Data protection
Information
We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. Our data protection provisions comply with applicable statutory regulations on the protection of personal data, in particular with the provisions of the EU General Data Protection Regulation (EU GDPR), and are in line with the country-specific data protection provisions that apply to MGA Zapf Creation GmbH. Therefore, please take a moment to familiarise yourself with our data protection information. It explains which data we collect on our website, what we use it for and what options are available to you.
Responsibility in terms of data protection law lies with MGA Zapf Creation GmbH.
Postal address:
Mönchrödener Str. 13, 96472 Rödental, GERMANY.
Contact information
Phone: +49 9563 725-0
Fax: +49 9563 725-116
Email: info(at)zapf-creation.com
Data protection contact
datenschutz(at)zapf-creation.de
Subject of data protection
Subject of data protection is personal data. In accordance with Art. 4 Para. 1 GDPR, personal data encompasses any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This includes information such as name, postal address, email address or telephone number, but also usage data such as your IP address.
Data that does not enable the personal identification of the user is anonymous data.
Purposes and legal basis of the data processing
When processing your personal data, the provisions of EU GDPR and all other applicable requirements according to data protection law are adhered to. The legal bases for data processing are derived from Art. 6 EU GDPR in particular.
We use your data for initiating business contact, fulfilling contractual and legal obligations, conducting the contractual relationship, offering the products and services and strengthening the customer relationship, which can also entail analyses for marketing purposes and direct marketing.
Your consent to data processing can also a represent an authorising provision under data protection law. Before you give your consent, we inform you of the purpose of the data processing and of your right to withdraw consent.
Data collection: categories and origin of data
The data we process is determined by the respective context: this depends on whether you submit queries using our contact form or send us a job application, for example.
During your visit to our website, we collect and process the following data:
- Name of the internet service provider
- Details of the website from which you are visiting us
- Web browser and operating system used
- The IP address assigned by your internet service provider
- Requested files, transmitted data quantity, downloads / file export
- Details of our websites visited by you, including date and time
For reasons relating to technical security (in particular to defend against attempted attacks on our web server), this data is stored in accordance with Art. 6 Para. 1 lit. f EU GDPR. After seven days at the latest, the data is anonymised by shortening the IP address so that the user cannot be identified.
Within the scope of a contact request, we collect and process the following data:
- Last name, first name
- Title
- Country
- Contact details (email address, telephone number)
- Address
- Message
- You can also upload images and other files.
Within the scope of a request via our product form, we collect and process the following data:
- Last name, first name
- Title
- Country
- Contact details (email address, telephone number)
- Address
- Message
- Product designation / identification number
- You can also upload images and other files.
Within the scope of an online job application, we collect and process the following data:
- Last name, first name
- Title
- Country
- Contact details (email address, telephone number)
- Address
- Application documents (CV, references, etc.)
- Availability
- Annual gross salary
Obligation to provide access to the data
A variety of personal data is required in order to establish, perform and terminate the contractual relationship and to fulfil the contractual and legal obligations involved. The same applies for the use of our website and the various functions that this provides.
We have summarised the details of this in the aforementioned item. In certain cases, data must also be collected or made available due to legal provisions. Please note that it is not possible to process your request or execute the contractual relationship on which this is based without providing this data.
Contact form / Contacting us via email (Art. 6 Para. 1 lit. a, b GDPR)
Our website contains a contact form that can be used to contact us electronically. When you use the contact form to write us, we shall process your data provided in the contact form in order to contact you and respond to your questions and wishes.
In doing so, we observe the principle of data economy and data avoidance by requiring you to provide only the data we require for contacting you. The data collected here differs according to the type of request; for example, it is sufficient to specify your name, email address and country in which you currently live when making a general request. Other mandatory information for a general contact request is the subject of the message and the message text itself. If you are interested in a catalogue, we also ask for your address in order to send you the catalogue. Your IP address will also be processed, as this is a technical necessity and required for legal protection. All other data submitted is optional (e.g. for a more individual response to your questions).
Should you contact us by email, we will use the personal data communicated in the email solely for the purpose of processing your request.
Cookies (Art. 6 Para. 1 lit. f EU GDPR, Art. 6 Para. 1 lit. a EU GDPR, Art. 6 Para 1 lit c EU GDPR)
Cookies only contain pseudonymous, usually even anonymous data. Some cookies remain in place for the duration of a browser session (so-called session cookies), others are stored for longer periods (so-called persistent cookies, e.g. consent settings). The latter are automatically deleted after the specified time (usually 6 months). In addition to our own cookies, we also use cookies that are controlled by third-party providers. These use the information contained in the cookies, e.g. to show you content or to record the pages you have visited.
On the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f EU GDPR), we set technically necessary cookies, which are absolutely necessary for the operation of the website and to ensure its functionality. Furthermore, we use cookies without your consent if their sole purpose is to store or access information stored in the terminal device for the transmission of messages or if they are absolutely necessary to provide the service you have expressly requested, Section 25 (2) TDDDG.
Subject to your consent, other cookies are used to enable us or third parties to analyze how our services are used, for example. This enables us to tailor the content to user needs. Cookies also enable us to measure the effectiveness of a particular advertisement and to place it according to the thematic interests of the user, for example. The legal basis for this is your express consent (Art. 6 para. 1 sentence 1 lit. a EU GDPR, Section 25 para. 1 TDDDG).
If you have accounts with the third-party providers we use and are logged in there, your data may be linked to the respective account. You can avoid such a combination by not giving or revoking your consent to the relevant cookies or by logging out of the respective third-party providers in advance.
Most browsers accept cookies automatically. You can also deactivate, restrict or delete cookies on your end device manually via your browser settings or with the help of software. If you deactivate the setting of cookies, you will not be able to use our website to its full extent or only to a limited extent.
Please also note our information in the section of the respective service that uses cookies.
You can revoke your consent via the link below or via our consent banner at any time with effect for the future and change the cookie settings. Please note that changes must be made separately for each end device.
Google Fonts (Art. 6 Para. 1 lit. f EU GDPR)
External fonts, Google Fonts, are used on this website. Google Fonts is a service of Google Inc (“Google”).
These web fonts are integrated locally via a client. You can find more information in Google's privacy policy, which you can access here:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/
The use of Google Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f EU-GDPR.
Google reCAPTCHA (Art. 6 Para. 1 lit. f EU GDPR)
On this website, we use the reCAPTCHA function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This function is primarily used to differentiate whether an entry is made by a natural person or is misused by machine and automated processing.
The legal basis for the processing is Art. 6 para. 1 lit. f EU-GDPR based on our legitimate interest in the security of our website and the prevention of misuse and spam. The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there.
This service may forward the data collected to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes without you having any legal recourse. However, we take the possible measures required under data protection law in accordance with Art. 44 et seq. EU-GDPR to establish the level of data protection in the third country.
You can view Google's terms of use at http://www.google.de/intl/de/poli-cies/terms/regional.html, the additional detailed information on data protection can be found on Google's website (“Google Privacy Policy”): http://www.google.de/intl/de/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated.
Google Analytics (Art. 6 Para. 1 lit. a EU GDPR)
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
The following data concerning you is saved in this connection:
- IP address
- usage data
- Click Path
- App updates
- Browser information
- Device information
- JavaScript support
- Visited pages
- Referrer URL
- downloads
- Flash version
- Location information
- Purchase activity
- Widget interactions
- Date and time of the visit
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
We have also deactivated Universal Analytics on our website so that no user ID is created that would enable cross-device tracking.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a EU GDPR, § 25 para. 1 TDDDG.
You can revoke your consent at any time with effect for the future via our consent banner (in the next section) and change the cookie settings. Please note that changes must be made separately for each end device.
As we have also deactivated the GA Audiences function, no target groups are formed that would enable the classification of website visitors and therefore the display of specific advertisements tailored to the respective target group.
This service can forward the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse. However, we take the possible and data protection law
YouTube (Art. 6 Para. 1 lit. a EU GDPR)
We have embedded YouTube videos from the provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in our online offering, which are saved on www.youtube.com and can be played directly from our website. These are all embedded in “privacy-enhanced mode”, i.e. no data about you as a user is transferred to YouTube if you do not view the videos. However, the privacy-enhanced mode only relates to the recording of user behaviour and not the provision of ads, the reloading of further content from third parties, the transmission of fonts and possible links with your user account on YouTube. If you start the video, this triggers further data processing operations. We have no influence over this. The legal basis for this is your consent as per Art. 6 Para. 1 Sentence 1 lit. a EU GDPR.
You can withdraw your consent at any time in our cookie settings.
This service can forward the collected data to a different country. Please note that this service can transmit data outside the European Union and the European Economic Area and to a country without an adequate level of data protection. If the data is transmitted to the USA, there is a risk of your data being processed by US public authorities for control and inspection purposes without you having the possibility of legal redress. However, we take the possible measures that are necessary from the perspective of data protection law in line with Art. 44 et seq. EU GDPR in order to ensure an adequate level of data protection in the third country.
As a result of your visit to the website, YouTube is informed that you have called up the corresponding page of our website. Data is transmitted regardless of whether YouTube provides a user account that you are logged in to or whether no user account exists. If you are logged in to Google, your data is assigned directly to the account. If you do not wish this data to be assigned to the YouTube profile, you must log out before activating the button. YouTube saves the data as user profiles and uses it for the purposes of advertising, market research and/or the needs-based use of its website. In particular, and even for users who are not logged in, such an analysis takes place for the purpose of providing needs-based advertising and informing other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles; in order to exercise this right, you must contact YouTube.
Further information regarding data protection can be found at: policies.google.com/privacy
CloudFront (Art. 6 Para. 1 lit. f EU GDPR)
This website uses the CloudFront content delivery network (CDN). This is a service offered by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. The CloudFront CDN makes duplicates of website data available on various Amazon Web Services (AWS) servers located all over the world. This results in faster website loading times, greater reliability and increased protection against data loss. Some of the images and videos embedded in this website are obtained from the CloudFront CDN when calling up the site. By making this request, information about your use of our website (e.g. your IP address) is transferred to Amazon servers in other EU states and saved there. This takes place as soon as you enter our website. Amazon Web Services and the Amazon CloudFront CDN are used in the interests of improving the reliability of the website, increasing protection against data loss and improving loading speeds on this website. This is a legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. Information on the data protection measures and the current privacy notice of Amazon Web Services can be found at: https://aws.amazon.com/privacy/
This service can forward the collected data to a different country. Please note that this service can transmit data outside the European Union and the European Economic Area and to a country without an adequate level of data protection. If the data is transmitted to the USA, there is a risk of your data being processed by US public authorities for control and inspection purposes without you having the possibility of legal redress. However, we take the possible measures that are necessary from the perspective of data protection law in line with Art. 44 et seq. EU GDPR in order to ensure an adequate level of data protection in the third country.
Use and disclosure of personal data/earmarking
We will only collect, process and use all the personal data we receive from you during your use of the MGA Zapf Creation GmbH website for the stated purpose. In doing so, we ensure that this only happens in accordance with the relevant legal provisions and/or only with your permission. No data shall otherwise be provided to third parties, unless we are obligated to do so based on mandatory statutory regulations (transfer to external bodies such as supervisory authorities or law enforcement authorities).
We will not publish, sell or provide the collected personal data to third parties by any other means. This data will not be used for advertising purposes.
Recipients of the data / Categories of recipients
Within our company, we make sure that only individuals that require your data to fulfil contractual and statutory obligations are given access to your data.
In many cases, service providers support our departments in performing their tasks. All service providers have signed the required data protection contracts. Your personal data is in part transferred to the following service providers for contract processing: transport service providers, information agency (credit rating check), commercial credit insurance provider and sales representatives (for direct customer support on site, service provider for responding to complaints on our behalf).
Transfer to third countries / Intended transfer to third countries
We only transfer data to third countries (outside the European Union or the European Economic Area) if this is required to fulfil our obligations, it is prescribed by law, or you have provided us with consent to do so.
We do not transfer your personal data to service providers outside the European Economic Area.
Rights of data subjects (Art. 15–22 EU GDPR)
You have the right to gain information about the personal data affecting you, as well as the right to correction or erasure, where this would not violate any statutory storage periods. You are also entitled to demand the restriction of processing from Zapf Creation AG and to assert a right of objection against the processing and the right of data portability. You may, of course, withdraw your consent at any time. In addition, you have the right to submit a complaint to the supervisory authority.
To assert these rights, please contact: datenschutz(at)zapf-creation.de or write to MGA Zapf Creation GmbH, subject “data protection”, Mönchrödener Str. 13, 96472 Rödental, Germany.
Routine erasure and blocking of personal data
MGA Zapf Creation GmbH processes and saves personal data on the affected person only for the period required in order to achieve the purpose of the storage or for the duration of a statutory storage period. Once the purpose has been fulfilled or the period has expired, the relevant data is routinely erased, unless it is still required for contract fulfilment or prior to concluding a contract.
We are also entitled to store your data where you have granted consent to do so, or when legal disputes arise and we use evidence under the statutory limitation periods, which can be up to thirty years; the general limitation period is three years.
Data protection in job applications and the application process (Art. 6 Para. 1 lit. a, b EU GDPR)
MGA Zapf Creation GmbH collects and processes the personal data of applicants for the purpose of conducting the application process. This data is not passed on to third parties without your consent.
You are asked to provide personal data in the application form. In this, we adhere to the principles of data economy and data avoidance by requiring you to provide only the data that we need to comprehensively check your application documents, such as your CV, or that we have a statutory duty to collect. These mandatory fields are marked with an asterisk (*). Your IP address will also be processed, as this is a technical necessity and required for legal protection.
Without this data, we are unable to check your application documents. Our application system therefore does not allow application documents to be uploaded in this case. Needless to say, you are free to enter optional information in the application form.
We implement appropriate security measures to provide the best possible protection and confidentiality for your data. Your application documents are transmitted to us in encrypted form via our application system. We provide a HTTPS transfer protocol for our website, always using the latest encryption protocol.
Electronic processing is also possible. This is the case when an applicant transmits relevant application documents to MGA Zapf Creation GmbH electronically, via email. We offer PGP encryption for the secure transmission of application documents via email. To do this, we provide you with our public PGP key.
We store your data for the purposes described above until the application process is complete and the corresponding periods have expired – no later than six months following receipt of the decision.
If you wish, however, we can store your application documents for a longer period and compare them to other vacant positions that match your profile.
For this, we require your consent, which you can grant by clicking the checkbox before uploading your application documents. In this case, we store your data for 24 months. Of course, you can withdraw your consent at any time with effect for the future by sending an email to datenschutz(at)zapf-creation.de.
Data security
We have taken appropriate technical and organizational measures in order to protect the data we store on our staff/customers/suppliers against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. The security levels are constantly reassessed and adapted to new security standards in collaboration with security experts.
The exchange of data from and to our website is encrypted. We provide a HTTPS transfer protocol for our website, always using the latest encryption protocol. We also offer our users PGP encryption for applications. We are the only ones who can decrypt your data. There is also the option of using alternative communication channels (e.g. by post).
Online services for children
Persons under the age of 16 may not provide any personal data to us without the consent of parents or legal guardians, nor may they submit a declaration of consent. We encourage parents and legal guardians to play an active role in the online activities and interests of their children.
Automated case-by-case decisions
We do not use any purely automated processing procedures to reach decisions.
Links to other providers
Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as links to the websites of other providers are present, we have no influence over their content. For this reason, no warranty or liability can be assumed for this content. In all cases, the provider or operator of the linked website is liable for the content.
The linked websites were reviewed for possible and recognisable legal infringements at the time the links were placed. No unlawful content was recognisable at the time the links were placed. A constant review of the content of the linked websites cannot be expected without a specific indication of an infringement of the law. As soon as infringements of the law become known to us, such links will be removed immediately.
Questions on data protection?
In case you have any question on data protection, please contact datenschutz(at)zapf-creation.de or write to MGA Zapf Creation GmbH, subject “data protection”, Mönchrödener Str. 13, 96472 Rödental, Germany.