Data protection

This privacy policy applies to the website

We at Beltz Grafische Betriebe GmbH, as the controller, take the protection of your personal data very seriously. We would therefore like to provide you with comprehensive information in this privacy policy about the processing and storage of personal data when you use our websites.

Responsible body

The controller responsible for processing your data is:

Beltz Grafische Betriebe GmbH
Am Fliegerhorst 8

99947 Bad Langensalza

Phone: 0049-3603-399-0
Fax: 0049-3603-399-369


Data Protection Officer

You can reach our data protection officer electronically at

or by post at:

-Data Protection Officer-

Beltz Grafische Betriebe GmbH
Am Fliegerhorst 8

99947 Bad Langensalza


For the purposes of this general information, the term:

  • Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples are contact data, communication data or billing data.
  • Person responsible is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
  • Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data
  • Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements
  • Restriction of processing is the marking of stored personal data with the aim of restricting its future processing

Changes to the privacy policy

We reserve the right to change our privacy policy if necessary and to publish it here. Please check this page regularly. The updated declaration enters into force upon publication, subject to the applicable legal provisions. If we have already collected data about you that is affected by the change and/or is subject to a legal obligation to provide information, we will also inform you about significant changes to our privacy policy.

Data processing

We collect and use the personal data of our website users only to the extent necessary to provide a functional website and our content and services. The collection and use of our users’ personal data only takes place regularly with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

The following legal bases are fundamentally relevant for the processing of your data:

  • Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.
  • In the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
  • If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR as the legal basis for processing.

As legitimate interests for processing in accordance with Art. 6 para. 1 lit. f) come into consideration in particular:

  • answering inquiries;
  • the implementation of direct marketing measures;
  • the provision of services and/or information intended for you;
  • the processing and transfer of personal data for internal or administrative purposes;
  • the efficient operation and administration of our website or parts thereof;
  • technical support for users;
  • the prevention and detection of fraud and criminal offenses;
  • protection against payment defaults when obtaining credit information for requests for deliveries and services;
  • ensuring network and data security, insofar as these interests are consistent with applicable law and with the rights and freedom of the user; and/or
  • achieving efficiency gains by bundling services in individual Group companies (in particular marketing, IT, procurement)

Plausible analytics

We use Plausible Analytics on our website. The provider is Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

With Plausible Analytics we can analyze the behavior of our website visitors. The following data in particular is collected for this purpose: Page URL, HTTP request, HTTP referrer, browser, operating system, device type and IP address. The HTTP request and IP address are stored in a hash for 24 hours; within this period, a user can be recognized if they visit the website again. It is not possible to identify the person.

If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. Unless consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in analyzing the user behavior of our website visitors as meaningfully as possible.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the data controller processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Categories of recipients

  • Service providers for website optimization, online marketing service providers and tools, service companies for information and communication technology, companies for software and device maintenance, some of which are described in more detail below
  • Social networks and communities
  • Internal recipients according to the “need to know” principle

Usage data/server log files

Each time our website is accessed, our systems automatically collect data and information from the computer system of the accessing computer.

The following types of data are collected: Browser type, version used, user’s operating system, host name, internet service provider, user’s IP address, date and time of access, websites from which the user’s system has accessed our website or which the user accesses from our website.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR with the above-mentioned legitimate interests.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. Our legitimate interest in data processing also lies in these purposes. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. We also reserve the right to check the files if there is a justified suspicion of unlawful use or a specific attack on the pages based on concrete evidence. In this case, our legitimate interest is processing for the purpose of investigating and prosecuting such attacks and unlawful use.


We offer you the opportunity to find out about current vacancies and career options in our company in our online offers and to apply for corresponding positions by email. In the course of your application, we collect the data provided by you in your cover letter and the attached documents. This regularly includes your contact details, data on your education, personal data, etc. We also collect the e-mail address you use and the time you contacted us. The data transmitted by you will be processed exclusively for the purpose of carrying out an application procedure and, if necessary, for the establishment of an employment relationship as well as for the defense of legal claims, in the course of which we use your contact data to communicate with you. If no employment relationship is established, your data will be stored for up to 6 months due to legal retention periods and for the defense of legal claims. The legal basis for the processing of your applicant data is, on the one hand, the consent declared and documented by you upon submission in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. a) and furthermore Art. 6 para. 1 lit. b) GDPR – processing for the purpose of fulfilling or establishing a contract and Art. 6 para. 1 lit f) GDPR for the defense of legal claims.

Use of cookies

We use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system when visiting a website and can be retrieved again. Cookies may contain a characteristic string of characters that enables the browser to be uniquely identified when the website or an integrated service is called up again. We use cookies to enable the operation of our website (technically necessary cookies), to make our website more user-friendly (functional cookies) and for marketing and advertising purposes (advertising cookies).

Technical cookies: Some elements of our website require that the accessing browser can be identified even after a page change. The purpose of the use is to enable the website to function at all. Examples of technically necessary cookies are the provision of a shopping cart or logging in as a registered user. The processing is therefore carried out on the basis of Art. 6 para. 1 lit. b or f GDPR.

Functional cookies: There may be functions that are not absolutely technically necessary for the operation of our website, but which considerably simplify its use, such as the adoption of language settings or font sizes, the remembering of search terms, etc. Processing is also carried out on the basis of Art. 6 para. 1 lit. b or f GDPR.

Advertising cookies: We also use cookies on some of our websites that enable an analysis of the user’s surfing behavior. In this way, for example: search terms entered in search engines, frequency of page views, use of website functions, and information about the operating system and browser etc. are transmitted. The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given their consent – e.g. by selecting this in a cookie opt-in banner – otherwise Art. 6 para. 1 lit. f GDPR in conjunction with EC 47. If third-party services are integrated, processing by them is governed by their respective data protection provisions, which are mentioned and/or linked below.

General statements on web beacons / tracking pixels

Web beacons are invisible graphics with the size of a pixel. These are used by partner companies, in particular for the purpose of tracking a user via various web pages to create a profile for use in advertising tailored to the user (targeting). A pixel integrated into the webpage is loaded from the partner’s server when the webpage is called up. This provides the partner with your IP address, as well as information about your browser and its version, browser plug-ins used (browser fingerprint), your operating system and your network operator. For the integration of external services through web beacons / tracking pixels or other scripts, the information for advertising cookies applies accordingly.

Contact form and e-mail contact

There is a contact form on our website which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are: Name, address, e-mail address, telephone number, etc. Not all of them are mandatory. The following data is also stored at the time the message is sent: The IP address, date and time. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.

The legal basis for the processing is:

  • For the receipt of the data on the basis of the sending of the contact form as consent acc. Art. 6 para. 1 lit. a i.V.m. Art. 5 (expectable processing) GDPR or alternatively on the basis of the legitimate interest in responding to your contact request in accordance with Art. 6 para. 1 lit. f GDPR.
  • For the processing of data transmitted in the course of sending an e-mail, Art. 6 para. 1 lit. f GDPR with the above-mentioned legitimate interests.
  • If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
  • Beltz Grafische Betriebe GmbH is a wholly owned subsidiary of Beltz Rübelmann Holding GmbH & Co KG. Other companies under the umbrella of Beltz Rübelmann Holding are:
  • Julius Beltz GmbH & Co KG
  • Campus Verlag GmbH
  • Beltz Bookstore GmbH

Your personal data may be transmitted to companies of Beltz Rübelmann Holding GmbH & Co. KG if they are more suitable to answer your inquiry.

Julius Beltz GmbH & Co. KG is responsible for joint processing with the above-mentioned companies. Julius Beltz GmbH & Co KG is responsible for processing requests for information, rectification, erasure or restriction, as well as handling data portability and processing objections.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended and there is no reason for further storage. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. There may be retention periods under commercial and tax law.

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

Content from external providers

Some of our websites incorporate third-party content, such as videos from YouTube, maps from Google Maps, images, texts and multimedia files, RSS feeds or other services from other websites. This always requires your IP address to be transmitted to the providers of this content. We cannot make any statement about the use of your data by these providers and also have no influence on further processing. In particular, not whether the data is used for other purposes, such as profiling. Please refer to the relevant data protection notices of the respective third-party providers.
You can protect yourself against further tracking by tracking pixels from these providers by deactivating the acceptance of third-party cookies in your browser settings.
The legal basis for the transfer of personal data when integrating third-party providers is, if the user has given consent to this – e.g. by making a selection in a cookie opt-in banner – Art. 6 para. 1 lit. a GDPR, otherwise Art. 6 para. 1 lit. f GDPR in conjunction with. EC 47.

Use of SalesViewer® technology

On our websites, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer® technology of SalesViewer® GmbH on the basis of the legitimate interests of the website operator (Art. 6 para. 1 lit. f GDPR). For this purpose, a javascript-based code is used to collect and use company-related data. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and not used to personally identify the visitor to this website.

You can object to the collection and storage of data at any time with effect for the future by clicking the button after this paragraph to prevent the collection by SalesViewer® within this website in the future. An opt-out cookie for this website is stored on your device. If you delete your cookies in this browser, you must click this link again.

Google Web Fonts

External fonts, Google Fonts, are used on our websites. We use this tool to make our website visually appealing. Google Web Fonts is a service provided by Google Ltd (“Google”), which enables us to access Google’s font library. In order for the fonts we use to be integrated, your web browser must connect to a Google server in the USA and download the required font. Google thereby receives the information that our website has been accessed from the IP address of your device.

The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR constitutes. If your browser does not support web fonts, a standard font will be used by your computer.

Further information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Tel: +353 1 543 1000, Fax: +353 1 686 5660 E-Mail:

Further information on Google Web Fonts can be found at and in Google’s privacy policy:

Reference to your rights

You have the right,

  • to request confirmation from us as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
  • to demand the release of the data concerning you in the restrictions of Art. 20 GDPR in a common electronic, machine-readable data format. This also includes the transfer (as far as possible) to another person directly named by you.
  • to demand that we correct your data if it is incorrect, inaccurate and/or incomplete. Correction also includes completion by means of declarations or notification.
  • to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds listed in Art. 17 GDPR applies. Unfortunately, we are not permitted to delete data that is subject to a statutory retention period. If you do not want us to collect data from you or contact you again, we will save your contact details on a blacklist.
  • to revoke any consent you have given with effect for the future without any disadvantages for you.
  • to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR is met.
  • to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
  • without prejudice to any other administrative or judicial remedy, and if you consider that the processing of personal data relating to you infringes the GDPR, to lodge a complaint with
    • our data protection officer: or by post (see legal notice)
    • to a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. The following supervisory authority is responsible for us: Thuringian State Commissioner for Data Protection and Freedom of Information, P.O. Box 900455, 99107 Erfurt, Germany
      : 0361/573112900 , Mail:

If you have any questions or comments on data protection (e.g. on information and updating your personal data), please contact us at the following e-mail address or by post (see imprint) under the keyword “Data protection”.

Deletion of your data

Unless otherwise regulated in the more detailed data protection declarations, we will delete your personal data when the contractual relationship with you has ended, you have exercised your right to deletion, all mutual claims have been fulfilled and there are no other statutory retention obligations or legal justifications for storage. Retention periods under commercial law for financially relevant data are generally up to 10 years. We may retain data for as long as necessary to protect ourselves from claims that may be made against us. These periods can be up to 30 years.


You can subscribe to a free newsletter with advertising content on our website. Our newsletters contain information about our services, promotions, events, competitions, job offers and articles. Newsletters, on the other hand, do not include messages without advertising information that are sent as part of our contractual or other business relationship. This includes, for example, sending service emails with technical information and queries about orders, events, competition notifications or similar messages. When you register for the newsletter, the data from the input screen is transmitted to us. In addition, the IP address of the accessing computer and the time of access are collected. Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.

No data is passed on to third parties in connection with the data processing for sending newsletters. The data will be used exclusively for sending the newsletter. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR and for the dispatch of the newsletter as a result of the sale of goods pursuant to Art. § 7 para. 3 UWG or Art. 6 para. 1 lit. f. (Dispatch on the basis of our legitimate business interest).

The purpose of collecting the user’s e-mail address is to deliver the newsletter. The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, you will find a corresponding link in every newsletter. This also constitutes a revocation of consent for the newsletter mailing.

A statistical evaluation of the reading behavior only takes place to the extent that it can be determined whether the recipients have opened the newsletter and clicked on the links. However, this is a function that we only use to check user activity and make the necessary optimizations. For this purpose, the newsletter contains a so-called “web-beacon”, a pixel-sized file that is retrieved from our server when the newsletter is opened. This web beacon can be personalized so that personal data is collected. Clicks are tracked via personalized links to the respective website. If personalized data is collected, the legal basis is Art. 6 para. 1 lit. a GDPR.

Privacy policy for whistleblowing

When an internal or external whistleblower reports an irregular act in the company, this is referred to as “whistleblowing”. This confidential report may concern indications and well-founded suspicions of actual or potential violations that have either already been committed or are very likely to occur. A whistleblower system therefore offers the opportunity to uncover potential violations.

“The EU Whistleblower Directive (Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law) aims to protect persons who report breaches. In addition, persons who are the subject of a report or disclosure and other persons affected by a report or disclosure are protected. For Germany, the requirements are defined in the HinSchG. This results in a legal obligation to introduce a whistleblower procedure (so-called “internal reporting office”)

In the event of suspected violations of the law, unethical behavior or other misconduct, the whistleblower reporting office/portal is at your disposal. Our employees, customers, suppliers and business partners can use these to report suspected or actual violations.

Such violations include, for example:

  • Fraud, theft, embezzlement
  • Bribery/corruption
  • Offenses relating to the Supplier Due Diligence Act or Supply Chain Act
  • Violations of antitrust law
  • Violation of data protection or IT security guidelines
  • Product safety
  • Violations of environmental protection requirements
  • Conflicts of interest
  • Sexual harassment, discrimination, violations of personal integrity

Procedure for reporting suspected cases

If you are convinced that the actions of one or more employees constitute misconduct, you should always report these concerns to your line manager. If you have a legitimate reason for feeling uneasy about clarifying this with your superior or fear negative consequences for yourself, such as reprisals, unfair treatment or dismissal, you can also contact your superior. The works council committee is also available to you as a contact point.

Use of the whistleblower portal

The safest way to send a message is to open the following address in the browser of your private device: .
This portal guarantees independent and anonymous processing of the reported transactions.

If the whistleblower has personal interests in the matter raised, they should disclose this from the outset.

Shared responsibility for joint reporting office for group of companies

The reporting office is operated under joint responsibility with other affiliated companies in accordance with Art. 26 GDPR.
The participating companies have concluded an agreement in accordance with Art. 26 GDPR, which is available on request.

Participating affiliated companies are:

  • Beltz Rübelmann Holding GmbH & Co KG
  • Beltz Publishing Group – Julius Beltz GmbH & Co. KG
  • Beltz Grafische Betriebe GmbH

False information

The Company will treat all reports of misconduct seriously and protect individuals who raise complaints in good faith. However, disciplinary or legal action can be taken against whistleblowers who provide false information. The Whistleblower Protection Act explicitly excludes protection of the identity of the whistleblower in the case of false information or even defamation. In such cases, the malicious whistleblower is even obliged to compensate the damage (Section 38 HinSchG).

Dealing with notices

Incoming reports are processed according to a standardized and fair process. All information received is treated in strict confidence, and reports can be submitted anonymously if desired, whereby anonymity is also guaranteed in the further course of the process.

You will receive notification of receipt and acknowledgement of your report within 7 days. You can rely on the information being handled discreetly and confidentially. You will be informed of the information from the investigation process and corresponding follow-up measures no later than 3 months after your report.

The Whistleblower Protection Act includes protection against disadvantages through the provision of information. The whistleblower therefore does not have to fear any negative consequences. If violations of German law are reported, the law protects the whistleblower from any negative consequences. In addition, the whistleblower is not liable for any damage caused by the discovery of the infringement.

Protecting the identity of the whistleblower is the top priority of the Whistleblower Protection Act. This is ensured by the option of confidential reporting. The identity of the whistleblower will only be disclosed with the whistleblower’s consent. An exception is made in the case of judicial or official investigations. Here, the whistleblower is informed before his identity is disclosed.

Processed data, purposes of processing and legal bases

The processing of personal data includes

  • the data on the whistleblower (if not reported anonymously), if applicable on the accused and other persons involved (e.g. witnesses)
  • Other data depending on the content of the message (data in the message)
  • Furthermore, the associated data processed as part of internal investigations.

The purposes of the processing are the investigation and, if necessary, the proof of violations of applicable law and/or internal instructions as well as the defense of the company against legal claims and any official investigations and proceedings by documenting the processing, procedures and investigations.

The legal bases are

  • essentially the legal obligation to process in accordance with Art. 6 para. 1 lit. C GDPR in conjunction with. §10ff. HinSchGinsofar as it relates to the content of messages
  • In addition, Art. 6 para. 1 lit. a GDPR, insofar as data is provided voluntarily and without necessity or data is processed on the basis of consent.
    Consent can be revoked at any time with effect from the time of revocation.
  • alternatively also Art. 6 para. 1 lit f GDPR as a legitimate interest if it affects any conflicting interests, for example for documentation in the company to avoid liability or to defend against unjustified legal claims or to defend oneself in any legal proceedings.

Recipient (categories)

The reporting office is operated by an external service provider, which in turn uses a cloud-based whistleblowing and communication platform.
Furthermore, data is passed on to the relevant internal departments within the company or group of companies in accordance with the HinSchG.
Other recipients may include other external service providers, such as legal service providers and/or forensic experts and, depending on the circumstances, consultants.

Other notes

The data subject rights mentioned in the parent page of the privacy policy apply.

A transfer to third countries is not intended.

Deletion of data

All data related to the report/case will be stored in accordance with. §11 para. 5 HinSchG 3 years after conclusion of the proceedings, unless there are other legal grounds for retaining the case for longer.
This could be the case if there are longer retention periods due to commercial or tax regulations.