Contact us

Data protection

1. Foreword

We, EMPAC GmbH (hereinafter: “EMPAC,” “we”), take the protection of your personal data very seriously. Below, we inform you about which personal data we collect from you, how we process it, and what rights you are entitled to under applicable data protection law (in particular the GDPR).


1.1 Who is responsible for data processing?

Controller within the meaning of the GDPR:
EMPAC GmbH
Hollefeldstraße 22
48282 Emsdetten
Telephone: 02572 93 64 – 0
Fax: 02572 93 64 – 222
Email: info@empac.de
Website: www.empac.de
Represented by the managing directors: Richard Sievers, Michael Hans, Sebastian Sievers, Sebastian Hans
Commercial Register: Steinfurt District Court, HRB 9527
VAT ID: DE 815 346 952

Data Protection Officer:
microPLAN IT-Systemhaus GmbH
Spatzenweg 2
48282 Emsdetten
Email: datenschutz@microplan.de
Phone: +49 (2572) 9365-77


1.2 Scope of this privacy policy

This privacy policy applies to the processing of personal data of customers, prospective customers, applicants and visitors to our website www.empac.de as well as when using our services.
Legal basis: Art. 13 GDPR.


2. Categories of personal data, purposes and legal bases of processing

We process personal data only to the extent necessary to provide our services, to establish contact, to initiate/execute contracts, to process applications, to comply with legal obligations or to protect legitimate interests.


2.1 Categories of data processed:

  • Identification data: name, address, email, telephone number
  • Company data: company, department, function
  • Contract and order data: customer number, order number, invoice data
  • Usage data: IP address, pages visited, date/time, device type, browser information
  • Communication data: Contents of contact forms, emails, telephone calls
  • Applicant data: master data, cover letter, CV, certificates, qualifications, professional career
  • Analytics and marketing data: Data collected via cookies/tools such as Google Analytics, Tag Manager, Microsoft Clarity
 

2.2 Purposes of processing and related legal bases:

  • Regarding the provision and security of the website: Art. 6 para. 1 lit. f GDPR (legitimate interest)
  • For processing inquiries/contact: Art. 6 para. 1 lit. b and f GDPR (pre-contractual measure/legitimate interest)
  • For the execution and settlement of contracts: Art. 6 para. 1 lit. b GDPR (contract performance)
  • For processing applications: Art. 6 para. 1 lit. b GDPR, Section 26 BDSG
  • For marketing/analysis/optimization: Art. 6 para. 1 lit. a GDPR (consent), Section 25 para. 1 TDDDG
  • To fulfill legal obligations: Art. 6 para. 1 lit. c GDPR
  • For protection against misuse and for IT security: Art. 6 para. 1 lit. f GDPR

We do not collect or process special categories of personal data pursuant to Art. 9 GDPR (e.g. health data, religion).

 

3. Cookies, tracking technologies and external services


3.1 Consent management with Borlabs Cookie
We use Borlabs Cookie (Borlabs GmbH) to obtain and manage your consent for the use of cookies and external services.
Legal basis: Art. 6 para. 1 lit. c GDPR (legal obligation to document), Art. 7 GDPR.


3.2 Google Analytics
Directly integrated, used to analyze website usage. IP anonymization is enabled. Data transfer to the USA is possible.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Section 25 para. 1 TDDDG
More information: Google Analytics privacy policy


3.3 Google Tag Manager
Used to manage website tags and integrate additional services. No personal data is stored.
Legal basis: Art. 6 para. 1 lit. GDPR (consent)


3.4 Microsoft Clarity
Integrated via the Tag Manager, it is used to analyze mouse movements, clicks, and scrolling behavior. Data may be transferred to the USA.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Section 25 para. 1 TDDDG
More information: Microsoft Privacy Notice


3.5 Google Fonts
We only use locally embedded fonts. When you visit our pages, no personal data is transferred to Google.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

Recipients of your data for these services are in particular:
– Google Ireland Limited or Google LLC (USA)
– Microsoft Corporation (USA)
– Our hosting provider (e.g. Mittwald CM Service GmbH & Co. KG, Germany)
– Other IT service providers as processors (Art. 28 GDPR)


3.6 LinkedIn Insight Tag

We use the LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) to measure the success of our LinkedIn campaigns and to create audiences for remarketing. This tool collects data on page visits, conversions, and device information. Data may be transferred to the USA.

You can opt out of data collection via your LinkedIn account under “Settings & Privacy”. Non-members can also opt out at linkedin.com/psettings/guest-controls .

Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Section 25 para. 1 TDDDG

More information: LinkedIn Privacy Policy


3.7 Google Ads (Conversion Tracking & Remarketing)

We use Google Ads (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to place advertisements in Google Search and the Google Display Network. Using Google Ads Conversion Tracking, we measure whether an interaction with our ads has led to a defined action on our website (e.g., a contact request). We also use remarketing lists to target visitors to our website with relevant ads. Data may be transferred to the USA.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Section 25 para. 1 TDDDG

More information: Google Ads Privacy Policy


3.8 Google Search Console

We use Google Search Console (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyze the search engine performance of our website. This tool provides us with aggregated data, including search queries, clicks, and the position of our pages in Google search results. This tool does not directly collect personal data from website visitors. The processing is based on our legitimate interest in the technical optimization of our website.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest)

More information: Google Privacy Policy


3.9 SalesViewer

We use SalesViewer® (SalesViewer GmbH, Herne, Germany) to analyze company visits to our website. Based on publicly available company data, the tool identifies which companies visit our website. Individual persons are not identified. SalesViewer® operates without IP tracking and without the use of cookies. Data processing and server infrastructure are located exclusively in Germany.

If you wish to object to your company visit being recorded, you can use the opt-out option at salesviewer.com/opt-out .

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in analyzing and optimizing our marketing measures)

More information: SalesViewer privacy policy


Data transfer to third countries:
Google and Microsoft may transfer personal data to countries outside the EU, particularly to the USA. This is based on the EU standard contractual clauses pursuant to Art. 46 GDPR.

Note: We will be happy to provide you with a complete list of the tools and service providers we use upon request.


4. Recipients and categories of recipients

 

4.1 Internal recipients:
Within EMPAC GmbH, only those people who need your data to perform their duties (e.g. sales, customer service, accounting, IT, human resources) will have access to your data.


4.2 External recipients:
We only share data if permitted by law, if you have consented, or if it is necessary to fulfill a contract. Possible recipients are:
– IT service providers/hosting providers
– Shipping/logistics companies
– Banks/payment service providers
– Tax consultants/auditors/lawyers
– Authorities and public bodies (if legally required)
– Marketing, analytics and tracking providers (see section 3)
– Other processors according to Art. 28 GDPR


4.3 Transfer to third countries:
Transfer to third countries (e.g. USA) takes place exclusively in accordance with Art. 44 et seq. GDPR (e.g. EU standard contractual clauses).


4.4 No disclosure for advertising purposes:
Your data will not be passed on for advertising purposes (sale of your data).


4.5 Information on specific recipients:
We will be happy to provide you with a detailed overview of all recipients and processors upon request.


5. Storage and deletion periods

We generally only store personal data for as long as it is necessary for the respective purposes or to fulfill legal obligations.

  • Contract/business documents: up to ten years (commercial/tax law, Section 257 HGB, Section 147 AO)
  • Contact requests: until final processing, unless there are retention obligations
  • Application documents: at the latest six months after completion of the application process, unless longer storage is necessary to defend against legal claims or you have consented (Section 26 of the Federal Data Protection Act)
  • Analysis/tracking data: according to tool settings, at the latest after 14 months

As soon as the purpose no longer applies and there are no legal retention obligations, your data will be deleted or anonymized.


6. Data protection in the application process

When you apply for a position, we process your data (name, contact details, CV, certificates, etc.) exclusively for the purpose of conducting the application process and deciding on a hiring decision.

Legal basis:
Article 6, paragraph 1 lit. b GDPR, Section 26 BDSG (justification for employment relationship). Insofar as special categories of personal data (e.g., health data) are processed, this is done in accordance with Article 9(2) GDPR.

Recipient:
Only those people in our company involved in the selection process. Data will only be shared with third parties with your consent or as required by law.

Storage periods:
Deletion at the latest six months after completion of the application process, unless longer storage is necessary to defend against legal claims or you have consented.

Note on your rights:
You have the right to information, rectification, erasure, restriction of processing, objection, data portability, and revocation of consent. If you withdraw your consent/objection during the application process, your application can no longer be considered.


7. Your rights

You have the following rights under Articles 15 to 21 GDPR:

  • Information: Art. 15 GDPR
  • Correction: Art. 16 GDPR
  • Deletion: Art. 17 GDPR
  • Restriction: Art. 18 GDPR
  • Objection: Art. 21 GDPR
  • Data portability: Art. 20 GDPR
  • Revocation of consent: Art. 7 para. 3 GDPR (at any time for the future)
  • Right to lodge a complaint: Art. 77 GDPR
    Competent supervisory authority:
    State Commissioner for Data Protection and Freedom of Information NRW
    PO Box 20 04 44, 40102 Düsseldorf
    Email: poststelle@ldi.nrw.de

To exercise your rights, please contact our data protection officer.


8. Obligation to provide data and consequences of non-provision

Within the scope of contracts, business initiations, or applications, you are obligated to provide the personal data necessary for the initiation, implementation, and termination of the respective legal relationship, as well as for the fulfillment of legal obligations. Without this data, a contract cannot be concluded or your application processed.
There is no obligation to provide personal data simply by visiting the website.


9. Updating this Privacy Policy

We reserve the right to update this privacy policy at any time to reflect changes in legal requirements or changes to our services. The version published on our website at the time of your visit applies.

As of June 2026