SÜDPACK Newsletter
Receive regular updates about SÜDPACK, our products and sustainability topics.
Receive regular updates about SÜDPACK, our products and sustainability topics.
Version: 23 February 2026
This privacy policy provides information about the processing of personal data when visiting our website and the associated online services. It is addressed to visitors of our websites as well as users of the listed services.
These notices apply to the websites of the SÜDPACK Group, in particular those of SÜDPACK Verpackungen SE & Co. KG and SÜDPACK Medica AG, as well as to integrated services and platforms such as the Virtual Exhibition at exhibition.suedpack.com or the Rexx job portal.
SÜDPACK Holding GmbH
Ecoformstraße 1, 88416 Erlenmoos, Germany
Phone: +49 (0)7352 925 – 01
Fax: +49 (0)7352 925 – 1102
Email: info@suedpack.com
If you have any questions regarding the collection, processing or use of your personal data, or if you wish to exercise your data subject rights, please contact our Data Protection Officer at the above postal address of SÜDPACK Holding GmbH with the addition “Data Protection Officer” or by email at datenschutzbeauftragter@suedpack.com.
Our website automatically collects and stores information in so‑called server log files, which your browser automatically transmits to us.
Processed data: Browser type and version, operating system used, referrer URL, hostname of the accessing device, time of the server request, IP address
Purpose: Secure and stable operation of the website, detection of misuse/attacks
Legal basis: The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error‑free presentation and optimization of the website – for this, the server log files must be collected.
Storage period: usually 7–14 days; longer retention possible in case of security incidents
Recipients: Hosting provider: S.I.G. mbH, Zeppelinstraße 5/2, 89231 Neu‑Ulm; Cookie and consent management (UserCentrics)
We use UserCentrics as a consent management platform (CMP) to manage cookie/tool consents.
Provider: Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany
Processed data: Consent status (opt‑in/opt‑out), consent ID, timestamp, browser/device information
Purpose/legal basis: Compliance with legal obligations (Art. 6(1)(c) GDPR in conjunction with TDDDG)
Storage period: up to 3 years (statutory proof), depending on legal requirements/configuration
Google Tag Manager is a tag management system that allows us to manage and deploy tracking and analytics tools as well as other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It serves solely for the technical administration and triggering of the tools integrated via it. However, when our website is accessed, technical connection data (in particular the IP address) is transmitted to Google servers.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose: Management and deployment of tracking/marketing tags
Legal basis: Art. 6(1)(f) GDPR (technical control) and – for connected tools – the respective applicable legal basis (in particular consent)
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
Further information on Google Tag Manager can be found here.
Google’s privacy policy can be found here.
Google Analytics enables us to analyze the behavior of visitors to our website. Google Analytics uses cookies and similar technologies to allow an analysis of website usage.
Purpose: Reach measurement and usage analysis, improvement of the website
Data: Cookie IDs, IP address (with IP anonymization), page views, interactions, referrer URL, device information
Legal basis: Art. 6(1)(a) GDPR (consent)
Storage period: user and event data max. 731 days
Opt‑out: Withdrawal via CMP; additionally via browser add‑on.
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
We use Google Ads services on our website, an online advertising program by Google Ireland Limited. Within Google Ads, we use: Google Ads Conversion Tracking to measure the success of our ads, Google Ads Remarketing to display interest‑based advertising, and functions from the Google advertising network (formerly DoubleClick). We receive only statistical evaluations from Google and no information that allows direct identification of individuals.
Purpose: Display of ads, conversion measurement, remarketing
Data: Cookie IDs, advertising IDs, IP address, interactions with ads, visited pages, device and browser information, referrer URL
Legal basis: Art. 6(1)(a) GDPR (consent)
Storage period: cookies max. 396 days; cross‑device remarketing depending on account settings
Opt‑out: via CMP and adssettings.google.com
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
Google Maps enables us to display interactive maps directly on our website and provides a user‑friendly presentation of our location as well as easy route planning. We do not store any personal data in connection with the integration of Google Maps.
Purpose: Integration of maps for location display
Data: IP address, possibly location data (if enabled in the browser), browser/device information, referrer URL, usage data (e.g., interactions with the map)
Legal basis: Art. 6(1)(a) GDPR (Google Maps is only loaded after you have given consent via our CMP.)
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
If you are logged into your Google account, Google may associate the data with your user account. We have no influence on the scope of data processing by Google.
We use fonts (“Google Fonts”) and technical libraries (e.g., Google AJAX Libraries) on our website. The content is either hosted locally on our server or – if not integrated locally – loaded from Google servers. If Google Fonts and other Google libraries are hosted locally, no connection to Google servers is established and no personal data is transmitted. If the integration takes place via Google servers (e.g., fonts.googleapis.com or gstatic.com), a connection to Google servers is established when the website is accessed.
Purpose: Provision of fonts and libraries; performance/availability
Data: IP address, requested resources, browser/device information
Legal basis: For locally hosted fonts/libraries: no external data transfer; Art. 6(1)(f) GDPR (technically required). For remote retrieval from Google servers: Art. 6(1)(a) GDPR (consent via CMP), as the retrieval involves external connections and possibly device access.
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
Google Translate enables automated translation of our website content into other languages.
Purpose: Translation of website content
Data: IP address, transmitted text content/URLs, possibly cookies, browser and device information, language settings, date and time of access, pages visited
Legal basis: Art. 6(1)(a) GDPR (consent), the translation function is only activated after you have given consent via our CMP.
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
If you are logged into your Google account, Google may associate the data with your user account. We have no influence on the scope and further processing of the data collected by Google.
When visiting our website, YouTube receives the information that you have accessed the corresponding subpage. The above‑mentioned log files are also transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data is directly associated with your account. If you do not want this association, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or the needs‑based design of its website. Such evaluation is carried out in particular (even for non‑logged‑in users) to provide needs‑based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose: Embedding of videos
Data: IP address, device information, interactions, possibly cookie IDs (also on youtube‑nocookie.com to a limited extent), referrer URL
Legal basis: Art. 6(1)(a) GDPR (consent)
Storage period: max. 244 days
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
Friendly Captcha protects our website from abusive automated use (e.g., bots) and contributes to the security of our IT systems.
Provider: Friendly Captcha GmbH, Am Anger 3–5, 82237 Wörthsee, Germany
Purpose: Protection of forms from spam and bots (privacy‑friendly captcha)
Daten: IP address (shortened or hashed), cryptographic challenge solution, anonymized hash values, information about browser and operating system, possibly referrer/URL, device information, no tracking cookies
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protection against automated attacks, spam and misuse of our online services)
Storage period: only as long as necessary for validation; no user profiling
Further information can be found here.
We use the LinkedIn advertising platform to promote our offerings in a targeted manner and to measure the success of our advertising activities (awareness & conversion). We do not receive clear names or directly identifiable profile data from LinkedIn, but only aggregated and pseudonymized reports. We have concluded a joint controllership agreement with LinkedIn pursuant to Art. 26 GDPR.
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Purpose: Delivery of interest‑based advertising on LinkedIn, reach measurement and conversion tracking, optimization and economic management of our marketing campaigns
Data: IP address (shortened), browser and device data, visited pages and events (e.g., conversion triggers), timestamp, referrer URL, pseudonymized assignment to LinkedIn members (for conversion tracking and retargeting)
Legal basis: Art. 6(1)(a) GDPR (consent)
Storage period: depending on the cookie, maximum 2 years
Withdrawal of consent: via cookie banner, LinkedIn settings or advertising opt‑out platforms
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
Further information can be found here.
We regularly plan new marketing activities and may process personal data for this purpose. Certain areas may only be accessible after prior registration. During registration, we will inform you which personal data is mandatory and which information you may provide voluntarily. If personal data is processed in deviation from this privacy policy, we will inform you accordingly.
Purpose: Marketing activities such as websites, customer portals, etc.
Data: depending on the activity, possibly master data, contact/billing data, order and payment information, login/session data, cookies
Legal basis: depending on the activity, possibly Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (legal obligations), Art. 6(1)(f) GDPR (customer satisfaction and retention)
Storage period: We may be legally required under commercial and tax law to store your personal data for up to ten years.
If you apply online with us, it is necessary that you provide the personal data required for your application. During the application process, you will be informed which data is mandatory for the online application and which additional information you may provide voluntarily. We offer you the option to apply online for advertised positions via our applicant portal. For this purpose, we use the applicant and talent management software provided by rexx systems GmbH. Rexx systems GmbH acts as our processor pursuant to Art. 28 GDPR and processes your data exclusively on our instructions and within the contractually agreed purposes. Access to applicant data is restricted to authorized persons involved in the recruitment process.
Provider: rexx systems GmbH, Süderstrasse 75–79, 20097 Hamburg, Germany
Purpose: Processing applications and deciding on the establishment of an employment relationship; managing job postings and online applications; email notifications about suitable positions (“Job Alert”)
Data: Name, address, contact details (email, phone), application documents (CV, certificates, qualifications), information on the desired position and career history, additional voluntary information such as extra qualifications or preferences, filters/preferences, DOI proof (double opt‑in)
Legal basis: Art. 6(1)(b) GDPR (contract) in conjunction with § 26 BDSG, insofar as required for processing the application; if you voluntarily provide additional data (e.g., for a candidate profile or job alert), processing is additionally based on your consent pursuant to Art. 6(1)(a) GDPR (double opt‑in for job alert)
Storage period: Application data is generally stored for six months after completion of an unsuccessful application process, unless statutory retention obligations require otherwise; otherwise until deregistration/withdrawal; DOI proof up to 3 years
Withdrawal of consent: possible at any time via the unsubscribe link or by contacting us
Further information about your rights and configuration options to protect your privacy can be found here.
If you contact us via contact form, telephone or in writing, the information you provide in the inquiry form, including the contact details you enter, will be stored by us for the purpose of processing your inquiry and in case of follow‑up questions. The processing of the data entered into the contact form depends on your request and is carried out either for the performance of a contract or for pre‑contractual measures (Art. 6(1)(b) GDPR), on the basis of your consent (Art. 6(1)(a) GDPR), or based on a legitimate interest (Art. 6(1)(f) GDPR). You may withdraw your consent at any time. A simple email to us is sufficient. The lawfulness of the data processing carried out until the withdrawal remains unaffected. The data you enter in the contact form will remain with us until you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
To manage customer inquiries and service processes, we use the TYPO3 content management and customer management system.
Purpose: Processing inquiries, contract execution, technical administration and system security
Data: Cookies
Legal basis: Art. 6(1)(b) GDPR (contract or pre‑contractual measures), Art. 6(1)(f) GDPR (legitimate interest in secure and efficient customer management), where applicable Art. 6(1)(c) GDPR (statutory retention obligations)
You have the option to subscribe to our free newsletter. If you wish to receive the newsletter offered on the website, we require your first and last name, company information, and your email address. For the newsletter, we use the service provider CleverReach.
Provider: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany
Purpose: Sending newsletters, measuring success (e.g., open and click rates)
Data: Email address, if applicable name, opt‑in proof (double opt‑in), timestamp, IP address at registration, interactions with emails
Legal basis: Art. 6(1)(a) GDPR (consent)
Storage period: until withdrawal/unsubscription; DOI proof up to 3 years
Withdrawal: possible at any time via the link in the email or by contacting us
More information on data processing by CleverReach can be found in their privacy policy.
Under the GDPR, you have the right to:
We implement appropriate technical and organizational measures (TLS encryption, access controls, role and rights concepts, logging, data minimization, regular reviews) to protect your data from loss, misuse and unauthorized access.
We update this privacy policy whenever technologies, legal requirements or our services change. The current version is available on this website.
Where the processing of personal data relates to Switzerland, the provisions of the revised Swiss Data Protection Act (revDSG), effective since 1 September 2023, apply in addition.
Representative/contact in Switzerland: SÜDPACK Medica AG, Neuhofstrasse 20, 6340 Baar
Purposes/principles: The processing of personal data is carried out in accordance with the principles of Swiss data protection law, in particular good faith, proportionality, a specific and identifiable purpose, and appropriate data security.
Data transfers abroad: Personal data is transferred from Switzerland only to countries that ensure an adequate level of data protection or where suitable safeguards pursuant to Art. 16 revDSG exist. For transfers to countries without an adequate level of protection (e.g., USA), we use the standard contractual clauses recognized by the Swiss supervisory authority and implement additional technical and organizational measures where necessary.
Rights under revDSG: Individuals residing in Switzerland have, in accordance with the revDSG, in particular the right to access their processed personal data, the right to receive or transfer their data in a commonly used electronic format (data portability, where legal requirements are met), the right to rectification of inaccurate personal data, and the right to erasure or restriction of processing, provided no statutory retention obligations apply. To exercise your rights, please contact our Data Protection Officer (see above).
Supervisory authority Switzerland: Federal Data Protection and Information Commissioner (FDPIC), www.edoeb.admin.ch