Go to Homepage

Privacy Statement

Data protection website

1. General information

1.1 Personal data (Art. 4 (1) GDPR)

The subject for data protection is personal data (subsequently also referred to as data). This means any information relating to an identified or identifiable natural person. Examples of such information include details such as the name, address, profession, e-mail address, health, income, marital status, genetic characteristics, phone number and if applicable also user data such as IP address.

 

1.2 Controller (Art. 4 (7) GDPR)

The controller responsible for processing your personal data as part of the process of using this website www.progroup.ag (subsequently referred to as the website) is Progroup AG (subsequently referred to as the operator or controller). The contact details are:

Progroup AG
Horstring 12
76829 Landau in der Pfalz
Board: Herr Jürgen Heindl, Herr Dr. Volker Metz, Herr Maximilian Heindl, Herr Philipp Kosloh
Phone: +49 (0) 6341 / 5576-0
Fax: +49 (0) 6341 / 5576-109
E-mail: info@progroup.ag

 

1.3 Data protection officer

The controller has appointed a data protection officer. This person can be reached by e-mailing datenschutz@progroup.ag.

MORGENSTERN consecom GmbH
Große Himmelsgasse 1
67346 Speyer

Telefon: +49 (0) 6232 100 119 44

 

1.4 Opportunity to object

If you want to object to the processing of your data by the operator in accordance with this privacy statement overall or for individual measures, you can do this by using the contact details which are specified above. Please note that, if you do object in this way, in some circumstances use of the website and access to the services which are offered on it may only be limited or may not be possible at all.

 

2. Scope and purposes of data processing

2.1 Accessing and using the website

Each time that the website and its subpages are accessed, use data is transferred by the respective internet browser and saved in server log files. The data records which are stored as part of this process contain the following data:

  • Date and time of access
  • Name of the subpage which is accessed
  • IP address
  • Referrer URL (original URL from which you have accessed the website)
  • Amount of data transferred
  • Product and version information for the browser used

The log files are evaluated by the operator in anonymised form in order to further improve the website and make it more user-friendly, find and rectify faults more quickly and manage server capacities. For example, this makes it possible to understand at which time use of the website is particularly popular and the operator can then make an appropriate volume of data available.

The admissibility of this processing is based on Art. 6 (1. (f)) GDPR, which states that the processing is lawful if it is necessary for the purpose of preserving the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The legitimate interest of the operator lies in providing a website containing information and offering services to its customers and optimising the operation of the website.

The data which is processed by the operator is required by it to enable you to access and make optimum use of the website. This data is data which necessarily needs to be processed while using any form of telemedia. You are not obliged to provide this data. However, the consequence of not providing it is that you will not be able to access the website or will not be able to access it in full.

Your IP address will be deleted or anonymised after you finish using the website. In the case of anonymisation, the IP addresses are amended in such a way that they can no longer be assigned to an identified or identifiable natural person or can only be assigned with a disproportionately large amount of time, costs and effort.

 

2.2 Contact form and e-mail at a click

If you wish to contact the operator, you can make use of a contact form to do so. As part of the process of completing this form, you need to specify the following details:

  • First name
  • Last name
  • E-mail address
  • Topic

In addition, you can voluntarily specify the following details:

  • Phone number
  • Message

In addition, at a number of places on the website you have the option with just one click to open an e-mail to be sent to the operator. The sender used here is automatically the e-mail address which is linked to your e-mail program. If you do not wish your e-mail address to be called up in this way, you can change this in the settings of your particular e-mail program.

The admissibility of this processing is based on Art. 6 (1. (b)) GDPR, which states that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. You are not obliged to provide this data. However, the consequence of not providing it is that you will not be able to send a message to the operator.

The personal data which is processed will be deleted after the expiry of the statutory retention obligations if the controller does not have a legitimate interest in continuing to retain this data. In any event, only the data which is really also absolutely needed for the purpose of achieving the corresponding purpose will continue to be stored. Where possible, the personal data will be anonymised.

 

2.3 Advertising

The operator uses your data for advertising purposes. The admissibility of this processing is based on Art. 6 (1. (f)) GDPR, which states that the processing is lawful if it is necessary for the purpose of preserving the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The use of data for advertising purposes represents a legitimate interest of the operator. The operator relies on actively presenting its services to new and existing customers.

As a customer of the operator, you will also regularly receive product recommendations by e-mail which are based on the products or services which you have already ordered. By doing this, the operator wishes to send you information about its services which you might be interested in, based on your last order or booking. If you no longer wish to receive such recommendations, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the operator is sufficient for this. In addition, each e-mail contains a link to unsubscribe. The admissibility of this processing is based, beyond Art. 6 (1. (f)) GDPR, on Section 7 (3) of the German Unfair Competition Act.

The personal data which is stored for advertising purposes is saved by the operator and used in accordance with the statutory provisions unless you object to this. This data is deleted if the controller does not have a legitimate interest in continuing to retain it or statutory retention periods do not oppose such deletion. In any event, only the data which is really also absolutely needed for the purpose of achieving the corresponding purpose will continue to be stored.

 

2.4 Newsletter

To receive further information about the operator’s services, you can also subscribe to an e-mail newsletter. The newsletter is sent out using what is known as the double opt-in method, i.e. you will only receive a newsletter by e-mail if you have previously explicitly confirmed that the newsletter service should be activated. Once you have activated the newsletter, you will receive a notification e-mail containing a link for activation. You will only receive the newsletter once you click on this link.

You can deactivate the newsletter at any time. You can contact the operator to do this (contact details above) or use the unsubscribe link which is provided in each newsletter.

The admissibility of this processing is based on Art. 6 (1. (a)) GDPR, which states that the processing is lawful if the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

The provision of your data is optional but is required to be able to receive the newsletter.

If you withdraw your consent or unsubscribe from the newsletter, your data will be deleted unless the controller has a legitimate interest in continuing to retain it. This may be the case if the operator needs to continue to store your data as a result of a contract with you. In addition, statutory retention periods may also oppose such deletion. In any event, only the data which is really also absolutely needed for the purpose of achieving the corresponding purpose will continue to be stored.

 

2.5 Customer Magazine

The operator publishes the magazine PROfil at regular intervals and in it reports on the latest issues and topics in the paper, corrugated board and packaging industries. The customer magazine will be provided to you free of charge on request as part of a contractual relationship. Bot the current magazine and future magazines can be ordered by post. In addition, it is also possible to order the current magazine as a download link via e-mail. The magazine is produced with a great deal of effort that costs money, which is why the magazine can only be provided if you specify the following personal data:

  • Title
  • First name
  • Last name
  • Company
  • E-mail

In addition, the following optional details can be provided:

  • Sector
  • Street
  • Postcode
  • Town/city
  • Country
  • Phone

When you order the magazine, you give your consent pursuant to Art. 6 (1 (a)) GDPR to the sending of the magazine (form of advertising) and the processing of your data associated with this. This can be withdrawn from the operator at any time. The operator also uses the data for advertising purposes. The admissibility of this processing is likewise based on Art. 6 (1. (a)) GDPR. When you order the customer magazine PROfil, you have accordingly consented to the processing of personal data for advertising purposes. This consent can also be withdrawn from the operator at any time. The provision of your data is voluntary; but the mandatory details at least are required to be able to receive the customer magazine. If you withdraw your consent, your data will be deleted, unless the controller has a legitimate interest in continuing to retain it or statutory retention periods oppose such deletion.

 

2.6 Investor Relations

Under the menu item Investor Relations, interested investors can gain access to the protected investor section. The following details need to be provided to do this:

  • E-mail address
  • Password
  • Title
  • First name
  • Last name
  • Company
  • Street
  • Postcode
  • City Country

Registration takes place using what is known as the double opt-in method, i.e. activation can only take place if you have previously explicitly confirmed this. For this purpose, you will receive an e-mail containing a confirmation link. Only once you click on this link can activation take place. After this, the registered investors are able to log in using their e-mail address and their password. This gives them access to the investor website, where the investors are provided with relevant information such as quarterly reports and annual management reports.

The admissibility of the data processing associated with this is based on Art. 6 (1. (b)) GDPR, which states that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The operator requires the data which you provide in order to complete the registration process and grant you access to the investor section. You are not obliged to provide this data. However, if you do not provide this data, it is not possible to access the investor section.

The data which is collected as part of investor relations will be deleted by the operator, unless there is a legitimate interest in continuing to store it or statutory retention periods oppose such deletion.

 

2.7 e-box

Customers who have already registered have the option to log in via the e-box using their user name and password. The log-in details are assigned by the respective sales manager. Customer master data such as name and address are stored in the customer section. In this section, customers can then submit orders and track the production dates and delivery dates for these orders. To make an order, the order details and possible delivery dates need to be entered. Existing orders can also be amended by entering the order details. The order status can be tracked using the existing order details. In addition, it is possible to view the route planning and keep a track on the precise delivery time. Delayed orders are likewise displayed to customers. Customers also have the opportunity to view the stock movements and the production planning.

The operator uses the data which you provide so that it can assign them to your customer profile and enable you to perform the abovementioned activities (such as placing an order). The admissibility of this processing is based on Art. 6 (1. (b)) GDPR, which states that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

The provision of your data is voluntary. However, without this data it is not possible to log into and use the e-box section of the website. The data which is collected as part of e-box will be deleted by the operator, unless there is a legitimate interest in continuing to store it or statutory retention periods oppose such deletion.

 

2.8 Use of cookies

The operator uses what are known as cookies. These are small data packages which normally consist of letters and numbers and are stored on a browser when you visit certain websites. The cookies enable the website to recognise your browser, track your activity as you browse various sections of the website and identify you when you return to the website. Cookies do not contain any data that identifies you personally, but the information about you which is stored by the operator may be assigned to the data which is obtained from the cookies and is stored in them.

Information which the operator obtains from you through the use of cookies may be used for the following purposes:

  • Recognising the user’s computer when visiting the website
  • Tracking the user’s browsing activities on the website
  • Improving the user-friendliness of the website
  • Evaluating the use of the website
  • Operating the website
  • Preventing fraud and improving the security of the website
  • Individual configuration of the website, taking account of the needs of users

Cookies do not cause any damage on a browser. They do not contain any viruses and also do not allow the operator to spy on you. Two types of cookies are used:

  • Temporary cookies are automatically deleted when your browser is closed (session cook-ies).
  • By contrast, persistent cookies have a longer lifespan. This type of cookie makes it pos-sible for you to be recognised the next time you visit a website after you have left it. The-se cookies are deleted after no more than 30 days.

The cookies enable the operator to understand your user behaviour for the abovementioned purposes and to an appropriate extent. They are also designed to enable you to enjoy optimised browsing of the operator’s website. The operator also only ever collects this data in anonymised form.

The admissibility of this processing is based on Art. 6 (1. (a)) GDPR, which states that the processing is lawful if the user user gives his consent. The operator’s legitimate interest lies in presenting its website in an optimised way. You are not obliged to provide this data. However, the data needs to be provided to be able to access the operator’s website without any problems (technically necessary cookies). If you do not accept cookies or delete cookies that have already been set, this may result in restrictions to the way the website works.

 

2.9 Use of Google Analytics

The operator utilises the web analysis service Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This uses the cookies described above to record, for example, information about your operating system, your browser, your IP address, the website accessed previously and the date and time of your visit to the operator’s website. The information about the use of the website which is generated by the cookies is transferred to a Google server in Ireland and stored there. If necessary, the data may also be transferred to the USA. For cases of data transfer to the USA, Google has certification for the Privacy Shield Framework. You can obtain further information about this directly from Google https://policies.google.com/privacy/frameworks?gl=de.

Google will use this information to evaluate the way that the website is used, to compile reports about the activity on the website for the operator, and to provide further services associated with use of the website and use of the internet. If this is prescribed by law or third parties process this data on behalf of Google, Google will also pass this information on to these third parties. This use takes place anonymously or under a pseudonym. You can obtain more details about this directly from Google https://policies.google.com/privacy?hl=de.

When Google Analytics is used, no direct personal data is stored, but rather just the Internet Protocol address. This information is used to automatically recognise you the next time that you visit the operator’s website and make it easier for you to navigate the website.

The admissibility of this processing is based on Art. 6 (1. (a)) GDPR, which states that the processing is lawful if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. You can withdraw your consent at any time.

The personal data which is collected as part of the use of tracking tools will be deleted, unless the controller has a legitimate interest in continuing to retain it. In any event, only the data which is really also absolutely needed for the purpose of achieving the corresponding purpose will continue to be stored. Where possible, the personal data will be anonymised.

You are not obliged to provide this personal data. However, in some circumstances the consequence of not providing it is that you will not be able to use the website or will not be able to use it in full.

 

2.10 Google maps

The operator uses the map service Google Maps. This is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Through its use, information on the use of the website (e.g. date and time of access, IP address etc.) is transmitted to Google servers in Ireland and stored. If necessary, data may also be transferred to the USA. For cases of data transfer to the USA, Google has a certification for the Privacy-Shield-Agreement. You can find further information on this directly at Google https://policies.google.com/privacy/frameworks?gl=de.

The data is used by Google for the purposes of advertising, market research and/or demand-oriented design of its website. This may also include a link to your user account, provided you are logged in there. If you do not wish this, you must log out before use. If you deactivate or block JavaScript in your browser settings, you can prevent Google Maps from running.

The operator uses Google Maps to enable you to use the interactive maps to find your route. The permissibility of this processing is governed by Art. 6 (1) f) DS-GVO, according to which the processing is lawful if it is necessary to safeguard the legitimate interests of the data controller or of a third party and provided that the interests or fundamental rights and freedoms of the data subject do not outweigh the need to protect personal data. The use of data for the purpose of providing the maps for the purpose of route-finding constitutes a legitimate interest of the operator within the meaning of Art. 6 (1) f) DS-GVO. This facilitates access to the operator's sites. The provision of the data is neither legally required nor necessary for the conclusion of a contract. Failure to provide the data means that you will not be able to use the function.

The data is stored by Google. You can find more information on this in Google's Privacy Policy and Terms of Use (see above).

 

2.11 Fonts

On the website the operator utilises external fonts from the service Google Fonts. This is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. As a result of this use, information about the use of the website (for example the time of access, IP address etc.) is transferred to a Google server in Ireland and stored there. If necessary, the data may also be transferred to the USA. For cases of data transfer to the USA, Google has certification for the Privacy Shield Framework. You can obtain further information about this directly from Google https://policies.google.com/privacy/frameworks?gl=de.

The operator uses Google Fonts to enable you to use external fonts to make the website look better. The admissibility of this processing is based on Art. 6 (1. (f)) GDPR, which states that the processing is lawful if it is necessary for the purpose of preserving the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The use of data for purposes of improving the way that the website looks represents a legitimate interest of the operator within the meaning of Art. 6 (1 (f)) GDPR. The provision of data is neither prescribed by law nor required to enter into a contract. The consequence of failing to provide the data is that the font will be presented to you in another form.

The operator does not save any personal data by incorporating Google Fonts. The data is saved by Google in accordance with its own privacy policy. You can find further information about this in the privacy policy and terms of use of Google.

 

2.12 YouTube

The operator uses videos from YouTube on its website. YouTube is a service of
YouTube LLC (“YouTube”), 901 Cherry Ave., San Bruno, CA 94066, USA and is provided by it. YouTube LLC is a subsidiary of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

 

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, further information about the use of the website (for example the date and time of access, IP address etc.) may be transferred to a Google server (possibly in a third country such as the USA) and stored there. This is done regardless of whether YouTube provides a user account via which you are logged in, or whether no user account exists. For cases of data transfer to the USA, Google has certification for the Privacy Shield Framework. You can obtain further information about this directly from Google https://policies.google.com/privacy/frameworks?gl=de.

 

The data will be used by Google for purposes of advertising, market research and/or customising the design of its website. There may also be a link to your user account here if you are logged in there. If you do not want this to happen, you must log out before using the website. The terms of use and privacy policy of Google apply (see above).

 

The operator uses YouTube videos to show you videos on various topics. The admissibility of this processing is based on Art. 6 (1. (f)) GDPR, which states that the processing is lawful if it is necessary for the purpose of preserving the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The use of data for purposes of providing videos to illustrate our services and products represents a legitimate interest within the meaning of Art. 6 (1. (f)) GDPR.

 

The provision of data is neither prescribed by law nor required to enter into a contract. The consequence of failing to provide the data is that you will not be able to use our website or will not be able to use it in full.

 

2.13 Web presence on social media (YouTube, Vimeo, Xing, LinkedIn)

As well as this website, we also maintain a presence on social networks (YouTube, Facebook, Vimeo, Xing; LinkedIn) which you can access via corresponding buttons on our website (link set up). As soon as you visit such a presence, these services store and process users’ personal data in accordance with the terms of use that apply in each case. We wish to point out that we do not have any influence over the way that the data is collected and used further by the social networks.

 

If while visiting our website you follow the links and are logged in via your personal user account, the information that you have visited our website will be passed on to the respective social network and stored there. The visit to this website can then be assigned to your user account. To prevent this, you must log out of your account before clicking on the link.

 

For details of the purpose and scope of data collection by the respective service and the further processing of your data which takes place there as well as your rights in this regard, please consult the respective privacy policies of these providers:

 

2.14 Application

(1) Application via the website and by e-mail

On the website you have the opportunity to apply for our job vacancies. To do this, you need to specify a range of information. These mandatory details are highlighted. Other details that you may specify are voluntary, such as providing the link to your personal LinkedIn profile. We offer you the opportunity to import the curriculum vitae that is required for the application from your LinkedIn profile. In addition, you have the opportunity to apply to us via e-mail.

 

The controller processes your data for the purpose of conducting the application procedure. The admissibility of this processing is based on Section 26 of the German Data Protection Act (new), which states that personal data of employees may be processed for employment-related purposes where this is necessary for making a decision on hiring a person.

 

Sometimes it may be necessary for us to process your data for the purpose of enforcing, exercising or defending legal claims. This is based on Art. 6 (1 (f)) GDPR. The same legal basis applies to the use of this data for internal analyses for the purpose of optimising the work processes taking place.

 

If you do not provide the necessary details and documents to the controller, the controller will not be able to consider you in the application procedure. This means that this data must be provided to be able to enter into a contract.

 

(2) Future job advertisements

If you have given consent to your data being stored for a longer period of time, the controller will contact you when suitable vacancies arise.

 

The admissibility of this processing is based on Art. 6 (1 (a)) GDPR (consent).

 

Your data will be deleted after you withdraw your consent, unless the controller has a legitimate interest in continuing to retain it. This may be the case if the controller needs to continue to store your data as a result of a contract with you.

 

You can withdraw your consent to this processing at any time.

 

(3) Duration of storage

Your data is first stored when the application is received. The duration of this storage is determined primarily by the legal retention obligations and by our legitimate interest in continuing to retain it. If you are rejected for a job, your application documents and data will be retained for six months, unless you have given your consent to a longer period of retention.

 

A longer period of retention may arise in a specific case if we have a legitimate interest in this and your legitimate interests do not oppose it.

 

If an appointment is made, your data will be stored for the purpose of conducting an employment relationship and processed as employee data.

 

3. RIGHT TO INFORMATION, RECTIFICATION, ERASURE, RESTRICTION, OBJECTION AND DATA PORTABILITY

If your personal data is processed, you are a data subject within the meaning of the GDPR and you enjoy the following rights within the framework of the statutory regulations:

 

3.1 Right to information

On request, the operator will provide you with information on whether it processes data about you. The operator will endeavour to deal with requests for information swiftly.

 

3.2 Right to erasure

You have the right to demand that the operator erases personal data concerning you without undue delay, and the operator is obliged to erase personal data concerning you without undue delay if one of the grounds specified in Art. 17 (1 (a)-(f)) GDPR applies.

 

3.3 Right to restriction

You have the right to demand that the operator restricts the processing if one of the requirements of Art. 18 (1 (a)-(d)) GDPR is met.

 

3.4 Right to object

You have the right to object at any time, for reasons appertaining to your particular situation, to the processing of personal data concerning you which takes place on the basis of Art. 6 (1 (e)) GDPR; this also applies to profiling based on these provisions. The operator will no longer process your personal data, unless it can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing is used for the purpose of enforcing, exercising or defending legal claims.

 

If your personal data is processed to engage in direct advertising, you have the right at any time to object to the processing of personal data concerning you for the purpose of such advertising; this also applies to the profiling if it is associated with such direct advertising.

 

Please use the contact address which is specified above for your notification.

 

3.5 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the operator, in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from the operator to which the personal data was provided, where the processing is based on consent pursuant to Art. 6 (1 (a)) GDPR, Art. 9 (2 (a)) GDPR or on a contract pursuant to Art. 6 (1 (b)) GDPR and the processing is carried out by automated means.

 

4. WITHDRAWING YOUR CONSENT

If you have given your consent to the processing of your personal data and withdraw it, the processing which took place up to the withdrawal date remains unaffected by this.

 

5. RIGHT TO COMPLAIN

You have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR).

 

6. RECIPIENTS

The data collected when you access and use the website and the details which you specify will be transferred to the operator’s server and stored there. Apart from this, your data may be passed on to the following categories of recipients:

  • People working for the controller who are engaged in the processing (e.g. marketing department, personnel management, customer service, secretariat)
  • Affiliated companies
  • Processors (e.g. computer centre, IT service provider, software support)
  • The operator’s contractual partners (e.g. shipping providers, banks, tax advisers, banks in the case of the reimbursement of travel expenses)

 

7. LINKS TO THIRD-PARTY WEBSITES

When you visit the website, content which is linked to third-party websites may be displayed. The operator has no access to the cookies or other functions that are used by third-party websites, nor can the operator control them. Such third-party websites are not subject to the operator’s privacy policy.

 

8. MISCELLANEOUS

To make it easier to understand, the operator also makes this privacy statement available to you in English, French, Czech, Polish and Italian. However, if there is any doubt, the provisions of the German privacy statement shall be authoritative.

Last updated: May 2019


PRIVACY STATEMENT FOR THE PROFILES ON FACEBOOK AND INSTAGRAM

1. GENERAL INFORMATION AND AREA OF APPLICATION

These privacy notices apply to the processing of personal data as part of accessing and using the profiles of Progroup AG on Facebook and Instagram (hereinafter referred to jointly as “fan page”).

This fan page is a user account of our company which is provided to us by Facebook Ireland Ltd. (hereinafter “Facebook”). This platform gives us the opportunity to present ourselves to the users of Facebook and other people who visit the Facebook fan page and contact them.

When our fan page is accessed, what are known as Insights Data (Facebook Insights or Page Insights) are collected. These data are anonymised data which allow us as the operator to view statistical evaluations of how our fan page is being used.

When these Insights Data are collected, personal data are also processed. This processing is controlled jointly by Facebook and us within the meaning of Art. 26 GDPR. The essential content of the agreement entered into between Facebook and us is explained below.


1.1 PERSONAL DATA (ART. 4 (1) GDPR)

The subject of data protection is personal data (hereinafter also data). This is any information relating to an identified or identifiable natural person. Examples of this include details such as name, address, occupation, e-mail address, state of health, income, marital status, genetic characteristics, phone number and where applicable also user data such as the IP address.

 

1.2 CONTROLLER (ART. 4 (7) GDPR, ART. 26 GDPR)

The party responsible for processing your personal data as part of using the fan page is Progroup AG (hereinafter we, operator or controller) jointly with Facebook.

 

Our contact details are:

Progroup AG
Horstring 12
76829 Landau in der Pfalz
Board: Mr Jürgen Heindl, Dr. Volker Metz, Mr Maximilian Heindl, Mr Philipp Kosloh
Phone: +49 (0) 6341 - 5576 0
Fax: +49 (0) 6341 - 5576 109
E-mail: info@progroup.ag

 

THE CONTACT DETAILS OF FACEBOOK ARE:

Facebook Ireland Limited
Board: Gareth Lambe, Shane Crehan
4 Grand Canal Square
Dublin 2, Ireland

 

1.3 DATA PROTECTION OFFICER

The controller has appointed an external data protection officer. The officer can be contacted using the following contact details:

 

MORGENSTERN consecom GmbH
Große Himmelsgasse 1
67346 Speyer
Phone: +49 (0) 6232 – 100 119 44
E-mail: datenschutz@progroup.ag
Facebook has appointed a data protection officer. The officer can be contacted at the following link.

 

1.4 LEVEL OF RESPONSIBILITY

Facebook accepts primary responsibility for processing the Insights Data on the fanpage. This relates in particular to the requirement that there is a legal basis for collecting the Insights Data.

 

1.5 POSSIBILITY TO OBJECT

If you wish to object to the processing of your data by us on the fan page as a whole or for individual measures, you can do this using the contact details specified above.

You can also object to the processing of Insights Data by contacting Facebook.

You can likewise object to the data processing by Facebook by contacting us. We will immediately pass on your objection.

Please be aware that, in the event of such objection, using the fan page and accessing the services and information offered via this page may potentially only be possible to a limited extent or may not be possible at all.

 

2. ACCESSING AND USING THE FAN PAGE, PURPOSES AND LEGAL BASES

2.1 FACEBOOK PAGE INSIGHTS

When the fan page is accessed and used, with the aid of the function “Page Insights Data” (statistics about the access to our fan page) are provided and processed by us. It is not possible for us to identify you personally or assign you to your account.

This function represents an element of the use agreement jointly with Facebook which is non-negotiable for us. This means that we cannot unilaterally decide whether or not the Page Insights Data are collected.

You can find further information about “Page Insights” and about how cookies are used and the setting options here.

Please note that via the function Page Insights Data it is also possible for personal data to be collected for people who do not have a Facebook or Instagram account.

In your browser settings, you can also restrict the setting of cookies or prevent this entirely. In addition, here you can also arrange for cookies to be deleted automatically when the browser window is closed.

If you are using the Facebook app, you can modify settings for the setting of cookies by apps in the settings of your mobile device.

You can view information about the legal basis and the purpose of the processing done by Facebook and the respective length of storage here.

To the extent that we process your personal data as a result of the visit to the fan page, the legitimacy of this processing for us is based on Art. 6 (1) (f) GDPR (legitimate interest).

The legitimate interest is in evaluating the anonymised Insights Data in order to optimise the services offered on the fan page and analyse the user behaviour.

The provision of your personal data is contractually prescribed by Facebook. It is thus mandatory to provide your data. The consequence of failing to provide it is that you cannot access the fan page.

The Insights Data collected via the fan page are processed in anonymised form. This means that the personal data which are collected are amended in such a way that they can no longer be assigned to an identified or identifiable natural person or can only be assigned with a disproportionate investment of time, costs and labour.

 

2.2 COMMUNICATIONS VIA THE FAN PAGE

It is also possible via the fan page for you to contact us through direct messages, the Like function or comments.

As part of making contact, the operator will be shown the name that is saved as the user name in your profile.

The legitimacy of this processing is based on Art. 6 (1) (f)) of the GDPR (legitimate interest). Using data for purposes of communication as part of the fan page usage with the users of the fan page constitutes a legitimate interest within the meaning of Art. 6 (1) (F) GDPR.

The provision of your data is prescribed neither by law, nor by contract. However, it is necessary to allow you to contact the operator in the manner described above.

The processed personal data are deleted following the communication, unless the page operator has a legitimate interest in continuing to retain the data. In any event, only the data which are also absolutely essential for achieving the corresponding purpose will continue to be stored. Where possible, the personal data will be anonymized.

 

3. RIGHT TO ACCESS, RECTIFICATION, ERASURE, RESTRICTION, OBJECTION AND DATA PORTABILITY

As part of using the fan page, you have the right to assert all rights which are described in this chapter vis-à-vis Facebook and vis-à-vis us. As part of the agreement which exists between us as the operator of the fan page and Facebook, we will immediately pass on your request to Facebook if Facebook is solely responsible for meeting your data subject rights.

You enjoy the following rights: You have a right to access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and to data portability (Art. 20 GDPR). We endeavour to deal with requests swiftly. If your personal data are processed on the basis of Art. 6 (1) (f) GDPR, you have a right to object if there are reasons for doing so arising from your particular situation or the objection is aimed at direct marketing (Art. 21 GDPR). If you object to direct marketing, we will no longer send you any marketing messages.

 

4. WITHDRAWAL OF YOUR CONSENT

If you have given consent to your personal data being processed and you withdraw this consent, the processing which has taken place up to the point of this withdrawal remains unaffected by this.

 

5. RIGHT TO COMPLAIN

You have the right at any time to lodge a complaint with the relevant supervisory authority.

 

6. RECIPIENT

The data which are collected when the fan page is accessed and used and the details which you provide when establishing contact will be passed on to Facebook and stored there. Apart from this, your data may also be passed on to employees and departments that are tasked with maintaining this fan page.

Your personal data which are collected via the Page Insights Data are in some cases transferred to Facebook’s servers in the USA and stored there.

This transfer to a third party is permitted on account of the adequacy decision that applies to Facebook. Information about this can be retrieved here.

If there is a further transfer of data in third countries, we ensure that, with the exception of the cases listed by law under which transfer to a third country is permitted, the recipient or country in which it located offers an appropriate level of data protection or, by way of standard contractual clauses of the European Union, appropriate rules on data protection exist between the controller and the recipient.

 

7. LINKS TO THIRD-PARTY SITES

When the fan page is visited, content that is linked to third-party websites may be displayed. The operator has no access to the cookies or other functions that are used by third-party sites, nor can the operator control them. Such third-party sites are not subject to the operator's data protection provisions.

Date of the data policy: 16/06/2020

Date of the agreement entered into between us and Facebook: 12/06/2020

Back to top