Privacy Policy

Privacy Policy

Data protection at a glance

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our Privacy Policy listed below.

Who is responsible for data collection on this website?

The party responsible for data processing on this website is

NEU KALISS SPEZIALPAPIER GmbH
John Paul Fender
Industriegebiet, Am Alten Postweg 1, 19294 Neu Kaliss
Germany

Tel: +49(0) 3 87 58/ 55-0
Fax: +49(0) 3 87 58/ 55-199
E-mail: info@nkpaper.com
www.nkpaper.com

How do we collect your data?

On the one hand, your data is collected via the information you provide yourself. This may involve data that you enter when registering a customer account or ordering a newsletter. Even if you shop with us, register a product, take part in a customer satisfaction survey or make use of our services, we store the data you provide for this purpose.
Other data are automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system and time of the visit). These data are collected automatically as soon as you enter our website.

Analysis of your data

When you visit our website, your surfing behaviour can be statistically evaluated. This is done primarily via cookies and so-called analysis tools. The analysis of your surfing behaviour is anonymous and therefore cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. For details, please refer to our Privacy Policy under the heading “Third-Party Modules and Analysis Tools”.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website.
With other data, we can statistically analyse your user behaviour on the Internet (e.g. via so-called cookies). Such analyses are anonymous and cannot be traced back to you personally. You can reject this analysis. For details, please refer to our Privacy Policy under the heading “Third-Party Modules and Analysis Tools”.

What rights do you have with regard to your data?

You have the right at any time and free of charge to obtain information about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of these data. You can contact us at any time at the address given in the imprint regarding this and other questions on the subject of personal data. Furthermore, you have the right to appeal to the competent supervisory authority.

Is the transmission of your data encrypted?

Yes. This website uses encryption. This is to prevent unauthorized access to your data.

 

1 Website Privacy Policy

1.1 General information

The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.
When you use this website, various personal data is processed. Personal data is information with which you can be identified personally. This Privacy Policy informs you according to Art. 13 GDPR about what data we process and for which purpose.
This Privacy Policy summarizes and describes all data processing activities on websites of the Melitta Group. In the specific individual case, this may mean that a processing activity described (e.g. shop or newsletter) is not used on this website, but is instead used on another website of the Melitta Group.
We would like to point out that data transmission over the internet (e.g. communication by email) could bear security risks. Full protection of data against unauthorized access by third parties is not possible.

1.2 Controller

The controller of this website can be found in the imprint of this website.

1.3 Data Processing inside and outside the EU / EEA

We have concluded data processing agreements with our processors and providers of third-party modules and tools, which we use on our website, insofar as these are located in the EU/EEA area. We have concluded EU standard model clauses or other guarantees with processors and providers located outside the EU/EEA area, such as a valid Privacy-Shield-certification, to ensure that these companies comply with European level of data protection. Where processors or providers are certified under the Privacy Shield, we have listed the Privacy-Shield-certification in the relevant section.

1.4 Rights of Individuals

In order to exercise your rights, please refer to the mail address provided in the imprint.
As far as the requirements described in the GDPR are met, each participant has in particular the following rights according to art. 7 and art. 13 ff. GDPR:

a) The right of access without charge to the stored personal data pertaining to the individual as well as rectification, blocking or erasure of this data.
b) The right to data portability. To the extent that the controller processes the personal data using an automated procedure on the basis of consent or for the fulfilment of a contract, the data subject may request to obtain the personal data in a commonly used, machinereadable format. Insofar as the data subject requests that the data should transferred directly to another controller, this shall happen only, if technically feasible.
c) The right to withdraw consent granted. Insofar as the controller processes the data subject’s personal data on the basis of consent, this consent may be withdrawn in writing at any time with future effect. The lawfulness of data processing activities up to the time of withdrawal shall remain unaffected by the withdrawal.
d) The right to object to data processing. The controller will no longer process the data subject’s personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or where processing serves to establish, exercise or defend legal claims.
e) The right to lodge a complaint with a data protection supervisory authority. Insofar as the data subject considers that the processing of its personal data by the controller is a violation to GDPR, the data subject in question may lodge a respective complaint with any data protection supervisory authority.

1.5 Data Protection Contact

Melitta Data Protection Office, Ringstr. 99, 32427 Minden, Germany, phone: +49 571 86-0, mail: data-protection (at) melitta.com.

1.6 SSL and TLS encryption

This website uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content, such as browser requests send by using this website. You can recognize an encrypted connection by the fact that the address line in the browser changes from “http://” to “https://” and by the lock-symbol in the browser’s address bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

1.7 Our objection to use our contact details for sending advertising mails

We expressly object to the processing of our own contact details, which we have published in the imprint or at the data protection contact, for the unsolicited sending of advertising and information material by third parties. The website operator expressly reserves the right to take legal action in the event of unlawful sending of advertising and information material, such as spam mails.

2 Data processing on our Website

2.1 Cookies

Our website uses cookies. Cookies are small text files that are stored in the user’s browser and contain data. Cookies are used to personalize websites, make them more user-friendly, effective and secure. Cookies enable website operators to recognize a browser on the next visit.
The management of cookies can be configured by the user in any browser. You can configure your browser in such a way that before a cookie is saved, you are specifically asked to give your consent, the acceptance of cookies is excluded for individual cases or in general, and cookies are automatically deleted when the browser is closed.
Once cookies have been deactivated, this website or specific functions of this website may stop working as intended.
There are two types of cookies. Session cookies are automatically deleted when the browser is closed. Permanent cookies remain permanently stored on your computer until they reach the intended expiry date or until you delete them manually.

2.2 Server-Log-Files

The hosting provider of this website automatically processes data in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not combined with other data sources. We reserve the right to audit the data subsequently, if we become aware of any illegal use or for error analysis. Legal basis for this data processing is art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the technically interruption- and error-free as well as secure presentation of the website.

2.3 Contacting us

If you contact us (e.g. by contact form, mail or telephone) and send us inquiries, we will process your data only for answering your inquiry.
Legal basis for this data processing is the website user’s consent according to art. 6 para. 1 lit. a GDPR.
The data provided by you will remain stored until its purpose is fulfilled (e.g. your inquiry was answered) or until you request us to delete it. If a legal retention period is applicable with priority, the data will only be deleted after the expiry date is reached.

3 Third Party Modules and Analysis Tools

3.1 Google Tools in general

We use various tools of the provider “Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland” on our website. For the sake of simplicity, we will only refer to “Google” in the further course of this Privacy Policy. Your data may be processed by Google outside the EU/EEA, in particular, in the USA.
Legal basis for this data processing is our legitimate interest according to art. 6 Para. 1 lit. f GDPR in presenting a uniform, secure, attractive, high-performance, efficient and professional website as well as the statistical analysis of user behavior in order to optimize both, our website and our advertising campaigns.

3.2 Google (Universal) Analytics

We use “Google Analytics” on our website. Google Analytics is a free, website analysis tool of the provider Google (see Google Tools in general). Website operators can use it to track important KPI and website statistics. Google Analytics can also be used to track marketing campaigns and perform A/B testing.
We use Google Analytics in the “Universal Analytics” operating standard. Universal Analytics allows user analysis by means of a pseudonymous user ID across all devices as so-called “cross-device tracking”.
We also use Google Analytics with the “_anonymizeIp”-function. This function anonymizes the IP address as soon as technically feasible at the earliest possible stage of the collection network. The IP anonymization feature in Analytics sets the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses to zeros in memory shortly after being sent to the Analytics Collection Network.
Google Analytics uses cookies. The data generated by cookies about your use of our website is generally processed worldwide within the Google network. You have the option to deactivate cookies. However, we would like to point out that in this case, you may not be able to use all the functions of this website to their full extent.
You can opt-out of this tool at any time using the ad settings in your Google Account or opt-out of collecting your information using the opt-out browser plug-in.

3.3 Google DoubleClick via Google Analytics

A Google Ads account could be added in Google Analytics. If this is the case, then the website establishes a connection to Google’s advertising network DoubleClick via this chain of connections.

3.4 Google DoubleClick Floodlight

We use Google DoubleClick Floodlight of the provider Google (see Google Tools in general) on our website. This tool enables us to track and analyze the actions of users who visit our site after they have seen or clicked on one of our ads. For this purpose, so-called “floodlight tags” or tracking pixels and cookies are set on our website. This feature allows us to measure the effectiveness of our online campaigns in terms of sales and user activity on our website.
These cookies and tags do not contain any personally identifiable information and are therefore not used for personal identification. For example, we may determine the number of users who have purchased a product or completed an online form and evaluate it for statistical purposes, but we cannot personally identify the user.

3.5 Google Tag Manager

We use “Google Tag Manager” of the provider Google (see Google Tools in general) on our website. The Google Tag Manager itself does not collect any personal data. With Google Tag Manager, website tags can be easily integrated and managed. Tags are small code elements. The tool triggers these tags, which may themselves collect data. For example, Google Analytics including opt-out options can be integrated into a website by these means. If the tags have been deactivated, the Google Tag Manager takes this into account.

3.6 Google Ads

We use Google Ads of the provider Google (see Google Tools in general) on our website. Google Ads offers remarketing or the “similar target group”-functions. By using these functions, visitors to our website can be targeted with personalized, interest-based advertising in the provider’s search results.
Google uses cookies to perform the analysis of website usage, which forms the basis for the creation of interest-based advertisements. These cookies record visits to the website and anonymous data on the use of the website. There is no storage of personal data of visitors of the website. If you visit another website afterwards on the Google network, you will be shown advertisements that are highly likely to include products and services from previously visited websites.
You can opt-out of this tool at any time using the ad settings in your Google Account or opt-out of collecting your information using the opt-out browser plug-in.

• Privacy Statement: http://www.google.com/privacy/ads
• Deactivation of advertising settings by opt-out browser Plug-in: https://www.google.com/settings/ads/plugin

3.7 Google Maps

We use Google Maps of the provider Google (see Google Tools in general) on our website. With Google Maps, we can, for example, display the locations of sales outlets. The data processed includes, in particular, IP addresses and GEO location data of users, which are only collected with your consent. Standard settings for GEO location data can be configured in any browser on one hand, on the other hand manual input may be required for certain functions (e.g. route plan).
Legal basis for this data processing is, in opposition to the legal basis named under Google Tools in General, the user’s consent according to art. 6 para. 1 lit. a GDPR.

3.8 Google ReCAPTCHA

We use “Google ReCAPTCHA” to defend against bots, e.g. when entering data in forms. Google ReCAPTCHA is provided by the provider Google (see Google Tools in general).

3.9 Videos

We embed videos on our website. When an embedded video on our website is started, a connection to the provider’s servers is established and the video is downloaded. During this process, personal data is transmitted to the provider. The processed data includes, in particular, the IP address of the user.
Legal basis for this data processing is our legitimate interest according to Art. 6 para. 1 lit. f GDPR in an attractive presentation of our website.
We use the following providers:

3.9.1 YouTube

Provider: Google (see Google Tools in general).
If you are logged in to your YouTube account, you enable Google to combine your surfing behavior directly with your personal YouTube account. You can prevent this by logging out of your YouTube account.

3.9.2 WDR Videoplayer

Provider: Westdeutscher Rundfunk Köln, Appellhofplatz 1, 50600 Köln, Germany

3.10 Web fonts

We use web fonts for a uniform presentation of our website. When you access a website, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. To download web fonts, the browser must establish a connection to the provider’s server.
Legal basis is our legitimate interest according to art. 6 para. 1 lit. f GDPR in a uniform and appealing website.

3.10.1 Google Webfonts

Provider: Google (see Google Tools in general).

3.10.2 Monotype Webfonts (fonts.net)

Provider: Monotype GmbH, Horexstraße 30, 61352 Bad Homburg, Germany

3.10.3 Adobe Typekit

Provider: Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland

3.10.4 Font Awesome

Provider: Fonticons Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA

3.11 Content-Delivery-Networks (CDN)

We use CDN services on our website. A Content Delivery Network (CDN) provides Internet security services and distributed DNS services that are located between the visitor and the CDN user’s hosting provider and act as reverse proxy for websites. Using CDN shortens loading times by transferring files from fast, near-location or under-utilized servers.
Legal basis is our legitimate interest according to art. 6 para. 1 lit. f GDPR in a secure and high-performance website.
We use the following providers:

3.11.1 MaxCDN / BootstrapCDN

Provider: StackPath LLC, 2021 McKinney Ave, Suite 1100, Dallas TX 75201, USA

3.11.2 Cloudflare CDN

Provider: Cloudflare Germany GmbH, Rosental 7, 80331 München, Germany

3.11.3 Amazon AWS

Provider: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg

3.12 JavaScript

We use free JavaScript libraries on our website. JavaScript is a scripting language that was developed for dynamic HTML in web browsers to evaluate user interactions, change, reload or generate content and thus extend the possibilities of HTML and CSS. The JavaScript libraries are loaded from the provider’s servers at runtime.
Legal basis is our justified interest according to art. 6 para. 1 lit. f GDPR in an appealing and user-friendly website.
The management of JavaScript can be configured by the user in any browser. You can set your browser so that before executing a script you are specifically asked to give your consent and the execution of scripts is generally deactivated or activated. Browser add-ons may be installed for further control over the execution of JavaScript.
Once JavaScript has been deactivated, the website or specific functions of this website may stop working as intended.
We use the following providers:

3.12.1 Polyfill

Provider: The Financial Times Ltd, Number One Southwark Bridge, London, SE1 9HL, UK

3.12.2 jQuery

Provider: JS Foundation, PO Box 741065, Los Angeles, CA 90074-1065, USA
Our website does not download the libraries directly from the provider, but at “Google Hosted Libraries” from Google (see Google Tools in general).

4 Shop

4.1 Credit check / Automated decision-making

If the buyer selects the option instalment purchase or purchase on account when making a purchase, we reserve the right to perform a credit check in order to determine the buyer’s solvency and to protect ourselves against payment defaults.
During a credit check, the buyer’s personal data will be transmitted to the collection service provider. Only such personal data is transmitted which is necessary for the credit check (in particular name, address, mail address, telephone number, date of birth, back account details and order data). The collection service provider will then use mathematical-statistical methods to determine how high the buyer’s statistical risk of non-payment is. If the risk of non-payment exceeds a predefined score, an instalment purchase or a purchase on account is rejected.
The decision to approve or reject an instalment purchase or purchase on account is made automatically by the collection service provider’s systems, without a natural person reviewing this decision. The decision is required for the approval of purchase instalment or sales contract on account. The credit check is therefore an automated decision-making process (scoring) with regard to art. 22 para. 2 lit. a GDPR.
Legal basis for this data processing is art. 6 para. 1 lit. b GDPR for the performance of the sales contract and related steps prior to entering in the contract.
Used collection service provider

  • heidelpay GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany
    Privacy Policy: https://www.heidelpay.com/en/privacy-statement
  • TeamBank AG Nürnberg, Beuthener Straße 25, 90471 Nürnberg, Germany
    Privacy Policy: see paragraph „easyCredit“
4.2 Registration on this website

The user can register an account on our website to use additional functions from our service. We will use the user’s mail address to inform about account or service-related events or changes.
Legal basis for this data processing is the user’s consent according to art. 6 para. 1 lit. a GDPR.
The registration data will be stored until the account is deleted, unless there is a legal retention period applicable with priority. If the user registers an account, but does not buy anything, then the stored data will be deleted after six months automatically.

4.3 Data transmission during contract conclusion

The data will not be passed on to third parties unless this is necessary for contract performance or processors are used. These are, in particular, the service providers entrusted with the delivery of the goods, collection service providers and the bank commissioned with payment processing. Any further use of the user’s data for other purposes will not take place.
Legal basis for this data processing is art. 6 para. 1 lit. b GDPR for the performance of the sales contract and related steps prior to entering in the contract.

4.4 Additional Shop Functions
4.4.1 Device registration for customer satisfaction survey

If the user uses the device registration-function in our shop, the data entered will be saved and linked to the user’s customer data. The user’s gives his consent in order to allow satisfaction surveys about service or product quality. The user’s survey will be stored until we don’t have any use for it anymore or the user request’s its deletion.
Legal basis for this data processing is the user’s consent according to art. 6 para. 1 lit. a GDPR.
Used service providers:

  • CustomerGauge / Directness BV, Van Diemenstraat 182B, 1013 CP Amsterdam, Netherlands
4.4.2 Notepad

If the user uses the notepad-function in our shop, the data entered will be saved and linked to the user’s customer data. In order to provide and use the notepad-function, the use of cookies is necessary. The user’s data from the notepad is not used for other purposes. The notepad data is deleted after one year.
Legal basis for this data processing is the user’s consent according to art. 6 para. 1 lit. a GDPR.

4.5 Payment methods

We offer various payment methods in our shop. If the buyer selects a payment method, the payment data and the buyer’s personal data will be transmitted to the respective payment service provider. This personal data includes in particular the buyer’s name, address, email address and IP address. The transmission of personal data is necessary to verify the buyer’s identity and to prevent fraud attempts.
Legal basis for this data processing is art. 6 para. 1 lit. b GDPR for the performance of the sales contract and related steps prior to entering in the contract.
Payment transactions are performed via encrypted SSL or TLS connections. With encrypted connections, the transmitted buyer’s payment data cannot be read by third parties.
In order to be able to use a payment method, the use of cookies is required.
Used payment service providers:

4.5.1 PayPal

Provider: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

4.5.2 Sofortüberweisung

Provider: Sofort GmbH, Theresienhöhe 12, 80339 München, Germany
By using “Sofortüberweisung”-payment method, we receive a payment confirmation from the provider in real time. The provider uses the PIN provided by the buyer in order to log into the user’s online bank account. If the account has the required coverage, the payment transfer will be performed using a valid TAN also provided by the buyer. Afterwards we will receive a payment transaction confirmation.

4.5.3 easyCredit

Provider: TeamBank AG Nürnberg, Beuthener Straße 25, 90471 Nürnberg, Germany
After a successful credit check, the outstanding payments from the instalment purchase are assigned by us to the provider in the course of a factoring agreement. The provider processes the buyer’s data to the extent necessary to assert and enforce the assigned claims.

4.6 Trusted Shops-Trustbadge

To display our ratings collected with the Trusted Shops rating system, the Trusted Shops Trustbadge of the provider “Trusted Shops GmbH, Colonius Carré, Subbelrather Str. 15c, 50823 Köln, Germany” is integrated on this website.
Legal basis of the processing is our legitimate interest according to art. 6 para 1 lit. f GDPR in an optimal marketing of our services by enabling a secure purchase.
The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of data processing activity. The data is also processed in the USA. The service provider is headquartered in the USA and is certified under the EU-US Privacy Shield.
The Trustbadge requires the use of cookies. When the trust badge is invoked, server log files are stored which contain the user’s IP address, date and time, transferred data volume and the requesting provider (access data). Security-related data is stored in a separate database for the analysis in the event of security incidents. The log files are automatically deleted 90 days after creation.
Further personal data is transferred to the provider, if the user decides to use Trusted Shops products after completing an order or if the user has already registered for use. For this relationship, the contractual agreement between the buyer and Trusted Shops applies. For this, an automatic collection of personal data takes place based on the order data. Whether the buyer is already registered for a product use, is automatically checked on the basis of a neutral parameter that is the mail address hashed by a crypto logical one-way function. The mail address is converted into this hash value, which cannot be decoded, before transmission. After checking for a match, the parameter is automatically deleted.

5 Newsletter

We send out newsletters to inform the recipient about our products, offers, services, promotions, sweep stakes and news about our brands and their online shops for marketing purposes. We also evaluate our newsletter campaigns for statistical purposes in anonymous form in order to further optimize our newsletters.
By subscribing to our newsletter, the recipient consents to receive the newsletter, its underlying process and that he is at least 16 years old.
Legal basis for this data processing is the recipient’s consent according to art. 6 para. 1 lit. a GDPR.
Registration for the newsletter is performed by using a double-opt-in procedure in order to ensure that only authorized mail addresses are used. If a recipient registers for the newsletter, he will receive a mail with a confirmation link to verify his registration. If the confirmation is not given within seven days, the unconfirmed data will be automatically deleted.
Confirmed newsletter subscriptions remain valid until further notice or until the user unsubscribes from the newsletter. An unsubscription can be carried out at any time. This is done either by unsubscribing on the newsletter website or by executing the unsubscribe link at the end of each newsletter.
If a user has not received a newsletter for two years, the consent will be requested again by a double- opt-in mail. If the double-opt-in mail is not confirmed, then the record will be deleted.
The provider of the newsletter solution also processes user data in anonymous form in accordance with art. 6 para. 1 lit. f GDPR for its own purposes for statistical evaluations, to improve, provide and further develop its own technologies, products and services and to ensure the security of the services and its own Internet pages.
We use the following newsletter solutions:

5.1 Newsletter solution by Inxmail

We use “Inxmail” to send out newsletters. Inxmail is a solution provided by “Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany”.

5.2 Newsletter solution by MailChimp

We use “MailChimp” to send out newsletters. MailChimp is a solution provided by “The Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA”.

6 Job Applications

We process the personal data (job applicant data) of a job applicant for the purpose of performing our job application procedure and, if the job application procedure is successfully completed, for establishing and performing the future employment relationship.
Legal basis for this processing is according to Art. 6 para. 1 lit. b DSGVO for the fulfilment of a contract or pre-contractual measures.
The job applicant data will be used by the company or companies of the Melitta Group to which the job applicant has applied or for which he has given his consent for disclosure. In this context, the job applicant data may be used for making contact e.g. by telephone or mail. Within the job application procedure, we expressly do not request or want at all any data of special categories according to art. 9 para. 1 GDPR like racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning a natural person’s sex life or sexual orientation. If we cooperate with a service provider for the advertised position, the applicant data may also be processed by the service provider.
After completion of the job application procedure, the job applicant data will be deleted unless a legal retention period requires longer storage, or the job applicant gave his consent for longer storage. For reasons of legal self-protection, job applicant data is generally stored for at least twelve months after job application.
If we process the job applicant data on the basis of a consent, this consent can be revoked by the job applicant at any time with effect for the future in text form (e.g. by sending a corresponding mail to the assigned clerk in charge). The lawfulness of data processing activities performed before withdrawal remains unaffected.

7 Website Hosting

We use hosting service providers to host our website.
Legal basis for this processing is our legitimate interest according to art. 6 para. 1 lit. f GDPR for the reliable, professional and high-performance provision of our website.
We use the following providers:

Version: 22 May 2019