text.skipToContent text.skipToNavigation

Privacy Policy

Introduction

Thank you for your interest in our online offering. Protecting your privacy is of particular concern to us. The following information is intended to inform you about the nature, scope, and purposes for which we process personal data and the rights to which data subjects are entitled.

Contents

  1. General Part
    • 1.1 Scope
    • 1.2 Legal Basis
    • 1.3 Name and Address of the Controller
    • 1.4 Name and Address of the Data Protection Officer
    • 1.5 Contact Details of the Supervisory Authority
    • 1.6 Principles of Data Protection and Your Rights
      • 1.6.1 Definitions
      • 1.6.2 Principles for Processing Personal Data
      • 1.6.3 Rights of Data Subjects
    • 1.7 Information on Cookies and Similar Technologies
    • 1.8 Changes to This Privacy Policy
  2. Special Part
    • 2.1 Necessary Processing When Visiting Our Website
      • 2.1.1 Provision of Our Website
      • 2.1.2 Cookies for Sessions, Logins, and Security
      • 2.1.3 Management of Consents
      • 2.1.4 Protection Against Automatically Generated Inputs
      • 2.1.5 Google Tag Manager
    • 2.2 Optional Processing When Visiting Our Website
      • 2.2.1 Google Analytics
      • 2.2.2 Microsoft Clarity
    • 2.3 Processing When Using Our Services
      • 2.3.1 Use of Our Customer Portal
      • 2.3.2 Contacting US

1. General Part

1.1 Scope

This privacy policy applies to all pages accessible under the address my.siegwerk.com, including their subpages (hereinafter referred to as "website").

1.2 Legal Basis

The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).

1.3 Name and Address of the Controller

The controller within the meaning of the GDPR and other national data protection laws of the Member States, as well as other data protection regulations, is:

Siegwerk Druckfarben AG & Co. KGaA

- hereinafter: "the controller"/"we"/"us".

You can find more information about the controller in our imprint.

1.4 Name and Address of the Data Protection Officer

The following person has been appointed as the Data Protection Officer:

Attorney Ziar Kabir
SCO-CON:SULT GmbH
Hauptstraße 27
53604 Bad Honnef
Email: dataprotection@siegwerk.com
www.sco-consult.de

1.5 Contact Information of the Competent Supervisory

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Phone: +49 (0) 211/38424-0
Fax: +49 (0) 211/38424-999
Email: poststelle@ldi.nrw.de

1.6 Principles of Data Protection and Your Rights

1.6.1 Definitions

This privacy policy is based on the terms used by the European legislator when enacting the General Data Protection Regulation (GDPR). You can view the definitions in the Official Journal of the European Union.

1.6.2 Principles for Processing Personal Data
  • Purpose and Scope of Processing Personal Data

    Personal data is only collected for the specified purposes. The scope of processing is limited to what is necessary for the purpose of the processing. The Controller reserves the right to process personal data if and to the extent necessary to protect its legitimate interest in asserting, exercising, or defending legal claims.

  • Legal Basis for Processing Personal Data

    Personal data may be processed if at least one of the following conditions is met:

    • Consent of the affected persons (Art. 6 (1) (a) GDPR)
    • Necessity for contract performance or pre-contractual measures (Art. 6 (1)(b) GDPR)
    • Necessity for fulfilling a legal obligation (Art. 6 (1) (c) GDPR)
    • Necessity for protecting the vital interests of the affected persons (Art. 6 (1) (d) GDPR)
    • Processing is necessary for performing a task in the public interest or in the exercise of official authority vested in the Controller (Art. 6 (1) (e) GDPR)
    • Protecting a legitimate interest on our part or that of a third party unless the interests, rights, and freedoms of the data subject outweigh this interest (Art. 6 (1) (f) GDPR).
  • Storage Duration for personal data

    The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if provided for by the European or national legislator in EU regulations, laws, or other provisions to which the Controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for a contract conclusion or contract fulfillment.

  • Recipients of personal data

    Recipients of personal data of data subjects are generally only the Controller and processors engaged by the Controller in compliance with data protection law. Data may be disclosed to third parties if the Controller is authorized to do so by a legal provision or is obliged to do so due to legal requirements, administrative or judicial orders.

  • Transfer of personal data to third countries

    If personal data of data subjects is transferred to countries outside the European Union (EU) or the European Economic Area (EEA), this will only occur if an adequate level of protection exists (Art. 45 GDPR) or appropriate safeguards are in place (Art. 46 GDPR) or under the conditions of Art. 49 GDPR for exceptions in specific cases.

  • Existence of automated decision-making

    As a responsible company, we do not use automated decision-making or profiling.

1.6.3 Rights of Data Subjects

Data subjects have the following rights:

  • Right to Withdraw Consent (Art. 7(3) GDPR)

    You can withdraw your previously given consent to the processing of data at any time with effect for the future.

  • Right to Information (Art. 15 GDPR)

    You can request information about whether personal data concerning you is being processed. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period or criteria for determining this, the existence of a right to rectification, erasure, restriction of processing, or to object, the existence of a right to lodge a complaint, the source of your data if it was not collected from you, and the existence of automated decision-making, including profiling.

  • Right to Rectification (Art. 16 GDPR)

    You can request the immediate rectification of incorrect personal data concerning you or the completion of incomplete personal data, taking into account the purposes of the processing.

  • Right to Erasure (Art. 17 GDPR)

    You can request the erasure of your personal data if the purpose of the processing has ceased to apply, you have withdrawn your consent or objected to the processing and there are no overriding legitimate grounds for the processing, or if the processing is unlawful or necessary for the establishment, exercise, or defense of legal claims.

  • Right to Restriction of Processing (Art. 18 GDPR)

    You have the right to request the restriction of processing if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or if the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims.

  • Right to Data Portability (Art. 20 GDPR)

    You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent or on a contract and the processing is carried out by automated means.

  • Right to Object (Art. 21 GDPR)

    You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

  • Right to Lodge a Complaint (Art. 77 GDPR)

    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation.

1.7 1.7 Information on Cookies and Similar Technologies

Cookies are text files created by the browser when pages are accessed to store data about a browser during and after a page visit. Unique strings are regularly stored in the cookie, allowing a server to recognize a browser. Cookies can be stored by the visited site (first-party) or by third-party providers (third-party) if their services are used on the visited site. If a third-party service is used on multiple websites, the third-party provider can store information about user activities in cookies and track them across multiple sites. The domain of the site from which the cookie originates is stored in the cookie, and access is restricted to this domain. Cookies are valid either for the duration of a browser session (session cookies) or until a time specified in the cookie (persistent cookies). Expired cookies are no longer loaded by the browser during a page visit and are either deleted or overwritten directly by the browser, depending on the browser.
You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or generally, and to activate the automatic deletion of cookies when closing the browser. However, if cookies are deactivated, not all functions of our website may be fully usable. Information on cookie settings for your browser can be found in the help section of the browser or at the following links:

Additionally, data can be stored in the so-called Local Storage or Local Session Storage of your browser for the same purposes.
Information on the use of cookies or similar technologies when visiting our website can be found in the information on individual processing activities in the specific part of the privacy policy.

1.8 1.8 Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will apply to your next visit.

2. Specific Part

2.1 Necessary Processing When Visiting Our Website

2.1.1 Provision of Our Website

As part of order processing, we commission a professional external service provider to provide our website. The personal data of data subjects collected via our website is processed on the service provider’s servers. To ensure optimal global accessibility of our website, processing may also take place on servers in third countries. The basis for the transfer to third countries is adequacy decisions of the EU Commission pursuant to Art. 45(1) GDPR or Standard Contractual Clauses with the processor, which obligate the processor to ensure compliance with European data protection law even in the third country, thus providing an appropriate guarantee for the protection of personal data pursuant to Art. 46(2)(c) GDPR.

2.1.2 Cookies for Sessions, Logins, and Security

When using our website, so-called session cookies may be stored in your browser.

  • Scope of Processing

    Our system assigns your browser a randomly unique identifier and stores it for the duration of your browser session. The identifier is stored in a cookie and transmitted to our system when pages of our website are accessed. The identifier can be linked with other data we collect via our website. The cookie is valid only for our site and cannot be used to track your activities on third-party sites. Additionally, we use cookies with unique identifiers to prevent the misuse of forms.

  • Storage and Access to Data in the Browser

    The following cookies may be stored and read in your browser for session assignment:

    NameDurationThird Party AccessDomainType
    JSESSIONIDSessionNomy.siegwerk.comFirst-Party Cookie
    acceleratorSecureGUIDSessionNomy.siegwerk.comFirst-Party Cookie
    XSRF-TOKENSessionNomy.siegwerk.comFirst-Party Cookie
  • Legal Basis for Processing

    The legal basis for processing is Art. 6(1)(f) GDPR.

  • Purpose of Processing

    Session identifiers are used to assign requests to a browser system-side. The assignment of requests to browsers is necessary on our site for the allocation of permissions, use of protected areas, maintenance of logins, and provision of forms. Processing for these purposes constitutes a legitimate interest.

  • Storage Duration

    Session data is deleted after the session ends or after exceeding a time limit appropriate to the purposes.

  • Right to Object and Removal Option

    The provisions of Art. 21 GDPR on the right to object to processing based on a balancing of interests apply. Since these processes are essential to ensure the functionality of our website, there is generally no option to object to the processing.

2.1.3 Management of Consents

We use the service Cookiebot by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter: “Usercentrics”) on our website.

  • Scope of Processing

    When visiting our website, your browser connects to Usercentrics servers within the European Economic Area (EEA) to load resources for the consent banner. Your IP address, the address of the visited page, and technical connection data are transmitted. When you confirm the setting in the consent banner, the following data is transmitted to a Usercentrics server in the EEA:

    • Browser type and version used,
    • Operating system,
    • IP address,
    • Date and time of confirmation,
    • Address of the page on our website where the confirmation occurs,
    • Unique identifier of the confirmation,
    • Setting or consent that was confirmed.

    All transmitted data is anonymized by Usercentrics before storage. The setting or consent and the unique identifier are stored in a cookie in your browser.

  • Storage and Access to Data in the Browser

    The following cookies may be stored and read in your browser for managing your setting or consent:

    DesignationDurationThird Party AccessDomainType
    CookieConsentOne YearNomy.siegwerk.comFirst-Party Cookie
  • Legal Basis for Processing

    The legal basis for processing is Art. 6(1)(f) GDPR.

  • Purpose of Processing

    The purpose of processing is to provide an effective means for data subjects to control automated processing and give consent when visiting our website. Storing the data in the browser is necessary for the cross-site application of the setting or consent.

  • Storage Duration

    No personal data is stored in the context of using Cookiebot on our website.

  • Right to Object and Removal Option

    The provisions of Art. 21 GDPR on the right to object to processing based on a balancing of interests apply. Since the processing is essential to ensure the functionality of our website, there is generally no option to object to the processing.

2.1.4 Protection Against Automatically Generated Inputs

We use the reCaptcha service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”) on our website. Google acts as a third party in this service relationship.

  • Scope of Processing

    We use the Google reCaptcha service to determine whether a human or a computer is making a particular input in our contact form. Google checks the following data to determine whether you are a human or a computer:

    • IP address of the used device
    • Address of the visited website
    • Date and duration of the visit
    • Technical characteristics of the used browser and operating system
    • Google account, if you are logged in to Google
    • Mouse movements on the reCaptcha areas
    • Tasks where you need to identify images
    If the evaluation of these characteristics indicates that it is an automatically generated input, the submission process will be aborted. In this context, there is no access to your information in the respective form.
  • Legal Basis for Processing

    The legal basis for processing is Art. 6(1)(f) GDPR.

  • Purpose of Processing

    The purpose of processing is to protect forms against automatically generated inputs (“spam”). This purpose also constitutes our legitimate interest in processing.

  • Data Transfer to Third Countries

    Google transfers and processes your data in the third country USA. Google has been certified under the Data Privacy Framework and is thus subject to an adequacy decision by the EU Commission. The transfer of your data is based on Art. 45(1) GDPR.

  • Storage Duration

    We do not store any personal data in connection with the verification of automatically generated inputs.

  • Right to Object and Removal Option

    The provisions of Art. 21 GDPR on the right to object to processing based on a balancing of interests apply. Since this processing is essential to ensure the functionality and security of our IT systems, there is generally no option to object to the processing.

2.1.5 Google Tag Manager

We use the Google Tag Manager service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”) on our website. Google acts as a processor in this service relationship.

  • Scope of Processing

    When visiting our site, a connection is established to Google’s servers to load the script required for Google Tag Manager. Your IP address, the address of the visited page, and information about the used browser and operating system are transmitted. When using Google Tag Manager itself, no personal data is processed, only settings are passed on, which are used to control and activate or deactivate optional services. Further information can be found in the following Google help article: Data collected by Google Tag Manager

  • Legal Basis for Processing

    The legal basis for processing is Art. 6(1)(f) GDPR.

  • Purpose of Processing

    We use Google Tag Manager to control and configure the activation of optional services. The processing is necessary to protect our legitimate interest in the effective management of optional services.

  • Data Transfer to Third Countries

    Google transfers and processes your data in the third country USA. Google has been certified under the Data Privacy Framework and is thus subject to an adequacy decisionby the EU Commission. The transfer of your data is based on Art. 45(1) GDPR. Additionally, Google has committed to us in standard contract clauses to ensure compliance with European data protection law even in the third country, thus providing an appropriate guarantee for the protection of personal data pursuant to Art. 46(2)(c) GDPR.

  • Storage Duration

    We do not store any personal data in connection with our use of Google Tag Manager.

  • Right to Object and Removal Option

    The provisions of Art. 21 GDPR on the right to object to processing based on a balancing of interests apply. Since the processing is essential to ensure the functionality of our website, there is generally no option to object to the processing.

2.2 Optional Processing When Visiting Our Website

2.2.1 Google Analytics

This website uses Google Analytics (Version 4), a service for analyzing visitor flows provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). Google acts as a processor in this service relationship.

  • Scope of Processing

    When you access a page on our website, your browser connects to Google’s servers to load the script required for Google Analytics. Your IP address, the address of the visited page, and information about the used browser and operating system are transmitted.

    If you have consented to the use of cookies, cookies will be stored in your browser. These cookies contain unique identifiers that allow your browser to be recognized when accessing pages on our website. These cookies are valid only for our site and cannot be used to track your activities on third-party sites.

    Each time you access a page on our website, data about the page access (including the page from which you arrived at our website and the accessed page), browser and system information (including browser, operating system, IP address) is transmitted to a Google server in the USA. If you have consented, the data from cookies, including the identifiers stored in cookies, will also be transmitted. The IP address processed during collection is not stored. Further information can be found on Google’s pages:

  • Storage and Access to Data in the Browser

    For measuring visitor flows and the reach of advertisements, the following cookies may be stored and read in your browser with your consent. Further information can be found in Google’s information on the types of cookies used:

    NameDurationThird Party AccessDomainType
    _gaTwo YearsNomy.siegwerk.comFirst-Party Cookie
    _ga_<ID>Two YearsNomy.siegwerk.comFirst-Party Cookie
  • Legal Basis for Processing

    The legal basis for processing is Art. 6(1)(f) GDPR. The legal basis for the use of cookies is Art. 6(1)(a) GDPR.

  • Purpose of Processing

    We use Google Analytics to measure and evaluate visitor flows on our website. The use of cookies aims to create more accurate, cross-session analyses. Google processes the data collected by us to evaluate the use of our website and to compile reports on website activity, which help us better understand and improve the use of our website. This also constitutes our legitimate interest in processing the collected data.

  • Data Transfer to Third Countries

    Google transfers and processes your data in the third country USA. Google has been certified under the Data Privacy Framework and is thus subject to an adequacy decision by the EU Commission. The transfer of your data is based on Art. 45(1) GDPR. Additionally, Google has committed to us in standard contractual clauses to ensure compliance with European data protection law even in the third country, thus providing an appropriate guarantee for the protection of personal data pursuant to Art. 46(2)(c) GDPR.

  • Storage Duration

    All personal data or data linked to identifiers will be deleted after a maximum of 26 months.

  • Right to Object and Removal Option

    The provisions of Art. 21 GDPR on the right to object to processing based on a balancing of interests apply. Since we do not store IP addresses and do not use cross-session identifiers without your consent, there is generally no option to object to the processing. You can view the status of your consent via our consent manager and withdraw any given consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The status of your consent is stored in a cookie. It is valid only for this browser and must be renewed after the specified validity period expires.

2.2.2 Microsoft Clarity

We use the Microsoft Clarity service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 (hereinafter: “Microsoft”) on our website. Microsoft acts as a third party in this service relationship.

  • Scope of Processing

    If you consent to the use of Microsoft Clarity, a connection to a Microsoft server is established when you visit our website to load the script required for Microsoft Clarity. Your IP address, the address of the visited page, and information about the used browser and operating system are transmitted. At the time of initializing Microsoft Clarity, cookies with unique identifiers are stored, allowing your browser to be recognized when accessing pages on our website. These cookies are valid only for our site and cannot be used to track your activities on third-party sites. Each time you access a page on our website, the following data is collected and transmitted to a Microsoft server and stored there:

    • User-Agent string
    • IP address
    • Address of the accessed page
    • Date and time of access
    • Information about interaction with a page (mouse movements, scroll depth, clicks, window size)
    • Information about error diagnostics (script and connection errors)
    • Unique identifiers from cookies
  • Storage and Access to Data in the Browser

    The following cookies may be stored and read in your browser for collecting usage data:

    NameDurationThird party accessDomainType
    _clckOne YearNomy.siegwerk.comFirst-Party Cookie
    _clskSessionNomy.siegwerk.comFirst-Party Cookie
  • Legal Basis for Processing

    The legal basis for processing is Art. 6(1)(a-f) GDPR.

  • Purpose of Processing

    We use the data collected through Microsoft Clarity and the created pseudonymized usage profiles to gain a better understanding of how our site is used. The data on mouse movements is used to draw conclusions about the user-friendliness of our offering and its design. In combination with the other collected data, we can specifically improve the user experience and better understand the impact of design changes on user behavior. We cannot draw any conclusions about the use by a specific person from the collected data.

  • Data Transfer to Third Countries

    Microsoft transfers and processes your data in third countries such as the USA, for which there is no adequacy decision by the EU Commission. Microsoft has committed to us in standard contractual clauses to ensure compliance with European data protection law even in the third country, thus providing an appropriate guarantee for the protection of personal data pursuant to Art. 46(2)(c) GDPR.

  • Storage Duration

    Stored usage data will be deleted no later than 13 months after their collection.

  • Right to Object and Removal Option

    You can view the status of your consent via our consent manager and withdraw any given consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Your decision regarding the use of the service is stored in a cookie. It is valid only for this browser and must be renewed after the specified validity period expires.

2.3 Processing When Using Our Services

2.3.1 Use of Our Customer Portal

We offer our customers the opportunity to log in with their customer data via our website and use our customer portal to request and order products.

  • Scope of Processing

    When you register for the use of our customer portal via our registration form, we process the data collected from you in the form. Registration is only possible for existing Siegwerk customers and requires the provision of the customer number. After registration, a confirmation email is sent to the provided email address. This email contains a link that activates the registration and unlocks your registration when accessed. All provided data is stored in your user account and can be edited there. Registered users can invite other persons to use the customer portal. This is limited to persons belonging to the specified customer. Salutation, name, email address, and customer number are displayed to other persons registered under the same customer number. Your data is not visible to persons registered under a different customer number. Furthermore, all data related to inquiries or orders is stored. Your data will not be disclosed to third parties, subject to the general provisions.

  • Storage and Access to Data in the Browser

    The following cookies may be stored and read in your browser for the functions of the customer portal:

    NameDurationThird party accessDomainType
    siegwerk-cartOne YearNomy.siegwerk.comFirst-Party Cookie
    sgwstorefrontRememberMe14 daysNomy.siegwerk.comFirst-Party Cookie
  • Legal Basis for Processing

    The legal basis for processing is Art. 6(1)(b) GDPR and, alternatively, Art. 6(1)(f) GDPR.

  • Purpose of Processing

    We process your data for the purposes of contract initiation and performance, as well as the associated documentation obligations, and to the extent necessary for the provision of the customer portal.

  • Storage Duration

    We store your data for the duration of a business relationship with us. Otherwise, the general provisions on storage duration apply.

  • Right to Object and Removal Option

    There is no option to object to processing necessary for the fulfillment of the contract with the data subject or for contract initiation at the request of the data subject. Otherwise, the provisions of Art. 21 GDPR on the right to object to processing based on a balancing of interests apply.

2.3.2 Contacting Us

Our website provides contact details such as addresses, phone numbers, and email addresses to enable quick contact and direct communication with us and our representatives.

  • Scope of Processing

    We process the personal data you provide to us depending on the chosen communication method. This may include your full name, address, phone number, email address, and other personal data you provide during communication. The recipients of the data are the persons working within our responsibility and processors engaged by us in compliance with data protection law. Your data will not be disclosed to third parties without your consent, subject to the general provisions. When using our contact form, your data is transmitted via an encrypted connection.

  • Legal Basis for Processing

    The legal basis for processing personal data in the context of communication with you is Art. 6(1)(f) GDPR. If the contact aims at initiating or fulfilling a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

  • Purpose of Processing

    We process your data to handle the purpose of the contact, to communicate with you, and to track the communication. These purposes also constitute our legitimate interest in processing.

  • Storage Duration

    The data will be deleted as soon as it is no longer necessary to achieve the purpose of its storage. The assessment of this depends on the circumstances of the individual case. Otherwise, the general provisions on storage duration apply.

  • Right to Object and Removal Option

    The provisions of Art. 21 GDPR on the right to object to processing based on a balancing of interests apply. The necessity to process the data for contract initiation, contract fulfillment, or documentation may oppose the objection.