Privacy Policy


Website Privacy Policy

Graphic Packaging International Europe UK Holdings Limited and its affiliates (Graphic Packaging International Europe UK Limited, Graphic Packaging International France S.A., Graphic Packaging International Bremen GmbH, Graphic Packaging International Spain S.A., Graphic Packaging International Cartons Santander S.A., Graphic Packaging International Europe Cartons B.V., Graphic Packaging International Limited, Graphic Packaging International Bardon Limited, Graphic Packaging International Gateshead Limited, Graphic Packaging International Foodservice Europe Ltd, Graphic Packaging International Distribution Limited, Graphic Packaging International Box Holdings Limited, Graphic Packaging International Europe Netherlands B.V., Graphic Packaging International Europe Spain Holding S.L., Graphic Packaging International S.p.A, Graphic Packaging International Europe Netherlands Holdings B.V., Graphic Packaging International Europe N.V., Graphic Packaging International Europe Holdings BV) (“GPI”, “We”, “Us”) believe it is important that you understand how GPI collects, stores, shares and uses information from and about our website visitors, customers and vendors. We adhere to this policy, our cookie policy and other legal notices listed on this website www.graphicpackagingeurope.com (“Website”), in respect of our collection, use and disclosure of personal and non-personal data collected through the Website or in the course of our business activities conducted elsewhere. This policy does not apply to the information collected, stored, shared, or distributed by third-party sites. This policy may be updated from time to time.

Please read this policy carefully. By visiting our Website, you acknowledge the practices described in this policy, subject to those circumstances where your specific consent is requested.

For the purposes of applicable data protection law, GPI is the controller of any personal data collected from you on the Website or otherwise for the purpose of conducting or developing our business with you.

Information We Collect Automatically

When you visit our Website, our server automatically collects certain browser or device generated information, which may in some cases constitute personal data, including but not limited to:

  • your domain;
  • your IP address;
  • your date, time and duration of your visit;
  • your browser type;
  • your operating system;
  • your page visits;
  • information from third parties;
  • other information about your computer or device;
  • Internet traffic.

We do not use this automatically collected information to try to identify you by name, and we do not associate it with the information you provide voluntarily, as detailed below.

Information You Provide

In order to access or use certain portions of the Website or enjoy the full functionality of the Website, or otherwise in conducting business with us or seeking to conduct business with us, you may be prompted to provide certain personal data to us in the following ways:

  • by filling in forms (for example, a ‘Contact Us’ form) on our Website or at a trade show or anywhere else we conduct business;
  • by downloading documentation from our Website;
  • by subscribing to newsletters or other communications;
  • by corresponding with us by phone, e-mail or otherwise using our contact details; or
  • by applying for a job, work placement or internship in relation to which you should also refer to the specific privacy notices made available to you during the recruitment process.

Typically, the personal data you give us may include name, business affiliation, business address, telephone number, and email address, and any personal details required to resolve any enquiries or complaints. Where you are applying for a job, work placement or internship, you will be asked to provide certain additional information, for example about your education, employment history and right to work, pursuant to a specific privacy notice for job candidates.

This information may be required to enter into an employment contract with you or provide services at your request, and failure to provide any information may result in our inability to provide requested services or products, or consider your application for employment.

Cookies

Our Website uses cookies. More information about our use of cookies can be found in our cookie policy.

Use of Personal Data

The following is an overview of our purposes for using your personal data. Additional details on how we process your personal data may be provided to you in a separate notice or contract.

All processing (i.e. use) of your personal data is justified by a “condition” for processing. In the majority of cases, processing will be justified on the basis that:

  • the processing is necessary to perform a contract with you or take steps to enter into a contract at your request, such as providing requested services;
  • the processing is necessary for us to comply with a relevant legal obligation, such as accounting for our sales of products;
  • the processing is in our legitimate interests, subject to your interests and fundamental rights, and notably our legitimate interest in using supplier, customer and Website user data to conduct and develop our business activities with them and with others, such as by sending updates to customers about products they have purchased, or asking customers to respond to product surveys; or
  • you have consented to the processing, for those rare situations where we may rely on your consent to justify our processing of your personal data.

We use the personal data we collect to:

  • conduct and develop our business with you and with others;
  • process, evaluate and complete certain transactions involving the Website, and more generally transactions involving GPI’s products and services;
  • operate, evaluate, maintain, improve and develop the Website (including by monitoring and analyzing trends, access to, and use of the Website for advertising and marketing;
  • engage you about events, promotions, the Website and GPI’s products and services;
  • provide you with documentation or communications which you have requested;
  • correspond with users to resolve their queries or complaints;
  • support and manage a recruitment, work placement or internship process, including considering applications and making offers;
  • provide you with any services or products you request;
  • send you marketing communications, where it is lawful for us to do so;
  • protect and ensure safety of the Website, GPI confidential and proprietary information, and GPI employees;
  • manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or laws or regulations.

GPI will not sell or rent your personal data to third parties.

Disclosure of Personal Data

We are part of the global Graphic Packaging International, LLC group, and from time to time it will be necessary to share your personal data with our affiliated businesses. We may also appoint third party service providers (who will operate under our instructions) to assist us in providing information, products or services to you, in conducting and managing our business, or in managing and improving our products, services or the Website. GPI may share your personal data with these affiliates and third parties to perform services that the third parties have been engaged by GPI to perform on GPI’s behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or it believes that the disclosure will further an investigation of suspected or actual illegal activities.

If your personal data is transferred outside the EU to other GPI group companies in the U.S. or to third party service providers, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements, using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU – US Privacy Shield. For transfers to other GPI group companies in the United States (a country that has not received a decision from the European Commission determining that the United States provides adequate protection to personal data), we have put in place European Commission approved Standard Contractual Clauses, which protect personal data transferred between GPI entities. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU by contacting GDPR-Privacy@graphicpkg.com.

We may share your personal data with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case personal data held by us about our users may be one of the transferred assets.

Children

The Website is not for use by children under the age of 16 years and GPI does not intend to collect, store, share or use the personal data of children under 16 years. If you are under the age of 16 years, please do not provide any personal data, even if prompted by the Website to do so. If you are under the age of 16 years and you have provided personal data, please ask your parent(s) or guardian(s) to notify GPI and GPI will delete all such personal data.

Marketing emails

Where lawful to do so, and subject to your consent where required, we may communicate with you by email to tell you about our products and services. If you wish to opt-out of receiving marketing communications, please use the ‘unsubscribe’ link provided in our emails, or otherwise contact us directly and we will stop sending you communications.

Security

GPI aims to safeguard and protect your personal data from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and GPI utilizes and maintains certain reasonable processes, systems, and technologies to do so. However, you acknowledge that no transmission over the Internet is completely secure or error-free, and that these processes, systems, and technologies utilized and maintained by GPI are subject to compromise. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control.

Retention of your Personal Data

We apply a general rule of keeping personal data only for as long as required to fulfil the purposes for which it was collected. However, in some circumstances we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by legal process, legal authority or other governmental entity having the authority to make the request, for so long as required. In specific circumstances, we may also retain your personal data for longer periods of time corresponding to a statute of limitation so that we have an accurate record of your dealings with us in the event of any complaints or challenges.

External Links

The Website may contain links to third party sites. Since GPI does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third party sites. This policy applies solely to personal data collected by our Websites or in the course of our business activities.

Your rights

Subject to applicable law, you may have some or all of the following rights in respect of your personal data:

  • to obtain a copy of your personal data together with information about how and on what basis that personal data is processed;
  • to rectify inaccurate personal data (including the right to have incomplete personal data completed);
  • to erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);
  • to restrict processing of your personal data where:
    • the accuracy of the personal data is contested;
    • the processing is unlawful but you object to the erasure of the personal data;
    • we no longer require the personal data but it is still required by you for the establishment, exercise or defense of a legal claim;
    • you have objected to processing on the basis of our legitimate interests;
    • to port your data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you;
    • to withdraw your consent to our processing of your personal data (where that processing is based on your consent);
    • to obtain, or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization.

In addition to the above rights, you have the right to object, on grounds relating to your particular situation, at any time to any processing of your personal data which we have justified on the basis of a legitimate interest (as opposed to your consent, or to perform a contract with you). You also have the right to object at any time to any processing of your personal data for direct marketing purposes.

In relation to all of these rights, please contact us using the details given below. Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.

Contact information

If you have any questions in relation to this policy or you wish to exercise any of your rights, please contact us at: GDPR-Privacy@graphicpkg.com