Below, we provide information about the privacy-related features of our website in accordance with Article 13 of the General Data Protection Regulation (GDPR).

Date privacy statement

General Information

Please note that data transmission over the internet can have security vulnerabilities, and absolute protection cannot be guaranteed. Therefore, you may also choose to transmit your data by alternative methods, such as by phone.

SSL Encryption
Our website uses SSL encryption, a system designed to protect the transmission of data, making it generally inaccessible to third parties. You can identify an encrypted connection by the small lock icon in your browser’s address bar and the switch from “http” to “https.”

Collection of General Data and Information
Each time you visit our website, a variety of general data and information is automatically collected. This data is stored in server log files and may include the following details:

  • Browser type and version
  • Operating system used by the accessing system (usually your computer)
  • Referrer URL (the website from which you accessed our site)
  • Subpages accessed via the accessing system on our website
  • Date and time of access
  • IP address (Internet Protocol address)
  • The internet service provider of the accessing system
  • Other similar data and information used to address potential attacks on our systems

This data is collected anonymously. We do not draw conclusions about the individual using the website based on this information. Information about applications and features on our site that are relevant to data protection can be found in the section “Information about the Applications on Our Website.”

Key Terms

To help you understand this privacy statement better, we introduce some key terms that we believe are important:

GDPR: General Data Protection Regulation (Regulation 2016/679 of the European Parliament and Council, April 27, 2017)

Personal Data: Any information that relates to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more specific factors that express the physical, physiological, genetic, mental, economic, cultural, or social identity of the person.

Data Subject: Any identified or identifiable natural person whose personal data is processed by the controller.

Processing: Any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, or deletion.

Restriction of Processing: The marking of stored personal data with the aim of limiting its processing in the future.

Controller: The natural or legal person, authority, agency, or other body that determines the purposes and means of processing personal data.

Processor: A natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller.

Recipient: A natural or legal person, authority, agency, or body to whom personal data is disclosed, regardless of whether they are a third party.

Third Party: A natural or legal person, authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data.

Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they, through a statement or clear affirmative action, consent to the processing of their personal data.

Third Country: A country that is not a member of the European Union or the European Economic Area.

Information under Article 13 GDPR

Name and Address of the Data Controller
Deutsche Recycling Service GmbH
Represented by Managing Director Nils Röpke
Bonner Str. 484–486, 50968 Cologne
info@deutsche-recycling.de

Data Protection Officer
ap-datenschutz GmbH
Hohenstaufenring 8, 50674 Cologne
info@ap-datenschutz.de

Categories of Data Subjects and Types of Processed Data
Visitors and users of our website and online services.

The following data types are processed:

  • Contact data (e.g., email, phone numbers), if provided
  • Content data (e.g., text entries)
  • Usage data (e.g., access times, visited pages)
  • Meta/communication data (e.g., device information, IP addresses)

Purpose and Legal Basis of Processing
The processing is carried out for the following purposes:

  • Providing our online services, functionalities, and content
  • Optimizing our website and ensuring its security
  • Reach measurement/marketing (see “Information about the Applications on Our Website” section for details)

If the legal basis is not specified in this privacy policy, the following applies:

  • The legal basis for obtaining your consent is Article 6(1)(a) GDPR
  • The legal basis for processing to fulfill our services and contractual obligations is Article 6(1)(b) GDPR
  • The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR
  • The legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) GDPR

Deletion and Blocking of Personal Data
We process and store personal data only for as long as necessary to fulfill the purpose of storage or as required by laws or regulations. Once the storage purpose no longer applies or the legally prescribed storage period expires, the personal data will be deleted as required by law.

Processors
If we transfer data to other individuals or companies, or provide access to data, this will only occur based on legal authorization. If we contract third parties for processing data on our behalf, this is done in accordance with Article 28 GDPR.

Transfers to Third Countries
If we process data in a third country or use third-party services that process data in a third country, this will only be done when legally permitted. If personal data is transferred to a third country or processed by third parties (contract processors), this will be based on Articles 44 ff. GDPR.

Your Rights as a Data Subject

Right to Access (Article 15 GDPR)
You have the right to request information about whether we process personal data about you and, if so, you may request the following:

  • Purposes of processing
  • Categories of personal data processed
  • Recipients of your personal data
  • Duration of data storage or criteria for determining this duration
  • Existence of the right to correction, deletion, restriction, or objection to processing
  • Existence of a right to lodge a complaint with a supervisory authority
  • If the data is not collected from you, information on its origin
  • Existence of automated decision-making, including profiling, and meaningful information about the logic involved

If your personal data is transferred to a third country, you have the right to be informed about appropriate safeguards in place under Article 46 GDPR.

Right to Rectification (Article 16 GDPR)
You have the right to request the correction of inaccurate personal data or the completion of incomplete data.

Right to Deletion (Right to be Forgotten) (Article 17 GDPR)
You may request the deletion of your personal data if the processing is no longer necessary for the purposes for which it was collected or if other conditions apply (e.g., withdrawal of consent).

Right to Restrict Processing (Article 18 GDPR)
You have the right to request that we restrict the processing of your personal data under certain conditions, such as if the data is incorrect or processing is unlawful.

Right to Object (Article 21 GDPR)
You may object to the processing of your personal data based on public interest or legitimate interest. If your data is processed for direct marketing purposes, you may object to such processing at any time.

Right to Withdraw Consent (Article 7(3) GDPR)
If you have given consent for the processing of your data, you may withdraw this consent at any time. The legality of the processing carried out prior to the withdrawal remains unaffected.

Automated Decision-Making, Including Profiling
You have the right not to be subject to decisions based solely on automated processing, including profiling, unless certain conditions apply, such as the necessity for a contract or explicit consent.

Right to Data Portability (Article 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Lodge a Complaint (Article 77 GDPR)
You have the right to lodge a complaint with a supervisory authority if you believe your personal data is being processed in violation of the GDPR.

Information Regarding Applications on Our Website

Hosting

Our website is hosted by Hack Attack-Cremerius, Lang GbR, located at Gunther-Plüschow-Str. 6, 50829 Cologne. The hosting provider also processes personal data when you visit our website. We have a data processing agreement in place with this provider. The use of a hosting service is essential for the operation of the website and is in our legitimate interest to ensure a technically up-to-date and reliable site.

 

Cookie Consent Tool – Cookiebot

We require your consent to use cookies. For this, we use Cookiebot, a service by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Usercentrics processes your personal data as our processor. We have a corresponding contract with the service provider. For more information on Usercentrics’ and Cookiebot’s privacy practices, visit: Cookiebot Privacy Policy.

Cookiebot allows both you and us to manage consent. The processing is necessary to fulfill a legal obligation (Art. 6 (1) (c) GDPR). Cookies are used to process the following data:

  • Your IP address (shortened by the last three digits)
  • The date and time of your consent
  • Browser information from which the consent was provided

A random, anonymous, encrypted key is generated for consent tracking and is stored for 12 months in your browser for future visits.

 

WP Activity Log

We use the WP Activity Log plugin by Melapress, Blaak 520, 3011 TA Rotterdam, Netherlands, for security purposes. This plugin monitors and logs user activities on the website to ensure security, particularly to prevent suspicious administrative activities and hacking attempts. Data logged includes the date and time of events, the user and user role responsible for the change, the source IP address, and the object affected by the change. The use of this plugin is based on our legitimate interest in securing the website.

 

Social Media

We maintain public profiles on Facebook, Instagram, Xing, and LinkedIn. However, no data is transferred to these platforms from our website, as the integration is through a simple link to the respective social media sites.

Please note that social networks generally analyze your user behavior. When logged in and visiting our social media profiles, your visit may be linked to your user account. Even if you are not logged in or do not have an account with the platform, data collection can still occur via cookies or IP address tracking.

 

Various Google Services

Legal Basis for Data Processing

The legal basis is specified for each application. If the application uses cookies, your consent (Art. 6 (1)(a) GDPR) is the legal basis, provided you have given consent through the cookie consent tool. Additionally, the data processing is based on our legitimate interest (Art. 6 (1)(f) GDPR), as explained for each service.

Data processed by Google tools may be transferred to the United States, a third country under GDPR. This is permitted under the EU-US Data Privacy Framework, with Google being certified. Google also adheres to Standard Contractual Clauses (Art. 46 (2) and (3) GDPR) to ensure that data meets European privacy standards even when processed in third countries. Google’s privacy policy can be found here: Google Privacy Policy.

 

Google Analytics

We use Google Analytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This tool uses cookies to track user behavior on our website. Personal data such as your IP address and browsing behavior are transferred to Google Ireland. This allows us to analyze website usage and monitor whether third parties are attacking our site. The processing is based on our legitimate interest.

You can prevent the collection and processing of your data by Google by deactivating script execution in your browser or using the “Do Not Track” setting. Additionally, you can install the browser plug-in available at Google Analytics Opt-Out Browser Add-On.

 

Google reCaptcha

We use Google reCaptcha to prevent spam and abuse from automated submissions. This tool verifies whether an input is made by a human or an automated bot. To ensure this, the IP address of your device, your browser data, website visit information, and operating system are transmitted to Google. Data may be transferred to Google servers in the U.S. The use of reCaptcha serves our legitimate interest in preventing spam and harmful attacks on our website.

 

Google Ads and Remarketing

We use Google Ads and Remarketing services, provided by Google Ireland Limited, to display ads on other websites. These ads target specific groups based on user behavior. We track the success of these campaigns using data from Google Ads. Data may also be used from other Google services, such as Google Analytics, to optimize our ads. The processing is based on your consent (Art. 6 (1)(a) GDPR) and our legitimate interest in targeted marketing.

 

Google Tag Manager

We use Google Tag Manager, a service by Google Ireland Ltd., which allows us to manage various tracking tools centrally through “tags.” This service processes data, including your IP address and user activity, as agreed through the cookie consent tool. The use of Google Tag Manager is in our legitimate interest to consolidate and track web activities, particularly for targeted marketing.

 

Google Fonts

Our website uses Google Fonts for displaying fonts. Google Fonts are hosted on our servers, so no data is transferred to Google.

 

HubSpot

We use HubSpot, a digital marketing tool provided by HubSpot Inc., to enhance our marketing efforts. HubSpot processes data in the United States, based on the EU-US Data Privacy Framework, and is certified accordingly. Standard contractual clauses ensure your data is protected according to European standards. HubSpot’s privacy policy can be found at HubSpot Privacy Policy.

 

Newsletter

We use HubSpot to send our newsletters. You can withdraw your consent to data storage and newsletter usage at any time by clicking the unsubscribe link in the newsletter.

 

Contact Form and Emails

Data entered in our contact form is used to process your request. We do not share your data and delete it once it is no longer required. The processing is based on your consent (Art. 6 (1)(a) GDPR) or to fulfill pre-contractual measures (Art. 6 (1)(b) GDPR). You can withdraw your consent at any time.

 

Telephone Contact

When you call us using the number provided on our website, your phone number (if caller ID is enabled) will be displayed. The call details, including the duration, are stored in our phone system for efficiency analysis. This storage is based on our legitimate interest in optimizing communication efficiency.

 

Job Applications

When you submit your application via our website or email, we process the data to manage the recruitment process. If no employment contract is signed, the data is deleted within six months of the rejection, unless there are other legal obligations. If an employment contract is concluded, your personal data will be processed for employment purposes.

 

Microsoft Advertising (formerly Bing Ads)

We use Microsoft Advertising to track conversions when users arrive at our website through ads on Bing or Yahoo. Cookies are used to track user activity, and the data is processed to analyze campaign success. The processing is based on your consent (Art. 6 (1)(a) GDPR) and our legitimate interest (Art. 6 (1)(f) GDPR) in targeted digital marketing. Data may be transferred to the United States, in compliance with the EU-US Data Privacy Framework and Microsoft’s certification.

If you do not wish to participate in conversion tracking, you can disable it on Microsoft’s website or manage cookies in your browser.