Data protection information


HEMI-PLAST Folien GmbH takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with data protection legislation and this privacy protection policy.

The use of our website is generally possible without providing personal data. Insofar as our webpages collect personal data (for example name, address or e-mail addresses), this always takes place, as far as possible, on a voluntary basis. These data are not transferred to third parties without your explicit consent.

We would like to point out that data transmission over the Internet (e.g. communication by e-mail) may be subject to security gaps. Complete protection of data against access by third parties is not possible.


Fabrikstraße 8, 91224 Pommelsbrunn
Phone: 09154-91132-0 fax: 09154-91132-250
Managing Director: Helmut Wild, Carmen Gihl
Registered office of the company: Pommelsbrunn
Commercial register entry: Registry Court Nuremberg; Reg.-No. HRB 17801
VAT-identification number.: DE813094006

Data Protection Officer

Mr. Thomas Sturm
Company datenschutz-concept GmbH
Gebhardtstraße 9
90762 Fürth

Types of data processed

  • Inventory data (e.g. master data, names or addresses).
  • Contact data (e.g. e-mail, phone numbers).
  • Content data (e.g. text input, photographs, videos).
  • Usage data (e.g. visited pages, interest in content, access times visited pages).
  • Meta-/communication data (e.g. device information, IP addresses).

Categories of data subjects

Visitors and users of the website (hereinafter referred to as data subjects, collectively as "users").

Purpose of the processing

  • Provide the online service, its functions and its contents
  • Respond to contact requests and communication with users
  • Security measures
  • Reach analysis/marketing

"Processor" a natural or legal person, public authority, agency or other Body which processes personal data on behalf of the Controller.

Legal bases

The legal basis for our data processing operations can be found in Art. 13 GDPR.

The following applies to users falling within the scope of the General Data Protection Regulation (GDPR), i.e. users within the EU and the EEC, insofar as the legal basis is not specified in the data protection policy: The legal basis for the obtaining of consent can be found in Art. 6(1)a and Art. 7 GDPR; The legal basis for the processing for the fulfilment of our services and contractual measures, as well as for responding to requests, can be found in Art. 6 (1)b GDPR; The legal basis for processing to fulfil our legal obligations can be found in Art. 6 (1)c GDPR; In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)d GDPR shall apply. The legal basis for the processing required to perform a task that is in the public interest or exercise of an official authority which was delegated to the Controller is Art. 6 (1)e GDPR. The legal basis for the processing to preserve our legitimate interests is Art. 6(1)f GDPR. The processing of data for purposes other than those for which they were collected shall be governed by the provisions of Art. 6(4) GDPR. The processing of special categories of data (according to Art. 9(1) GDPR) is determined according to the provisions of Art. 9(2) GDPR.

Protection of your data

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, costs of implementation and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons.

In particular, these measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to data, as well as access, input, sharing, securing availability and their separation. Furthermore, we have established procedures to ensure the exercise of rights of data subjects, deletion of data and the response towards endangerment of data. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data-protection-friendly pre-settings.

Cooperation with subcontractors, joint Controllers and third parties

If we disclose data to other persons and companies (contract processors, joint Controllers or third parties) that were collected by means of processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is necessary for the fulfilment of contract obligations), if users have consented, or if a legal obligation or our legitimate interests provide for this (e.g. when using agents, web hosts, etc.).

If we disclose, transfer or otherwise grant access to data to other companies in our group of companies, this shall be done, in particular, for administrative purposes as a legitimate interest, and, in addition, in accordance with legal requirements.

Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation), or if this occurs in the context of the use of third-party services or disclosure or transfer of data to other persons or companies, this shall only take place if it occurs in order to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. We process or leave the data in a third country only if the legal requirements are met and in accordance with legal or contractual permissions. This means that processing is carried out on the basis of e.g. special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. through the "Privacy Shield" for the USA) or compliance with officially recognised special contractual obligations.

Rights of the Data subjects

You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data, as well as further information and a copy of the data in accordance with the legal requirements.

In accordance with legal requirements, you have the right to request the completion of the data concerning you, or the correction of incorrect data concerning you.

In accordance with the statutory provisions, you have the right to have the data concerned deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with the statutory provisions.

You have the right to request that the data concerning you which you have provided to us be received in accordance with the legal requirements and to request their transmission to other persons responsible.

Furthermore, you have the right to file a complaint with the competent supervisory authority in accordance with the legal requirements.

Right of revocation

You have the right to revoke granted consent with immediate effect for the future.

Right of objection

You can, at any time, object to the future processing of data relating to you in accordance with the statutory provisions. The objection may be lodged in particular against processing for direct marketing purposes.

Cookies and right of objection in case of direct marketing

"Cookies" are small files that are stored on the user's computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online website. Temporary cookies, also known as "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online session and closes his browser. For example, the contents of a shopping basket in an online shop or a login status can be stored in such a cookie. Cookies are referred to as "permanent" or "persistent" when they remain stored even after the browser is closed. For example, the login status can be stored when users visit it after several days. Likewise, the interests of users may be stored in such a cookie for reach analysis or marketing purposes. "Third-party cookies” are cookies that are offered by providers other than the Controller who offers the online service (if the cookies solely belong the Controller, they are referred to as "first-party cookies").

We are entitled to use temporary and permanent cookies and clarify this within the framework of our data protection policy.

If you, as a user, do not want cookies to be stored on your computer, we ask you to deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of the website.

A general objection against the use of cookies for purposes of online marketing can be filed at a wide variety of services, especially in the case of tracking, specifically at the US-based website or the EU website Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case not all functions of this online service can be used.

Deletion of data

The data processed by us will be deleted or restricted in terms of processing in accordance with legal requirements. Unless expressly stated in this data protection policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations.

If the data are not deleted because they are necessary for other and legally permissible purposes, their processing shall be restricted. This means that the data are blocked and not processed for any other purpose. This applies e.g. for data that must be retained for commercial or fiscal reasons.

Changes and updates to this privacy policy

We ask you to inform yourself regularly regarding the contents of our privacy policy. We will adapt the data protection policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.


When you contact us (e.g. via the contact form, email, phone or social media), the data provided by you in the contact request and its settlement shall be processed pursuant to Art. 6(1) b. (within the framework of contractual/pre-contractual relations) and Art. 6(1) f. (other) GDPR. User data can be stored in a customer relationship management system ("CRM system") or comparable inquiry system.

We delete the inquiries if they are no longer required. We review this requirement every two years; the statutory archiving obligations also apply.

Google Analytics

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of Art. 6 para. 1 lit. f. GDPR), we use Google Analytics, a web analysis service of Google LLC ("Google"). Google also uses cookies. The information generated by the cookie regarding the use of the online activity of users is generally transferred to, and stored in, a Google server in the USA.

Google is certified under the privacy shield agreement, which provides a guarantee with regard to compliance with European data protection law ( & State = active).

Google will use this information on our behalf to evaluate the use of our online service by our users, to compile reports on the activities within this online service and to provide us with further services associated with the use of this online service and the use of the Internet. Anonymised user profiles can be created from the processed data.

We use Google Analytics only with activated IP anonymisation. This means that the IP address of the user is shortened in Member States of the European Union or in other States party to the agreement of the European economic area by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address provided by the user's browser is not merged with other data of Google. Users may refuse the use of cookies by selecting the appropriate settings on their browser software; users may also prevent Google from collecting data generated by the cookie and relating to their use of the website and from processing these data by downloading and installing the browser plug-in available at the following link:

More information regarding the use of data by Google, settings and objection procedures can be found in the privacy policy of Google (, as well as the settings for the displaying of ads by Google (

The personal data of the user will be deleted or anonymised after 14 months.

Google AdWords and conversion measurement

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of Art. 6(1) f. GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").

Google is certified under the privacy shield agreement, which provides a guarantee to compliance with European data protection laws ( & State = Active).

We use the online marketing process Google "AdWords" to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our online service, more specifically in order to only present users with ads that potentially correspond to their interests. For example, if a user is shown ads for products in which he is interested in other online offers, this is referred to as "remarketing". For these purposes, when our and other websites on which the Google Advertising Network is active are accessed, Google directly executes a code from Google which embeds so-called (re)marketing tags (invisible graphics or code, also called "Web Beacons") in the webpage. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). In this file it is noted which websites the user visits, which contents he is interested in and which offers the user has clicked on, technical information on the browser and operating system, referring websites, visiting time and further information on the use of the online service.

In addition, we receive a custom "conversion cookie". The information collected by means of cookies serve Google to aggregate conversion stats for us. However, we only see the total number of anonymous users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive any information that personally identifies users.

User data are processed pseudonymously within the Google advertising network. This means that Google does not store and process the names or email addresses of users but processes the relevant cookie-related data within pseudonymous user profiles. This means that from the point of view of Google, ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this owner might be. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected about the users is transmitted to Google and stored on Google's servers in the United States.

More information regarding the use of data by Google, settings and objection procedures can be found in the privacy policy of Google (, as well as the settings for the displaying of ads by Google (


On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of Art. 6 para. 1 lit. f. GDPR), we use an "etracker" from etracker GmbH, Erste Brunnenstraße 1 20459 Hamburg. The collected data are analysed exclusively pseudonymously, stored solely on servers in Germany and not merged with other data or passed on to third parties.

When user data are stored, in particular also the IP addresses, device and domain data of the users are only stored or encrypted in a shortened form, so that it is not possible to draw conclusions about the individual user. The shortening of the IP address takes place at the earliest possible time and is automated by default. Pseudonymous user profiles are created from the data processed by etracker using cookies. Identifiers for recognising an app user, performing session and cross-device tracking and providing behaviour-related data for remarketing are, however, securely pseudonymised or encrypted. Furthermore, etracker contractually assures the protection of user-processed data by concluding an order processing contract in accordance with Art. 28 para. 3 GDPR.

You can object to the collection and storage of data at any time with future effect. To prevent your visitor data from being collected and stored in the future, you can obtain an opt-out cookie from etracker via the following link: [Please insert your account-ID]. This will ensure that no visitor data from your browser will be collected and stored by etracker in the future.

The opt-out sets an opt-out cookie called "cntcookie" from etracker. Please do not delete this cookie if you wish to maintain your objection.

For further information, see the privacy statement by etracker: