We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. Our data protection provisions comply with applicable statutory regulations on the protection of personal data, in particular with the provisions of the EU General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection provisions applicable to Zapf Creation AG. Therefore, please take a moment to familiarise yourself with our data protection information. It explains which data we collect on our website, what we use it for and what options are available to you.
Responsibility in terms of data protection law lies with Zapf Creation AG, postal address:
Mönchrödener Str. 13, 96472 Rödental, Germany.
Purpose of data protection
Subject of data protection is personal data. In accordance with Art. 4 (1) GDPR, personal data encompasses any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This includes information such as name, postal address, email address or telephone number, but also usage data such as your IP address.
In general, we do not require any personal data when you visit our website. We merely take note of information about the name of your internet service provider and the websites you access from us. In this, you, the internet user, remain anonymous, as we only analyse this information for statistical purposes (e.g. number of times the individual websites are accessed).
Any additional information, such as your name, postal address, telephone number and email address, which you provide via email as part of a contact request or job application are only processed by us for these specific purposes.
The personal data transmitted to the persons responsible for processing here depends on the data you provide through entries in the contact form or via email.
Contact form / Contacting us via email (Art. 6 Para. 1 lit. a, b GDPR)
Our website contains a contact form that can be used to contact us electronically. When you use the contact form to write us, we shall process your data provided in the contact form in order to contact you and respond to your questions and wishes.
In doing so, we observe the principle of data economy and data avoidance by requiring you to provide only the data we require for contacting you. This includes your email address and the message field itself. Your IP address will also be processed, as this is a technical necessity and required for legal protection. We also collect your postcode, your address and your country of residence, as this is required for sending you the catalogues or spare parts you request. All other data submitted is optional (e.g. for a more individual response to your questions)
We implement appropriate security measures to provide the best possible protection and confidentiality for your data. Enquiries submitted via the contact form are not currently transmitted to us in encrypted form. If you prefer not to transmit your data via the contact form, you are of course welcome to use alternative means of communication (e.g. postal mail).
These cookies enable us to analyse how users use our websites, so that we can design the website content to meet the users’ needs. The cookies also give us the opportunity to measure the effectiveness of a particular advertisement and to position it depending on the topics a user is interested in, for example. The legal ookiesbasis for this is Art. 6 Para. 1 lit. f EU GDPR.
We use the following cookies:
This type of cookie is controlled directly by Zapf Creation AG. Depending on their purpose, they remain permanently saved, even after the end of the session (persistent cookies, e.g. implementation of opt-out), or are deleted when the browser is closed (session cookies, only valid for a single browser session).
This can be done using temporary/permanent cookies that are automatically deleted after the specified period (usually six months). These temporary or permanent cookies are saved on your end device and are deleted automatically after the specified period. Our partner companies’ cookies also only contain pseudonymised, or usually even anonymised, data. They enable our partners to trace which products you have viewed, whether anything was purchased, which products were searched for etc. Going beyond our website, some of our advertising partners also record information about which websites you visited before or which products you were particularly interested in. This makes it possible to display customised advertising. The pseudonymised data is never combined with your personal data.
Most web browsers accept cookies automatically. Of course, you can also deactivate, limit or delete cookies on your end device manually using the settings in your browser or specific software.
Please note: If you deactivate the placement of cookies, you may not be able to use all functions of our website in their full scope.
This website uses web fonts provided by Monotype GmbH (fonts.com or fast.fonts.net) to ensure that fonts are displayed uniformly. When you access a page, your browser loads the necessary web fonts into your browser cache, in order to display text and fonts correctly.
To do this, the browser you use must connect to the fonts.com servers. This discloses to fonts.com that our website has been accessed from your IP address. fonts.com web fonts are used in order to display our website uniformly and attractively. This is a vital interest in accordance with Art. 6 Para. 1 lit. f GDPR.
We use a content delivery network (CDN) provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the Privacy Shield agreement, which guarantees adherence to European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active). A CDN is a service that enables content of our website, especially large media files such as graphics and scripts, to be delivered more quickly with the help of regional servers connected via the internet. User data is only processed for the aforementioned purposes and in order to maintain the security and function of the CDN. It is used based on our legitimate interests, i.e. interest in secure and efficient provision, analysis and optimisation of our website in accordance with Art. 6 Para 1 lit. f. GDPR. You can find more information in the Cloudflare Security Policy: https://www.cloudflare.com/security-policy.
Our website uses the Java Script add-on jQuery, which is downloaded via the website code.jquery.com. To do this, program libraries are accessed by StackPath servers. When you access a page, your browser loads the necessary program libraries into your browser cache. To do this, the browser you use must connect to the StackPath servers in the USA. jQuery is used in order to display our website in an optimised and attractive way. This is a vital interest in accordance with Art. 6 Para. 1 lit. f GDPR. You can find more information on jQuery at www.jquery.com and in the StackPath Privacy Statement www.stackpath.com/privacy-statement/
Facebook fan page
Zapf Creation AG maintains a Facebook fan page to communicate with registered customers, interested parties and users and to inform them of our latest offers.
Please note that the use of these platforms and their functions is solely your responsibility. This applies particularly to the use of interactive functions (e.g. commenting, sharing, reviewing).
Please also note that your data may be processed outside the borders of the European Union in this context. With regard to US providers certified under the “Privacy Shield”, please note that these providers have undertaken to comply with the EU’s data protection standards.
Your data may also be processed for market research and advertising purposes. For example, your usage behaviour and the resulting interests may be used to create usage profiles. This may result in advertisements thought to correspond to your interests appearing both on and outside the platforms. Generally, cookies are stored on your computer for this purpose. Irrespective of this, data which is not immediately collected on your end device can also be stored in the usage profiles (in particular when you are a member of the respective platform and are logged in).
As the provider of this information service, we only collect and process the data needed in order to respond to the messages you can send us. We do not use your data for any other purposes.
The processing of users’ personal data is based on our vital interest in effective information for and communication with users in accordance with Art. 6 Para. 1 lit. f. GDPR. If you are prompted by Facebook to provide consent for data processing (i.e. declaring your consent for example by clicking a checkbox or confirming it via a corresponding button), the legal basis for the processing is Art. 6 Para. 1 lit. a., Art. 7 GDPR.
Right to object
If you are a member of Facebook and do not want the network to collect your personal data via our website and link it to your membership data stored with the respective network, you must
• log out from the respective network before visiting our website,
• delete the cookies stored on your device and
• close and restart your browser.
However, after logging in again, you can again be identified by the network as a specific user.
Please see the links to information from Facebook below for detailed information on the types of processing and right to object (opt-out).
Please also note that information requests and assertion of user rights are most effectively directed to the respective provider. Only the providers have access to the user data and can initiate corresponding measures directly and provide related information. However, please contact us if you should nonetheless require assistance.
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Use and disclosure of personal data/earmarking
We will only collect, process and use all the personal data we receive from you during your use of the Zapf Creation AG website for the stated purpose. In doing so, we ensure that this is done within the applicable legal framework and only with your permission. No data shall otherwise be provided to third parties, unless we are obligated to do so based on mandatory statutory regulations (transfer to external bodies such as supervisory authorities or law enforcement authorities).
We will not publish, sell or provide the collected personal data to third parties by any other means. This data will not be used for advertising purposes.
Recipients of the data / Categories of recipients
Within our company, we make sure that only individuals that require your data to fulfil contractual and statutory obligations are given access to your data.
In many cases, service providers support our departments in performing their tasks. All service providers have signed the required data protection contracts. Your personal data is in part transferred to the following service providers for contract processing: transport services providers, information agency (credit rating check), commercial credit insurance provider and sales representatives (for direct customer support on site).
Transfer to third countries / Intended transfer to third countries
We only transfer data to third countries (outside the European Union or the European Economic Area) if this is required to fulfil our obligations, it is prescribed by law, or you have provided us with consent to do so.
Rights of persons affected
You have the right to obtain information about the personal data relating to you and to its correction or deletion, as long as this does not violate any statutory retention obligations. You are also entitled to demand limitation of processing by Zapf Creation AG and to assert a right of objection to the processing and the right to data portability. You may, of course, withdraw your consent at any time. You also have the right to submit a complaint to the supervisory authority.
To assert these rights, please contact: Datenschutz@zapf-creation.de or write to Zapf Creation AG, subject “data protection”, Möchrödener Str. 13, 96472 Rödental, Germany.
Routine deletion and blocking of personal data
Zapf Creation AG processes and saves personal data on the person affected only for the period in which this is required to achieve the storage purpose or for the period of a statutory retention obligation. Once the purpose has been achieved or the period has expired, the relevant data is routinely deleted, as long as it is no longer required for contract fulfilment or contract initiation.
We are also entitled to store your data where you have granted consent to do so, or when legal disputes arise and we use evidence under the statutory limitation periods, which can be up to thirty years; the general limitation period is three years.
Data protection concerning applications and application processes
Zapf Creation AG collects and processes the personal data of applicants for the purpose of conducting the application process. Processing may also take place electronically. This is the case when an applicant transmits application documents to Zapf Creation AG electronically via email. Where Zapf Creation AG concludes an employment contract with the applicant, the data transmitted is saved for the purpose of processing the employment relationship, taking the statutory provisions into account. Where Zapf Creation AG does not conclude an employment contract with the applicant, the application documents shall be deleted in accordance with the statutory regulations following announcement of the rejection decision, unless such deletion is barred by other justified interests of the company. Other justified interests in this sense include, for example, a burden of proof in proceedings in accordance with the German General Act on Equal Treatment (AGG).
We offer PGP encryption for the secure transmission of application documents via email.
We have taken appropriate technical and organisational measures in order to protect the data we save on our employees/customers/suppliers against random or deliberate manipulation, loss, destruction or access by unauthorised persons. The security levels are constantly examined in collaboration with security experts and adapted to new security standards.
The exchange of data from and to our website is encrypted. We provide a HTTPS transfer protocol for our website, always using the latest encryption protocol. We also offer our users PGP encryption for applications. We are the only ones who can decrypt your data. There is also the option of using alternative communication channels (e.g. by post).
Online services for children
Persons under the age of 16 may not provide any personal data to us without the consent of parents or legal guardians, nor may they submit a declaration of consent. We encourage parents and legal guardians to play an active role in the online activities and interests of their children.
Automated case-by-case decisions
We do not use any purely automated processing procedures to reach decisions.
Questions on data protection?
In case you have any question on data protection, please contact Datenschutz@zapf-creation.de or write to Zapf Creation AG, subject “Data Protection”, Mönchrödener Str. 13, 96472 Rödental, Germany.