Privacy Policy
1. Data Privacy at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data includes all data that can personally identify you. Detailed information on data privacy can be found in our full privacy policy below.
Data Collection on this Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. The operator's contact information can be found in the "Notice of the Responsible Party" section of this privacy policy.
How do we collect your data?
Your data is collected, on the one hand, by providing it to us directly, such as by entering it into a contact form. Other data is collected automatically or after your consent when you visit the website, mainly technical data (e.g., internet browser, operating system, or the time of page access). This data is collected automatically as soon as you enter the website.
What do we use your data for?
Part of the data is collected to ensure error-free delivery of the website. Other data can be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to obtain free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have consented to data processing, you may withdraw this consent at any time in the future. Additionally, under certain circumstances, you have the right to restrict the processing of your personal data. You also have the right to file a complaint with the competent supervisory authority.
For these and other questions regarding data privacy, you may contact us at any time.
Analytics Tools and Third-Party Tools
When visiting this website, your surfing behavior may be statistically analyzed, primarily using so-called analytics programs.
Detailed information about these analytics programs can be found in the full privacy policy below.
2. Hosting
Hosting Provider
We host the contents of our website with the following provider:
Mittwald
Provider: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereafter referred to as Mittwald).
Further details can be found in Mittwald's privacy policy at: https://www.mittwald.de/datenschutz.
Our use of Mittwald is based on Art. 6(1)(f) of the GDPR, as we have a legitimate interest in a reliable presentation of our website. If consent was requested, data processing is carried out solely on the basis of Art. 6(1)(a) of the GDPR and § 25(1) of the German Telecommunications Telemedia Data Protection Act (TTDSG), as far as the consent includes storage of cookies or access to information on the user's device (e.g., device fingerprinting). Consent is revocable at any time.
Data Processing Agreement
We have concluded a data processing agreement (DPA) with the above-mentioned service provider. This is a data protection contract required by law that ensures they only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.
3. General Information and Mandatory Information
Data Privacy
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data is data that can identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.
We would like to point out that data transmission over the Internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
Notice about the Responsible Party
The responsible party for data processing on this website is:
SOKUFOL FOLIEN GmbH
Represented by Managing Director Horst Erbes
Industriestr. 11 - 13
65549 Limburg a.d. Lahn, Germany
Phone: +49 (0) 6432 98883 - 0
Email: willkommen@sokufol.de
The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).
Storage Period
Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing ceases. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion takes place after these reasons no longer apply.
General Information on the Legal Basis for Data Processing
If you have consented to data processing, we process your personal data based on Art. 6(1)(a) of the GDPR and, if applicable, Art. 9(2)(a) of the GDPR (for processing special categories of personal data). In cases where you have explicitly consented to the transfer of personal data to third countries, processing is also based on Art. 49(1)(a) of the GDPR. If the storage of cookies or access to information on your end device (e.g., via device fingerprinting) is consented to, processing is additionally based on § 25(1) of the TTDSG. Consent may be withdrawn at any time.
Should your data be required for contract performance or pre-contractual measures, it is processed on the basis of Art. 6(1)(b) of the GDPR. Additionally, we process your data if it is necessary to fulfill a legal obligation on the basis of Art. 6(1)(c) of the GDPR. Furthermore, data processing may be based on our legitimate interest under Art. 6(1)(f) of the GDPR. Specific legal bases in individual cases are indicated in this privacy policy.
Data Protection Officer
We have appointed a data protection officer.
Ingrid Hohmann-Erbes
Industriestr. 11 - 13
65549 Limburg a.d. Lahn, Germany
Phone: +49 (0) 6432 98883 - 14
Email: ingrid.erbes@sokufol.de
Notice Regarding Data Transfer to Non-EU Countries and the Transfer to US Companies Not Certified by DPF
We use tools from companies based in countries that do not guarantee an adequate level of data protection as assessed by EU standards, including some US tools not certified by the EU-US Data Privacy Framework (DPF). If these tools are active, personal data may be transferred to these countries and processed there. We note that adequate protection comparable to the EU data protection level may not be ensured in these countries.
The USA is generally considered a secure third country that provides an adequate level of data protection comparable to the EU. Data transfer to the USA is permitted if the recipient holds a certification under the "EU-US Data Privacy Framework" (DPF) or has suitable additional safeguards. More details on third-country transfers, including data recipients, are provided in this privacy policy.
Recipients of Personal Data
As part of our business operations, we work with various external parties. Sometimes this requires transferring personal data to these parties. We only share personal data with external parties when necessary for contract performance, when required by law (e.g., tax authority data sharing), if we have a legitimate interest under Art. 6(1)(f) GDPR, or if another legal basis permits data transfer. When using processors, we only transfer our customers' personal data under a valid data processing agreement. For joint processing, we establish a joint processing agreement.
Withdrawal of Consent to Data Processing
Many data processing activities are only possible with your explicit consent. You can withdraw previously granted consent at any time, and the legality of data processing prior to withdrawal remains unaffected.
Right to Object to Data Collection in Specific Cases and to Direct Marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA FOR SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING IN CONNECTION WITH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In cases of GDPR violations, you have the right to lodge a complaint with a supervisory authority, particularly in your habitual residence, place of work, or the location of the alleged violation. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.
Right to Data Portability
You have the right to have data we process based on your consent or in fulfillment of a contract transferred to yourself or a third party in a commonly used, machine-readable format. If you request a direct transfer of data to another controller, this will only occur if technically feasible.
Information, Correction, and Deletion
You have the right at any time, within the scope of applicable legal provisions, to obtain information about your stored personal data, its origin and recipient, and the purpose of data processing. You also have a right to correct or delete this data. For these purposes, or for any questions about personal data, you can contact us at any time.
Right to Restriction of Processing
You have the right to request restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we typically need time to verify it. For the duration of the verification, you have the right to request that we restrict the processing of your personal data.
- If processing is unlawful, you may request restriction of use instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request processing restriction instead of deletion.
- If you have filed an objection under Art. 21(1) GDPR, a balance between your and our interests must be assessed. As long as it has not been determined whose interests prevail, you have the right to request the restriction of processing of your personal data.
When processing of personal data is restricted, such data will only be processed with your consent or to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State, except for their storage.
SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of sensitive content, such as orders or requests you send to us. You can recognize an encrypted connection by changing the browser address line from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit cannot be read by third parties.
4. Data Collection on This Website
Cookies
Our websites use “cookies.” Cookies are small data packets that do no harm to your device. They can be stored temporarily (session cookies) or permanently (permanent cookies) on your device. Session cookies are deleted automatically at the end of your visit. Permanent cookies remain stored on your device until you delete them or your web browser automatically removes them.
Cookies can be set by us (first-party cookies) or third-party providers (third-party cookies). Third-party cookies allow third-party services to be embedded within websites (e.g., payment services).
Cookies have different purposes. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart functionality or video display). Other cookies can be used to analyze user behavior or for marketing purposes.
Cookies required for electronic communication or specific features (e.g., shopping cart) or website optimization (e.g., web audience measurement cookies) are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for error-free and optimized service delivery. If cookie consent was requested, processing is based on Art. 6(1)(a) GDPR and § 25(1) TTDSG; consent is revocable at any time.
You can configure your browser to notify you of cookie settings, allowing cookies in individual cases only, excluding cookies in certain cases or generally, and enabling the automatic deletion of cookies when closing the browser. Website functionality may be limited if cookies are disabled.
Details on the cookies and services used on this website are found in this privacy policy.
Consent with Usercentrics
This website uses the consent technology from Usercentrics to obtain your consent for certain cookies and technologies and to document it in a data-protection-compliant way. Provider: Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany.
For details on what data is transmitted and further information on data privacy at Usercentrics, please visit: https://usercentrics.com/de/.
5. Analytics Tools and Advertising
Google Tag Manager
We use Google Tag Manager, a tool provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager allows us to integrate and manage tracking and analytics tools on our website. The Tag Manager itself does not create user profiles, store cookies, or perform any independent analysis. However, it collects your IP address, which may be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the efficient and uncomplicated management of various tools on its website. Where consent is required for specific data processing, processing is based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, if applicable; consent may be withdrawn at any time.
The company is certified under the "EU-US Data Privacy Framework" (DPF), a framework that ensures adherence to European data protection standards in the United States. Certified companies commit to these standards. For more information, see here.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze website visitor behavior. It gathers a variety of usage data, such as pages viewed, session duration, and user location. This data is associated with a user ID and the visitor’s device.
Google Analytics may also capture actions such as clicks and scrolls, using machine learning and data modeling for extended analysis.
The information collected by Google Analytics about your website use is typically transmitted to and stored on Google’s servers in the USA. The service is used based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG, as relevant; consent may be withdrawn at any time.
Data transfers to the USA rely on the EU's Standard Contractual Clauses. Details are available here. Google is certified under the "EU-US Data Privacy Framework (DPF)." More information is available here.
IP Anonymization
IP anonymization is enabled on this website. Before transmitting your IP address to Google, it will be shortened within EU member states or other countries within the European Economic Area. Only in rare cases will the full IP address be sent to a Google server in the USA and shortened there. Google will use this information on behalf of the website operator to analyze website usage, create reports, and provide additional internet-related services to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be combined with other Google data.
Browser Plugin
You can prevent Google from collecting and processing your data by installing a browser plugin available here: https://tools.google.com/dlpage/gaoptout?hl=en.
More information on user data handling by Google Analytics can be found in Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.
Google Conversion Tracking
This website uses Google Conversion Tracking, provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Conversion Tracking, we can track user actions, such as how many users click specific buttons or view particular pages. This information helps create conversion statistics to understand which advertisements are effective. We receive anonymous data on total conversions, but no personally identifying information.
The use of Google Conversion Tracking is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG, if relevant; consent can be withdrawn at any time.
More details on Google Conversion Tracking are available in Google’s Privacy Policy: https://policies.google.com/privacy?hl=en.
6. Plugins and Tools
YouTube with Enhanced Privacy Mode
This website incorporates videos from YouTube, operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit a page on our website containing a YouTube video, a connection to YouTube's servers is established, informing YouTube of which pages you have visited. If you are logged into your YouTube account, YouTube associates your browsing activity directly with your personal profile. To prevent this, log out of your YouTube account.
We use YouTube in enhanced privacy mode. According to YouTube, this mode does not collect information about website visitors unless they play the video. However, enhanced privacy mode does not entirely exclude data transmission to YouTube servers.
The use of YouTube is in the interest of an appealing presentation of our online offerings, constituting a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where consent is requested (e.g., consent to the storage of cookies), processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TTDSG, as applicable; consent can be revoked at any time.
Further information on data privacy at YouTube is available in YouTube’s privacy policy: https://policies.google.com/privacy?hl=en.
Google Fonts (Local Hosting)
For uniform representation of fonts, this website uses Google Fonts, which are provided by Google. Google Fonts are installed locally on this website, so no connection to Google servers is established.
More information on Google Fonts can be found here: https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.
7. eCommerce and Payment Providers
Customer and Contract Data Processing
We collect, process, and use personal data relating to customers and contracts to initiate, establish, and modify contractual relationships. We also collect, process, and use data on the use of this website (usage data) only when necessary to enable the user to access the service or bill them for it. The legal basis for this processing is Art. 6(1)(b) GDPR.
Customer data collected is deleted after completion of the order, termination of the business relationship, and once any mandatory retention periods have expired. Legal retention obligations remain unaffected.
8. Audio and Video Conferencing
Data Processing
For communication with our clients, we use online conferencing tools. Details about the specific tools are listed below. When communicating with us via video or audio conference, your personal data is collected and processed by both us and the tool provider.
The tools collect all data you provide to use the tools (email address and/or phone number) and process details of the call, including call duration, participants, and other contextual information. The provider may also collect the IP addresses, MAC addresses, device IDs, operating system details, and additional technical data required for communication.
Additionally, content shared during calls (uploaded files, photos, videos, chat messages, etc.) is stored on the tool provider’s servers.
Please note that we cannot fully control the data processing of the used tools. The respective provider’s corporate policy determines much of the data handling. For further information on data processing by conferencing tools, please refer to their privacy policies listed below.
Purpose and Legal Bases
Conferencing tools are used to communicate with prospective or existing contractual partners or to provide certain services to our clients (Art. 6(1)(b) GDPR). In other cases, the use of these tools serves our legitimate interest in efficient, quick communication (Art. 6(1)(f) GDPR). Where consent is requested, processing is based on that consent, which may be withdrawn at any time for future processing.
Storage Period
Data collected through conferencing tools is deleted once it is no longer required for its intended purpose. Stored cookies on your device remain until deleted. Statutory retention periods remain unaffected.
We have no control over data retention on conferencing tool providers’ servers. Please consult their privacy policies for details.
Conferencing Tools in Use
Zoom
We use Zoom, provided by Zoom Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For more details on data processing, please refer to Zoom’s privacy policy: https://explore.zoom.us/en/privacy/.
Microsoft Teams
We use Microsoft Teams, provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, please consult the Microsoft Teams privacy policy: https://privacy.microsoft.com/en-us/privacystatement.
Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a legally required agreement under data protection law that ensures the service provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.