Data protection

ACCORDING TO THE GDPR

  1. Home
  2. »
  3. CPI
  4. »
  5. Data protection

I. Name and address of the responsible person

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

CPI Books GmbH
Tax ID: DE 223 568 934
Managing Director: Chris Malley
Address: Birkstraße 10 | 25917 Leck

Policy statement on the core labor standards of CPI books GmbH

Data Protection Team: FKC-Consult GmbH

Office Hamburg:
Hans-Henny-Jahn-Weg 15
22085 Hamburg
Phone + 49 40 413 463 31-0
Fax: + 49 40 413 463 31-1

Contact data protection officer...

You can find more information about FKC-Consult GmbH finden Sie here.

II. General information about data processing

1. Extent of processing of personal data

In principle, we process personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (DSGVO) as legal basis.

In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to processing operations required to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c DSGVO as legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.

3. Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, it may be stored if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

4. Recipients or categories of recipients

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal information with third parties if:

  • you have given your express consent to this,
  • the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that a legal obligation exists for the disclosure, and
  • this is legally permissible and necessary for the processing of contractual relationships with you.

Exceptions to this rule (e.g.: by third-party providers) can be found in this privacy notice.

5. Transfer to a third country or an international organization

The responsible party does not actively transfer data to a third country or an international organization. Exceptions to this rule (e.g.: by third-party providers) can be found in this data protection notice.

6. Your data subject rights

If personal data of a user is processed, he is a "data subject" within the meaning of the GDPR. He or she is entitled to the following rights vis-à-vis us as the controller:

  • Right to information
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing

Bitte wenden Sie sich zur Ausübung der aufgeführten Rechte an den Ansprechpartner in Sachen Datenschutz unter:
(see contact button above)

Revocation of consent
If you have given us consent for data processing, you have the right to revoke this consent at any time. Please address the revocation of consent to: (see contact button above)

Complaint to a supervisory authority
If you are of the opinion that a processing of data concerning you violates data protection regulations, you have the right to complain to a supervisory authority.

Automated decision making including profiling
We do not use profiling on our website.
To exercise the rights listed, please contact the data protection contact at: (see contact button above)

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected here:

  • Information about the browser type and version used
  • The operating system of the user
  • The IP address of the user
  • Time zone and, if applicable, the location
  • The subpages accessed on the website
  • The date and time of the call of the web page
  • The amount of data transferred

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above.

3. Purpose of data processing

The aforementioned data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring a comfortable use of our website,
  • Evaluation of system security and stability, and
  • for other administrative purposes.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Opposition and removal possibility

The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

IV. Hosting

1. Description and scope of data processing

This website is hosted by an external hoster PixelX. All data that we collect to operate our website is stored on the hoster's server. This is mainly the login data (see above), but also the communication with our customers and all other data that we process in connection with our website.

The hoster is contractually obligated to process the data only as required to fulfill its service obligations.

2. Purpose of data processing

In the case of potential customers, the data is processed for the purpose of fulfilling or initiating the contract. Otherwise, based on a consideration of interests. Here, we pursue the legitimate interest of providing our website in an up-to-date and secure manner.

The purpose of data processing is to provide our website.

3. Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 lit. b DSGVO, Art. 6 para. 1 lit. f DSGVO.

V. Contact form and e-mail contact

1. Description and scope of data processing

On our website is a contact form available, which can be used for electronic contact. If a user realizes this possibility, the data entered in the input mask is transmitted to us and stored. These data are:

  • Name
  • E-mail
  • Phone
  • Topic
  • Business
  • Message

At the time of sending the message, the following data is also stored:

  • The IP address of the user
  • Date and time of registration

For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.

Alternatively, contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.

There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

3. Purpose of data processing

The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

5. Opposition and removal possibility

The user has the opportunity to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.

All personal data stored in the course of contacting will be deleted in this case.

VI. Registration option

To use certain functions, you must register on our website. We then collect and store the information you provide as part of the registration process. The processing of this data is based on a balancing of interests. As the operator of this website, we have a legitimate interest in providing our visitors with the opportunity to use certain functions by registering.

The purpose of data processing is the provision of special content for registered visitors. The legal basis results from Art. 6 para. 1 lit. f DSGVO.

VII. Newsletter

If you have registered for one of our newsletters, the data provided during registration (e-mail address) will only be used for sending this newsletter. The legal basis here is Art. 6 para. 1 lit. a DSGVO.
The purpose of the data processing is to provide up-to-date information.
For existing customers, we send the newsletter based on a weighing of interests. In doing so, we pursue the legitimate interest of informing our customers about our services and related developments. The legal basis here is Art. 6 para. 1 lit. f DSGVO.
For sending, we use the following provider: MailChimp a brand of "The Rocket Science Group, LLC", 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.
Privacy policy of MailChimp can be found at: https://mailchimp.com/de/gdpr/
You can unsubscribe at any time by using the unsubscribe option contained in the newsletter.

VIII. Analysis tools

We use cookies on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a specific, defined period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time. The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) p. 1 lit. f) DSGVO. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

In detail, these are the following cookies:

Cookie-NamePurpose/FunctionStorage duration (Until the end of the session or concrete time specification)
wpl_user_preferenceThis cookie is necessary to remember the selection of cookies that you accept1 month
swpm_sessionSession cookie for the internal (login) areas of cpi-print.de1 day
fuerNewsletterAngemeldetSaves an already occurred insertion of the hint to the CPI Newsletter Service.1 year
rbrDesignSaves the selected design of the back width calculator1 year
_gidA cookie used by Google Analytics to distinguish between users1 day
_gaA cookie used by Google Analytics to distinguish between users2 years
__qcaA cookie used by Google Analytics to distinguish between users1 year
_gat_gtag_UA_155730405_1Session cookie for Google Analytics1 day

IX. Tracking tools (data processing)

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 p. 1 lit. a) DSGVO. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

The data processing described below is only used if you have given us your consent to do so. This consent is obtained by us when you call up the website via the cookie consent manager in the "data protection settings". The data protection settings are managed by you.

The following data processing will only be used if you make the intended selection in the data protection settings in the corresponding categories by operating the activation button.

In our Cookie-Consent-Manager you can adjust your data protection settings at any time according to your needs and make changes. You can revoke your consent at any time by deactivating the data processing function in the privacy settings by pressing the activation button again.

The respective data processing purposes and data categories can be seen from the following data processing.

1. Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a fast and uncomplicated integration and management of various tools on his website.

2. Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is assigned to the respective end device of the user. An assignment to a user ID does not take place.
Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the data records collected and uses machine learning technologies in data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company has a certification according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Browser Plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

X. Integration of external content and service providers

Integration reCAPTCHA

To protect input forms on our site, we use the service "reCAPTCHA" of the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4), hereinafter "Google". The use of this service makes it possible to distinguish whether the corresponding input is of human origin or misused by automated machine processing.

To our knowledge, the referrer URL, the IP address, the behavior of website visitors, information about the operating system, browser and dwell time, cookies, display instructions and scripts, the input behavior of the user, as well as mouse movements in the area of the "reCAPTCHA" checkbox are transmitted to "Google".

If you want to prevent this transmission and storage of data about you and your behavior on our website by "Google", you must log out of "Google" before you visit our site or use the reCAPTCHA plug-in.

The use of the service "reCAPTCHA" obtained information is in accordance with the Google Terms of Use: https://www.google.com/intl/de/policies/privacy/.

As the site operator, we have a legitimate interest in determining whether the input is made by a human, Art. 6 para. 1 lit. f DSGVO.

The purpose of the data processing is to determine whether the input is not made by machine.

2. integration of videos via Youtube

On our website it may happen that we embed Youtube videos. To ensure that these can be viewed in a privacy-friendly manner, we have implemented the so-called "two-click solution" or user-friendly button. This means that the content of the video can only be viewed if either consent is given by you within our Consent Tool, or you consciously click on the video. In this case, a cookie is set.

The operator of the corresponding plugin is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you watch the video, a connection to YouTube servers is established. This tells Youtube which pages you are visiting. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. You can prevent this by logging out of your Youtube account beforehand.

If you have deactivated the storage of cookies for the Google ad program, you will not have to deal with such cookies when watching Youtube videos. However, Youtube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in the browser.
For more information on data protection at "Youtube", please refer to the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/

XI. Privacy policy for social networks

We operate profiles on the following networks. From our website, we only link to our profiles on the respective social networks:
LinkedIn: https://de.linkedin.com/company/cpi-print-books-deutschland

The providers of the various platforms are primarily responsible for providing the data subject with information about the processing operations and enabling him to exercise his data protection rights. Irrespective of this, we would like to inform you herewith about our appearances on social networks. We recommend that you do not send us any sensitive data via these profiles. Please use a direct communication channel for this purpose.

All data that you enter on our social network profiles (e.g.: comments, pictures, private messages, etc.) are published by the platform operators and can be used by us.
The legal basis for this is the legitimate interest from Art. 6 para. 1 lit. f DSGVO. Processing purposes via CPI - accounts with our visitors can be as follows: public relations, a timely information as well as interaction opportunity and contact with network users/applicants (including via LinkedIn).

Data processing by the operators of social networks
When our profiles are called up, data is processed by the operator of the platform. The form in which this happens cannot be influenced or viewed by us. However, the procedure usually depends on whether you yourself are registered with the platform. It is possible that the providers process the data outside the EU, so that we cannot guarantee a data protection-compliant procedure according to the GDPR.

You can find more information about the data processing of the individual platform providers in their privacy policy:
LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

XII. Data security

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

XIII. up-to-dateness and amendment of this privacy policy

This data protection declaration is currently valid and has the status August 2023. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration on the website at any time.