PETER / LACKE Logo_250px

PETER / LACKE is a customer focused medium-sized corporate group with more than 100 years of experience in development and production of high quality coating systems across all sectors like Automotive, Electronics, Lifestyle and Glass. Our success is based on a direct and professional communication with the operator and a global network with locations and partners in many countries worldwide.

Follow us
Back to top

Data Protection

  /  Data Protection



Privacy policy

1. Introduction

By providing the following information, we would like to give you as a ‘data subject’ an overview of our how we process your personal data and your rights under data protection legislation. You can, in principle, use our website without entering personal data. However, if you would like to use our company’s special services through our website, personal data processing could become necessary. We generally obtain your consent if personal data processing is necessary and there is no legal basis for such processing.

Personal data – such as your name, postal address or email address – is always processed pursuant to the General Data Protection Regulation (GDPR). By way of this privacy policy, we would like to inform you of the scope and purpose of the personal data that we collect, use and process.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transfer may generally be exposed to security vulnerabilities, so absolute protection cannot be guaranteed. This is why you are free to transfer personal data to us by alternative means, e.g. over the phone or by post.


2. Responsibility

The responsible company under the terms of the GDPR is:

Peter-Lacke GmbH

Herforder Strasse 80, 32120 Hiddenhausen, Germany

Phone: +49 5221 96250

Fax: +49 5221 962599



General management representatives: David N. Peter, Tim-Erik Mayer


3. Data Protection Officer

You can reach our Data Protection Officer as follows:

Thomas Otten

Phone: +49 5221 87292 08

Fax: +49 5221 87292 49


You can contact our Data Protection Officer directly at any time with any and all questions and suggestions you have relating to data protection.


4. Definitions

The privacy policy is based on the terms used by the European legislative and regulatory authority when adopting the EU General Data Protection Regulation (‘GDPR’). Our privacy policy should be easy to read and understand for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this privacy policy:

4.1 Personal data

Personal data means all information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4.2 Data subject

Data subject means any identified or identifiable natural person whose personal data is used by the controller (our company) for processing purposes.

4.3 Processing

Processing means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4.4 Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

4.5 Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

4.6 Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

4.7 Processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

4.8 Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular enquiry pursuant to Union or member state law shall not be regarded as a recipient.

4.9 Third parties

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

4.10 Consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes given by the data subject, by which they, by a statement or by a clear affirmative action, signify their agreement to the processing of personal data relating to them.


5. Legal basis of processing

Art. 6 (1) (a) of the GDPR is our company’s legal basis for processing operations where we obtain consent for a specific processing purpose.

If personal data processing is necessary for the performance of a contract that you are a party to, as is the case e.g. with processing operations that are necessary for the delivery of goods or the provision of any other service or consideration, processing is based on Art. 6 (1) (b) of the GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, e.g. in the case of enquiries about our products or services.

If our company is subject to a legal obligation through which personal data processing becomes necessary, e.g. for the fulfilment of tax obligations, processing is based on Art. 6 (1) (c) of the GDPR.

In rare cases, processing might be necessary to protect the vital interests of the data subject or of another natural person. This would be the case if e.g. a visitor were to be injured on our premises and, as a result, their name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Then, the legal basis for processing would be Art. 6 (1) (d) of the GDPR.

Finally, processing operations could be based on Art. 6 (1) (f) of the GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to protect a legitimate interest of our company or a third party, provided that the data subject’s interests, fundamental rights and fundamental freedoms do not take precedence. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (recital 47, sentence 2 of the GDPR).


6. Technology

6.1 SSL / TLS encryption

This site uses SSL or TLS encryption to guarantee the security of data processing operations and to protect the transmission of confidential content such as purchase orders, login credentials or contact requests that you send us as the operator. An encrypted connection is recognisable by the fact that the browser’s address bar reads ‘https://’ instead of ‘http://’ and the fact that a padlock icon appears in your browser bar.

We use this technology to protect your transmitted data.

6.2 Data collection during visits to the website

When you are merely using our website for information purposes, i.e. if you do not register or otherwise transfer information to us, we only collect data that your browser transfers to our server (in what are known as ‘server log files’). Our website collects a series of general data and information each time you or an automated system access(es) a page. This general data and information is stored in the server’s log files. The following may be recorded:

  1. The browser types and versions used;
  2. The operating system used by the accessing system;
  3. The web page that an accessing system arrives at our website from (the ‘referrer page’);
  4. The sub-pages that are accessed on our website by an accessing system;
  5. The date and time of website access;
  6. An Internet Protocol (IP) address;
  7. The accessing system’s internet service provider.

We do not draw any conclusions about you as a person when using this general data and information. Rather, this information is needed to:

  1. Deliver the contents of our website correctly;
  2. Optimise the contents of our website and advertising for the same;
  3. Ensure that our IT systems and our website technology remains fully functional; and
  4. Provide law enforcement authorities with necessary information in the event of a cyber attack.

So we will only use the data and information collected for statistical purposes, with the aim of increasing our company’s data protection and data security so we can ultimately ensure an optimum level of protection for the personal data we process. The data in the server log files is stored separately from any personal data provided by a data subject.

The legal basis for data processing is Art. 6 (1), sentence 1, (f) of the GDPR. Our legitimate interest results from the data collection purposes listed above.


7. Data transfer to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal data with third parties if:

  1. You have given your express consent pursuant to Art. 6 (1), sentence 1, (a) of the GDPR;
  2. Disclosure pursuant to Art. 6 (1), sentence 1, (f) of the GDPR is permissible to preserve our legitimate interests, and there is no reason to believe that you have an overriding legitimate interest in your data not being disclosed;
  3. If there is a legal obligation for disclosure pursuant to Art. 6 (1), sentence 1, (c) of the GDPR;
  4. Doing so is permissible by law, and is necessary pursuant to Art. 6 (1), sentence 1, (b) of the GDPR for processing contractual relationships with the user.

8. Cookies

8.1 General information about cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

Resulting information in connection with the specific terminal device used is stored in the cookie. This does not mean, however, that we thereby gain direct knowledge of your identity.

The use of cookies firstly helps to make using our website more pleasant for you. We use what are known as ‘session cookies’ to identify that you have already visited individual pages of our website. These are automatically deleted once you leave our site.

We also use temporary cookies to optimise user-friendliness; these cookies are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already accessed our website and the entries and settings you made are remembered so you don’t have to enter them again.

On the other hand, we use cookies to record statistics about how our website is used and evaluate them for the purposes of optimising it for you. These cookies enable us to automatically recognise that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time.

8.2 Legal basis for the use of cookies

The data processed by cookies, which are required for the website to work properly, is therefore necessary to protect our legitimate interests, as well as those of third parties, pursuant to Art. 6 (1), sentence 1, (f) of the GDPR.

For all other cookies, you will have given your consent to this effect under Art. 6 (1) (a) of the GDPR by means of our opt-in cookie banner.


9. Contents of our website

9.2 Data processing for contract processing purposes

Pursuant to Art 6 (1) (b) of the GDPR, personal data will be collected and processed if you share it with us for the purpose of performing a contract. Your customer account can be deleted at any time by sending a message to the controller’s address mentioned above. We save and use the data you share with us for contract processing purposes. Once the contract has been processed in full or your customer account has been deleted, your data will be blocked taking the retention periods set out in tax and commercial law into account and deleted once these periods have elapsed, unless you have expressly consented to further use of your data or our site reserved the right to legally permissible and further data use, which we provide you with corresponding information about below.

9.3 Data processing for order processing purposes

The personal data we collect is passed on to the transport companies tasked with delivery in the context of contract processing, provided that doing so is necessary for delivery of the goods. We will pass your payment details on to the commissioned credit institute in the context of payment processing, provided that doing so is necessary for the same. If payment service providers are used, we will explicitly inform you to this effect below. The legal basis for data transfer in this regard is Art. 6 (1) (b) of the GDPR.

9.4 Contact / contact form

Personal data is collected in the context of contact with us (e.g. using the contact form or by email). Please see the contact form in question to find out what data is collected from a contact form. This data is only saved and used for the purpose of responding to your enquiry or for making contact and performing the associated technical administrative tasks. The legal basis for data processing is our legitimate interest in responding to your enquiry pursuant to Art. 6 (1) (f) of the GDPR. If you have contacted us with the aim of concluding a contract, Art. 6 (1) (c) of the GDPR forms an additional legal basis. Your data will be deleted once your enquiry has been conclusively processed; this is the case if the circumstances indicate that the situation concerned has been conclusively clarified and if there are no legal retention obligations to the contrary.

9.5 Application management / job board

We collect and process applicants’ personal data for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, e.g. by email or using an online form on the website. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the legal regulations. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after the applicant has been notified of the rejection decision, provided that we have no other legitimate interests opposing deletion. Other legitimate interest in this sense is e.g. a duty to provide evidence in proceedings under the German General Act on Equal Treatment (AGG).

In this respect, data processing is carried out based on our legitimate interest pursuant to Art. 6 (1) (f) of the GDPR.


10. Sending newsletters

10.1 Sending newsletters to existing customers

If you provided us with your email address when purchasing goods or services, we reserve the right to regularly email you offers relating to goods or services that are similar to the ones you have already bought from our range. We do not have to obtain any separate consent from you for this pursuant to Section 7 (3) of the German Act against Unfair Competition. In this respect, data processing is carried out only based on our legitimate interest in personalised direct marketing pursuant to Art 6 (1) (f) of the GDPR. If you objected to the use of your email address for this purpose at the beginning, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller mentioned at the start of this privacy policy. You will only incur transmission costs according to the basic rates for this. We immediately stop using your email address for advertising purposes following receipt of your objection.

10.2 Advertising newsletter

You are given the opportunity on our website to subscribe to our company newsletter. The personal data transmitted to us when ordering the newsletter is generated by the input screen used for this purpose.

We regularly inform our customers and business partners of our offers by means of a newsletter. You can generally only receive our company’s newsletter if:


  1. You have a valid email address; and
  2. You have registered to receive the newsletter.

For legal reasons, a confirmation email will be sent to the email address you first entered to receive the newsletter as part of the double opt-in procedure. This confirmation email is used to verify that you, as the owner of the email address, have authorised receipt of the newsletter.

When you sign up for the newsletter, we also store the IP address of the IT system you are using (as assigned by your internet service provider (ISP)) at the time of registration, as well as the date and time of registration. This data collection operation is necessary so we can trace (potential) misuse of your email address at a later date and therefore provides us with legal protection.

The personal data collected in the context of signing up for the newsletter will be used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by email if this is necessary for running the newsletter service or a related registration, as could be the case in the event of changes to the newsletter service or changes to the technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. You can cancel the subscription to our newsletter at any time. You can revoke the consent to our storage of personal data that you have given us for the purpose of sending the newsletter at any time. You will find an unsubscribe link in each newsletter that you can use to revoke your consent. Furthermore, you can unsubscribe from the newsletter at any time directly on our website or inform us of this in another way.

The legal basis for data processing for the purpose of sending the newsletter is Art 6 (1) (a) of the GDPR.


11. Our activities in social networks

We have a presence on social media with our own pages so we can also communicate with you in social networks and inform you of our services.

We are not the original provider (controller) of these sites; we only use them in the context of the opportunities that the providers in question offer us.

So, as a precautionary measure, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore entail data protection risks for you, since it may be more difficult to protect your rights, e.g. of access, to erasure, to object, etc., and processing in the social networks often takes place directly for advertising purposes or for the providers’ analysis of user behaviour, where we are unable to influence this. If the provider creates usage profiles, they often use cookies or directly assign usage behaviour to your own social network member profile (if you are logged in).

These processing operations are carried out exclusively when explicit consent is granted pursuant to Art. 6 (1) (a) of the GDPR.

Since we do not have access to the providers’ databases, we would like to point out that it is best to assert your rights (e.g. of access, to rectification, to erasure, etc.) directly with the provider in question. We have listed details below of the relevant providers of the social networks we use to provide more information about how your data is processed in the social networks and what opportunities you have to assert your right to object or of revocation (‘opt-out’):

11.1 Facebook

The data processing controller in Europe is:

Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (data policy):

Opt-out and advertising preferences:

11.2 YouTube

Data processing controller:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy:

Opt-out and advertising preferences:

11.3 LinkedIn

The data processing controller in Europe is:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy policy:

Opt-out and advertising preferences:

11.4 Twitter

The data processing controller in Europe is:

Twitter International Company, 1 Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Privacy policy:

Information about your data:

Opt-out and advertising preferences:


Mit dem Laden des Tweets akzeptieren Sie die Datenschutzerklärung von Twitter.
Mehr erfahren

Inhalt laden

11.5 XING

The data processing controller in Germany is:

XING AG, Dammtorstrasse 29–32, 20354 Hamburg, Germany

Privacy policy:

Information requests for XING members:


12. Plugins and other services

12.1 Google Maps

We use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website. Google Maps is a web service for displaying interactive (land) maps to visually represent geographic information. Using this service means that e.g. our location can be shown to you and potential travel to our premises can be made easier.

Even when you access those pages that the Google Maps map is integrated in, information about your use of our website (such as your IP address) is sent to and stored on Google servers in the USA. This is done regardless of whether Google provides a user account that you are logged into, or whether such a user account does not exist. If you are logged into Google, your data will be assigned directly to your account. If you do not want this information to be assigned to your Google profile, you must log out from your Google user account. Google saves your data (even for users who are not logged in) as usage profiles and evaluates the same.

These processing operations are carried out exclusively when explicit consent is granted pursuant to Art. 6 (1) (a) of the GDPR.

You have a right to object to the creation of such user profiles; you must contact Google to exercise this right.

If you do not agree to your data being transferred to Google in future in the context of using Google Maps, you can also fully disable the Google Maps web service by disabling the JavaScript application in your browser. You will then be unable to use Google Maps and therefore the map screen on this website.

You can view Google’s terms of use at; you will find additional terms of use for Google Maps at

You will find detailed information about data protection in connection with using Google Maps on Google’s website (‘Google Privacy Policy’):

12.2 Google Fonts

Our website uses ‘web fonts’ provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to display fonts in a uniform way. When a page is accessed, your browser loads the required web fonts in your browser cache to display texts and font types correctly.

The browser you use must establish a connection to Google’s servers for this purpose. Google thereby receives information that our website has been accessed using your IP address. Google web fonts are used in the interest of displaying our website in a uniform and appealing way.

These processing operations are carried out exclusively when explicit consent is granted pursuant to Art. 6 (1) (a) of the GDPR.

You can find more information about Google Fonts at and in Google’s privacy policy:

12.3 YouTube (videos)

We have integrated YouTube components on this website. YouTube is an online video portal that allows video publishers to post video clips for free and other users to view, rate and comment on them (also for free). YouTube allows the publication of all kinds of videos, which is why complete film and television programmes, as well as music videos, trailers or videos made by users themselves, can be accessed using the online portal.

The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Each time you access one of the individual pages of this website operated by us and that a YouTube component (YouTube video) has been integrated on, the internet browser on your IT system is automatically prompted by the YouTube component in question to download a representation of the corresponding YouTube component from YouTube. You can find more information about YouTube at In the context of this technical procedure, YouTube and Google receive information about which specific sub-page of our website you are visiting.

If the data subject is logged into YouTube at the same time, YouTube recognises which specific sub-page of our website you are visiting when you access a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google always receive information through the YouTube component that you have visited our website if you are logged into YouTube at the same time as accessing our website; this takes place regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent transmission by logging out of your YouTube account before accessing our website.

These processing operations are carried out exclusively when explicit consent is granted pursuant to Art. 6 (1) (a) of the GDPR.

The privacy policy published by YouTube, which is available at, provides information about how YouTube and Google collect, process and use personal data.


13. Your rights as a data subject

13.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

13.2 Right of access (Art. 15 of the GDPR)

You have the right to obtain from us, at any time and free of charge, information about the personal data stored about you, as well as a copy of this data pursuant to the statutory provisions.

13.3 Right to rectification (Art. 16 of the GDPR)

You have the right to request that incorrect personal data concerning you be rectified. You also have the right to request that incomplete personal data be completed, taking the purposes of processing into account.

13.4 Right to erasure (Art. 17 of the GDPR)

You have the right to request that we delete the personal data concerning you without delay, provided that one of the reasons provided for by law applies and insofar as processing or further storage is not necessary.

13.5 Right to restriction of processing (Art. 18 of the GDPR)

You have the right to obtain restriction of processing where one of the statutory prerequisites applies.

13.6 Right to data portability (Art. 20 of the GDPR)

You have the right to receive in a structured, commonly used and machine-readable format the personal data concerning you that you provided to us. You also have the right to transfer this data to another controller without any hindrance from us, to whom the personal data was provided, provided that processing is based on consent pursuant to Article 6 (1) (a) of the GDPR or Art. 9 (2) (a) of the GDPR or on a contract pursuant to Art. 6 (1) (b) of the GDPR and processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 (1) of the GDPR, you have the right to request that the personal data be transferred directly from one controller to another, to the extent that doing so is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

13.7 Right to object (Art. 21 of the GDPR)

You have the right on grounds resulting from your particular situation to object at any time to the processing of personal data concerning you based on Art. 6 (1) (e) of the GDPR (data processing in the public interest) or (f) (data processing based on balancing of interests).

This also applies to profiling based on these provisions under Art. 4 (4) of the GDPR.

If you file an objection, we will no longer process your personal data unless we can demonstrate compelling and legitimate grounds for processing that outweigh your interests, rights and freedoms, or if processing serves to assert, exercise or defend legal claims.

In individual cases, we process personal data to carry out direct marketing activities. You can object to personal data processing for the purposes of such advertising at any time. This includes profiling to the extent that it is related to such direct marketing. If you object to us processing your data for the purposes of direct marketing, we shall no longer use your personal data for these purposes.

Where we process personal data for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) of the GDPR, you also have the right on grounds relating to your particular situation to object to personal data processing, unless such processing is necessary for the performance of a task carried out for reasons of public interest.

Notwithstanding Directive 2002/58/EC, you are free in connection with the use of information society services to exercise your right of objection by automated means where technical specifications are used.

13.8 Revocation of consent under data protection legislation

You have the right to revoke consent granted concerning personal data processing at any time with effect for the future.

13.9 Right to lodge complaints with a supervisory authority

You have the right to lodge complaints about our personal data processing operations to a competent data protection supervisory authority.


14. Routine storage, erasure and blocking of personal data

We process and store your personal data only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the legal provisions that our company is subject to.

If the purpose of storage no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted pursuant to the statutory provisions.


15. Duration of personal data storage

The criterion for the duration of personal data storage is the respective legal retention period. Once the period has elapsed, the corresponding data is routinely deleted if it is no longer required to fulfil or initiate the contract.


16. Up-to-dateness and modification of the privacy policy

This privacy policy is currently valid and was last updated in February 2021.

It may be necessary to modify this privacy policy due to the further development of our website and offers, or based on modified legal or official requirements. You can access and print out the current privacy policy from ‘’ at any time.


Concept & realization


Internet agency / advertising agency
Minden – Lübbecke | Osnabrück | Essen