Data Protection Declaration of the Faber-Castell Group

1. Data protection at a glance

The protection of your privacy is very important to us and we wish to be certain that at all times your data are secured when using our website.

The Data Protection Declaration of the Faber-Castell Group applies to all websites for which German companies of the Faber-Castell Group are responsible. Websites of the Faber-Castell Group may contain links to other companies to which our Data Protection Declaration is not applicable.
The Faber-Castell Group ensures the privacy of your personal data in that our employees are bound to confidentiality, our security measures correspond to the current state of technology, and our operational data protection officer as well as our internal auditors assure compliance with our "Data Protection Declaration".
General notices
The following notices provide a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. You can find more detailed information on data protection in this text under our Data Protection Declaration.
Data collection on our website
Who is responsible for data collection on this website?
The data processing on this website is performed by the website operator. You can find the contact data for the operator in the Imprint of this website.
How do we collect your data?
Your data are partially collected in that you provide them to us. This may involve, for example, data that you enter into a contact form.
Other data are collected automatically by our IT system upon visiting our website. They are largely technical data (e.g. internet browser, operating system or time the site is viewed). The collection of this data is done automatically as soon as you enter our website.
How do we use your data?
The personal data that you provide to us through a website (e.g. name, address, email address) are processed only for correspondence with you and only for the purpose for which you voluntarily provided the data to us (e.g. via the input mask). This data is processed initially in order to respond to your enquiry. Part of the data is collected in order to ensure error-free operation of the website. Other data can be used for an analysis of your user behaviour.
In addition, we will use this data in accordance with the statutory framework conditions in order to inform you of new products and services and other potentially interesting functions. You can object at any time to this use of your personal data. We assure you that we do not disclose your personal data to third parties unless we are obliged to do so by law or you have given us your prior consent. If we make use of service providers in the implementation and performance of processing procedures, the contract relationships are structured on the basis of the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (“FDPA”) and of the Telemedia Act (“TMA”).
What rights do you have regarding your data?
At all times you have the right to receive free information on the source, recipients and purpose of your stored personal data. In addition, you have a right to demand the rectification, blocking or erasure of this data. In this regard as well as for other questions on data protection, at all times you can you contact our data protection officer, whose contact data is found under Section 3 of this Data Protection Declaration. In addition, you have a right to file a complaint with the competent supervisory authorities. The contact data of the supervisory authorities can be found under Section 2 of this Data Protection Declaration.
Analysis tools and tools from third parties
Your surfing behaviour can be evaluated for statistical purposes upon visiting our website. This is done with cookies and with so-called analysis programmes. As a rule, the analysis of your surfing behaviour is performed anonymously; the surfing behaviour cannot be traced to you. You can object to this analysis or prevent it through the non-use of certain tools. You can find details in our Data Protection Declaration under the heading “Third party modules and analysis tools”.
You can object to this analysis. We inform you of your objection options in this Data Protection Declaration.

2. General notices and obligatory information

Data protection
The operator of this site takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as in accordance with this Data Protection Declaration.
When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This Data Protection Declaration explains which data we collect and for what purpose we use it. It also explains how and for what purpose this happens.
We point out that data transmission in the internet (e.g. when communicating by email) may have security gaps. Complete protection of data from third party access is not possible.
Notice to the controller
The controller of data processing for this website is:
Faber-Castell Aktiengesellschaft 
Nürnberger Straße 2 
90546 Stein 
Telephone: +49 (0) 911 9965-0
FAX: +49 (0) 911 9965-5856
Email: info@faber-castell.de
The controller is the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses and similar data).
Revocation of your consent to data processing
Many data processing procedures are possible only with your express consent. At any time you may revoke your already issued consent. An informal notification by email to us is adequate. The lawfulness of the data processing performed until revocation remains unaffected.
Right to file a complaint with the competent supervisory authorities
In the event of a data protection infringement, the data subject has a right to file a complaint with the competent supervisory authorities. The competent supervisory authority in data protection questions is the state data protection officer of the state in which our company has its domicile. 

For the Faber-Castell Group this is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach 
Germany
Telephone: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300
Email: poststelle@lda.bayern.de

SSL and TLS encryption
This site uses a SSL and TLS encryption for security reasons and for protection of the transmission of confidential content, as for example orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection in that the address line of the browser changes from “http://” to “https://” and on the lock symbol in your browser line.
When the SSL or TLS encryption is activated, the data which you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If there is an obligation to transmit your payment data (e.g. account number for a direct debit authorisation) after conclusion of a purchase contract, this data is necessary for completion of payment.
Payment transactions via common payment means (Visa/MasterCard, direct debiting) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection in that the address line of the browser changes from “http://” to “https://” and on the lock symbol in your browser line.
When the SSL or TLS encryption is activated, the data which you transmit to us cannot be read by third parties.
Information, Blocking, Erasure
Within the framework of statutory provisions, at all times you have the right to free information on your stored personal data, its source and recipients and the purpose of the data processing and, if applicable, a right to rectification, blocking or erasure of this data. In this regard as well as in other questions concerning personal data you can contact us at any time at the address provided in the Imprint.
Objection to marketing mails
We expressly object to the use of contact data published within the framework of our Imprint obligation for the sending of marketing and information materials. The operator of the site expressly retains the right to take legal steps in the event of the sending of unrequested marketing materials, for example through spam emails.

3. Data protection officer

Data protection officer prescribed by law
We have appointed a data protection officer for our company.
Faber-Castell Aktiengesellschaft 
Data protection officer
Nürnberger Straße 2 
90546 Stein 
Telephone: +49 (0) 911 9965-0
FAX: +49 (0) 911 9965-5856
Email: datenschutz@faber-castell.de
The contact data of the data protection officer has been registered with the competent data protection supervisory authorities.

4. Data collection on our website

Cookies
Our websites partially use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are placed in your computer and stored by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically erased after your visit. Other cookies remain stored on your terminal until you erase them. The cookies enable us to recognise your browser upon your next visit.
You can set your browser in such a manner that you are informed of cookies and permit cookies only in individual cases, or activate the acceptance of cookies for certain cases or generally exclude them as well as the automatic erasure of the cookies upon closing the browser. The functionality of this website may be restricted upon the deactivation of cookies.
Cookies necessary for the implementation of an electronic communication transaction or to enable functions desired by you (e.g. shopping cart function), are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the storage of cookies for technical error-free and optimised availability of its services. If other cookies (e.g. cookies for the analysis of your surfing behaviour) are stored, this is treated separately in this Data Protection Declaration.
Use of Criteo for retargeting
Our advertisement insertions are based on prior customer interest in products. For this purpose we collect information by means of Criteo (Criteo SA, 32 Rue Blanche, 75009 Paris) about the surfing behaviour of our customers. For this purpose a cookie is saved on the computer of the user which contains an anonymous, multi-figure identification number. Storage of additional personal data does not occur. If you do not wish to be shown advertisement insertions with special product recommendations, you can exercise your right of objection at any time via the following link: https://www.criteo.com/privacy/
The deactivation of Criteo depends on the browser.
Server log files
The provider of the site collects and saves automatically information in so-called server log files which your browser transmits to us automatically. They are:
IP address
Browser type and version
The website from which you visit us (Referrer URL)
The operating systems used by you
The number of site visits to our website and the exact URL
Date and time of your visit to the individual websites
Information to allocate your visit or to allocate an order to a marketing channel
Session
Session ID (in a cookie)
There is no consolidation of this data with other data sources. The protocol data serve exclusively the purpose of error recognition and removal as well as for statistical purposes. These data sets are erased after seven days.
The basis for the data processing is Art. 6 (1) (b) GDPR which permits the processing of data for the performance of a contract or for precontractual measures.
Contact form
If you send us an enquiry via a contact form, your information from the enquiry form including the contact data provided by you are stored for the purpose of processing the enquiry and in the event of follow-up questions. We do not disclose this data without your consent.
The processing of the data provided in the contact form is thus done only on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time. An informal notification to us by email is adequate. The lawfulness of the data processing transactions up to the time of revocation are not affected by the revocation.
The data entered by you in the contact form remains with us until you request us to erase it, you revoke your consent to store the data or the purpose for the data storage expires (e.g. after completed processing of your enquiry). Compulsory statutory provisions – in particular retention periods – remain unaffected.
Online job applications

Data transmission within the framework of the online application procedure is done on a secured data line. The accumulated data on the applicant are stored on a server of our dependent technical service provider. These data are accessible only by Faber-Castell AG.
Use and transmission of data

In the event that applicants apply for a position with a subsidiary of Faber-Castell AG, the applicant’s data are transmitted by Faber-Castell AG to the personnel department of the respective subsidiary.

The processing of applicant data is done exclusively for the purpose of filling the position.

Archiving of applicant data

After conclusion of the selection process, the data of unsuccessful applicants remain stored for at most six months as evidence of a proper application procedure in accordance with the General Equality Act (AGG).

Applicant pool

If we have no suitable position available at the time of the application, but based on the applicant’s profile we are of the opinion that the application could be interesting for other areas or companies of the Faber-Castell Group, we store the application data for six months in our applicant pool so that we can again contact the applicant at a later time. You can object to storage at any time through an email to the personnel department (humanresources@faber-castell.de). If we cannot offer you a suitable position within one year, we deal with your data as described under the point “Archiving of applicant data”.
Registration on this website
You can register on our website in order to use additional functions of the site. We use the data entered upon registration only for the purpose of using the respective offer or service for which you have registered. The details required upon registration must be fully provided. Otherwise we will deny the registration.
We use the email address provided upon registration in order to inform you of important changes, for example on the scope of the offer or of technically necessary changes.
The processing of data entered upon registration is performed on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time. An informal notification to us per email is adequate. The lawfulness of data processing already performed is not affected by the revocation.
The data collected upon registration are stored by us as long as you are registered on our website, and are thereafter erased. Statutory retention periods remain unaffected.
Data transmission upon conclusion of a contract for online shops, distributors and dispatch of goods
We transmit personal data to third parties only when this is necessary within the framework of contract performance, for example, to the company engaged to deliver the goods or the bank engaged to settle payment. Further transmission of data does not occur or occurs only when you have expressly consented to the transmission. A disclosure of your data to third parties without your express consent, for example, for marketing purposes does not occur.
The basis for the data processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or for pre-contractual measures.

We use the services of Ve Interactive DACH GmbH (Französische Straße 47, 10117 Berlin, hereinafter "Ve"). In providing its services, Ve collects personal data from users who visit our websites. For this purpose Ve uses cookies and other similar technologies. Detailed information about the technologies Ve uses is available in Ve's cookie policy. A listing of the purposes for which Ve collects personal data is listed in Ve's privacy Policy. In general, through the use of cookies, Ve collects personal data from users, especially contact information and behavioral data. Ve uses this personal information to draw conclusions about the user's personal preferences and to personalize the user's web experience, for example by displaying personalized offers when visiting customer websites or similarly personalizing the customer's website to the user and displaying personalized advertisements when visiting customer websites or websites of third parties. Ve and we are jointly responsible for the collection of personal data according to Art. 26 GDPR. Details can be found in Ve's privacy policy.
End users can prevent the processing of their personal data by Ve by various means. The available options for preventing data processing are contained in Ve's privacy policy, among others operating the opt-out button under https://www.ve.com/de/datenschutzerklaerung#opting-out or using the opt-out mechanism of IAB Europe at http://www.youronlinechoices.com/opt-out-interface."

5. Social Media

Facebook plug-ins (integration through Shariff)
So-called social plug-ins (“plug-ins”) of social networks are used on our website, in particular the “Share” button of the provider “Facebook”, whose internet site facebook.com is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland is responsible for the German website facebook.de. As a rule the plug-ins are marked with a Facebook logo. 

For reasons of data protection, we intentionally decided against directly using plug-ins from social networks on our website. Instead we use the so-called “Shariff” solution. With the assistance of Shariff, you can specify if and when data are transmitted to the operator of the respective social network. If you access our website no data are automatically transmitted to Facebook. Only if you actively click on the respective button will your internet browser create a connection to the server of the social network, i.e. with the click on the respective button (“Share”) you consent to your internet browser creating a connection to the server of the social network and usage data is transmitted to the respective operator of the social network.

We have no influence on the nature and scope of the data then collected by the social networks. Please refer to the data protection notices of Facebook found under the below link for the purpose and scope of data collection and the further processing and use of the data by the respective social network, as well as for information on your rights and setting options for protection of your privacy: http://www.facebook.com/about/privacy/ and   http://www.facebook.com/help/?faq=186325668085084 
Pinterest Plug-in 
On our website we use the social plug-ins of the social network Pinterest, operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA ("Pinterest").
When you access a website that contains such a plug-in, your browser creates a direct connection to the Pinterest server. The plug-in transmits protocol data to the Pinterest server in the USA. This protocol data may contain your IP address, the address of the visited websites that also contain Pinterest functions, the nature and settings of the browser, the date and time of the enquiry, your manner of use of Pinterest as well as cookies.
Further information on the purpose, scope and further processing and use of data by Pinterest as well as your rights and options for protection of your privacy can be found in the data protection notices of Pinterest: https://policy.pinterest.com/en-gb/privacy-policy

6. Analysis tools and advertising

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and which enable an analysis of your use of the website. The information provided by the cookie on your use of this website are, as a rule, transmitted to a Google server in the USA and stored there.
The storage of Google Analytics cookies is done on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in an analysis of user behaviour in order to both optimise its website offer as well as its advertising.
IP anonymisation
We have activated the function IP anonymisation on this website. Therein your IP address is shortened by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area prior to transmission in the USA. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and shortened there. Google uses this information on behalf of the operator of this website in order to analyse your use of the website for the purpose of preparing reports on website activities and in order to provide further services associated with the use of the website and of the internet for the website operator. The IP address transmitted to Google Analytics from your browser is not combined with other data from Google.
Browser plug-in
You can prevent the storage of cookies through an appropriate adjustment to your browser software; however we inform you that in this case, you may not be able to fully use all functions of this website. In addition, you can prevent the collection of data on your use of the website provided by the cookie (including your IP address) to Google as well as the processing of these data by Google in that you download and install the browser plug-in  available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out-cookie is set which prevents the collection of your data upon future visits to this website: Google Analytics deactivate.
More information on the handling of user data by Google Analytics can be found in the Data Protection Declaration of Google: https://support.google.com/analytics/answer/6004245?hl=en
Information on the surfing behaviour of the website visitor on this website is collected and stored in an anonymous form through the technologies of Google Inc. These data are stored on your computer with the assistance of so-called "cookie" text files. Google Inc. analyses the surfing behaviour by means of an algorithm and can thereafter show targeted personalised advertising banners or advertisements on other websites (so-called publisher). In no event can this data be used to personally identify the visitor to this website. The collected data are used only to improve the offer. Another use or disclosure to third parties does not occur. You can object to the completely anonymous analysis of your surfing behaviour on this website by clicking on the following links for implementation: Website for deactivation of Google advertising.
Contract data processing 
We have concluded a contract for data processing with Google and fully implement the strict requirements of German data protection authorities in our use of Google Analytics.
Demographic features of Google Analytics
This website uses the function “Demographic features” of Google Analytics. Therein reports can be produced that contain statements as to age, sex and interests of the website visitor. These data originate from interest-related advertising of Google as well as from visitor data from third-party providers. These data cannot be attributed to specific persons. You can deactivate this function at any time via the display settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in “Objection to data collection”.

7. Newsletter

Newsletter data
If you would like to subscribe to the newsletter offered on the website, we need an email address as well as information that permits us to check if you are the owner of the specified email address and consent to the receipt of the newsletter. We use the so-called double-opt-in-process. This means at first we send a welcome email with a confirmation link to the email address specified by you. Only when you have confirmed the newsletter subscription by clicking the confirmation link do we assume your consent. The consent is recorded; it can be accessed and revoked at any time. Additional data are not collected or are collected on a voluntary basis. We use this data only for sending the requested information and do not disclose the information to third parties.
The processing of the data entered into the newsletter registration form is done exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke your consent to storage of the data and email address and their use for sending the newsletter at any time. You will find a link in every newsletter with which you can revoke your consent to receive the newsletter. The lawfulness of the already performed data processing transactions is not affected by the revocation.
Upon registering for the newsletter and with your consent, your email address will be used for our own marketing purposes. If you have granted us your consent to use, process and transmit your personal data for sending the newsletter or for other marketing purposes, you can revoke your consent at any time with a future effect without complying with a specified form or period. In addition you can – if we use your data, for example, for postal marketing measures within the framework permitted by law – revoke this use. Furthermore, at all times you have the right to information free of charge on your data stored by us as well as, if applicable, a right to rectification, blocking and erasure of this data. 
The data stored with us for the purpose of receiving the newsletter are stored by us until you leave the newsletter and are deleted after cancelling the newsletter. 

8. Plug-ins and tools

Use of Vimeo plug-ins
We use the provider Vimeo for the integration of videos and other matters. Vimeo is operated by Vimeo, LLC with its headquarters at 555 West 18th Street, New York, New York 10011.
We use plug-ins of the provider Vimeo in some of our websites. If you access one of our websites equipped with such a plug-in – for example our Mediathek –, a connection to the Vimeo server is created and the plug-in is shown. The Vimeo server is informed which of our websites you have visited. If you are logged on as a member of Vimeo, this information will be allocated to your personal user account by Vimeo. Upon using the plug-in, as for example by clicking the start button of a video, this information is also allocated to your user account. You can prevent this allocation by signing out of your Vimeo user account and deleting the corresponding cookies of Vimeo prior to the use of our website.
Further information on data processing and notices on data protection from Vimeo can be found at https://vimeo.com/privacy .

9. Changes to this Data Protection Declaration

We reserve the right to change or supplement this Data Protection Declaration as needed. We shall publish the changes here. Accordingly, you should regularly visit this website in order to be informed on the current state of this Data Protection Declaration.

As at: April 2018

Contact
More questions? 

Please contact the data protection officer of the Faber-Castell Group at the following address: 

Faber-Castell Aktiengesellschaft 
Data protection officer
Nürnberger Straße 2 
90546 Stein 
Telephone: +49 (0) 911 9965-0
Email: datenschutz@faber-castell.de