw consent.

Data collection: categories and origin of data

The data we process is determined by the respective context: this depends on whether you submit queries using our contact form or send us a job application, for example.

During your visit to our website, we collect and process the following data:

  • Name of the internet service provider
  • Details of the website from which you are visiting us
  • Web browser and operating system used
  • The IP address assigned by your internet service provider
  • Requested files, transmitted data quantity, downloads / file export
  • Details of our websites visited by you, including date and time

For reasons relating to technical security (in particular to defend against attempted attacks on our web server), this data is stored in accordance with Art. 6 Para. 1 lit. f EU GDPR. After seven days at the latest, the data is anonymised by shortening the IP address so that the user cannot be identified.

Within the scope of a contact request, we collect and process the following data:

  • Last name, first name
  • Title
  • Country
  • Contact details (email address, telephone number)
  • Address
  • Message
  • You can also upload images and other files.

Within the scope of a request via our product form, we collect and process the following data:

  • Last name, first name
  • Title
  • Country
  • Contact details (email address, telephone number)
  • Address
  • Message
  • Product designation / identification number
  • You can also upload images and other files.

Within the scope of an online job application, we collect and process the following data:

  • Last name, first name
  • Title
  • Country
  • Contact details (email address, telephone number)
  • Address
  • Application documents (CV, references, etc.)

Obligation to provide access to the data

A variety of personal data is required in order to establish, perform and terminate the contractual relationship and to fulfil the contractual and legal obligations involved. The same applies for the use of our website and the various functions that this provides.

We have summarised the details of this in the aforementioned item. In certain cases, data must also be collected or made available due to legal provisions. Please note that it is not possible to process your request or execute the contractual relationship on which this is based without providing this data.

Contact form / Contacting us via email (Art. 6 Para. 1 lit. a, b GDPR)

Our website contains a contact form that can be used to contact us electronically. When you use the contact form to write us, we shall process your data provided in the contact form in order to contact you and respond to your questions and wishes.

In doing so, we observe the principle of data economy and data avoidance by requiring you to provide only the data we require for contacting you. The data collected here differs according to the type of request; for example, it is sufficient to specify your name and email address when making a general request. If you are interested in a catalogue, we also ask for your address in order to send you the catalogue. Your IP address will also be processed, as this is a technical necessity and required for legal protection. All other data submitted is optional (e.g. for a more individual response to your questions).

Should you contact us by email, we will use the personal data communicated in the email solely for the purpose of processing your request.

Product form (Art. 6 Para. 1 lit. a, b EU GDPR)

Our website contains what is known as a product form, which can be used to contact us electronically. When you use this form to write to us, we process your data provided in the form in order to contact you and respond to your questions and wishes.

In doing so, we observe the principle of data economy and data avoidance by requiring you to provide only the data we require for contacting you. This includes your first name, last name, country, email address, the product designation and the message field and subject themselves. Your IP address will also be processed, as this is a technical necessity and required for legal protection. All other data submitted is optional (e.g. for a more individual response to your questions).

Should you contact us by email, we will use the personal data communicated in the email solely for the purpose of processing your request.

Cookies (Art. 6 Para. 1 lit. f EU GDPR, Art. 6 Para. 1 lit. a EU GDPR, Art. 6 Para 1 lit c EU GDPR)

MGA Zapf Creation GmbH uses cookies in various locations. These help to make our website more user-friendly, effective and secure. Cookies are small text files that are placed and saved on your end device.

On the basis of our legitimate interest (Art. 6 Para. 1 Sentence 1 lit. f EU GDPR), we set technically necessary cookies that are needed to operate the website and to ensure its functioning. Depending on their purpose, they are permanently saved, even after the end of the session (persistent cookies, e.g. opt-out), or are deleted when the browser is closed (session cookies – these are only valid for a single browser session).

We set additional cookies on the basis of your consent. These cookies enable us to analyse how users use our websites, so that we can design the website content to meet the users’ needs. The cookies also give us the opportunity to measure the effectiveness of a particular advertisement and to position it depending on the topics a user is interested in, for example. The legal basis for this is your consent (Art. 6 Para. 1 Sentence 1 lit. a EU GDPR).

If you have consented to this, you can, of course, withdraw this consent here without giving any reasons:

Google Fonts (Art. 6 Para. 1 lit. f EU GDPR)

This website uses external fonts, Google Fonts. Google Fonts is a service of Google Inc. (“Google”).

These web fonts are embedded locally via the client. Further information can be found in the Google Privacy Policy, which is available here:
www.google.com/fonts#AboutPlace:about
https://policies.google.com/privacy?hl=en-gb

Google Fonts are used in order to display our website uniformly and attractively. This is a legitimate interest in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR.

Google reCAPTCHA (Art. 6 Para. 1 lit. f EU GDPR)

We use the reCAPTCHA function from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on this website. This function is predominantly used to determine whether an entry has been made by a natural person or improperly through automated machine processing.

The legal basis for this processing is Art. 6 Para. 1 lit. f EU GDPR, based on our legitimate interest in the security of our website and in preventing misuse and spam.

The query includes transmission of the IP address and, if applicable, further data needed by Google for the reCAPTCHA service to Google. Your entry is transmitted to Google and used there for this purpose.

This service can forward the collected data to a different country. Please note that this service can transmit data outside the European Union and the European Economic Area and to a country without an adequate level of data protection. If the data is transmitted to the USA, there is a risk of your data being processed by US public authorities for control and inspection purposes without you having the possibility of legal redress. However, we take the possible measures that are necessary from the perspective of data protection law in line with Art. 44 et seq. EU GDPR in order to ensure an adequate level of data protection in the third country.

You can view the Google terms of use at https://policies.google.com/terms; additional, detailed information on data protection is available on the Google website (“Google Privacy Policy”): https://policies.google.com/privacy

Opt-out: https://adssettings.google.com/authenticated.

Google Analytics (Art. 6 Para. 1 lit. a EU GDPR)

This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help the website to analyse how visitors use the site.

The following data concerning you is saved in this connection:

  • IP address
  • Usage data
  • Click path
  • App updates
  • Browser information
  • Device information
  • JavaScript support
  • Visited sites
  • Referrer URL
  • Downloads
  • Flash version
  • Location information
  • Purchasing activity
  • Widget interactions
  • Date and time of visit

The information generated by the cookie about your use of the website will be transmitted to and saved by Google on servers in the United States. However, if IP anonymisation is activated on this website, Google will shorten your IP address before transmitting it within EU Member States or in other member states of the European Economic Area. Your full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. Google will not associate the IP address transmitted by your browser in relation to Google Analytics with any other data held by Google.

We have also deactivated Universal Analytics so that no user ID is created that would enable cross-device tracking.

Google will use this information on behalf of the website operator for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The legal basis for this is your consent in accordance with Art. 6 Para. 1 lit. a EU GDPR. As we have also deactivated the Google Analytics audiences function, no target groups will be compiled that would enable website visitors to be classified and therefore allow certain targeted advertisements to be shown for the respective target group.

This service can forward the recorded data to a different country. Please note that this service can transmit data outside the European Union and the European Economic Area and to a country without an adequate level of data protection. If the data is transmitted to the USA, there is a risk of your data being processed by US public authorities for control and inspection purposes without you having the possibility of legal redress. However, we take the possible measures that are necessary from the perspective of data protection law in line with Art. 44 et seq. EU GDPR in order to ensure an adequate level of data protection in the third country.

The personal data of the users is erased or anonymised after 14 months.

Further information on the terms of use and data protection can be found at https://marketingplatform.google.com/about/analytics/terms/gb/ and https://policies.google.com/privacy?hl=en-GB.

YouTube (Art. 6 Para. 1 lit. a EU GDPR)

We have embedded YouTube videos from the provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in our online offering, which are saved on www.youtube.com and can be played directly from our website. These are all embedded in “privacy-enhanced mode”, i.e. no data about you as a user is transferred to YouTube if you do not view the videos. However, the privacy-enhanced mode only relates to the recording of user behaviour and not the provision of ads, the reloading of further content from third parties, the transmission of fonts and possible links with your user account on YouTube. If you start the video, this triggers further data processing operations. We have no influence over this. The legal basis for this is your consent as per Art. 6 Para. 1 Sentence 1 lit. a EU GDPR.

You can withdraw your consent at any time in our cookie settings.

This service can forward the collected data to a different country. Please note that this service can transmit data outside the European Union and the European Economic Area and to a country without an adequate level of data protection. If the data is transmitted to the USA, there is a risk of your data being processed by US public authorities for control and inspection purposes without you having the possibility of legal redress. However, we take the possible measures that are necessary from the perspective of data protection law in line with Art. 44 et seq. EU GDPR in order to ensure an adequate level of data protection in the third country.

As a result of your visit to the website, YouTube is informed that you have called up the corresponding page of our website. Data is transmitted regardless of whether YouTube provides a user account that you are logged in to or whether no user account exists. If you are logged in to Google, your data is assigned directly to the account. If you do not wish this data to be assigned to the YouTube profile, you must log out before activating the button. YouTube saves the data as user profiles and uses it for the purposes of advertising, market research and/or the needs-based use of its website. In particular, and even for users who are not logged in, such an analysis takes place for the purpose of providing needs-based advertising and informing other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles; in order to exercise this right, you must contact YouTube.

Further information regarding data protection can be found at: policies.google.com/privacy

CloudFront (Art. 6 Para. 1 lit. f EU GDPR)

This website uses the CloudFront content delivery network (CDN). This is a service offered by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. The CloudFront CDN makes duplicates of website data available on various Amazon Web Services (AWS) servers located all over the world. This results in faster website loading times, greater reliability and increased protection against data loss. Some of the images and videos embedded in this website are obtained from the CloudFront CDN when calling up the site. By making this request, information about your use of our website (e.g. your IP address) is transferred to Amazon servers in other EU states and saved there. This takes place as soon as you enter our website. Amazon Web Services and the Amazon CloudFront CDN are used in the interests of improving the reliability of the website, increasing protection against data loss and improving loading speeds on this website. This is a legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. Information on the data protection measures and the current privacy notice of Amazon Web Services can be found at: https://aws.amazon.com/privacy/
This service can forward the collected data to a different country. Please note that this service can transmit data outside the European Union and the European Economic Area and to a country without an adequate level of data protection. If the data is transmitted to the USA, there is a risk of your data being processed by US public authorities for control and inspection purposes without you having the possibility of legal redress. However, we take the possible measures that are necessary from the perspective of data protection law in line with Art. 44 et seq. EU GDPR in order to ensure an adequate level of data protection in the third country.

Use and disclosure of personal data/earmarking

We will only collect, process and use all the personal data we receive from you during your use of the MGA Zapf Creation GmbH website for the stated purpose. In doing so, we ensure that this only happens in accordance with the relevant legal provisions and/or only with your permission. No data shall otherwise be provided to third parties, unless we are obligated to do so based on mandatory statutory regulations (transfer to external bodies such as supervisory authorities or law enforcement authorities).

We will not publish, sell or provide the collected personal data to third parties by any other means. This data will not be used for advertising purposes.

Recipients of the data / Categories of recipients  

Within our company, we make sure that only individuals that require your data to fulfil contractual and statutory obligations are given access to your data.

In many cases, service providers support our departments in performing their tasks. All service providers have signed the required data protection contracts. Your personal data is in part transferred to the following service providers for contract processing: transport service providers, information agency (credit rating check), commercial credit insurance provider and sales representatives (for direct customer support on site, service provider for responding to complaints on our behalf).

Transfer to third countries / Intended transfer to third countries

We only transfer data to third countries (outside the European Union or the European Economic Area) if this is required to fulfil our obligations, it is prescribed by law, or you have provided us with consent to do so.

We do not transfer your personal data to service providers outside the European Economic Area.

Rights of data subjects (Art. 15–22 EU GDPR)

You have the right to gain information about the personal data affecting you, as well as the right to correction or erasure, where this would not violate any statutory storage periods. You are also entitled to demand the restriction of processing from Zapf Creation AG and to assert a right of objection against the processing and the right of data portability. You may, of course, withdraw your consent at any time. In addition, you have the right to submit a complaint to the supervisory authority.

To assert these rights, please contact: datenschutz(at)zapf-creation.de or write to MGA Zapf Creation GmbH, subject “data protection”, Mönchrödener Str. 13, 96472 Rödental, Germany.

Routine erasure and blocking of personal data

MGA Zapf Creation GmbH processes and saves personal data on the affected person only for the period required in order to achieve the purpose of the storage or for the duration of a statutory storage period. Once the purpose has been fulfilled or the period has expired, the relevant data is routinely erased, unless it is still required for contract fulfilment or prior to concluding a contract.

We are also entitled to store your data where you have granted consent to do so, or when legal disputes arise and we use evidence under the statutory limitation periods, which can be up to thirty years; the general limitation period is three years.

Data protection in job applications and the application process (Art. 6 Para. 1 lit. a, b EU GDPR)

MGA Zapf Creation GmbH collects and processes the personal data of applicants for the purpose of conducting the application process. This data is not passed on to third parties without your consent.

You are asked to provide personal data in the application form. In this, we adhere to the principles of data economy and data avoidance by requiring you to provide only the data that we need to comprehensively check your application documents, such as your CV, or that we have a statutory duty to collect. These mandatory fields are marked with an asterisk (*). Your IP address will also be processed, as this is a technical necessity and required for legal protection.

Without this data, we are unable to check your application documents. Our application system therefore does not allow application documents to be uploaded in this case. Needless to say, you are free to enter optional information in the application form.

We implement appropriate security measures to provide the best possible protection and confidentiality for your data. Your application documents are transmitted to us in encrypted form via our application system. We provide a HTTPS transfer protocol for our website, always using the latest encryption protocol.

Electronic processing is also possible. This is the case when an applicant transmits relevant application documents to MGA Zapf Creation GmbH electronically, via email. We offer PGP encryption for the secure transmission of application documents via email. To do this, we provide you with our public PGP key.

We store your data for the purposes described above until the application process is complete and the corresponding periods have expired – no later than six months following receipt of the decision.

If you wish, however, we can store your application documents for a longer period and compare them to other vacant positions that match your profile.

For this, we require your consent, which you can grant by clicking the checkbox before uploading your application documents. In this case, we store your data for 24 months. Of course, you can withdraw your consent at any time with effect for the future by sending an email to datenschutz(at)zapf-creation.de.

Data security

We have taken appropriate technical and organizational measures in order to protect the data we store on our staff/customers/suppliers against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. The security levels are constantly reassessed and adapted to new security standards in collaboration with security experts.

The exchange of data from and to our website is encrypted. We provide a HTTPS transfer protocol for our website, always using the latest encryption protocol. We also offer our users PGP encryption for applications. We are the only ones who can decrypt your data. There is also the option of using alternative communication channels (e.g. by post).

Online services for children

Persons under the age of 16 may not provide any personal data to us without the consent of parents or legal guardians, nor may they submit a declaration of consent. We encourage parents and legal guardians to play an active role in the online activities and interests of their children.

Automated case-by-case decisions

We do not use any purely automated processing procedures to reach decisions.

Links to other providers

Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as links to the websites of other providers are present, we have no influence over their content. For this reason, no warranty or liability can be assumed for this content. In all cases, the provider or operator of the linked website is liable for the content.

The linked websites were reviewed for possible and recognisable legal infringements at the time the links were placed. No unlawful content was recognisable at the time the links were placed. A constant review of the content of the linked websites cannot be expected without a specific indication of an infringement of the law. As soon as infringements of the law become known to us, such links will be removed immediately.

Questions on data protection?

In case you have any question on data protection, please contact datenschutz(at)zapf-creation.de or write to MGA Zapf Creation GmbH, subject “data protection”, Mönchrödener Str. 13, 96472 Rödental, Germany.