Data protection information

Thank you for your interest in our company. Openpack is a brand of CIPA GmbH. Your privacy is our top priority.

We appreciate the trust you place in us when you provide us with your personal information and do not take this lightly.

 

A. Definition, responsible person, data protection officer

I. Definitions

Our data protection declaration shall be easy to read and understand for all users of our websites.

To ensure this, we would like to explain the terms used in advance:

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genealogical, mental, economic, cultural or social identity of that natural person.

Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

Processing

Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

Profiling

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separate and is subject to technical and organizational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.

Controller or person responsible for processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other office which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Processor

The processor is a natural or legal person, public authority, agency or other office that processes personal data on behalf of the controller.

Recipient

Recipient means a natural or legal person, public authority, agency or other office to whom personal data are disclosed, whether or not the recipient is a third party. However, authorities that may receive personal data in the context of a specific investigative task under Union or Member State law are not considered recipients.

Third Party

A third party is a natural or legal person, public authority, agency or other office other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent

Consent is any declaration of intent made voluntarily by the data subject for the specific case in an informed manner and unambiguously in the form of a statement or other unambiguous affirmative action by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

The explanations of the terms used here are based on the terms defined in Article 4 of the General Data Protection Regulation (GDPR).

 

II. Name and address of the person responsible for processing pursuant to Art. 4 para. 7 GDPR

Company name:                                                    CIPA GmbH

Responsible person/legal representative:           Dr. Stefan Uebelacker

Street, house number:                                            Hermann-Brenner-Platz 1

Postal code, city:                                                    92637 Weiden in der Oberpfalz

Phone number:                                                       +49 (0)151 / 44028884

E-mail address:                                                        stefan.uebelacker@cipa.io

B. Information on the nature, purpose, legal basis and duration of the processing of personal data

I. Information about the processing of personal data when visiting the openpack. Platform without creating a user profile

1.When you use the platform for information purposes only, i.e. even if you do not register or otherwise provide us with information, we only process the personal data that your browser transmits to our server.

If you wish to view our platform, we process the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

– IP address unabbreviated

– IP address shortened

– Date and time of the request

– Time zone difference to Greenwich Mean Time (GMT)

– Content of the request (specific page)

– Access status/HTTP status code (i.e. message whether call was successful)

– Amount of data transferred in each case

– Website which is the origin of the request (so-called referrer URL)

– browser

– Operating system and its interface

– language and version of the browser software.

2. The processing of the so-called technically necessary data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection.

3. Legal basis for the processing of this so-called technically necessary data is Art. 6 para. 1 p. 1 lit. f GDPR.

4. Personal data, which your browser already transmits to our server during a mere visit to the website (so-called server log files), are stored for 90 days.

 

II. Information about the processing of personal data after the creation of a user profile and use of the platform

1. Even if you visit our platform after creating an account and use the services of our platform, we process the following data, which are technically necessary for us to display our platform to you and to ensure stability and security:

– IP address unabbreviated

– Date and time of the request

– Time zone difference to Greenwich Mean Time (GMT)

– Content of the request (specific page)

– Access status/HTTP status code (i.e. message whether call was successful)

– Amount of data transferred in each case

– Website which is the origin of the request (so-called referrer URL)

– browser

– Operating system and its interface

– language and version of the browser software.

2. If you create an account in order to use the services of our platform, we also process additional data.

When you first log on to our platform, you must register by providing your first and last name, your e-mail address and a password of your choice.

This is mandatory information, which is necessary for the fulfillment of the contract.

We use the so-called double-opt-in procedure for your request, i.e. your request is only completed when you have first confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein.

If your confirmation is not received within [24 hours], your request will be automatically deleted from our database. In addition, we store your IP addresses and the times of your request and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

3. After the initial registration you can specify additional user data.

This additional user data, such as company name, street, house number, postal code and city, as well as company sector and number of employees, is also mandatory information, which is necessary for the fulfillment of the contract. You can view this information in your profile under “My profile”.

As a user, you can also provide additional voluntary information in your profile or in the context of your specific request.

These serve in particular to be able to contact you individually.

Among other things, you can add a profile picture to your profile.

This information is voluntary for you and can be viewed, entered, changed or deleted on the platform under “My profile”.

When you use our paid services, we also store information on the method of payment.

4. If you use the platform, your data may be made available to other participants of the platform in accordance with the contractual service (see § 2 “Services of CIPA” of the Terms of Use for the Openpack Platform available under https://openpack.net/terms-of-use/?lang=en ). Non-registered members will not receive any information about you.

5. The processing of the so-called technically necessary data serves statistical purposes and the improvement of the quality of our platform, in particular the stability and security of the connection.

The processing of the registration data is effected for the execution of pre-contractual measures. Explicitly for the processing and verification of your request. As far as a contract between you and us is not concluded, we can furthermore continue to store the data, as far as this is necessary for the defense against possible legal claims on your part.

The processing of the user data and any additional voluntary information is carried out for the fulfillment of the contract concluded between you and us. After the deletion of your user account, our legitimate interest also lies in the defense against possible legal claims.

6. The legal basis for the technically necessary data is Art. 6 para. 1 p. 1 lit. f GDPR.

Legal basis for the processing of registration data is Art. 6 para. 1 p. 1 lit. b GDPR. The legal basis for processing the registration data for the possible defense of potential legal claims is Art. 6 para. 1 p. 1 lit. f GDPR.

For the processing of further user data, the legal basis is also Art. 6 para. 1 p. 1 lit. b GDPR. The legal basis for the processing of user data for the possible defense of potential legal claims is Art. 6 para. 1 p. 1 lit. f GDPR.

By submitting further voluntary information, you also expressly consent to the processing of this personal data in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

Personal data that your browser transmits to our server when you simply visit the website (so-called server log files) are stored for 90 days.

The data transmitted by you during registration will be deleted as soon as they are no longer required to achieve the purpose of their collection – i.e. the implementation of pre-contractual measures – and are no longer needed for a defense against possible legal claims.

The implementation of pre-contractual measures is completed when the review of your request has been completed and a contract has not been concluded on the use of our platform.

The user data and any additional voluntary information are also deleted at the latest as soon as they are no longer required to achieve the purpose for which they were collected – i.e. the fulfillment of the contract – and are no longer needed to defend possible legal claims.

The data will be deleted no later than three years after the end of the calendar year in which your user account was deleted.

8. To prevent unauthorized access to your personal data by third parties, the connection is encrypted using TLS technology.

III. Information about the collection of personal data when contacting us by e-mail

1. It is possible to contact us by e-mail.

If you contact us by e-mail, the data you provide (e.g. name, first name, address), or at least the e-mail address and the information contained in the e-mail, will be processed for the purpose of contacting you and processing your inquiry.

In addition, the following data is processed by the system:

(1) IP address of the calling computer

(2) Date and time of the e-mail

2. The personal data provided by you is processed primarily for the purpose of carrying out pre-contractual measures. Explicitly for the processing and verification of your request. Insofar as a contract between you and us does not come about, we may furthermore continue to store the data insofar as this is necessary for the defense against possible legal claims on your part.

3. The legal basis for the processing of technically necessary data is Art. 6 para. 1 p. 1 lit. f GDPR. The legal basis for processing your data for the purpose of processing your request is Art. 6 para. 1 p. 1 lit. b GDPR. Legal basis for the processing of your data for the defense against any legal claims on your part is Art. 6 para. 1 p. 1 lit. f GDPR.

4. The data you provide when contacting us will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, i.e. the implementation of pre-contractual measures. This is the case when the review of your request is completed and a contract has not been concluded using our platform.

At the latest, however, when the conversation with you has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified and storage is no longer necessary for any further inquiries about you.

If a contract is not concluded, but the defense of any legal claims arising from pre-contractual obligations is nevertheless to be feared, your data will be deleted no later than three years after the end of the calendar year in which your request was made.

 

IV. Data processing when subscribing to our newsletter

1. If you register on our newsletter distribution list, your e-mail address and the newsletter you have chosen will be stored by us on a server.

In addition, the following data is collected by the system during registration:

– IP address of the calling computer;

– Date and time of registration.

2. We use this data exclusively for sending the newsletter. We do not pass on your data to third parties and do not use them for other purposes by our own.

The registration system with an additional confirmation message containing a link to the final registration (double opt-in) ensures that the newsletter was requested by you and not by a third party. During registration, your data is stored on our servers and a confirmation message with a link to the final registration is generated to the specified e-mail address. If you do not confirm the registration by clicking on the link in this e-mail, the data will be deleted after 24 hours. Only by confirming the link in the e-mail, your data will be stored for the newsletter dispatch for the duration of the use of our offer.

3. For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy. The processing of the data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

4. If you no longer agree to the storage of data for this purpose and therefore no longer wish to use our offer, you can unsubscribe from our newsletter at any time. For this purpose, you will find a corresponding link in each newsletter. The personal data you provided for the newsletter subscription will then be deleted.

C. Use of cookies

I. General

In addition to the aforementioned data, cookies are stored on your computer when you use our website – even for purely informational purposes. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

II. Use of cookies:

Cookies are classified by origin, purpose or expiration time. The cookies we use serve different purposes. Their validity period is variable.

1. the cookies on the website www.openpack.net have the following origin:

They are exclusively:

– First-party cookies: First-party cookies are deposited and managed directly by us.

– Third-party cookies: Third-party cookies are data records in text form that are stored in the browser or on your computer when you visit our website. When you visit the website again, this data can be read by the provider of the third-party cookies. In contrast to normal cookies or first party cookies, which are usually used by the website operator itself, these are advertisers, i.e. third parties who place their cookies on other websites in order to collect different, often advertising-relevant information about you.

2. Cookies on the openpack.net website are collected for the following purposes.

– Essential cookies: Essential cookies – also called technically necessary cookies – ensure that you have access to all the functions and content of our website. This type of technically necessary cookie also has to do with website maintenance and helps us recognize you when you visit our website.

– Performance cookies: Performance cookies let us know how you use our site and check the performance of the site so that we can improve it even further.

This also means that any problems that occur can be resolved more quickly and any disruptions can be cleaned up. Performance cookies are responsible for making your visit to our site as smooth and pleasant as possible.

These cookies do not collect any information that could identify you – all information collected is anonymous and is only used to improve our website and to find out what interests our users.

– Functional Cookies: Functional cookies save you from having to re-enter your username and instantly customize our platform to your preferences. These cookies are generally used to collect and store user preferences on openpack.net to improve usability and social interactions.

– Marketing Cookies: Marketing cookies are used by us to follow visitors on our website. Our intention is to show you ads that are relevant and appealing to you and therefore valuable to us and our advertising third parties.

3. the legal basis for the processing of essential cookies, i.e. the so-called technically necessary cookies, is our legitimate interest in processing personal data according to Art. 6 para. 1 p. 1 lit. f GDPR.

For all technically unnecessary cookies, which include in particular the so-called third-party cookies, we require your consent.

If you have given us your consent to the use of cookies based on a notice (“cookie banner”) issued by us on the website, the legality of the use is additionally governed by Art. 6 para. 1 p. 1 lit. a GDPR.

Furthermore, we will only pass on your personal data processed by cookies to third parties if you have also given your express consent to this in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

4. the cookies on the openpack.net platform are valid for different periods of time:

– Transient cookies: Transient cookies are automatically deleted when you close the browser. In particular, these include session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

– Persistent cookies: Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. However, they are deleted after 90 days at the latest. However, you can also delete the cookies in the security settings of your browser at any time before this.

5. Most web browsers are preset so that cookies are automatically accepted. However, you can configure your browser in such a way that it only accepts certain cookies or no cookies at all. We would like to point out that in this case, you may no longer be able to use all the functions of our website.

You can also delete cookies already stored in your browser via your browser settings. Furthermore, it is possible to set your browser to notify you before cookies are stored. Since the various browsers may differ in their respective modes of operation, we ask you to refer to the respective help menu of your browser for the corresponding configuration options.

The deactivation of the use of cookies may require the storage of a permanent cookie on your computer. If you subsequently delete this cookie, you will have to deactivate it again.

6. For more information about which cookies we use and for how long, and how you can disable certain types of tracking, please see our Cookie Details.

D. Online advertising

Google Tag Manager

This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.

 

E. Tracking and Analytics Tool

I. Use of Google Analytics for the following purpose:

We create pseudonymous usage profiles with the help of Google Analytics in order to tailor the design of our platform to your needs – even in case of merely informational use.

Google Analytics uses targeting cookies (a special form of marketing cookies) that are stored on your terminal device and can be read by us.

In this way, we are able to recognize and count returning visitors as such and to learn how often our platform has been accessed by different users.

II. procedure and use of cookies

1. The information generated by the cookie about your use of our platform is usually transmitted to a Google server in the USA and stored there. However, since we have activated IP anonymization on our platform, your IP address will be shortened by Google beforehand within member states of the European Union. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there (for more information on the purpose and scope of data collection, see e.g. https://policies.google.com/privacy?hl=de&gl=de).

We also have concluded an order processing agreement with Google LLC (USA) in accordance with Art. 28 GDPR. Accordingly, Google will use all information strictly for the purpose of evaluating the use of our platform for us and compiling reports on platform activities.

2. Google sets the following cookies when you visit our platform – even in case of merely informational use – and consent to the use of the Google Analytics cookie:

 

Name             Purpose                                                                     Expiration

 

_ga                 This helps us to count how many people            [duration]

visit our internet presentation if you have

already visited it.

 

_gid                This helps us to count how many people            [duration]

visit our internet presentation if you have

already visited it.

 

_gat                This helps us to manage the frequency              [duration]

in which requests were made to view

a page.

 

III. Data processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR.

IV. You can revoke your consent once given at any time. Please use one of the following options to do so:

– You inform us that you wish to revoke your consent.

– You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of our platform.

– You can also prevent the collection of data generated by the cookie and related to your use of our platform (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

 

F. Categories of recipients

I. We use third parties to operate our openpack.net platform.

II. among others, we use external domestic and foreign service providers. As a matter of principle, they only act on our instructions and have been contractually obligated to comply with the data protection provisions in accordance with Art. 28 GDPR (conclusion of a contract for order processing).

III. the following categories of recipients, which are usually order processors, may receive access to your personal data:

– To perform our mediation activities, we alternately transfer the personal data provided by you between the users of the openpack.net platform.

In particular, we process your contact data. The legal basis for this is Art. 6 para. 1 lit. b GDPR. Data recipients must ensure compliance with data protection regulations on their part.

Please note, however, that the terms of use of other users may nevertheless differ from the terms of use of our site. This also applies to linked pages. For this reason, you should read and comply with the terms of use of the data recipients.

– Hosting service provider to provide the following services:

Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating our website.

In doing so, we or our contract processor processes inventory data, contact data, content data, contract data, usage data, meta data and communication data of users of our website. The legal basis for this is Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR.

– Persons employed to carry out our business operations (e.g. legal advisors). The legal basis for the transfer, insofar as it does not involve order processors, is Art. 6 para. 1 p. 1 lit. b GDPR and Art. 6 para. 1 p. 1 lit. f GDPR.

– Government agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the disclosure is Art. 6 para. 1 p. 1 lit. c GDPR;

– Internal departments as part of the handling of business processes. Legal basis for the disclosure is Art. 6 para. 1 p. 1 lit. b GDPR.

IV. In addition, we will only disclose your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

G. Your rights

You can assert your rights as a data subject regarding your processed personal data at any time vis-à-vis the person responsible for processing using the contact data provided at the beginning of A. II. As a data subject, you have the right

– to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of objection, the origin of your data if it has not been collected by us, as well as about the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

– in accordance with Art. 16 GDPR, to demand the correction of incorrect data or the completion of your data stored by us without delay;

– in accordance with Art. 17 GDPR, to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;

– in accordance with Art. 18 GDPR, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;

– pursuant to Art. 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller (“data portability”);

to object to the processing in accordance with Art. 21 GDPR,

insofar as the processing of your personal data is carried out for the protection of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.

In this case, we will no longer process this personal data unless we can demonstrate compelling legitimate reasons for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defense of legal claims. 

For this purpose, please contact the controller of the processing (see above under A.II.

– in accordance with Art. 7 para. 3 GDPR, you may revoke your consent once given – i.e. your voluntary will, made clear in an informed and unambiguous manner by means of a declaration or other unambiguous affirmative action, that you agree to the processing of the personal data in question for one or more specific purposes –

to revoke your consent to us at any time if you have once given such consent. Consequently, we may no longer continue the data processing based on this consent for the future and

to complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Art. 77 GDPR, such as the data protection supervisory authority responsible for us:

Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach, Germany

H. Necessity of the provision/consequences of the non-provision of information

Without the provision of the transmission of server log files, the use of our platform is not possible. In principle, there is no obligation for you to provide us with any additional personal data.

However, if you do not provide us with complete and correct personal data when registering or contacting us by e-mail, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data.

I. Prerequisite for the transfer of personal data to third countries

If we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure, or transfer of data to third parties, this will only occur if it is necessary for the fulfillment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.

Subject to legal or contractual permissions, we process or let process the data in a third country only in the presence of the special prerequisites of Art. 44 et seq. GDPR. This means, for example, that the processing takes place on the basis of special guarantees, such as compliance with officially recognized specific contractual obligations (so-called “standard contractual clauses”).

Please contact our person responsible for processing (see under A. II) if you would like more information on this.

 

J. No automated decision-making (including profiling).

We do not carry out automated decision-making in the sense of Art. 22 GDPR.

 

K. Changes to the data protection information

In the context of the further development of data protection law as well as technological or organizational changes, our data protection information is regularly reviewed for the need to adapt or supplement it. You will be informed of any changes in particular on our German website at www.openpack.net. This privacy policy is valid as of 14.12.2020.