1. basic information on data processing and legal basis.
With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (DSGVO).
The personal data of users processed within the scope of this online offer includes inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the web pages visited on our online offer, interest in our products) and content data (e.g. entries in the contact form).
The term “user” includes all categories of data subjects. They include our business partners, customers, suppliers, interested parties and other visitors to our online offer. The terms used, such as “user”, are to be understood as gender-neutral.
We process users’ personal data only in compliance with the relevant data protection regulations. This means that the users’ data is only processed if a legal permission exists, i.e., in particular if the data processing is necessary or legally required for the provision of our contractual services (e.g., processing of orders) as well as for online services such as the search, if a consent of the users exists, or if the data processing is carried out due to our legitimate interests (i.e., interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO, in particular in search, reach measurement, profiling for advertising and marketing purposes, and collection of access data and use of third-party services).
We point out that the legal basis for the consents is Art. 6 para. 1 lit. a. and Art. 7 DSGVO, the legal basis for the processing for the performance of our services and implementation of contractual measures is Art. 6 para. 1 lit. b. DSGVO, the legal basis for processing to fulfill our legal obligations Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing to protect our legitimate interests Art. 6 para. 1 lit. f. DSGVO is.
Our policies regarding children’s data: Our offer is not aimed at children under the age of sixteen. If you learn that a minor child is sharing information without written permission from the parent or guardian, notify us immediately.
2. Use of personal data
The use of our site is possible without providing personal data. However, there may be deviating regulations, which are explained separately below. Your personal data (e.g. name, address, e-mail, telephone number, etc.) will only be processed by us in accordance with the applicable legal provisions. Data are personal if they can or could be clearly assigned to a specific natural person. In this respect, the following regulations inform you about the type, scope and purpose of the collection, use and processing of personal data by the provider
Smarter Food Concepts GmbH, Pestalozzistr. 13, 80469 Munich, Germany
Management: Cornelius Stockmair, Robert Walters
Registered at the registry court: Munich HRB 198323
Phone: +49 (0)89 / 2000 213 – 0
3. security measures
We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
The security measures include in particular the encrypted transmission of data between your browser and our server.
We point out that the Internet-based data transmission has security gaps, a complete protection against access by third parties is therefore impossible.
4. provision of contractual services
We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. DSGVO.
Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, the required mandatory information is provided to users. The user accounts are not public and cannot be indexed by search engines. If users have cancelled their user account, their data with regard to the user account will be deleted, unless their storage is necessary for reasons of commercial or tax law in accordance with Art. 6 para. 1 lit. c DSGVO. It is the responsibility of the users to save their data in the event of termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against abuse and other unauthorized use. In principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.
We process usage data (e.g. the web pages visited on our website, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile, e.g. to display product information to users based on the services they have used to date.
5. server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us, on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO data .
These are: Name of the retrieved website, file, date and time of retrieval, amount of data transmitted, notification of successful retrieval, browser type and version, operating system of the user, referrer URL (the previously visited page), IP address and the requesting provider.
This data cannot be assigned to specific persons. A combination of this data with other data sources is not made. We use the log data only for statistical analysis for the purpose of operation, security and optimization of the offer; we reserve the right, however, to review this data subsequently if we become aware of specific indications of unlawful use.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
6. registration function
We offer you the opportunity to register on our site. The data entered during registration, which can be seen from the input mask of the registration form, namely.
name, postal address, e-mail address, telephone, language setting, company address, VAT ID, newsletter setting
are collected and stored exclusively for the use of our offer. With your registration on our site, we will also store your IP address and the date and time of your registration. This serves as a safeguard for us in the event that a third party misuses your data and registers on our site with this data without your knowledge. Your data will not be passed on to third parties. A comparison of the data collected in this way with data that may be collected by other components of our site also does not take place.
7. contact possibility
On our website, we offer you the opportunity to contact us by e-mail and/or via a contact form. In this case, the information provided by the user will be processed for the purpose of processing his contact in accordance with Art. 6 para. 1 lit. b) DSGVO. In this case, the data will not be passed on to third parties. A comparison of the data collected in this way with data that may be collected by other components of our site also does not take place.
8. comments and contributions
When users leave comments on the blog or other contributions, their IP addresses are stored on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO stored for 7 days . This is done for the security of the provider, in case someone writes illegal content in comments and posts (insults, prohibited political propaganda, etc.). In this case, the provider itself can be prosecuted for the comment or post and is therefore interested in the identity of the author.
With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Newsletter content: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission.
If you would like to receive our newsletter, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected. Optionally, we ask you to provide a name for the purpose of personal address in the newsletter. This data will only be used for sending the newsletter and will not be passed on to third parties.
Double-Opt-In and logging: The registration for our newsletter takes place in a so-called double-opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address.
Shipping service provider: The shipping is carried out by ourselves without the use of a shipping service provider.
Statistical collection and analyses – The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is not our intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The performance of statistical surveys and analyses as well as logging of the registration process are carried out on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users.
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the link provided for this purpose in the newsletter. At the same time, your consent to the statistical analyses will expire.
Cookies are data records that are sent from the web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. We mostly use “session cookies”, which are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status and thus the use of our online offer at all). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close the browser, for example.
In some cases, however, these cookies are stored for later retrieval in order to recognize you automatically. This recognition is based on the IP address stored in the cookies. The information obtained in this way is used to optimize our offers and to provide you with easier access to our site.
You yourself determine whether cookies can be collected by setting your browser in such a way that you are informed before a cookie is stored and storage only takes place if you expressly accept this. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent.
11. user profiles
Personal user profiles are not created. § However, Section 15 (3) of the German Telemedia Act (TMG) permits the use of user profiles under a pseudonym for the purposes of advertising, market research and demand-oriented design of offers, provided the user does not object to this:
We also use web analysis services on our websites provided by In Media Advertising GmbH, which performs the web analysis for us. In doing so, all requirements of German and European data protection law are met.
The data collected with the tracking technologies will not be used to identify you personally without your separate consent. The collected data will also not be merged with personal data about the bearer of the pseudonym. A cross-website analysis is also not carried out.
12. disclosure of data to third parties and third-party providers
Data is only passed on to third parties within the framework of legal requirements. We only pass on users’ data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b) DSGVO for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO in the economic and effective operation of our business.
If we use subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal provisions.
If content, tools or other means from other providers (hereinafter collectively referred to as “third party providers”) are used within the scope of this data protection declaration and their registered office is located in a third country, it is to be assumed that a data transfer to the third party providers’ countries of domicile takes place. Third countries are countries in which the GDPR is not directly applicable law, i.e. basically countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an adequate level of data protection, user consent or otherwise legal permission.
13 Google Analytics
This offer uses Google Analytics, a web analytics service provided by Google Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on users’ computers, to help the website analyze how users use the site. The information generated by the cookie about the use of this website by the users is usually transmitted to a Google server in the USA and stored there.
In the event that IP anonymization is activated on this website, however, Google will truncate the user’s IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information for the purpose of evaluating the use of the website by users, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. Users can prevent the storage of cookies by selecting the appropriate settings on their browser software. However, this offer informs users that in this case they may not be able to use all functions of this website to their full extent. Users can also prevent the collection of data generated by the cookie and related to their use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent the collection by Google Analytics within this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you must click this link again.
14. google re/marketing services
We use on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) the marketing and remarketing services (in short “Google Marketing Services”) of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google’s marketing services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products he or she was interested in on other websites, this is referred to as “remarketing”. For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies).
The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transferred in full to a Google server in the USA and shortened there. The IP address is not merged with the user’s data within other Google offerings. The aforementioned information may also be linked on the part of Google with such information from other sources. If the user subsequently visits other websites, he can be shown ads tailored to his interests.
The user’s data is processed pseudonymously as part of Google’s marketing services. This means that Google does not store and process the name or e-mail address of the user, for example, but processes the relevant data on a cookie basis within pseudonymous user profiles. I.e. from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.
The Google marketing services we use include, among others, the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked across the websites of AdWords customers. The information obtained using the cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
We may also use the “Google Optimizer” service. Google Optimizer allows us to track the effect of various changes to a website (e.g. changes to the input fields, design, etc.) as part of so-called “A/B testing”. Cookies are placed on users’ devices for these testing purposes. Only pseudonymous data of the users is processed in the process.
Furthermore, we may use the “Google Tag Manager” to integrate and manage Google analysis and marketing services on our website.
If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
15. Facebook Social Plugins
We use social plugins (“plugins”) of the social network facebook.com on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated by the latter into the online offer. In the process, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Germany.
If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored with Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes, are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the U.S. site http://www.aboutads.info/choices/oder the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
16 Use of Social Plugins & Recommendation Components and Other Third-Party Providers
The following presentation provides an overview of third-party providers and their content, along with links to their privacy statements, which contain further information on the processing of data and, in part already mentioned here, opt-out options:
On our pages, functions/plugins of the following providers are used (you can recognize the respective participation in the Privacy Shield program by the corresponding link at the provider):
facebook.com, provider: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA
Google+, provider: Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Twitter, provider: Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
LinkedIn, Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
When a user calls up one of our pages that contains such a function, his browser establishes a direct connection with the servers of the respective provider. We have no influence on the scope of the data that the respective provider collects with the help of this function.
By integrating the function, the provider receives the information that a user has called up the corresponding page of our offer. If the user is logged in to the provider (e.g. on facebook), the provider can assign the visit to the respective account of the user. If users interact with the functions/plugins, for example by clicking the like or recommendation button or sharing content via the corresponding function, this is transmitted directly from your browser to the provider and stored there. If a user is not a member of the respective provider, there is still the possibility that the provider will learn and store his IP address. If a user is a member of the respective provider and does not want the provider to collect data about him via our offer and link it to his membership data stored with the provider, he must log out of the respective provider before visiting the website.
If our customers use third-party payment services (e.g. PayPal or Sofortüberweisung), the terms and conditions and privacy notices of the respective third-party providers apply, which are available within the respective websites, or transaction applications.
17. rights of the users
Users have the right to obtain, upon request and free of charge, information about the personal data that we have stored about them.
In addition, users have the right to correct inaccurate data, restrict processing and delete their personal data, if applicable, to assert their rights to data portability and, in the event of the assumption of unlawful data processing, to file a complaint with the competent supervisory authority.
Likewise, users may revoke consents, with effect for the future.
18. deletion of data
The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the user’s data is not deleted for legal reasons, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.
According to legal requirements, data is stored for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
19 Right of objection
Users may object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can be made in particular against processing for purposes of direct advertising.
We reserve the right to change the data protection declaration in order to adapt it to changed legal situations, or in the event of changes to the service as well as data processing. However, this only applies with regard to declarations on data processing. Insofar as user consents are required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
Users are requested to inform themselves regularly about the content of the data protection declaration.