Data Protection

We welcome your visit to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable provisions of law governing the protection of personal data, especially the EU General Data Protection Regulation (EU GDPR) and the country-specific implementing laws applicable to us. This Privacy (Data Protection) Policy is intended to provide you with full information regarding TUPACK’s processing of your personal data and the rights to which you are entitled.

Personal data is information that enables a natural person to be identified. Such information includes name, date of birth, address, telephone number, e-mail address but also IP address. Data is anonymous if the user cannot be personally identified.

1     Controller for data processing purposes

TUPACK Verpackungen GesmbH.
Warneckestraße 5
1110 Wien
Tel: +43 664 80760 0
Fax: +43 1 7693937

Contact information for the Data Protection Officer:

2         Your rights as a data subject

As a data subject, you have the following rights under Art. 15-22 of the EU GDPR (General Data Protection Regulation):

The right of access (to your own personal data) (Art. 15 GDPR)
The right of rectification (Art. 16 GDPR)
The right of erasure (Art. 17 GDPR)
The right to restrict processing (Art. 18 GDPR),
The right of data portability (Art. 20 GDPR)
The right to object to processing (Art. 21 GDPR)

To assert these rights, please utilize the contact information provided above. The same applies if you have questions regarding data processing in our company. You also have the right to file a complaint with your data protection supervisory authority.

Kindly acknowledge that TUPACK and MARETO mutually operate a whistleblower system pursuant to the HinweisgeberInnenschutzgesetz (Austrian Whistleblower Protection Act / WPA). In alignment with the WPA, this may give rise to possible exceptions from the right of information and/or granted to data subjects under the GDPR. These exceptions may apply where compliance with our obligations towards any data subject, as defined in Article 14 GDPR, would otherwise severely impair the purpose of processing personal data in accordance with the WPA or make its attainment impossible as a whole. This purpose includes the (i) protection of the identity of whistleblowers and its supporters, thereby granting protection against retaliation by any person concerned and/or executive or supervisory bodies as well as (ii) the purpose of the WPA at large.

3         Purpose and legal basis for data processing activities

3.1      Website

When you visit our website, your browser transfers certain data to our webserver for technical reasons. The following data is transferred:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Operating system and its access status/HTTP status code
  • Volume of data transferred
  • Website from which the request comes (referrer URL)
  • Browser, language and browser software version

The data is only stored in personally identifiable form temporarily (for a maximum of 24 hours). Then the IP addresses are anonymized.

3.2      Cookies

Our websites use so-called cookies in various places. Their purpose is to make our offerings more user-friendly, effective and secure. Cookies are small text files, which are placed on your computer and stored by your browser (locally on your hard drive).

These cookies enable us to analyze how users use our websites, so we can design the content of our websites to meet visitors’ needs. In addition, the cookies enable us to measure the effectiveness of a particular advertisement and, for example, place it to reflect the user’s topical interests.

Most of the cookies we use are so-called session-cookies, which are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer when their period of validity ends (generally in six months) or if you delete them yourself before the expiration of the period of validity.

Most web browsers accept cookies automatically. You can generally change the settings on your browser if you prefer not to send the information. In that case, you will still be able to use the offerings on our website without restriction (exception: configurators).

Cookies are stored on the user’s computer and sent to our website by the computer. Therefore, as a user, you have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings on your Internet browser. Moreover, you can delete cookies that have already been placed, at any time, with your Internet browser or other software program. This is possible with all commonly used Internet browsers.

3.3      External services and content on our website

3.3.1  Google Analytics

We store data regarding the individual accesses of our website for statistical purposes to improve the quality of our offerings and our website. The website utilizes Google Analytics for this purpose, a web analysis service provided by Google Inc. (“Google”). This use is based on our legitimate interests (i.e. our interest in the analysis, optimization and cost-effective operation of our online offerings) within the meaning of Art. 6 (1) Sentence 1 lit. f GDPR. Google Analytics uses so-called cookies, text files that are stored on your computer to enable the analysis of your use of the website. The information about your use of the website generated by the cookie, such as

  • browser type/version,
  • operating system used,
  • referrer URL (the site visited previously),
  • host name of the accessing computer (IP address), and
  • time of server request,

is generally transmitted to a Google server in the USA and stored there. The IP address transmitted to Google Analytics by your browser is not amalgamated with other Google data. In addition, on this website, we have expanded Google Analytics by adding the “anonymizeIP” code. This guarantees that your IP address is masked, so that all data is collected anonymously. The full IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases. On behalf of the operator of this website, Google utilizes this information to evaluate your use of the website in order to compile reports on website activities and provide additional services associated with website and Internet use for the website operator. You can prevent the storage of cookies with an appropriate setting in your browser software. However, we must advise you that, in this case, you may not be able to make full use of all the functions of this website. Moreover, you can prevent Google’s collection of the data on your use of the website generated by the cookie (including your IP address) and Google’s processing of this data by downloading and installing the browser plugin available at this link: As an alternative to the browser add-on, particularly for browsers on mobile terminals, you can also prevent the collection of data by Google Analytics by clicking on the following link: Tracking by Google Analytics on this website is ACTIVATED. Click here to deactivate tracking:

The user’s personal data is deleted or anonymized after 14 months. In addition, Google is also certified under the Privacy Shield Agreement and thereby warrants that it will comply with European data protection laws ( ).

3.3.2  Google Tag Manager

This website uses Google Tag Manager. This service allows website tags to be managed via an interface. The Tool Tag Manager itself (which implements the tags) is a cookieless domain. This means that no cookies are used, and no personal data is collected. The Google Tag Manager triggers other tags, which, in turn, collect data, if necessary. However, the Google Tag Manager does not access this data. If there is a deactivation at the domain- or cookie-level, it will persist for all tracking tags implemented with Google Tag Manager.

Additional information is available at

4         Disclosure of data to third parties and processors

Data is only disclosed to third parties within the scope of the law. We only disclose the user’s data to third parties when this is necessary, e.g., for contractual purposes under Art. 6 (1) lit. b) GDPR or based on our legitimate interests in the economical and effective operation of our business under Art. 6 (1) lit. f) GDPR.

We utilize subcontractors for job processing under Art. 28 GDPR to provide our services, particularly for our public Internet presence. We have taken suitable legal precautions and appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal provisions. We collaborate with the following processors or categories of processors:

Reichl und Partner eMarketing GmbH
Reichl und Partner eMarketing is generally entitled to employ other subcontractors as processors to process personal data.

Internex GmbH
Processor and hosting partner of Reichl und Partner eMarketing GmbH

5         Changes to this Privacy (Data Protection) Policy

We reserve the right to change this Privacy (Data Protection) Policy to adapt it to changes in legal conditions or to changes in services and data processing activities. However, this only applies to statements regarding data processing. To the extent that the consent of the user is necessary, or components of the Privacy (Data Protection) Policy contain provisions of the contractual relationship with the user, the change can only be made with the consent of the user.

Please check the content of this Privacy (Data Protection) Policy on a regular basis.