Welcome to Francotyp-Postalia. Here you can find out more about the processing of your personal data.
Data protection is also a matter of trust and your trust is very important to us. We respect and protect your privacy and personal rights.
1. Scope and contact details of the controller
This privacy policy applies to the use of our website and all other processing of your personal data.
The controller within the meaning of the General Data Protection Regulation (GDPR) is
Francotyp-Postalia Holding AG
Prenzlauer Promenade 28
13089 Berlin
Phone: +49 30 220 660-0
E-mail: info@franctoyp.com
Mr Norman Höhling has been appointed as data protection officer:
Mr Norman Höhling
Francotyp-Postalia Holding AG
Prenzlauer Promenade 28
13089 Berlin
Phone: +49 30 220 660-173
E-mail: datenschutzbeauftragter@francotyp.com
Further information about us can be found in our Imprint.
2. Intended use
We provide information about our products and services. You have the option of contacting us for further information or using other services.
The purpose of data processing is to provide you with the right information at the right time. We also use your personal data for the technical administration of the websites, for customer administration and for marketing purposes, provided that you expressly authorise this by giving your consent on our website (one example is the FP newsletter).
3. Your rights
If you have any questions about your personal data, you can contact us in writing at any time. You have the following rights under the GDPR:
3.1. The right to information (subsection Art. 15 GDPR)
You have the right to obtain information at any time about which categories and information about your personal data are processed by us and for what purpose, how long and according to what criteria these data are stored and whether automated decision-making, including profiling, is used in this context. You also have the right to know to which recipients or categories of recipients your data has been or will be disclosed, in particular to recipients in third countries or international organisations. In this case, you also have the right to be informed about suitable guarantees in connection with the transfer of your personal data.
In addition to the right to lodge a complaint with the supervisory authority and the right to information about the origin of your data, you have the right to erasure, rectification and the right to restrict or object to the processing of your personal data.
In all of the above cases, you have the right to request a copy of your personal data processed by us from the data processor free of charge. For all further copies that you request or that go beyond the data subject’s right to information, we are authorised to charge a reasonable administrative fee.
3.2. The right to rectification (Art. 16 GDPR)
You have the right to request the immediate rectification of your incorrect personal data and, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration. If you would like to exercise your right to rectification, you can contact our data protection officer or the controller at any time.
3.3. The right to erasure (Art. 17 GDPR)
You have the right to demand the immediate erasure of your data (“right to be forgotten”), in particular if the storage of the data is no longer necessary, you withdraw your consent to data processing, your data was processed unlawfully or was collected unlawfully and there is a legal obligation to erase it under EU or national law.
However, the right to be forgotten does not apply if there is an overriding right to freedom of expression or freedom of information, if data storage is necessary for the fulfilment of a legal obligation (e.g. retention obligations), if archiving purposes prevent deletion or if the storage serves the assertion, exercise or defence of legal claims.
3.4. The right to restriction (Art. 18 GDPR)
You have the right to demand the restriction of the processing of your data by the controller if the accuracy of the data is disputed by you, the processing is unlawful, you refuse the deletion of your personal data and instead demand a restriction of the processing, if the necessity for the processing purpose no longer applies or you have objected to the processing in accordance with Article 21 (1) GDPR, as long as it is not yet clear whether legitimate reasons on our part outweigh yours.
3.5. The right to data portability (Art. 20 GDPR)
You have the right to the portability of your personal data, which you have provided to our company in a commonly used format, so that you can have your personal data transferred to another controller without hindrance, provided that, for example, you have given your consent and the processing is carried out by automated means.
3.6. The right to object (Art. 21 GDPR)
You have the right to object at any time to the collection, processing or use of your personal data for the purposes of direct marketing or market and opinion research as well as general commercial data processing, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Furthermore, you cannot exercise your right to object if a legal provision provides for the collection, processing or use of the data or obliges us to collect, process or use the data.
3.7. Right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG)
You have the right to lodge a complaint with the competent supervisory authority if you believe that there has been an infringement in the processing of your personal data. 7.8 Right to withdraw consent under data protection law (Art. 7 para. 3 GDPR) You can withdraw your consent to the processing of your personal data at any time and without giving reasons. This also applies to the revocation of declarations of consent given to us before the EU General Data Protection Regulation came into force.
4. Legal basis of the processing
When processing personal data for which we obtain the consent of the data subject, Art. 6 para. 1, sentence 1 lit. a GDPR serves as the legal basis.
When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This provision also includes processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1, sentence 1 lit. c GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing. The legitimate interest of our company lies in the performance of our business activities and in analysing, optimising and maintaining the security of our online offering.
5. Transmission of data to third parties
Data will only be transferred to third parties beyond the scope described in this privacy policy if this is necessary for the processing of the respective requested service. Personal data is not transferred to so-called third countries outside the EU/EEA.
6. Legal or contractual provisions for the provision of personal data and possible consequences of non-provision
We hereby point out that the provision of personal data is required by law in certain cases (e.g. tax regulations) or may result from contractual regulations (e.g. information on the contractual partner). For example, in order to conclude a contract, it may be necessary for the data subject/contractual partner to provide their personal data so that we can process their request (e.g. order) in the first place. An obligation to provide personal data arises above all when concluding a contract. If no personal data is provided in this case, the contract cannot be concluded with the data subject. Before personal data is provided by the data subject, the data subject can contact our data protection officer or the data controller. The data protection officer or the controller will then clarify to the data subject whether the provision of the required personal data is required by law or contract or is necessary for the conclusion of the contract and whether there is an obligation to provide the personal data arising from the data subject’s concerns or what the consequences are for the data subject if the requested data is not provided.
7. Information, correction, deletion or blocking of your personal data
We process and store your personal data only for the period of time required to achieve the respective storage purpose or as provided for by the various retention periods stipulated by law.
After a storage purpose has ceased to exist or after the retention period prescribed by law has expired, the personal data is routinely blocked for further processing or deleted in accordance with the statutory provisions.
8. External links
Our websites may contain links to other websites outside our area of responsibility, to which this data protection declaration does not extend and for whose content we accept no responsibility.
9. Use of our website:
When you visit our website, service providers who are also subject to data protection regulations store the name of your internet service provider, the website from which you visit us, the pages you visit on our website and the date and duration of your visit as standard. So-called “cookies” are used by us to track visitor preferences and make using our website as pleasant as possible. We use analysis tools for this purpose. If you do not want your data to be tracked when you visit our website, you can opt out here. In addition, personal data is only stored if you provide it voluntarily, for example when making a contact enquiry.
9.1. Privacy policy for the use of Google Analytics:
This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows users to measure traffic and engagement on their websites and mobile apps using customisable reports.
Google Analytics uses cookies that enable us to analyse your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.
With Google Analytics, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data
During your visit to the website, your user behaviour is recorded in the form of “events”. Events can be
- Page views
- First visit to the website
- Start of the session
- Scrolls (whenever a user scrolls to the end of the page (90%))
- clicks on external links
- internal search queries
- Interaction with videos
- File downloads
- Viewed / clicked adverts
- Language setting
- It is also recorded:
- Your approximate location (region)
- Your IP address (in abbreviated form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your Internet provider
- the referrer URL (via which website/advertising medium you came to this website)
It cannot be ruled out that US authorities will access the data stored by Google.
Third country transfer: If data is processed outside the EU/EEA and there is no level of data protection that meets the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Storage period: The data sent by us and linked to cookies is automatically deleted after 2 years. Data whose retention period has expired is automatically deleted once a month.
Legal basis: The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
Revocation: You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by selecting
1. do not give your consent to the setting of the cookie or
2. download and install the browser add-on to deactivate Google Analytics HERE.
You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.
9.2. Privacy policy for the use of Google Conversion Tracking:
This website also uses Google Conversion Tracking. Google Adwords places a cookie on your computer if you have reached our website via a Google advert. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the AdWords customer’s website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. Each AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are told the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, by changing your browser settings to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “googleadservices.com”.
9.3. Privacy policy for the use of Matomo Analytics
Our website uses Matomo Analytics, an open source software for the statistical analysis of visitor access, which is operated by InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand, . Matomo uses cookies, which are stored on your computer and enable your use of the website to be analysed. The information generated by the cookie about your use of this website is stored on our server. The following data is processed:
- IP address (anonymised)
- Usage behaviour (e.g. pages visited, length of stay)
- Technical information (e.g. browser type, operating system)
Legal basis: The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, Art. 49a GDPR.
9.4. Use of our Annual General Meeting portal
9.4.1. If you would like to use our Annual General Meeting portal, you must register by entering your personal details, your e-mail address, a password of your choice and a user name of your choice. You are required to use a clear name; it is not possible to use a pseudonym. The provision of the aforementioned data is mandatory; you can provide all other information voluntarily by using our portal. We use the so-called double opt-in procedure for this service, i.e. you will receive an e-mail in which you must confirm that you are the owner of the e-mail address provided and that you wish to receive the notifications. You can unsubscribe from the notifications at any time, e.g. by clicking on the link in the email or using the contact details provided. We will store the data you provide as well as the time of your registration for the service and your IP address until you unsubscribe from the notification service.
9.4.2. If you use our Annual General Meeting portal, we will store your data required for participation in the Annual General Meeting until you finally delete your access. Furthermore, we store the voluntary data you provide for the duration of your use of the portal, unless you delete it beforehand. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
9.4.3. If you use the Annual General Meeting portal, your data may be made accessible to other participants in the Annual General Meeting in accordance with the legal requirements. Non-registered participants will not receive any information about you. Your user name will be visible to all registered participants if you have authorised them or make a speech.
9.4.4. To prevent unauthorised access by third parties to your personal data, in particular financial data, the connection is encrypted using TLS technology.