We attach great importance to data protection. The collection and processing of your personal data takes place in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).
1 Responsible party
The responsible party for the collection, processing, and use of your personal data in accordance with Art. 4 No. 7 GDPR is
We Packen’s Society for Confectionery and Shipping GmbH, Bessemer Str. 14, 40699 Erkrath, Telephone: +49/2104/93775-0, Telefax: +49/2104/93775-300, Email: firstname.lastname@example.org
If you wish to object to the collection, processing, or use of your data by us in accordance with these data protection provisions as a whole or for individual measures, you can direct your objection to the responsible party.
2 Data Protection Officer
If you have any further questions or concerns regarding data protection, please contact our Data Protection Officer
Frank Lünsmann, Email: email@example.com
3 General Purposes of Processing
We use personal data for the purpose of operating the website.
4 What data we use and why
The hosting services we use serve the following purposes: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the operation of the website.
In this process, we or our hosting provider process customer, interested party, and visitor data such as inventory data, contact data, content data, contract data, usage data, meta and communication data of this website based on our legitimate interests in an efficient and secure availability of our website in accordance with Art. 6 para. 1 s. 1 f) GDPR in conjunction with Art. 28 GDPR.
4.2 Access Data
We collect information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and record data about your computer or mobile device. We collect, store, and use data on each access to our website (so-called server log files). Access data includes:
- Name and URL of the retrieved file
- Date and time of the retrieval
- Transferred data volume
- Message about successful retrieval (HTTP response code)
- Browser type and browser version
- Operating system
- Referer URL (i.e. the previously visited page)
- Websites that are accessed from the user’s system via our website
- User’s internet service provider
- IP address and the requesting provider
We use this log data without assigning it to your person or other profiling for statistical evaluations for the purpose of operating, securing, and optimizing our website, but also for anonymous collection of the number of visitors to our website (traffic), and the extent and type of use of our website and services, as well as for billing purposes, to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based content and analyze data traffic, search for and fix errors, and improve our services.
This also constitutes our legitimate interest according to Art. 6 para. 1 s. 1 f) GDPR.
We reserve the right to retrospectively check the log data if there is a legitimate suspicion of illegal use based on concrete indications. We store IP addresses for a limited period of time in the log files if this is necessary for security purposes or for the performance of the service or billing of a service, e.g. if you use one of our offers. After cancellation of the order process or after receipt of payment, we delete the IP address if it is no longer necessary for security purposes. We also store IP addresses if we have a specific suspicion of a criminal offense in connection with the use of our website. In addition, as part of your account, we store the date of your last visit (e.g. during registration, login, clicking of links, etc.).
We use so-called session cookies to optimize our website. A session cookie is a small text file that is sent by the respective servers when visiting a website and temporarily stored on your hard drive. This file itself contains a so-called session ID, which allows various requests from your browser to be assigned to the common session. This allows your computer to be recognized when you return to our website. These cookies are deleted after you close your browser. They serve, for example, to allow you to use the shopping basket function across multiple pages.
We also use a small number of persistent cookies (also small text files stored on your device), which remain on your device and allow us to recognize your browser on your next visit. These cookies are stored on your hard drive and delete themselves after the specified time. Their lifespan is 1 month to 10 years. This allows us to present our offer in a more user-friendly, effective, and secure manner and, for example, display information on the page that is specifically tailored to your interests.
Our legitimate interest in using cookies according to Art. 6 para. 1 s. 1 f) GDPR lies in making our website more user-friendly, effective, and secure.
The following data and information are stored in the cookies:
- Login information
- Language settings
- Entered search term
- Information on the number of visits to our website and use of individual functions of our website.
- When the cookie is activated, it is assigned an identification number, and no assignment of your personal data to this identification number is made. Your name, IP address, or similar data that would allow the cookie to be assigned to you are not stored in the cookie. Based on cookie technology, we only receive pseudonymized information, such as which pages of our shop were visited, which products were viewed, etc.
You can adjust your browser so that you are informed about the setting of cookies in advance and can decide on a case-by-case basis whether to accept cookies for certain cases or generally exclude them, or to completely prevent cookies. This can limit the functionality of the website.
Ihre Einstellungen zu den Cookies können Sie jederzeit hier ändern.
4.4 Data to fulfill our contractual obligations
We process personal data that we need to fulfill our contractual obligations, such as name, address, email address, ordered products, invoicing and payment data. The collection of this data is necessary for the conclusion of the contract.
The deletion of the data takes place after the expiry of the warranty periods and statutory retention periods. Data linked to a user account (see below) will be retained for the duration of this account at all times.
The legal basis for processing this data is Art. 6 para. 1 sec. 1 b) GDPR, as this data is required for us to fulfill our contractual obligations to you.
4.5 User Account
You can create a user account on our website. If you wish, we will need the personal data requested during the login process. Later, only your email or username and the password you have chosen will be needed for login.
For new registration, we collect basic data (e.g. name, address), communication data (e.g. email address) and payment data (bank details) as well as access data (username and password).
To ensure your proper registration and prevent unauthorized registration by third parties, you will receive an activation link by email after registering to activate your account. Only after successful registration do we permanently store the data you submitted in our system.
You can have a once created user account deleted by us at any time, without any costs other than the transmission costs according to the basic tariffs. A message in text form to the contact data mentioned in points 1 + 2 (e.g. email, fax, letter) is sufficient for this. We will then delete your stored personal data, unless we need to store them for processing orders or due to legal storage obligations.
The legal basis for processing this data is your consent according to Art. 6 (1) (a) GDPR.
To sign up for the newsletter, we need the personal data requested during the sign-up process. The sign-up for the newsletter is recorded. After signing up, you will receive a message at the specified email address asking you to confirm your subscription (“Double Opt-in”). This is necessary to prevent third parties from signing up with your email address.
You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter.
We store the sign-up data as long as it is needed for sending the newsletter. We store the sign-up log and the shipping address as long as there is an interest in proving the originally given consent, which is typically the statute of limitations for civil claims, i.e. maximum three years.
The legal basis for sending the newsletter is your consent according to Art. 6 para. 1 s. 1 a) in conjunction with Art. 7 GDPR in conjunction with section 7 para. 2 no. 3 UWG. The legal basis for recording the sign-up is our legitimate interest in proving that the shipment was made with your consent.
You can undo the sign-up at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form to the contact data mentioned under points 1 + 2 (e.g. email, fax, letter) is sufficient for this purpose. Of course, you will also find an unsubscribe link in every newsletter.
4.7 Product Recommendations
We regularly send you product recommendations by email, regardless of the newsletter. In this way, we provide you with information about products from our offer that you might be interested in based on your last purchases of goods or services from us. We strictly adhere to the legal requirements. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the contact details mentioned under points 1+2 (e.g. email, fax, letter) is sufficient for this. Of course, you will also find an unsubscribe link in each email.
The legal basis for this is the legal permission under Art. 6 para. 1 s. 1 f) GDPR in conjunction with § 7 para. 3 UWG.
4.8 Email Contact
If you contact us (e.g. through a contact form or email), we will process your information to handle your request and in case follow-up questions arise.
If the data processing is carried out for the performance of pre-contractual measures that are taken at your request, or if you are already our customer, for the performance of the contract, the legal basis for this data processing is Art. 6 para. 1 S. 1 b) GDPR.
We will only process further personal data if you consent to it (Art. 6 para. 1 S. 1 a) GDPR) or if we have a legitimate interest in processing your data (Art. 6 para. 1 S. 1 f) GDPR). A legitimate interest would be, for example, to respond to your email.
5 Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files stored on your computer, that allow an analysis of your website use. The information generated by the cookie about the use of this website by visitors is usually transmitted to a Google server in the USA and stored there.
This also represents our legitimate interest under Art 6(1) (f) GDPR.
Google has adhered to the Privacy Shield agreement between the European Union and the USA and has been certified. This means that Google is committed to comply with the standards and regulations of European data protection law. For more information, please see the entry linked below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
We have activated IP anonymization on this website (anonymizeIp). This means that your IP address will be shortened by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website and internet use.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by making a corresponding setting in your browser software; however, we would like to point out that in this case you may not be able to fully use all functions of this website.
In addition, you can prevent the transfer of the data generated by the cookie and related to your website use (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Alternatively to the browser plugin or within browsers on mobile devices, you can click the following link to set an opt-out cookie that will prevent future collection by Google Analytics on this website (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again): [Deactivate Google Analytics].
6 Google Maps Plugin
7 Twitter Plugin
Wir nutzen auf unserer Webseite auch Funktionen des Mikrobloggingdienstes Twitter. Betreiber von Twitter ist Twitter Inc. Die US-amerikanische Firma ist ansässig in den USA, San Francisco, CA 94103, 1355 Market St, Suite 900. Hauptfunktion von Twitter ist die “Tweet-Funktion”. Nutzen Sie diese über unsere Internetseite, findet eine Verknüpfung mit Ihrem Twitter-Account statt. Es kann zum Datenaustausch mit anderen Nutzern kommen und zur Übertragung von Daten an Twitter. Wir erhalten keine Kenntnis von dem Inhalt der an Twitter gesendeten Daten, noch werden wir über deren Nutzung in Kenntnis gesetzt. Informieren Sie sich zu diesen Fragen unter http://twitter.com/privacy. Dort finden Sie die ausführliche Datenschutzerklärung von Twitter. Weiterhin bietet Ihnen die Plattform die Möglichkeit, über http://twitter.com/account/settings Ihre Datenschutzeinstellungen selbst zu gestalten.
9 Data Retention
We only store personal data for as long as it is necessary to fulfill the purposes pursued.
In some cases, the law requires the retention of personal data, such as in tax or commercial law. In these cases, we only store the data for these legal purposes, but do not process it further and delete it after the legal retention period has expired.
10 Your rights as a data subject
Under applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by email or by post, clearly identifying yourself, to the address specified in paragraphs 1 and 2.
Below is an overview of your rights.
10.1 Right to Confirmation and Information
Sie haben das Recht auf eine übersichtliche Auskunft über die Verarbeitung Ihrer personenbezogenen Daten.
You have the right to a clear explanation about the processing of your personal data.
You have the right to receive confirmation from us at any time about whether personal data concerning you is being processed. If this is the case, you have the right to receive a free information from us about the personal data stored about you, including a copy of this data. You also have the right to the following information:
- the purposes of the processing;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
- if possible, the planned duration for which the personal data will be stored, or if this is not possible, the criteria for determining this duration;
- the existence of a right to correction or deletion of the personal data concerning you or a right to restriction of processing by the controller, or a right to object to this processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- if the personal data is not collected from you, all available information about the origin of the data;
- the existence of automated decision-making including profiling under 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved, as well as the scope and intended impact of such processing for you.
If personal data is transferred to a third country or to an international organization, you have the right to be informed about the appropriate guarantees under Art. 46 GDPR in connection with the transfer.
10.2 Right to Correction
You have the right to request correction and, if necessary, completion of personal data concerning you from us.
You have the right to request immediate correction from us of any incorrect personal data concerning you. With consideration of the purposes of the processing, you have the right to request the completion of incomplete personal data, even by means of a supplementary statement.
10.3 Right to Erasure (“Right to be Forgotten”)
In a number of cases, we are obliged to delete personal data concerning you.
You have the right under Art. 17 para. 1 GDPR to demand that we immediately delete the personal data concerning you, and we are obliged to delete personal data immediately if any of the following reasons apply:
- The personal data is no longer necessary for the purposes for which it was collected or processed in any other way.
- You revoke your consent, which the processing was based on in accordance with Art. 6 para. 1 letter a) GDPR or Art. 9 para. 2 letter a) GDPR, and there is no other legal basis for the processing.
- You object to the processing in accordance with Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Art. 21 para. 2 GDPR.
- The personal data was processed illegally.
- The deletion of personal data is necessary to fulfill a legal obligation under Union or Member State law to which we are subject.
- The personal data was collected in relation to the offered services of the information society in accordance with Art. 8 para. 1 GDPR.
If we have made the personal data public and are obliged to delete it in accordance with Art. 17 para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the cost of implementation, to inform data processing controllers who process the personal data that you have requested the deletion of all links to that personal data or copies or replications of that personal data.
10.4 Right to Restrict Processing
In certain cases, you are entitled to request that we restrict the processing of your personal data.
You have the right to request restriction of processing from us if one of the following conditions is met:
- you dispute the accuracy of the personal data, and for a duration that allows us to verify the accuracy of the personal data,
- the processing is unlawful and you reject the deletion of the personal data and instead request the restriction of use of the personal data;
- we no longer need the personal data for the purposes of processing, but you still need the data to assert, exercise or defend legal claims, or
- you have lodged an objection against processing under Article 21(1) GDPR until it has been determined whether our legitimate reasons as a company outweigh yours.
10.5 Right to Data Portability
You have the right to receive, transmit, or have transmitted your personal data in a machine-readable format.
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without obstruction by us, if
- the processing is based on consent under Art. 6 (1) 1 a) GDPR or Art. 9 (2) a) GDPR or on a contract under Art. 6 (1) 1 b) GDPR and
- the processing is carried out using automated procedures.
In exercising your right to data portability under paragraph 1, you have the right to ensure that the personal data is transmitted directly from us to another controller, to the extent that this is technically feasible.
10.6 Right to Object
You have the right to object to our lawful processing of your personal data if it is based on your specific situation and our interests in the processing do not outweigh yours.
You have the right to object, on grounds arising from your particular situation, at any time to the processing of your personal data carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or the processing is necessary for the establishment, exercise, or defense of legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling to the extent that it is related to such direct marketing.
You have the right to object, on grounds arising from your particular situation, to the processing of your personal data carried out for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task in the public interest.
10.7 Automated Decisions Including Profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you.
An automated decision-making process based on the collected personal data does not take place.
10.8 Right to revoke a data protection consent
You have the right to revoke your consent to the processing of personal data at any time.
10.9 Right to Complain to a Supervisory Authority
You have the right to file a complaint with a supervisory authority, in particular in the member state of your place of residence, place of work or the place where the alleged infringement took place, if you believe that the processing of your personal data is unlawful.
11 Data Security
We are making every effort to ensure the security of your data in accordance with applicable data protection laws and technical capabilities.
Your personal data is transmitted encrypted by us. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the internet (e.g. when communicating by email) can have security gaps. A flawless protection of the data from access by third parties is not possible.
To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we continually update to the state of the art.
Furthermore, we do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be excluded. The servers we use are regularly carefully secured.
12 Sharing of Data with Third Parties and No Data Transfer to Non-EU Countries
As a general rule, we use your personal data only within our company.
If and to the extent that we engage third parties in the performance of contracts (such as logistics service providers), these third parties will receive personal data only to the extent that the transmission is necessary for the respective performance.
In the event that we outsource certain parts of the data processing (“contract processing”), we oblige contract processors to use personal data in accordance with the requirements of data protection laws and to ensure the protection of the rights of the affected person.
A data transfer to entities or individuals outside the EU outside of the case mentioned in this statement in Section 5 does not take place and is not planned.
Wir Packen’s GmbH