• Home
  • Privacy policy

Privacy policy

1. Introduction

With the following information we would like to give you, as the “data subject”, an overview of our processing of your personal data and your rights under data protection laws. It is generally possible to use our website without providing personal data. However, if you wish to use special services of our company via our website it may be necessary to process your personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we usually obtain your consent to the processing.

The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to “Papierfabrik Adolf Jass GmbH & Co. KG”. Within the scope of this Privacy policy, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us.

As the controller we have implemented numerous technical and organisational measures to ensure that all personal data processed via this website is protected as completely as possible. Nevertheless, internet-based data transmission can have security gaps and therefore an absolute protection cannot be guaranteed. For this reason, you can provide us with your personal data by alternative means, for example by telephone or post.

You can also take simple and easy-to-implement measures to protect yourself against unauthorised access to your data by third parties. Therefore, now we would like to give you some tips on how to handle your data securely:

  • Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
  • Do not share your passwords with others.
  • Make sure that you only use your passwords for one account at a time (login, user or customer account).
  • Do not use the same password for different websites, applications or online services.
  • In particular, when using publicly accessible or shared IT systems with other people, you should always log out after logging in to a website, application or online service.

Passwords should consist of at least 12 characters and be chosen in such a way that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or names of your relatives, but should contain upper and lower case letters, numbers and special characters.

2. Controller

The controller within the meaning of the GDPR is:

Papierfabrik Adolf Jass GmbH & Co. KG
Hermann-Muth-Straße 6, 36039 Fulda, Germany

Phone: 0661/106-0
Fax: 0661/71024
Email: info@jass.com

Controller’s representatives: Managing Directors: Dr. Marietta Jass-Teichmann, Mr. Frank Gumbinger, Mr. Michael Habeck

3. Data Protection Officer

The data protection officer can be reached as follows:

Bernd Kircher

Phone: 066196090636
Email: datenschutz@jass.com

You can contact our data protection officer directly at any time if you have any questions or suggestions regarding our data protection practices or this Privacy policy.

4. Definitions

The Privacy policy is based on the terms used by the European directive and regulation provider in the adoption of the General Data Protection Regulation (GDPR). Our Privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, first we would like to explain the terms used herein.

In this Privacy policy we use the following terms:

  • Personal data: Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Data subject: The data subject is any identified or identifiable person whose personal data is processed by the controller (our company).
  • Processing: Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Restriction of processing: Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
  • Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • Pseudonymisation: Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Processor: Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient: Recipient means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
  • Third party: Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Consent: Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal basis of the processing

Article 6 (1)(a) GDPR (in conjunction with § 25 (1) TDDDG [German Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia] (formerly TTDSG [German Telecommunications-Telemedia Data Protection Act])) serves our company as a legal basis for processing operations through which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case for example with processing operations necessary for the delivery of goods or the provision of other services or considerations, the processing is based on Article 6 (1)(b) GDPR. The same applies to such processing operations that are necessary to take steps prior to entering into a contract, for example in cases of enquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Article 6 (1)(c) GDPR.

In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our company and their name, age, health insurance data or other vital information would have to be passed on to a doctor, a hospital or other third parties. Then the processing would be based on Article 6 (1)(d) GDPR.

Ultimately, processing operations could be based on Article 6 (1)(f) GDPR. Processing operations which are not covered by any of the above-mentioned legal bases are based on this legal basis if processing is necessary for the purposes of the legitimate interest pursued by our company or a third party, provided that such interests are not overridden by the interests, fundamental rights and freedoms of the data subjects. We are allowed to carry out such processing operations because they have been specifically mentioned by the European legislator. In this respect, the legislator expressed the opinion that a legitimate interest could be assumed if the data subject is a customer of the controller. (Recital 47 sentence 2 of GDPR).

Our offer is basically aimed at adults. Persons under 16 years are not allowed to transfer personal data to us without the consent of their parents or legal guardians. We do not request personal data from children or young adults, we do not collect it or pass it no to third parties.

6. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

  • you have given us your express consent to do so in accordance with Article 6 (1)(a) GDPR,
  • in accordance with Article 6 (1)(f) GDPR the transfer is necessary for the purpose of our legitimate interests and there is no reason to assume that there is your legitimate specific interest which prevents transmission of your data,
  • the transfer is required by law as defined in Article 6 (1)(c) GDPR, and
  • this is legally permissible and necessary for the performance of a contract with you in accordance with Article 6 (1)(b) GDPR.

In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are not sufficient to ensure an adequate level of protection, in accordance with Article 49 (1)(a) GDPR your content may serve as the legal basis for the transfer to third countries. This may not apply to data transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Article 45 GDPR.

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

  • you have given us your express consent to do so in accordance with Article 6 (1)(a) GDPR,
  • in accordance with Article 6 (1)(f) GDPR the transfer is necessary for the purpose of our legitimate interests and there is no reason to assume that there is your legitimate specific interest which prevents transmission of your data,
  • the transfer is required by law as defined in Article 6 (1)(c) GDPR, and
  • this is legally permissible and necessary for the performance of a contract with you in accordance with Article 6 (1)(b) GDPR.

As part of the processing operations described in this Privacy Policy, personal data may be transferred to the United States. Companies in the USA only have an adequate level of data protection if they have been certified under the EU-US Data Privacy Framework and thus comply with the adequacy decision of the EU Commission in accordance with Article 45 GDPR. We have explicitly mentioned this in the Privacy policy for the service providers concerned. In order to protect your data in all other cases, we have concluded data processing agreements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are not sufficient to ensure an adequate level of protection, in accordance with Article 49 (1)(a) GDPR your content may serve as the legal basis for the transfer to third countries. This may not apply to data transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Article 45 GDPR.

7. Technology

7.1 SSL/TLS encryption

This website uses an SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact requests you send to us as the operator. You can recognise an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and by the lock icon in your browser line.

We use this technology to protect your transferred data.

7.2 TWL-KOM

We host our website at TWL-KOM GmbH, Donnersbergweg 4, 67059 Ludwigshafen (hereinafter referred to as TWL-KOM).

When you visit our website, your personal data (e.g. IP addresses in log files) are processed on TWL-KOM’s servers.

The use of TWL-KOM is based on Article 6 (1)(f) GDPR. We have a legitimate interest in the most reliable presentation, provision and security of our website.

We have concluded a data processing agreement (DPA) with TWL-KOM in accordance with Article 28 GDPR. This is an agreement required by data protection law, which ensures that TWL-KOM processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Further information on TWL-KOM’s privacy policy can be found at: https://twl-kom.de/datenschutz

8. Cookies

8.1 CCM19 (Consent Management Tool)

We use the Consent Management Tool “CCM19” of Papoo Software & Media GmbH – Agentur Auguststr. 4, 53229 Bonn, Germany. This service allows us to obtain and manage the consent of website users for data processing.

CCM19 uses cookies to collect data generated by end users who use our website. When an end user gives his or her consent, e.g. the following data is automatically logged:

  • cookie lifetime,
  • cookie version,
  • IP address,
  • selection in the cookie banner,
  • browser used
  • processor ID and controller ID.

Consent status is also stored in the end user’s browser so that the website can automatically read and follow the end user’s consent on all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) are stored for three years. The retention period corresponds to the regular limitation period according to § 195 BGB [German Civil Code]. Then the data will be erased immediately.

The functionality of the website is not guaranteed without the described processing. The user has no right to object to the processing as long as there is a legal obligation to obtain the user’s consent to certain data processing operations, Article 7 (1), 6 (1) sentence 1 (c) GDPR.

CCM19 is a recipient of your personal data and acts as a processor for us. Data processing takes place exclusively in the European Union.

Further information can be found at: https://www.papoo.de/datenschutzerklaerung.html.

9. Contents of our website

9.1 Contact / Contact form

Personal data is collected when contacting us (e.g. via the contact form or email). Which data is collected when a contact form is used can be seen in the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the data processing is our legitimate interest in responding to your enquiry in accordance with Article 6 (1)(f) GDPR. If your contact is aimed at concluding a contract, then the additional legal basis

for the processing is Article 6 (1) (b) GDPR. Your data will be erased after the final processing of your enquiry; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal storage obligations to the contrary.

9.2 Application management / Job exchanges

We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is especially the case if an applicant provides us with the relevant application documents electronically, for example, by email or via a web form on the website. If we conclude an employment or service contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude a contract with the applicant, the application documents will be automatically erased two months after notifying the applicant of the rejection decision, provided that the erasure is not contrary to any of our other legitimate interests. Such other legitimate interest is, for example, a duty to provide evidence in proceedings under the General Law on Equal Treatment (AGG).

The legal basis for processing of your data is Article 6 (1)(b), 88 GDPR in conjunction with § 26 (1) BDSG [Federal Data Protection Law].

10. Our activities on social networks

In order to communicate with you and inform you about our services on social networks, we are represented there with our own pages. If you visit one of our social media pages, together with the provider of the respective social media platform we are jointly responsible for the processing operations resulting therefrom, within the meaning of Article 26 GDPR.

We are not the original provider of these pages but only use them within the scope of the possibilities offered to us by the respective providers.

Therefore, as a precaution, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. The use may therefore be associated with data protection risks for you, since it may be more difficult to protect your rights, e.g. right of access, erasure, objection, etc., and the processing in social networks is often carried out directly for advertising purposes or to analyse user behaviour by the providers, without us being able to influence it. If user profiles are created by the provider, cookies are often used or the user behaviour is assigned to your own social network member profile.

The described processing operations of personal data are carried out in accordance with Article 6 (1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to provide the respective providers with your consent to data processing as a user, the legal basis for that is Article 6 (1)(a) in conjunction with Article 7 GDPR.

Since we do not have access to the providers’ databases, we would like to point out that you can best assert your rights (e.g. right of access, rectification, erasure, etc.) directly with the respective provider. Further information on the processing of your data in the social networks by the respective social network providers we use is provided below:

10.1 Facebook

(Joint) controller for data processing in Europe: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (Data policy): https://www.facebook.com/about/privacy/

10.2 Instagram

(Joint) controller for data processing in Germany: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy (Data Policy): https://instagram.com/legal/privacy/

10.3 LinkedIn

(Joint) controller for data processing in Europe: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy policy: https://www.linkedin.com/legal/privacy-policy

10.4 XING (New Work SE)

(Joint) controller for data processing in Germany: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung;

Information requests for XING members: https://www.xing.com/settings/privacy/data/disclosure

11. Web analytics

11.1 eTracker

Our website uses the etracker analysis service. This service is provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. The data can be used to create user profiles under a pseudonym. Cookies may be used for this purpose. The data collected with the etracker technologies will not be used to personally identify visitors to our website without your separate consent and will not be connected with personal data of the pseudonym holder.

etracker cookies remain on your device until you erase them.

These processing operations are carried out exclusively with your express consent in accordance with Article 6 (1)(a) GDPR.

You can object to the collection and storage of your data at any time with future effect.

eTracker’s Privacy policy is available at: https://www.etracker.com/de/datenschutz.html.

We have concluded a data processing agreement with etracker and fully implement the strict requirements of the German data protection authorities when using etracker.

12. Plugins and other services

12.1 Adobe Fonts

On our website we use Adobe Fonts, Adobe Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA. We use Adobe Fonts for the uniform display of fonts.

The following data can be processed:

  • IP address,
  • the time it takes for the web browser to download the fonts,
  • the time from downloading the fonts with the web browser until the fonts are used,
  • to check whether an ad blocker is installed to determine whether it interferes with the correct tracking of page views,
  • operating system and browser version.

If you have been asked for consent to the processing of your data by Adobe, the legal basis for such processing is Article 6 (1)(a) GDPR. We also have a legitimate interest in using Adobe Fonts to present and manage the website. The legal basis for this is Article 6 (1)(f) GDPR.

Adobe Inc. is certified as a US company under the EU-US Data Privacy Framework. So there is an adequacy decision in accordance with Article 45 GDPR, which means that the transfer of personal data may also take place without further guarantees or additional measures.

Adobe Fonts’ privacy policy is available at: https://www.adobe.com/de/privacy.html.

13. Your rights as a data subject

13.1 Right to confirmation

You have the right to obtain from us a confirmation as to whether or not personal data concerning you is being processed.

13.2 Right of access (Article 15 GDPR)

You have the right at any time to receive free information from us about the personal data stored about you, as well as a copy of this data.

13.3 Right to rectification (Article 16 GDPR)

You have the right to request the rectification of your personal data without undue delay. Furthermore, taking into account the purposes of the processing, you have the right to have incomplete personal data completed.

13.4 Right to erasure (Article 17 GDPR)

You have the right to request the erasure of personal data concerning you without undue delay, provided that one of the grounds provided by law applies and the processing or storage is not required.

13.5 Restriction of processing (Article 18 GDPR)

You have the right to request us to restrict processing where one of the grounds provided by law applies.

13.6 Right to data portability (Article 20 GDPR)

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit these data to another data controller without hindrance from us as the data controller to which the personal data have been provided, provided that the processing is based on the consent provided for in Article 6 (1)(a) GDPR or Article 9 (2)(a) GDPR or on a contract in accordance with Article 6 (1)(b) GDPR and processing is carried out by automated means, except where such processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising your right to data portability pursuant to Article 20 (1) GDPR, you have the right to have your personal data transmitted directly from one controller to another controller, insofar as this is technically feasible and does not adversely affect the rights and freedoms of other persons.

13.7 Right to object (Article 21 GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you, which is based on

Article 6 (1)(e) (data processing in the public interest) or f) (data processing based on a balance of interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Article 4 (4) GDPR.

If you lodge an objection, we will no longer process the personal data concerning you, unless we can prove compelling legitimate reasons for the processing, which override your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.

In individual cases, we will process your personal data for direct marketing purposes. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to any profiling in connection with such direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.

Furthermore, on grounds relating to your particular situation, you have the right to object to the processing of personal data concerning you which we use for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

13.8 Withdrawal of consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time.

13.9 Complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority about our processing of personal data.

14. Updating and changing the Privacy policy

This Privacy policy is currently valid and was last updated in March 2025.

It may be necessary to change this Privacy policy as a result of further development of our website and services, or due to changes in statutory or regulatory requirements. The current Privacy policy is available at “https://jass.com/datenschutzerklaerung/” and can be printed out at any time.

This Privacy policy was created using the data protection software: Kircher Datenschutz-Board.

Privacy statement applicants
Information on data protection
for customers, interested parties and
service providers