Privacy Policy

Privacy Policy

1. Privacy at a glance

General information

This English version of our privacy policy is provided for your convenience.
In the event of any discrepancies or inconsistencies between the German and English versions, the German version shall prevail.

The following information provides an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Data collection on this website

Your data is collected, firstly, when you provide it to us. This may include, in particular, data that you enter in a contact form or application form.

Other data is collected automatically by our IT systems or integrated services when you visit the website, or after you have given your consent. This mainly includes technical data, such as your internet browser, operating system, time of page access, or IP address.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors and securely. We use other data to process your enquiries, applications, or to display external content, provided you have consented to this.

Your rights

You have the right at any time to obtain information about the origin, recipients and purpose of your stored personal data. You also have the right to rectification, erasure, restriction of processing, data portability, and the right to object to certain processing activities. You may withdraw any consent you have given at any time with effect for the future.

You may contact us or our data protection officer at any time regarding this or any other questions on the subject of data protection.

2. Data controller

The controller responsible for data processing on this website is:

Caspari GmbH & Co. KG
Pallets & Wooden Packaging
Industriestr. 15
51545 Waldbröl
Germany

Telephone: +49 2291 9231-0
Email: info@caspari.de

Personally liable partner:
Caspari Verwaltungsgesellschaft mbH

Authorised managing directors:
Dipl. Ing. Jörg Caspari
Dipl. Kfm. Arnd Caspari

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

3. Data protection officer

Our data protection officer is:

Beratung WRS GmbH
Robert-Koch-Str. 18
40764 Langenfeld
Email: datenschutz@beratung-wrs.de

4. General information and mandatory disclosures

Withdrawal of your consent

Many data processing operations are only possible with your explicit consent. You may withdraw consent you have already given at any time with effect for the future. The lawfulness of the data processing carried out up to the point of withdrawal remains unaffected by the withdrawal.

Right to object to data processing in special cases

If data processing is carried out on the basis of Art. 6(1)(e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation.

Right to lodge a complaint with the competent supervisory authority

In the event of data protection violations, you have the right to lodge a complaint with a data protection supervisory authority.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format.

Information, rectification, erasure and restriction

Within the scope of the applicable statutory provisions, you have the right at any time to free information about your stored personal data and, where applicable, the right to rectification, erasure or restriction of the processing of this data.

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the browser address line begins with “https://” and by the padlock symbol in your browser bar.

5. Hosting and server log files

This website is hosted by the following provider:

UD Media GmbH
Kölner Straße 28
41812 Erkelenz
Deutschland

Telefon: +49 2431 9038190
E-Mail: info@udmedia.de

When you access our website, information is automatically processed by the web server in so-called server log files. This may include, in particular:

  • IP address
  • Date and time of the request
  • Page or file accessed
  • Amount of data transferred
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer

This data is processed on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in providing our website securely, stably and without errors and in detecting and defending against attacks.

A data processing agreement has been concluded with UD Media in accordance with Article 28 of the GDPR.

6. WordPress, Elementor and technical processing

Our website is operated with WordPress and Elementor. In doing so, technical data may be processed that is required for the operation, display, security and administration of the website.

Where personal data is processed via WordPress or Elementor, this is carried out depending on the purpose on the basis of Art. 6(1)(f) GDPR, in particular for the secure and user-friendly provision of the website, or on the basis of Art. 6(1)(b) GDPR if the processing is necessary to handle an enquiry or to carry out pre-contractual measures.

7. Cookies and consent management with Borlabs Cookie

This website uses Borlabs Cookie as a consent management solution. Borlabs Cookie stores your consents or refusals so that they can be taken into account when you visit pages again later.

In particular, the following data may be processed:

  • Your consent decision
  • Time of consent
  • Technical information on the selected cookie/service configuration
  • If applicable, a pseudonymous consent ID

Processing is carried out on the basis of Art. 6(1)(c) GDPR insofar as it is necessary to fulfil legal documentation obligations and on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in the legally compliant documentation and management of consents. Where information is stored on or read from your end device, this is carried out in accordance with Section 25(2) TDDDG, insofar as this is necessary for the operation of the consent management.

You can adjust or withdraw your consents at any time via Borlabs Cookie.

8. Contact via form, email or telephone

If you contact us via contact form, email or telephone, we process the data you provide to handle your enquiry.

In the contact form, the following data may be processed in particular:

  • Name
  • Company
  • Email address
  • Telephone number
  • Interest
  • Message
  • Confirmation of having taken note of the privacy policy

Processing is carried out on the basis of Art. 6(1)(b) GDPR if your enquiry is related to the implementation of pre-contractual measures or an existing contractual relationship. In all other cases, processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in the proper handling of enquiries addressed to us.

The data you provide will remain with us until the purpose for data processing no longer applies, you request deletion, or a statutory retention obligation prevents deletion.

Form submissions are forwarded to us by email for the purpose of processing your enquiry. The form contents are not stored permanently in WordPress unless this is technically necessary.

9. Applications via the application form

You can apply to us via our website. In the application form, we process the following data in particular:

  • Name
  • First Name
  • Telephone number
  • Email address
  • Earliest start date
  • Uploaded application documents, e.g. CV, cover letter, references and other documents
  • Confirmation of having taken note of the privacy policy

Your application data is processed for the purpose of carrying out the application process. The legal basis is Art. 6(1)(b) GDPR in conjunction with Section 26 BDSG. If you give us consent to store your application data for a longer period, processing is carried out on the basis of Art. 6(1)(a) GDPR.

Your application data will only be passed on to persons involved in processing your application. It will not be passed on to other third parties unless there is a legal obligation or you have expressly consented.

If your application is successful, the data you provide may be further processed within the scope of the employment relationship. If your application is rejected or you withdraw your application, we will delete your application data after completion of the application process, unless statutory retention periods or legitimate interests, in particular for the defence against possible legal claims, prevent this.

As a rule, deletion takes place no later than six months after completion of the application process, unless longer storage has been agreed.

Application form entries and uploads are not stored permanently in WordPress unless this is necessary for the application process .

10. Sending emails via WP Mail SMTP and the UD Media mail server

We use the WordPress plugin WP Mail SMTP to send emails via our website. Emails are sent via the mail server of our hosting and email provider, UD Media.

In doing so, the data entered in the respective form may be transmitted to us by email. Depending on the enquiry, the legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

Email logs are only stored if this is necessary for error analysis or to ensure technical operation.

11. Security features with WP Cerber

We use WP Cerber to secure our website. The plugin helps us detect and prevent attacks, spam, unauthorised access attempts and misuse of the website .

In particular, the following data may be processed:

  • IP address
  • Date and time of access
  • URLs accessed
  • Login and access attempts
  • Technical browser and request information

Processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in protecting our website against attacks, misuse, spam and unauthorised access.

12. Performance optimisation with FlyingPress

We use FlyingPress to technically optimise loading times. FlyingPress is used in particular to cache and optimise website files so that the website can be delivered faster and more stably.

Where technical data is processed in this context, this is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in providing our website quickly, stably and in a user-friendly manner.

No external CDN is used via FlyingPress.

13. Google Fonts

Google Fonts are integrated locally on this website. As a result, no connection to Google servers is established when you access our website to provide the fonts.

Local integration is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in a consistent, high-performance and data-minimised presentation of our website.

14. Google Maps

Google Maps is integrated on our contact page. Google Maps is not loaded automatically when the page is accessed, but only after you have actively consented via our consent management .

Provider is:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

If you consent to the integration of Google Maps, Google may process personal data, in particular your IP address, technical device and browser information, and, where applicable, location and usage data. Data may also be transferred to Google LLC in the USA.

Integration is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR. Where information is stored on or read from your end device by Google Maps, this is also carried out on the basis of your consent pursuant to Section 25(1) TDDDG.

You can withdraw your consent at any time with effect for the future via the cookie settings.

Further information can be found in Google’s privacy policy:
https://policies.google.com/privacy

15. LinkedIn feed via Elfsight

A LinkedIn feed is integrated on our website. Integration is carried out via the Elfsight service.

Provider is:
Elfsight, LLC

The LinkedIn feed is not loaded automatically, but only after you have actively consented via our consent management.

If you consent to the display of the LinkedIn feed, personal data may be transmitted to Elfsight and, where applicable, to LinkedIn. This may include, in particular:

  • IP address
  • Browser type and browser version
  • Operating system
  • Device information
  • Time of access
  • Usage and interaction data

Depending on the technical provision, data may also be transferred to third countries outside the European Union or the European Economic Area . In such countries, a level of data protection comparable to that of the EU may not exist.

Processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. Where information is stored on or read from your end device, this is also carried out on the basis of your consent pursuant to Section 25(1) TDDDG.

You can withdraw your consent at any time with effect for the future via the cookie settings.

Further information can be found in the privacy notices of Elfsight and LinkedIn:

16. Social media links to LinkedIn and Instagram

Our website contains links to our profiles on LinkedIn and Instagram. These are pure links. Simply visiting our website does not transmit any personal data to LinkedIn or Instagram via these links .

Only when you click a corresponding link do you leave our website and are redirected to the respective provider. The respective provider is responsible for the processing of personal data on the provider’s pages.

The provider of LinkedIn is:

LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland

The provider of Instagram is:

Meta Platforms Ireland Limited
Merrion Road
Dublin 4, D04 X2K5
Ireland

Please note that when using these platforms, data may also be processed outside the European Union.

17. Downloads

On our website, we provide individual files for download, for example a supplier code of conduct or product flyers.

When retrieving these files, technically necessary access data is processed, in particular IP address, date and time of retrieval, file accessed and browser information.

Processing is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in providing the requested files and in the secure and stable delivery of our website.

18. Multilingualism with WPML

Our website provides multilingual content via WPML. WPML is used to display and manage different language versions of the website.

If WPML uses technically necessary cookies or similar technologies, for example to store the selected language, this is carried out on the basis of Art. 6(1)(f) GDPR and Section 25(2) TDDDG. Our legitimate interest lies in providing the desired language version in a user-friendly manner.

19. No analytics or marketing tracking services

We do not use any analytics or marketing tracking services on this website, such as Google Analytics, Google Tag Manager, Google Ads Conversion Tracking, Meta Pixel, LinkedIn Insight Tag, Matomo, Microsoft Clarity or Hotjar.

20. Recipients of personal data

Personal data is only disclosed if this is necessary to fulfil the respective purpose, there is a legal obligation, you have consented, or we have a legitimate interest in the disclosure.

Possible recipients include, in particular:

  • Hosting and IT service providers
  • Email and communication service providers
  • Technical service providers for maintenance, security and website operation
  • Internal departments, in particular for contact and application enquiries
  • External providers of integrated content, provided you have consented to this

Where necessary, we conclude data processing agreements with processors pursuant to Art. 28 GDPR.

21. Storage period

We store personal data only for as long as is necessary for the respective processing purposes or as long as statutory retention periods apply.

Contact enquiries are deleted as soon as the enquiry has been conclusively processed and no statutory retention obligations prevent deletion.

Application data is deleted after completion of the application process unless statutory retention periods or legitimate interests prevent deletion. As a rule, deletion takes place no later than six months after completion of the application process, unless consent for longer storage has been given.

Technical log data is stored only for as long as is necessary for security, stability and error analysis.

22. Currency and changes to this privacy policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy.

As of: May 2026