Privacy policy

We take data protection seriously

Protecting your privacy when processing your personal data is a top priority for us. When you visit our website, our web servers will automatically store the IP address of your Internet service provider, the website from which you visit us, the pages on our website that you visit and the date and duration of your visit. This information is essential for ensuring the technical functionality of our webpages and the secure operation of the server. No personalised evaluation of this data is carried out.

Carton Group GmbH
Berliner Str. 2
91126 Schwabach

Tel.: +49 9122 8340-0
Fax: +49 9122 8340-50

Personal data

Personal data is data about your person. This includes your name, your address and your e-mail address. You do not have to disclose any personal data to visit our website. In some cases, we need your name and address, as well as other information to be able to offer you the service you require.

The same applies if we supply you with informative material on request or if we answer your enquiries. We will always notify you in such cases. Otherwise, we store only the data that you have automatically or voluntarily submitted to us.

When you use one of our services, we normally only collect data that is necessary to provide you with our service. We may ask you for further information on a voluntary basis. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial interests.

Contacting us

When contacting us (e.g. via our contact form, by e-mail or telephone or on social media), we will process any details you may give us insofar as this is necessary to respond to your contact requests and any requested steps.

Any response to contact requests within the scope of contractual or pre-contractual relationships is made in order to fulfil our contractual obligations or to respond to (pre-)contractual requests and is otherwise based on the legitimate interests in responding to the requests.

  • Categories of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms)
  • Data subjects: Communication partner
  • Purposes of the processing: Contact requests and communication
  • Legal basis: Contract performance and pre-contractual requests (Article 6, Para. 1 (b) of the GDPR), legitimate interests (Article 6, Para. 1 (f) of the GDPR)

Automatically stored data

Server log files 

The provider of the pages automatically collects and stores information in server log files, which are automatically transmitted to us by your browser. This includes:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found etc.)
  • Web browser and operating system used
  • Full IP address of the requesting computer
  • Amount of data transferred

This data is not combined with other data sources. The processing is carried out pursuant to Article 6, Para. 1 (f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.   

For reasons of technical security, in particular to defend against attempted attacks on our web server, we will store this data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data will be anonymised by means of shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. In addition, the data will be processed anonymously for statistical purposes; it will not be compared with other data or passed on to any third parties, not even as extracts. The number of page views will be presented only as part of our server statistics, which we publish every two years in our activity report.


When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a “cookie ID”. A cookie ID is the cookie’s unique identifier. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser on which the cookie was stored. This enables the websites and servers visited to distinguish the data subject’s individual browser from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID.

Through the use of session cookies, the controller can provide the users of this website with a user-friendly service that would not be possible without the placement of cookies. If we do not have your consent, we will use only technically necessary cookies on the legal basis of legitimate interest pursuant to Article 6, Para. 1 (f) of the GDPR.


We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transferred. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our privacy policy is constantly revised. Please make sure you have the latest version.

Rights of data subjects

You have the right at any time to obtain information about, rectify, erase or restrict the processing of the personal data stored on you, the right to object to the processing of this data, as well as the right to data portability and to lodge a complaint pursuant to the requirements of data protection law.

Right to information:
You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process any personal data concerning you that is incomplete or incorrect, you can request at any time that we correct or complete this data.

Right to erasure:
You can demand that we erase your data if we process it unlawfully or if processing it disproportionately interferes with your legitimate interests of protection. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of legally regulated retention obligations.

Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided there is no legal or statutory obligation to retain data in this respect.

Right to restriction of processing:
You can ask us to restrict the processing of your data if

  • you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you oppose its erasure and request the restriction of its use instead,
  • we no longer need the data for the intended purpose, but you still require it to establish or defend legal claims, or
  • you have objected to the processing of the data.

Right to data portability:
You can request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, where:

  • we process this data based on consent given by you, which may be revoked, or for the performance of a contract between us, and
  • this processing is carried out by automated means.

Where technically feasible, you can request us to transmit your data directly to another controller.

Right to object:
If we process your data on the grounds of legitimate interest, you can object to this processing of your data at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims. You can object at any time to the processing of your data for direct marketing purposes without giving reasons.

Right to lodge a complaint:
If you are of the opinion that we are in breach of German or European data protection law when processing your data, please contact us so that we can clarify any issues. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to exercise any of these rights against us, please contact our Data Protection Officer. In case of doubt, we may request additional information to confirm your identity.

Changes to this privacy policy

We reserve the right to change our privacy policy, if this should be necessary due to new technologies. Please make sure you have the latest version. If any fundamental changes are made to this privacy policy, we will announce them on our website.

All interested parties and visitors to our website can contact us regarding data protection issues at:

Mr Fabian Fromm
Project 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg

Tel.: +49 (0)941 2986930
Fax:  +49 (0)941 29869316