Privacy Policy
This is a courtesy translation of our German-language privacy policy. In case of any discrepancy, the German version is legally binding.
Last updated: July 2026
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
SWT Media & Software GmbH
Nürnberger Str. 7
15738 Zeuthen
Germany
Email: info@garan-label.com
We have not appointed a company data protection officer, as the statutory requirements for doing so (Section 38 BDSG) are not met.
2. General information on data processing
2.1 Scope of processing of personal data
We process personal data of our users only to the extent necessary to provide a functioning website and our content and services. The processing of our users' personal data generally takes place only with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by legal provisions.
2.2 Legal bases of processing
Where we obtain the consent of the data subject for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis.
For the processing of personal data required to perform a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Where processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, Art. 6(1)(f) GDPR serves as the legal basis for the processing.
2.3 Erasure of data and storage period
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage may continue beyond this if provided for by statutory retention periods.
3. Provision of the website and creation of log files
3.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- IP address of the requesting device
- Date and time of access
- Name and URL of the file accessed
- Website from which access was made (referrer URL)
- Browser used and, where applicable, the operating system of the device as well as the name of the access provider
The data is stored in the log files of our hosting provider. This data is not stored together with other personal data of the user.
3.2 Hosting
Our website is hosted by the following provider:
Profihost AG
Expo Plaza 1
30539 Hannover
Germany
The hosting provider collects the data listed above, which your browser automatically transmits, in so-called log files. Data processing takes place on the basis of our legitimate interest in the secure and efficient provision of our online offering (Art. 6(1)(f) GDPR). A data processing agreement pursuant to Art. 28 GDPR has been concluded with the hosting provider.
3.3 Legal basis
The legal basis for the temporary storage of the data and the log files is Art. 6(1)(f) GDPR.
3.4 Storage period
The data is erased as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended, or the log files are automatically deleted after a period customary in the industry at the latest.
4. Use of cookies and consent management (CCM19)
4.1 Cookies in general
Our website uses cookies. Cookies are text files that are stored on the user's computer system by the internet browser. Technically necessary cookies are used on the basis of Art. 6(1)(f) GDPR to ensure the functionality of the website. All other cookies (in particular analytics and marketing cookies) are only used if you have previously given consent via our consent management tool (Art. 6(1)(a) GDPR).
4.2 Consent management with CCM19
To obtain, manage, and document user consent, we use the cookie consent tool CCM19, a product of:
Papoo Software & Media GmbH
Auguststraße 4
53229 Bonn
Germany
When our website is accessed, it is first checked whether the user's consent is already present or has already been given. If this is not the case, all scripts and cookies that are not technically mandatory (e.g. Google Tag Manager, Google Analytics) are blocked until the user makes a corresponding selection via the displayed consent banner. The respective services are only loaded after consent has been given.
CCM19 stores the scope of the consent given or refused, the time of consent, and a pseudonymised identifier (typically in the form of a cookie or stored locally in the browser) in order to be able to match the consent to the user on a repeat visit. The legal basis for the use of CCM19 is Art. 6(1)(c) GDPR in conjunction with Section 25(1) TTDSG, as we are legally obliged to document consent given, as well as Art. 6(1)(f) GDPR with regard to our legitimate interest in legally compliant and demonstrable consent management.
You can revoke or adjust your consent at any time with effect for the future via the cookie settings integrated into our website.
5. Google Tag Manager
We use Google Tag Manager, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Tag Manager is a solution that allows us to manage so-called website tags (e.g. Google Analytics) through one interface. The Tag Manager itself, which implements the tags, does not process any personal data of users and does not itself set any cookies. It merely triggers other tags, which may in turn collect data; this is addressed separately in the respective sections of this privacy policy.
Google Tag Manager is only loaded on our site after corresponding consent has been given via CCM19, unless it is used exclusively to control technically necessary tags.
6. Google Analytics 4
6.1 Description and scope of data processing
On our website, and only after prior consent via CCM19, we use Google Analytics 4, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies or comparable technologies that enable an analysis of your use of our website. The information generated by the cookie about your use of this website is generally transferred to and stored on a Google server in the EU or the USA.
We use Google Analytics 4 to evaluate usage and interaction data (e.g. pages visited, time spent, approximate location, device used) and to make our website more user-friendly. Google Analytics 4 generally processes IP addresses in shortened form or not in a form that allows identification of individuals for reporting purposes; according to Google, the IP address is not stored in full.
6.2 Legal basis
The legal basis for the use of Google Analytics 4 is your consent pursuant to Art. 6(1)(a) GDPR, given via our consent banner (CCM19). Google Analytics is not loaded without your consent.
6.3 Transfer to third countries
Google also processes data in the USA. The European Commission has determined, by way of its adequacy decision on the EU-US Data Privacy Framework, that an adequate level of data protection exists for US companies certified under this framework. Google LLC states that it is certified under the EU-US Data Privacy Framework.
6.4 Right to object
You can revoke your consent at any time with effect for the future via our cookie settings (CCM19). You can also prevent data collection by Google Analytics by installing the browser add-on provided by Google to disable Google Analytics: https://tools.google.com/dlpage/gaoptout .
Further information on how Google Analytics handles user data can be found in Google's privacy policy: https://policies.google.com/privacy .
7. Brevo (CRM, transactional emails, and newsletter)
7.1 Provider
We use the service Brevo for sending transactional emails, for our customer/contact management (CRM), and for sending our newsletter. Brevo is a product of:
Brevo SAS
7 rue de Madrid
75008 Paris
France
A data processing agreement pursuant to Art. 28 GDPR is in place with Brevo. Data processing takes place within the EU.
7.2 CRM / contact management
We use Brevo as a CRM system to manage customer and prospect contacts (e.g. name, email address, company affiliation, communication history). Processing takes place for the initiation, performance, and handling of contractual relationships (Art. 6(1)(b) GDPR) and, in the case of prospects without an existing contractual relationship, on the basis of our legitimate interest in efficient customer management and communication (Art. 6(1)(f) GDPR).
7.3 Transactional emails
We also use Brevo to send system-related emails connected with the use of our platform (e.g. invoices, account confirmations, notices about your user account). The legal basis for this is Art. 6(1)(b) GDPR, as sending these emails is necessary to perform the contract in place with you.
7.4 Newsletter
If you have signed up for our newsletter, we use your email address and, where applicable, your name, to regularly send you information about our products and services. Registration uses the double opt-in procedure: after signing up, you will receive a confirmation email that you must use to confirm your registration. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR.
For analysis purposes, Brevo may record, when sending newsletters, whether and when an email was opened and which links contained in the email were clicked. This evaluation is used to tailor the newsletter and its content to the interests of our recipients and is likewise based on your consent (Art. 6(1)(a) GDPR).
7.5 Withdrawal
You can withdraw your consent to receive the newsletter at any time by using the unsubscribe link contained in every newsletter email, or by contacting us informally by email at info@garan-label.com. The lawfulness of processing carried out prior to the withdrawal remains unaffected. After unsubscribing, your email address will be deleted or placed on a block list to prevent future mailings, unless another legal basis (e.g. an existing contractual relationship) applies.
Further information on how Brevo handles user data can be found in Brevo's privacy policy: https://www.brevo.com/legal/privacypolicy/ .
8. Rights of the data subject
If personal data about you is processed, you have the following rights against the controller:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent given (Art. 7(3) GDPR), without affecting the lawfulness of processing carried out prior to the withdrawal
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
The supervisory authority responsible for us is:
Landesbeauftragter für den Datenschutz und für das Recht auf
Akteneinsicht Brandenburg (LDA Brandenburg)
Stahnsdorfer Damm 77
14532 Kleinmachnow
Germany
9. Changes to this privacy policy
We reserve the right to amend this privacy policy to ensure that it always complies with current legal requirements, or to implement changes to our services in the privacy policy. The version current at the time of your next visit will apply.