SÜDPACK Newsletter
Receive regular updates about SÜDPACK, our products and sustainability topics.
Receive regular updates about SÜDPACK, our products and sustainability topics.
Status: 25.02.2026
This privacy policy provides information about the processing of personal data when visiting our website and the connected online services. It is aimed at visitors of our web pages as well as users of the listed services.
These notices apply to the websites of the SÜDPACK Group, in particular those of SÜDPACK Verpackungen SE & Co. KG and SÜDPACK Medica AG, as well as to the integrated services and platforms such as the Rexx job portal (function “Job Alert”).
SÜDPACK Holding GmbH
Ecoformstraße 1, 88416 Erlenmoos, Germany
Phone: +49 (0)7352 925 – 01
Fax: +49 (0)7352 925 – 1102
Email: info@suedpack.com
If you have any questions regarding the collection, processing or use of your personal data, or if you wish to exercise your data subject rights, please contact our data protection officer at the above postal address of SÜDPACK Holding GmbH with the addition “Data Protection Officer” or by email at datenschutzbeauftragter@suedpack.com.
Our website automatically collects and stores information in so‑called server log files, which your browser automatically transmits to us.
Processed data: Browser type and version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, IP address
Purpose: Secure and stable operation of the website, detection of misuse/attacks
Legal basis: The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error‑free presentation and optimization of the website – for this, the server log files must be collected.
Storage period: usually 7–14 days; longer retention possible in case of security incidents
Hosting provider: S.I.G. mbH Zeppelinstraße 5/2, 89231 Neu‑Ulm
We use UserCentrics as a consent management platform (CMP) to manage consents for cookies/tools.
Provider: Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany
Processed data: Consent status (opt‑in/opt‑out), consent ID, timestamp, browser/device information
Purpose/legal basis: Fulfillment of legal obligations (Art. 6(1)(c) GDPR in conjunction with TDDDG)
Storage period: up to 3 years (legal proof), depending on legal requirements/configuration
Google Tag Manager is a tag management system that allows us to manage and deploy tracking and analytics tools as well as other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is used solely for the technical administration and triggering of the tools integrated via it. However, when our website is accessed, technical connection data (in particular the IP address) is transmitted to Google servers by Google Tag Manager.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose: Management and deployment of tracking/marketing tags
Legal basis: Art. 6(1)(f) GDPR (technical control) and – for connected tools – the respective applicable legal basis (especially consent)
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
Further information on how Google Tag Manager works can be found here.
Google’s privacy policy can be found here.
Google Analytics enables us to analyze the behavior of visitors to our website. Google Analytics uses cookies and similar technologies to allow an analysis of website usage.
Purpose: Reach measurement and usage analysis, improvement of the website
Data: Cookie IDs, IP address (with IP anonymization), page views, interactions, referrer URL, device information
Legal basis: Art. 6(1)(a) GDPR (consent)
Storage period: user and event data max. 731 days
Opt‑out: Withdrawal via CMP; additionally browser add‑on
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
We use services from Google Ads, an online advertising program of Google Ireland Limited. As part of Google Ads, we use: Google Ads Conversion Tracking to measure the success of our ads, Google Ads Remarketing to display interest‑based advertising to users, and functions from the Google advertising network (formerly DoubleClick). We receive only statistical evaluations from Google and no information that would allow direct identification of individuals.
Purpose: Display of ads, conversion measurement, remarketing
Data: Cookie IDs, advertising IDs, IP address, interactions with ads, visited pages, device and browser information, referrer URL
Legal basis: Art. 6(1)(a) GDPR (consent)
Storage period: cookies max. 396 days; cross‑device remarketing depending on account settings
Opt‑out: via CMP and settings for personalized advertising
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
Google Maps allows us to display interactive maps directly on our website and provides a user‑friendly presentation of our location as well as easy route planning. We do not store any personal data in connection with the integration of Google Maps.
Purpose: Integration of maps for location display
Data: IP address, possibly location data (if enabled in the browser), browser/device info, referrer URL, usage data (e.g., interactions with the map)
Legal basis: Art. 6(1)(a) GDPR (Google Maps is only loaded after you have given your consent via our consent management tool.)
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
If you are logged into your Google account at the same time, Google may associate the data with your user account. We have no influence on the scope of data processing by Google.
We use fonts (“Google Fonts”) and technical libraries (e.g., Google AJAX Libraries) on our website. The content is either hosted locally on our server or – if not integrated locally – loaded from Google servers. If Google Fonts and other Google libraries are hosted locally, no connection to Google servers is established in connection with the display of these contents. In this case, no personal data is transmitted to Google. If the integration is carried out via Google servers (e.g., fonts.googleapis.com or gstatic.com), a connection to Google servers is established when our website is accessed.
Purpose: Provision of fonts and libraries; performance/availability
Data: IP address, requested resources, browser/device info
Legal basis: For locally hosted fonts/libraries: no external data transfer; Art. 6(1)(f) GDPR (technically required). For remote retrieval from Google servers: Art. 6(1)(a) GDPR (consent via CMP), as retrieval involves external connections and possibly device access.
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
Google Translate enables automated translation of our website content into other languages.
Purpose: Translation of website content.
Data: IP address, transmitted text content/URLs, possibly cookies, browser and device information, language settings, date and time of access, pages visited
Legal basis: Art. 6(1)(a) GDPR (consent), the translation function is only activated after you have given your consent via our consent management tool.
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
If you are logged into your Google account at the same time, Google may associate the data with your user account. We have no influence on the scope and further processing of the data collected by Google.
When visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the above‑mentioned log files are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data is assigned directly to your account. If you do not want the assignment to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or the needs‑based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide needs‑based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose: Embedding of videos
Data: IP address, device info, interactions, possibly cookie IDs (also on youtube‑nocookie.com to a limited extent), referrer URL
Legal basis: Art. 6(1)(a) GDPR (consent)
Storage period: max. 244 days
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
Friendly Captcha protects our website from abusive automated use (e.g., by bots) and contributes to the security of our IT systems.
Provider: Friendly Captcha GmbH, Am Anger 3–5, 82237 Wörthsee, Germany
Purpose: Protection of forms from spam and bots (privacy‑friendly captcha)
Data: IP address (shortened or hashed), cryptographic challenge solution, anonymized hash values, information about browser and operating system, possibly referrer/URL, device info, no tracking cookies
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protection against automated attacks, spam and misuse of our online services)
Storage period: only as long as necessary for validation; no user profiling
Further information can be found here.
We use the LinkedIn advertising platform to promote our services in a targeted manner and to measure the success of our advertising activities (awareness & conversion). We do not receive any real names or directly identifiable profile data from LinkedIn, but only aggregated and pseudonymized reports. We have concluded a joint controllership agreement with LinkedIn pursuant to Art. 26 GDPR.
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Purpose: Delivery of interest‑based advertising on LinkedIn, reach measurement and conversion tracking, optimization and economic management of our marketing campaigns
Data: IP address (shortened), browser and device data, visited pages and events (e.g., conversion triggers), timestamp, referrer URL, pseudonymized assignment to LinkedIn members (for conversion tracking and retargeting)
Legal basis: Art. 6(1)(a) GDPR (consent)
Storage period: depends on the cookie, maximum storage period 2 years
Withdrawal of consent: Opt‑out via cookie banner, LinkedIn settings or advertising opt‑out platforms
Third country: if applicable USA: EU‑US Data Privacy Framework, SCC
Further information can be found here.
If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide the personal data required to process your order. Certain areas of onlineshop.suedpack.com are only accessible after prior registration, for example the use of your account area.
Purpose: Ordering, customer registration, contract processing.
Data: Master data, contact/billing data, order and payment information, login/session
Legal basis: Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) (legal obligations), Art. 6(1)(f) (security/fraud prevention).
Storage period: Due to commercial and tax regulations, we are required to store your address, payment and order data for ten years.
We regularly plan new marketing activities and may process personal data for this purpose. Certain areas may only be accessible after prior registration. During registration, we will inform you which personal data is mandatory and which information you may provide voluntarily. If personal data is processed in a way that deviates from this privacy policy, we will inform you accordingly.
Purpose: Marketing activities such as websites, customer portals, etc.
Data: Depending on the activity, possibly master data, contact/billing data, order and payment information, login/session, cookies
Legal basis: Depending on the activity, possibly Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) (legal obligations), Art. 6(1)(f) (customer satisfaction and retention)
Storage period: We may be required by commercial and tax regulations to store your personal data for up to ten years.
If you apply to us online, it is necessary that you provide the personal data required for your application. You will be informed during the application process which data is mandatory and which additional information you may provide voluntarily. We offer you the option to apply online for advertised positions via our applicant portal. For this purpose, we use the applicant and talent management software of rexx systems GmbH. rexx systems GmbH acts as a processor pursuant to Art. 28 GDPR and processes your data exclusively on our instructions and within the scope of the agreed purposes. Only authorized persons involved in the application process have access to applicant data.
Provider: rexx systems GmbH, Süderstrasse 75‑79, 20097 Hamburg, Germany
Purpose: Processing applications and deciding on the establishment of an employment relationship; managing job postings and online applications; email notifications about suitable positions (“Job Alert”)
Data: Name, address, contact details (email, phone), application documents (CV, certificates, qualifications), information on the desired position and career history, possibly additional voluntary information such as additional qualifications or preferences, filters/preferences, DOI proof (double opt‑in)
Legal basis: Art. 6(1)(b) GDPR in conjunction with § 26 BDSG, insofar as necessary for processing the application; if you voluntarily provide additional data (e.g., for a candidate profile or job alert), processing is additionally based on your consent pursuant to Art. 6(1)(a) GDPR (double opt‑in for job alert)
Storage period: Application data is generally stored for six months after an unsuccessful application, unless legal retention obligations apply; otherwise until deregistration/withdrawal; DOI proof up to 3 years
Withdrawal of consent: At any time via unsubscribe link or by contacting us
Further information about your rights and privacy settings.
If you contact us via contact form, telephone or in writing, the information you provide, including your contact details, will be stored for the purpose of processing your request and in case of follow‑up questions. The processing of the data entered in the contact form depends on your request and is carried out either for the fulfillment of a contract or pre‑contractual measures (Art. 6(1)(b) GDPR), based on your consent (Art. 6(1)(a) GDPR), or based on a legitimate interest (Art. 6(1)(f) GDPR). You may withdraw your consent at any time by sending us an informal email. The lawfulness of the processing carried out until the withdrawal remains unaffected. The data you enter in the contact form will remain with us until you request deletion, withdraw your consent, or the purpose for storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
To manage customer inquiries and service processes, we use the content management and customer management system TYPO3.
Provider: TYPO3 Association, Rathausstrasse 14, CH‑6340 Baar
Purpose: Processing inquiries, contract execution, technical administration and system security
Data: Inventory data (e.g., name, contact details, contract data), communication data (e.g., content of inquiries), usage and metadata (e.g., IP address, access time), cookies and similar technologies, protocol and log data to ensure IT security
Legal basis: Art. 6(1)(b) GDPR (contract or pre‑contractual measures), Art. 6(1)(f) GDPR (legitimate interest in secure and efficient customer management), possibly Art. 6(1)(c) GDPR (legal retention obligations)
Storage period: Depending on the type of personal data, it is stored only as long as necessary for the stated purposes or as long as legal retention periods apply
Third country: Switzerland (Art. 46 GDPR)
You have the option to subscribe to our free newsletter. If you wish to receive the newsletter offered on the website, we require your first and last name, company information and your email address. We use the service provider CleverReach for the newsletter.
Provider: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany
Purpose: Sending newsletters, measuring success (e.g., open/click rates).
Data: Email address, possibly name, opt‑in proof (double opt‑in), timestamp, IP address at registration, interactions with emails
Legal basis: Art. 6(1)(a) GDPR (consent)
Storage period: Until withdrawal/unsubscription; DOI proof up to 3 years
Withdrawal: At any time via the link in the email or by contacting us
More information on CleverReach’s data processing can be found in their privacy policy.
Under the GDPR, you have the right to:
We use appropriate technical and organizational measures (TLS encryption, access controls, role/rights concepts, logging, data minimization, regular reviews) to protect your data from loss, misuse and unauthorized access.
We update this privacy policy when technologies, legal requirements or our services change. The current version is available on this website.
If the processing of personal data has a connection to Switzerland, the provisions of the revised Swiss Data Protection Act (revDSG), effective since 1 September 2023, apply additionally.
Representative/contact in Switzerland: SÜDPACK Medica AG, Neuhofstrasse 20, 6340 Baar
Purposes/principles: The processing of personal data is carried out in accordance with the principles of Swiss data protection law, in particular good faith, proportionality, for a specific and recognizable purpose, and with appropriate data security.
Data transfers abroad: Personal data is transferred from Switzerland only to countries that ensure an adequate level of data protection or where appropriate safeguards exist under Art. 16 revDSG. For transfers to countries without adequate protection (e.g., USA), we use standard contractual clauses recognized by the Swiss supervisory authority and additional technical and organizational measures where necessary.
Rights under revDSG: Individuals residing in Switzerland have, in accordance with revDSG, the right to access their processed personal data, the right to receive or transfer their data in a common electronic format (data portability, where legal requirements are met), the right to rectification of inaccurate data, and the right to deletion or restriction of processing unless legal retention obligations apply. To exercise your rights, please contact our data protection officer (see above).
Supervisory authority Switzerland: Federal Data Protection and Information Commissioner (FDPIC)