Processing of personal data on websites and for marketing communications

G+D provides websites to inform customers and other interested persons about the Louisenthal  and other G+D Group companies as well as their products and services.


Data Controller

  • Controller in the sense of DSGVO for the processing of your personal data is the Papierfabrik Louisenthal GmbH, Louisenthal 1, 83703 Gmund am Tegernsee, Deutschland


Data Privacy Officer

  • Papierfabrik Louisenthal GmbH, Datenschutzbeauftragter, Louisenthal 1, 83703 Gmund am Tegernsee, Deutschland,

Type and origin of personal data

When you visit and eventually interact with one of our a G+D website, we may collect personal data from you. This data may come from you directly, for example, when you register for a newsletter or an event, or when you submit an inquiry to us.

Some data that can be linked to you, primarily technical data, is processed automatically. This involves:

  • IP address
  • Browser and operating system,
  • Date and time of the page view
  • Referrer URL

Purposes and legal basis for processing data

We process your personal data for various purposes depending on the nature of your interaction with our websites:

Fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR):

We process personal data to fulfill contractual obligations to our customers or to carry out pre-contractual measures. This includes, for example, responding to inquiries as part of our customer relationship management.

Based on consent (Art. 6. para. 1 lit. a GDPR):

We process data on the basis of your consent. This includes the sending of our newsletters or other advertising, the response to contact requests.

When you visit our websites and access messages sent by us, cookies and other similar technologies may be used to make our websites more user-friendly and to adapt them to your preferences. Or to control advertising from Louisenthal on third-party websites. Detailed information on this can be found in our Cookie Notice.

We process data to optimize our online marketing activities. This includes, among other things:

  • E-mail marketing (newsletter/infomail, as well as automated mailings, e.g. to provide downloads)
  • Reporting (e.g. traffic sources, accesses, etc. ...)
  • Contact management (e.g. user segmentation & CRM)
  • Landing pages and contact forms

This information may be used by us to contact visitors to our website and to determine which services of Louisenthal might be of interest to them. All information collected is used exclusively to optimize our marketing.

If you register for a congress or event, we collect information necessary for your participation in such events as well as for their organization.

You can revoke the consent you have given at any time with effect for the future.

Maintaining legitimate interests (Art. 6 para. 1 lit. f GDPR):

We also process personal data if this is necessary to protect the legitimate interests of G+D, subsidiaries of G+D and, if applicable, other third parties. The processing is carried out exclusively under consideration of your interests. This includes, for example, the analysis of pseudonymized website usage for the optimization of our websites in accordance with our Cookie Notice  or the collection of information necessary for the authentication of software.

Unless the use of personal data is necessary, we use only anonymous information or pseudonyms as far as possible.

Disclosure of data to third parties and data transfers

Your personal data will not be disclosed to third parties unless you have consented to such disclosure or such disclosure is permitted under applicable law, for example, if it is necessary for the performance of a contract concluded with you. If you submit a request that relates to other G+D Group subsidiaries ("Group Companies"), this request will be forwarded to the relevant Group Company together with the information required to respond to your request. These Group Companies may be located in a country other than the country in which you reside, including countries outside the European Union ("EU") and the European Economic Area ("EEA"). A list of group companies can be found here

Furthermore, we may use service providers who act as data processors on our behalf and who may also be located in countries outside the EU and the EEA.

Louisenthal, together with all G+D-Group companies and service providers used, has taken appropriate measures to ensure an adequate level of data protection in accordance with applicable requirements. In particular, internal binding data protection regulations pursuant to Art. 47 DSGVO (Corporate Binding Rules) apply to the transfer of personal data between Group companies.

Protection of the privacy of children

Louisenthal acknowledges that the privacy of children and/or users under the age of 18 ("Minors") must be adequately protected. Our website is not directed at minors. G+D does not wish to address minors with its website and does not knowingly collect personal data from minors without the consent of their parents or legal guardians.


G+D uses technical and organizational security measures (in particular access, availability and input controls, including encryption techniques and measures to protect media using personal data, as well as the use of qualified personnel responsible for the security of personal data) to ensure that the protection of personal data provided by you is not undermined by unauthorized, accidental or intentional manipulation, damage, loss, deletion or unauthorized access, processing or disclosure. Our security measures are constantly updated and adapted according to the current state of knowledge. Due to the nature of the Internet, transmission of information may not always be absolutely secure. Therefore, we cannot guarantee the security of your personal data during transmission over the Internet to our website. However, as soon as we receive your personal data, we will take appropriate technical and organizational measures to protect your personal data.

Links to other websites

Our website may contain links to other websites that are not owned or operated by Louisenthal. Louisenthal has no control over the content or data privacy policies of these websites and cannot take any responsibility for them.

Processing of personal data for business activities

Louisenthal processes personal data in the context of its business activities. The following information is intended for potential and existing customers and business partners of Louisenthal with whom we have contact or a business relationship.

Data Controller

The data controller is determined by your business relationship with us. It may deviate from the above-mentioned data controller in accordance with the contractual relationship. It is regularly.

  • Papierfabrik Louisenthal GmbH, Louisenthal 1, 83703 Gmund am Tegernsee, Deutschland.

Deviations are possible, for example if your business relationship is with a regional subsidiary of G+D, which then regularly acts as data controller. A list of subsidiaries can be found here

Group Privacy Officer

  • Papierfabrik Louisenthal GmbH, Datenschutzbeauftragter, Louisenthal 1, 83703 Gmund am Tegernsee, Deutschland,

Type and origin of personal data

Your personal data is usually collected directly from you. If we receive data from third parties, we ensure compliance with the applicable legal requirements.

Depending on the respective business purposes, we process the following categories of personal data as data controller:

  • Master data and contact data (e.g. gender, name, company, business address, function, job title, e-mail, telephone and other contact information);
  • Communication data as part of the business communications between you and us;
  • Visitor data including data from access control and building monitoring;
  • Electronic identification data where required (e.g. login, access right, passwords, badge number, IP address, online identifiers/cookies, logs, access and connection times);
  • Contract and payment information (e.g. credit card details, bank account details, VAT or other tax identification number);
  • Additional data you provide to us, for example within the scope of an inquiry or our business relationship;
  • Data which relate to our products and services;
  • Data in the context of your participation in our events;


Commissioned data processing

For personal data that we process as data processor in the sense of Art. 4 No. 8 GDPR on behalf of our customers (e.g. for the production of smart cards) the respective customer remains the data controller under applicable data protection laws. In these cases, the processing is carried out on behalf of and on the instructions of the customer with the consequence that the rights of the affected individuals relating to this data must be asserted against the respective customer directly.

Purposes and legal basis for processing data

We process the data listed above for the following purposes:

  • To establish and fulfill a contract with you or with the entity on behalf of which you act, for example, if you make a purchase from us or enter into an agreement to provide or receive services or use one of our webshops;
  • To manage and maintain a contract with you or with the entity on behalf of which you act;
  • To answer your requests and provide you with efficient support;
  • To respond to any comments or complaints we may receive from you, including to investigate any complaints received from you or from others;
  • To detect and prevent misuse of our products and/or services;
  • To invite you to events or promotional meetings sponsored by us;
  • To invite you to take part in market research or surveys;
  • To enable you to participate in virtual events organized by us and to ensure that such events are conducted properly;
  • To manage our IT resources, including infrastructure management and business continuity;
  • To preserve the company's economic interests and ensure compliance and reporting (such as complying with our policies and legal requirements, tax and deductions, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
  • To fulfill the company’s obligations with regard to the prevention of money laundering and terrorist financing;
  • To manage mergers and acquisitions involving our company;
  • Archiving and record keeping;
  • Billing and invoicing;
  • Any other purposes imposed by law or authorities.

Additional purposes may result from your individual business relationship with us.

Personal data will only be processed on a valid legal basis, particularly if:

  • we have obtained your prior consent (Article 6 par. 1 lit. a GDPR);
  • the processing is necessary to perform contractual obligations (including precontractual steps) (Article 6 par. 1 lit. b GDPR);
  • the processing is necessary to comply with our legal or regulatory obligations (Article 6 par. 1 lit. c GDPR); or
  • the processing is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms (Article 6 par. 1 lit. f GDPR).

The legitimate interest arises from the described business objectives. However, in such cases, we always seek to maintain a balance between our legitimate interests and your privacy. Examples of such legitimate interests are marketing activities (e.g. offering of products and/or services to our customers); prevention of fraud or criminal activity and misuse of our products and/or services including the security of our IT systems, architecture and networks; use of cost-effective services offered by suppliers; selling of any part of our business or its assets and meeting our corporate and social responsibility objectives.

Storage period

Personal data are generally stored for the fulfillment of the underlying purposes. Data will be deleted as soon as such purposes have been fulfilled and the data is no longer required, provided that this is not prevented by any statutory retention periods (e.g. as indicated in the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Fiscal Code (AO)) or by any other legal or official regulation. Personal data processed in the context of any possible or ongoing dispute or legal action will be stored for the duration of the legal dispute, proceedings or limitation period, whichever is longer. The storage limitation of personal data which we process as data processor on behalf of our customers (see chapter Commissioned Data Processing above) is determined by the underlying agreements, in particular the service specifications, as well as the individual customer instructions.

Recipients/categories of recipients and data transfers

For the fulfillment of the purposes listed herein, your personal data may be accessed by or transferred to the following categories of recipients (on a need to know basis):

  • Personnel of other G+D group entitys that maintain the business relationship with you including personnel of responsible departments of other subsidiaries of the G+D Group;
  • suppliers and services providers of Louisenthal including IT systems providers, cloud service providers, database providers and consultants;
  • tax consultants advisors and external lawyers;
  • (national and international) regulatory authorities, public bodies or courts where we are required to do so by applicable law or at their request.

Personal data may also be processed in a country outside the country where you, the entity on behalf of which you act or G+D is located, including third countries outside the European Union or the European Economic Area. When personal data is transferred to third parties in other jurisdictions, we will make sure to protect your personal data by applying the level of protection required under applicable data protection laws. For data transfers within G+D group companies, G+D’s Binding Corporate Rules apply (Art. 46 para. 2 (b), 47 GDPR).

Rights of the data subject

To enforce your data privacy rights, you can contact us at any time.

Data subject rights according to Art. 15 - 21 GDPR

  • Right to access information about your personal data stored by us (Article 15 GDPR)
  • Right to rectification of inaccurate or incomplete personal data concerning you stored by us (Article 16 GDPR)
  • Right to erasure of your personal data stored by us, e.g. if there is no longer a legitimate business purpose for processing in accordance with applicable law and statutory storage obligations do not require further storage (Article 17 GDPR)
  • Right to restriction of processing, if the accuracy of the personal data is contested by you or the processing is unlawful (Article 18 GDPR)
  • Right to data portability, i.e. the right to receive the personal data concerning you, which you have provided us with in a structured, commonly used and machine-readable format (Article 20 GDPR)
  • Right to object for the processing of your personal data insofar as such processing is carried out based on Article 6 par. 1 lit. e. or f. GDPR (Article 21 GDPR)
  • Right to withdraw consent (Article 7 GDPR

If you have the impression that the processing of your personal data does not comply with data privacy laws, you have the right to file a complaint with a supervisory authority (Art. 77 DSGVO); a list of data privacy authorities in Germany can be found at the following link:

The supervisory authority responsible for Louisenthal is the Bavarian State Office for Data Protection Supervision (

Whistleblowing Tool

Additionally, we would like to inform you that G+D has implemented a Whistleblowing Tool (BKMS System) that is available 24/7 worldwide to enable all G+D employees and any other individuals to report potential compliance and data privacy violations. The tool can be accessed at the following link: