Privacy Statement

Effective from 01.05.2025

1. Basic information on data processing and legal foundation

This Privacy Policy sets out to clarify the nature, scope and purpose of the processing of personal information within our online offering and the related websites, features and content (collectively referred to as “online offer” or “website”). The privacy policy applies regardless of the domains, systems, platforms, and devices (for example, desktop or mobile) on which the online offering is viewed.

Regarding the terms used, such as “Personal data” or their “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

The personal data of the users processed in the context of this online offer includes existing data (eg, names and addresses of customers), contract data (eg, services used, names of contacts in our company, payment information), usage data (eg, the visited websites of our online offer, interest in our products) and content data (eg, entries in the contact form).

The term “user” covers all categories of persons affected by data processing. These include our business partners, customers, suppliers, interested parties and other visitors to our online offer. The terms used, such as “Users” are to be understood gender-neutral.

We process personal data of users only in compliance with the relevant data protection regulations. This means that users’ data will only be processed if it is permitted by law. That is, especially the case if the data processing is for the provision of our contractual services (e.g. processing of orders) as well as for the provision of online services such as the search function or when required by law, rsp. when the consent of the user exists, as well as based on our legitimate interests (i.e. interest in the analysis, optimization and efficient operation and security of our online offer in the sense of Art. 6 para. 1 lit. f. GDPR, in particular with the search function, range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of third-party services).

Please note that the legal basis for consents is Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the data processing for the performance of our services and the performance of contractual measures is Art. 6 para. 1 lit. b. GDPR. the legal basis for processing in order to fulfill our legal obligations is Art. 6 para. 1 lit. c. GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6 para. 1 lit. f. GDPR.

Our guidelines regarding the data of children: Our offer is not aimed at children under the age of eighteen. If you become aware that an underage child has shared information with us without the written permission of the parent or guardian, please notify us immediately.

This Privacy Policy applies to the processing of personal data of individuals located in the European Union in accordance with Article 3(2) of the General Data Protection Regulation (GDPR), even though the data controller is based outside the EU.

2. Use of personal data

The use of our site is possible without entering personal data. However, there may be instances where personal data is required, as explained below. Your personal data (such as name, address, email, telephone number, etc.) will only be processed in accordance with the applicable legal regulations, including the General Data Protection Regulation (GDPR).

Data Controller:

• Company Name: Smarter Food Concepts GmbH
• Registered Address: Pestalozzistr. 13, 80469 München
• Email:

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These security measures are continuously reviewed and updated to align with current industry standards and legal requirements.

Specific Security Measures:

• Data Encryption: We use SSL/TLS  to secure data transmission between users and our servers.
• Access Controls: Access to personal data is restricted to authorized personnel only, based on role-based permissions.
• Data Storage & Backup: Personal data is stored on on-premises servers, with regular backups in place.
• Incident Response Plan: In the event of a data breach, we will notify affected individuals and the relevant EU data protection authority in compliance with Articles 33 & 34 GDPR, where required.

Contact for Security Concerns:

If you suspect unauthorized access to your personal data or have security-related concerns, please contact us at:

Email:

3. Provision of contractual services

We process database data (e.g., names and addresses as well as contact information of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. Art. 6 para. 1 lit b. GDPR.

Users have the option of creating a user account, in particular to enable viewing their orders. As part of the registration, the necessary mandatory information will be communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, in so far as their retention is not required for commercial law or tax law reasons according to Art. 6 para. 1 lit. c GDPR. It is the responsibility of the users to save their data upon termination prior to the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.

As part of the registration and later logins as well as the use of our online services, the IP address and the time of the respective user action will be saved. The storage is based on our legitimate interests, as well as the user’s interests in protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with Art. 6 para. 1 lit. c GDPR.

We process usage data (e.g. the visited web pages of our online offering, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile to provide users e.g. with product information based on previously used services.

4. Server Log Files

To ensure the security, stability, and optimization of our website, we collect and store certain data in server log files based on our legitimate interests under Article 6(1)(f) GDPR.

Data Collected:

When you visit our website, the following data may be automatically recorded:

• Date and time of access
• Accessed page or file name
• Amount of data transferred
• Browser type and version
• Operating system
• Referrer URL (previously visited page)
• IP address (anonymized)
• Requesting internet service provider

Purpose of Data Collection:

• Ensuring website functionality and troubleshooting errors
• Preventing misuse or cyberattacks
• Analyzing website performance for optimization

Data Retention & Anonymization:

Log data is stored for 90 days before being deleted or anonymized, unless longer retention is required for security investigations or legal obligations.

How We Protect This Data:

• IP addresses are stored securely with access restricted to authorized personell only upon collection.
• Logs are not combined with other user data or used for profiling.
• Logs are stored on on-premise servers.

Contact for Log Data Inquiries:

If you have any questions about how we process log data, you may contact us at:

Email:

5. Registration Function

We offer you the possibility to register on our website. The data entered during registration, which can be seen in the entry fields of the registration form, namely

Name, postal address, e-mail address, telephone, language setting, company address, VAT ID or GST, newsletter setting, account type, affiliate indication

are collected and stored exclusively for the use of our offer. When registering on our site, we will also save your IP address and the date and time of your registration. This serves as security on our part in the event that a third party misuses your data and registers with this data on our site without your knowledge. There is no transfer to third parties. Matching of the collected data with data that may be collected by other components of our site is also not carried out.

6. Contacts Options

On our site, we offer you the possibility of contacting us by e-mail. In this case, the information provided by the user is stored for the purpose of processing his contact in accordance with Art. 6 Abs. 1 lit. b. GDPR. In this case there is no transfer of data to third parties. Matching of the collected data with data that may be collected by other components of our site does also not take place.

7. Use of Cookies and Measurement of Reach

We use cookies and similar tracking technologies to enhance user experience, analyze website traffic, and support advertising efforts. The use of cookies is based on user consent under Article 6(1)(a) GDPR and the ePrivacy Directive (2002/58/EC).

Types of Cookies We Use

We categorize cookies as follows:

1. Essential Cookies – Required for basic website functionality, such as enabling navigation and ensuring security. These cookies do not require consent.
2. Analytics & Performance Cookies – Help us analyze website usage and optimize performance. These cookies require user consent.
3. Functionality Cookies – Allow website personalization based on user preferences (e.g., language selection, account settings). These cookies require user consent.
4. Advertising & Tracking Cookies – Used for targeted ads and retargeting marketing campaigns. These cookies require user consent.

Managing Cookie Preferences

Upon your first visit, a cookie consent banner will appear, allowing you to accept or reject non-essential cookies. You may also adjust your preferences at any time by:

• Visiting our Cookie Settings page
• Adjusting browser settings to block cookies
• Opting out via third-party services:
  • EU opt-out: http://www.youronlinechoices.com/
  • Global opt-out: http://optout.networkadvertising.org/

Third-Party Cookies & Data Transfers

Some cookies are placed by third-party services (e.g., Google, Facebook, LinkedIn). These providers may process your data outside the EU/EEA, and we ensure compliance through Standard Contractual Clauses (SCCs) or equivalent safeguards.

Contact for Cookie-Related Inquiries:

If you have questions regarding our cookie policy, please contact:

Email:

8. User profiles

Personal user profiles are not created. § 15 para. 3 of the German Teleservices ACT (TMG), however, allows the use of user profiles under a pseudonym for the purpose of advertising, market research and the appropriate design of offers, provided the user does not object to this. With the technologies of the providers, data is collected and stored on our website. From this data, usage profiles for marketing and optimization purposes are created under a pseudonym. Cookies may be used. Your usage behaviour can be measured via a JavaScript code and data collected in this way can be transmitted directly to the provider’s server in the EU via an HTML connection.

The data collected with the tracking technologies is not used to personally identify you without you having separately consented to this. The collected data are also not combined with personal data about the bearer of the pseudonym. Cross-site analysis is also not performed. If you want to disable tracking technically, you can deactivate JavaScript and cookies in your web browser. In addition, you may object to the collection and storage of data at any time with effect for the future. Please contact us at to notify us of your objection to these services.

9. Data Transfers to Third Countries

Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, for contractual purposes based on Art. 6 (1) (b) GDPR or on the basis of legitimate interests in the economic and effective operation of our business pursuant to Art. 6 (1) (f) GDPR.

If we use subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.

If content, tools, or other resources from other providers (hereinafter collectively referred to as “third-party providers”) are used within the scope of this privacy policy and their headquarters are located in a third country, it can be assumed that data will be transferred to the third-party providers’ countries of residence. Third countries are understood to be countries in which the GDPR is not directly applicable law, i.e., generally countries outside the EU or the European Economic Area. Data is transferred to third countries either if there is an adequate level of data protection, user consent or other legal permission.

10. Google Analytics and Marketing Services

We use Google Analytics and other Google Marketing Services to analyze website usage, optimize performance, and deliver targeted advertisements. These services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Legal Basis for Processing

• Google Analytics is used only with your consent under Article 6(1)(a) GDPR.
• Data collected may be transferred outside the EEA, and we ensure compliance through Standard Contractual Clauses (SCCs).

How Google Analytics Works

Google Analytics uses cookies to track website interactions, including:

• Pages visited
• Time spent on the website
• IP address (anonymized)
• Browser type and device information

IP Anonymization is enabled to prevent full IP addresses from being stored by Google.

Managing Your Preferences

You can control or opt out of Google Analytics tracking by:

• Adjusting cookie settings on our website
• Installing the Google Opt-Out Browser Add-on: https://tools.google.com/dlpage/gaoptout
• Configuring your Google Ads settings: https://adssettings.google.com

For more details, see Google’s Privacy Policy: https://policies.google.com/privacy

Contact for Analytics Inquiries:

Email:

11. User Rights & Objection

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Your Rights Under GDPR

1. Right to Access (Article 15 GDPR) – You can request a copy of the personal data we hold about you.
2. Right to Rectification (Article 16 GDPR) – You can ask us to correct or update inaccurate or incomplete data.
3. Right to Erasure (“Right to be Forgotten”) (Article 17 GDPR) – You may request deletion of your data under certain conditions, such as when it is no longer necessary for the purposes for which it was collected.
4. Right to Restrict Processing (Article 18 GDPR) – You can request that we limit the processing of your data in certain situations.
5. Right to Data Portability (Article 20 GDPR) – You can request to receive your personal data in a structured, commonly used, and machine-readable format and request its transfer to another service provider.
6. Right to Object (Article 21 GDPR) – You can object to the processing of your personal data, particularly for direct marketing purposes.
7. Right to Withdraw Consent (Article 7(3) GDPR) – Where we rely on your consent for processing, you can withdraw it at any time without affecting the lawfulness of prior processing.
8. Right to Lodge a Complaint (Article 77 GDPR) – If you believe your rights have been violated, you may lodge a complaint with a supervisory authority in the EU/EEA.

Exercising Your Rights

To exercise any of your rights, please contact:

Data Protection Contact:

Email:

If you are an EU/EEA resident, you also have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU DPAs can be found here:

https://edpb.europa.eu/about-edpb/board/members_en

12. Deletion of Data

We delete or anonymize personal data as soon as it is no longer required for the purposes for which it was collected unless retention is required by law.

Data Retention Periods

We store personal data for the following durations:

If personal data must be retained for legal compliance (e.g., tax, accounting), processing will be restricted and data will no longer be used for other purposes.

How Data is Deleted

• Digital data: Securely erased from our servers.
• Backups: Deleted as per our backup retention policy (1 week).
• Paper records (if any): Shredded and securely disposed of.

Requesting Data Deletion

To request deletion of your personal data, contact us at:

Data Protection Contact:

Email:

According to legal requirements such storage takes place for 10 years.

13. Right of Objection

Users may object to the processing of their personal data in accordance with legal provisions at any time. Such objection may in particular be made against processing for direct marketing purposes.

14. Changes to the privacy policy

We reserve the right to change the privacy policy in order to adapt it to changed legal requirements, or to changes to our service and data processing. However, this only applies to declarations related to data processing. If users’ consent is required or elements of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

Users are requested to inform themselves regularly about the content of the privacy policy.