Privacy Policy

We appreciate your interest in mitsubishi-paper.com (hereinafter referred to as “Website”). Protecting your privacy is very important to us. In the following we provide detailed information in a transparent and intelligible form about the handling of your personal data on the Website in accordance with the European General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act (BDSG-neu). Comprehensive information about these acts is accessible under www.datenschutz.de.

Name and address of the controller
The controller within the meaning of GDPR is:

Mitsubishi HiTec Paper Europe GmbH
Niedernholz 23
33699 Bielefeld
Germany

Telephone: +49 521 2091-0
Telefax: +49 521 2091-411
Website: www.mitsubishi-paper.com
Email: info.mpemitsubishi-paper.com

(hereinafter referred to as “MPE”)

Name and address of the data protection officer
In case of any questions as to the collection, processing or use of personal data as well as for the purpose of exercising the data subject's rights (see “rights of the data subject” below) any data subject may contact our data protection officer indicated below:

Mitsubishi HiTec Paper Europe GmbH
Gerdt Hallmann
Husumer Str. 12
24941 Flensburg
Germany

Telephone: +49 461 8695-0
Telefax: +49 461 8695-325
Email: data.protection.mpemitsubishi-paper.com

The option to contact MPE directly remains unaffected.

Processing of data collected by automated means
You can visit our Website without giving any personal information.

When you access our Website your Internet browser automatically transmits data to our web server for technical reasons. These data include the date and time of your visit, the site from which you access our Website, the name of the requested file, the browser type and version, the operating system and your IP address. These data will be temporarily stored for IT security reasons. We cannot attribute the automatically collected data to a particular person and therefore we cannot identify him or her.

MPE has a legitimate interest in this data processing to ensure IT security. The legal basis for the data processing is provided in Article 6(1)(f) GDPR. You have the right to object to the processing of data at any time on grounds relating to your particular situation. Further information about your right to object to the processing is provided under the section ‘Rights of the data subject’ below. The data are transmitted to Host Europe GmbH, Hansestr. 111, 51149 Cologne, Germany, which processes the data on behalf of MPE as described above exclusively within the scope of the aforementioned purposes.

Duration of the data storage: 3 months as of their collection.

Data processing when establishing contact
If you contact MPE e.g. by phone or by email your data and information are processed for the purpose of answering or otherwise processing your inquiry or your concern. We will process: First name and family name, postal address, telephone number, email address, email communication as well as the content of the inquiry.

If contact is established in connection with a contractual relationship between MPE and you or your company, respectively, the data will be processed on the legal basis of Article 6(1)(a) GDPR. Furthermore, the data processing is in MPE’s legitimate interest. The legal basis for the data processing then is Article 6(1)(f) GDPR. In that case you have the right to object to the processing of data at any time on grounds relating to your particular situation. Further information about your right to object to the processing is provided under the section ‘Rights of the data subject’ below.

The data will be stored for the period of retention required under commercial and/or tax laws.

Data processing in the MPE Agents Portal
You can login to the MPE Agents Portal as sales agent of MPE and registered user on our Website. For this purpose you must enter your user name and the password. The data will be processed for the purpose of performing the contract made between MPE and the sales agent (Article 6(1)(b) GDPR).

Data collection by Matomo
Our Website uses Matomo. This is a so-called web analytics service provided by Piwik PRO GmbH, Lina-Bommer-Weg 6, 51149 Cologne, Germany. Matomo uses so-called “cookies”. These are text files which are stored on your computer and which allow us to analyse the use of the Website. For this purpose, the usage data generated by the cookie (including your shortened IP address) is transmitted to our server and is stored for analysis purposes, which contributes to optimizing our Website. In this process, your IP address will immediately be anonymized, so that you remain an anonymous user to us. The information generated by the cookie about your use of this Website will not be disclosed to third parties. You may prevent the use of cookies by choosing the corresponding settings of your browser software. However, certain functions of this Website may no longer work or not work correctly without cookies.

Data from your visit will only be saved and evaluated if you have expressly consented to its use by clicking on "Allow cookies" in the cookie banner at the bottom of our website. If you have not expressly consented to the storage and use of this data, a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note: If you delete your cookies, this means that the opt-out cookie is also deleted and the cookie banner reappears.

The following data and information are processed by means of the cookies used: IP address (anonymized), provider, country, browser, type of device, operating system, screen resolution, date, time, requested file/page.

The analysis of the user behaviour for the purpose of amending and optimizing the Website is a legitimate interest of MPE. The legal basis for the data processing is provided in Article 6(1)(f) GDPR. You have the right to object to the processing of data at any time. We refer to the above description how you can prevent the use of cookies or processing by Matomo.

Cookies are stored for a particular period which you can review in the settings of your browser; however, they can be deleted manually beforehand.

Online applications
Our online services comprise a job market and a feature to apply for vacancies or to submit unsolicited applications for a job at our company online. To assess your application we require particulars about your person (name, address, telephone number, email address) and your career as well as other documents such as photos and certificates. Your data and documents will be collected, stored and processed exclusively for processing and assessing your application. They can only be viewed by the HR department as well as the HR officer(s) of the department advertising the job vacancy. You can view and/or edit your personal data stored and/or may object to their further processing by us.

The legal basis for the data processing is provided in Article 6(1)(b) GDPR.

If we cannot offer you a job in response to your application your data and documents will be stored only for the purpose of complying with retention periods required under commercial and/or tax law after the rejection of your application and will then be deleted or archived in a pyseudonymized form for statistical purposes.

Even if we cannot offer you a job the companies of the Mitsubishi Paper Group are interested in retaining your data and documents, so that they can take them into consideration in future recruitments. This also applies to an unsolicited application if we are currently not able to offer you an appropriate position. If you desire your documents to be retained beyond the specific application procedure, please give your consent by clicking the appropriate declaration before sending your application. In that case, the legal basis is your consent pursuant to Article 6(1)(a) GDPR. You may at any time withdraw your consent by sending an email to data.protection.mpemitsubishi-paper.com declaring that you no longer want us to retain your documents. In that case your data and documents will be stored only for the purpose of complying with retention periods required under commercial and/or tax law and will then be deleted or archived in a pyseudonymized form for statistical purposes. A withdrawal of consent does not affect the previous lawfulness of the data processing based on consent before its withdrawal.

Rights of the data subject
You have the right of access (Article 15 GDPR) as well as – under specific conditions set forth in Articles 16 to 20 GDPR – the right to rectification, erasure, restriction of processing and data portability. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR (Article 21 GDPR). MPE will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing (Article 21(2) GDPR).

If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

If you have given consent to the processing of your data you may withdraw your consent at any time with prospective effect. The withdrawal of consent will not affect the lawfulness of processing your data before its withdrawal.

Please bear in mind that your withdrawal of consent may overlap with the use of your data within the scope of an already ongoing campaign for organisational reasons. Please contact our data protection officer or MPE directly (see above) to exercise your rights. Please ensure that we can uniquely identify your person.

Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection authority of your own choice if you consider that the processing of personal data relating to you infringes the GDPR. We specify the data protection authority competent for us merely by way of example:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2 – 4
40213 Düsseldorf
Germany

poststelle@ldi.nrw.de

 

Definitions
Our data privacy statement is based on the definitions used in the GDPR, which we would like to outline below:

a) Personal data
‘Personal data’ means any information relating to an identified or identifiable natural person (e.g. name, address, telephone number, date of birth or email address). In general you can use our online offer without providing personal data. However, use of specific services may require the provision of personal data, such as an online application.

b) Data subject
A 'data subject' is any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Profiling
‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

e) Pseudonymisation
‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

f) Controller
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

g) Processor
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

h) Recipient
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law will not be regarded as recipients.

i) Third party
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

j) Consent
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.