Privacy Notice

1. Introduction

We would like to use the information below to provide you "data subject" with an overview of our processing of your personal data and your rights under data protection law. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services offered by our company through our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we will generally obtain your consent.

Personal data, such as your name, address or email address, is always processed in accordance with the EU General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the "Food Masters Freiberg GmbH". The aim of this Privacy Notice is to inform you about the scope and purpose of the personal data we collect, use and process.

As the data controller, we have implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps so that absolute protection cannot be guaranteed. For this reason, you are free to submit personal data on alternative ways, such as by phone or by post to us.

You too can take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to take this opportunity to give you some tips on how to handle your data securely:

  • Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
  • Only you should have access to the passwords.
  • Make sure that you only use your passwords for one account (login, user or customer account) at a time.
  • Do not use a password for different websites, applications or online services.
  • In particular, when using IT systems that are publicly accessible or shared with other persons, the following applies: You should definitely log out after logging in to a website, application or online service.

Passwords should consist of at least 12 characters and should be chosen in such a way that they cannot be easily guessed. Therefore, they should not contain common words from everyday life, one's own names or names of relatives, but upper and lower case, numbers and special characters.
 

2. Data controller

The data controller, as defined by the GDPR, is:

FOOD MASTERS FREIBERG GmbH
Benzstr. 10, 71696 Freiberg am Neckar, Deutschland

Phone: +49 (0)7141-974033-0
Fax: +49 (0)7141-974033-99
E-Mail: info[ät]foodmasters-freiberg.com

Data controller‘s representative: Philipp Schiedt, Simon Bier
 

3. Data protection officer

You can reach the data protection officer as follows:

Michael Weinmann
Phone: +49 (0)173-763 296 2
E-Mail: michael.weinmann[ät]dsb-office.de

You may contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection.
 

4. Legal basis for processing

Article 6 Paragraph 1(a) GDPR serves as our company‘s legal basis for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, processing is based on Article 6 Paragraph 1(b) GDPR. The same applies to those processing operations required to carry out pre-contractual measures, such as in cases of queries regarding our products or services.

If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, processing is based on Article 6 Paragraph 1(c) GDPR.

In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if someone visiting our business were to be injured and their name, age, health insurance data or other vital information needed to be disclosed to a doctor, hospital or other third party. Processing would then be based on Article 6 Paragraph 1(d) GDPR.

Finally, processing operations could be based on Article 6 Paragraph 1(f) GDPR. Processing operations not based on any of the above-mentioned legal bases may be carried out on the basis of Article 6 Paragraph 1(f) GDPR if processing is necessary to safeguard the legitimate interests of our company or those of a third party, provided the interests and fundamental rights and freedoms of the data subject do not take precedence. We are permitted to engage in such processing operations in particular because they have been specifically mentioned in European law. In this respect, the legislature took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

Our offer is inherently aimed at adults. Persons under 16 years of age may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not collect it and do not pass it on to third parties.
 

5. Disclosure of data to third parties

Your personal data will not be conveyed to third parties for purposes other than those listed below.

We will only share/convey your personal data with third parties if:

  1. you have given us your express consent to do so in accordance with Art. 6 (1) lit. a GDPR,
  2. the disclosure is permissible in accordance with Art. 6 (1) lit. f GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  3. in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) lit. c GDPR, as well as

In the context of the processing operations described in this privacy statement, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly mentioned this in the privacy policy for the service providers concerned. In order to protect your data in all other cases, we have concluded commissioned processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent can serve as the legal basis for the transfer to third countries in accordance with Article 49 (1) a) of the GDPR. This sometimes does not apply in the case of a data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 of the GDPR.

Your personal data will not be conveyed to third parties for purposes other than those listed below.

We will only share/convey your personal data with third parties if:

  1. you have given us your express consent to do so in accordance with Art. 6 (1) lit. a GDPR,
  2. the disclosure is permissible in accordance with Art. 6 (1) lit. f GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  3. in the event that a legal obligation exists for the disclosure pursuant to Art. 6 para. 1 lit. c GDPR, as well as
  4. this is legally permissible and necessary according to Art. 6 (1) lit. b GDPR for the processing of contractual relationships with you.

In the context of the processing operations described in this privacy statement, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly mentioned this in the privacy policy for the service providers concerned. In order to protect your data in all other cases, we have concluded commissioned processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Article 49 (1) a) of the GDPR may serve as the legal basis for the transfer to third countries. This sometimes does not apply in the case of a data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.
 

6. Technology

5.6 SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the website operator. You can recognise an encrypted connection by your browser‘s address bar reading "https://" instead of "http://" and the lock symbol in the browser bar.

We use this technology to protect your transmitted data.

6.2 Data collection when visiting the website

When using our website for information purposes only, i.e. when not registering or otherwise transmitting information to us, we only collect data that your browser transmits to our server (in so-called "server log files"). Our website collects a series of general data and information each time you access a website or an automated. This general data and information is stored in the server's log files. The following can be recorded:

  • browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system accesses our website (so-called referrer),
  • the sub-pages accessed via an accessing system on our website,
  • the date and time of access to the website,
  • an abbreviated internet protocol address (anonymised IP address) and,
  • the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. This information is rather required to:

  1. deliver the contents of our website correctly,
  2. optimise the contents of our website as well as to advertise it,
  3. ensure the permanent operability of our IT systems and the technology of our website, and
  4. provide law enforcement authorities with the information necessary to prosecute in the event of a cyber-attack.

This collected data and information is therefore statistically analysed and further analysed by us with the aim of increasing data protection and data security within our company to ultimately ensure an optimum level of protection for the personal data being processed by us. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above.
 

6.3 Hosting by IONOS

We host our website at IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (IONOS).

When visiting our website your personal data (e.g. IP addresses in log files) are processed on the servers of IONOS.

The use of IONOS is based on Art. 6 (1) lit. f GDPR. Our legitimate interest is the high-performance provision of our website.

We have concluded a corresponding agreement with IONOS on the basis of GDPR for commissioned processing. This is a contract required by data protection law, which ensures that IONOS only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

Additional information and IONOS`s privacy policy can be found at https://www.ionos.de/terms-gtc/terms-privacy
 

7. Cookies

7.1 General information about cookies

We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone or similar) when you visit our website.

Information generated from the specific device used is stored in cookies. This does not mean, however, that we will gain immediate knowledge of your identity.

The use of cookies helps us make it more convenient for you to use our website. For example, we use session cookies to detect whether you have already visited individual pages on our website. These are erased automatically when you leave our website.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a specific period of time. If you visit our site again to use our services, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

We also use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimisation. These cookies enable us to automatically recognise that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage period of the cookies can be found in the settings of the consent tool used.
 

7.2 Legal basis for the use of cookies

The data processed by the cookies, which are required for the proper functioning of the website, are thus necessary to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) lit. f GDPR.

For all other cookies, the following applies: You have given your consent to this within the meaning of Art. 6 (1) lit. a GDPR via our opt-in cookie banner.
 

7.3 Tips for avoiding cookies in common browsers

You can delete cookies, allow only selected cookies or completely deactivate cookies at any time via the settings of the browser you are using. You can find more information on the support pages of the respective providers:

8. Contents of our website

8.1 Application management/job exchange

We collect and process the personal data of applicants for the purpose of carrying out the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by email or via a web form on the website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically erased two (2) months after notification of the rejection decision, provided that no other legitimate interests of ours prevent their erasure. Other legitimate interests in this context include, for example, the duty to provide evidence in proceedings under the German Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz [AGG]).

The legal basis for processing your data is Art. 88 GDPR icw § 26 (1) German Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG]).
 

9. Our activities in social networks

To allow us to communicate with you on social networks and inform you about our services, we run our own pages on these social networks. If you visit one of our social media pages, we and the provider of the social media network are joint controllers (Art. 26 GDPR) regarding to the processing operations triggered thereby, which concern personal data.

We are not the original provider of these pages, but only use them within the scope of the options offered to us by the respective providers.

We would therefore like to point out as a precautionary measure that your data may also be processed outside of the European Union or the European Economic Area. Use of these networks may therefore involve data protection risks for you since the protection of your rights may be difficult, e.g. your rights to information, erasure, objection, etc. Processing on social networks frequently takes place directly for advertising purposes or for the analysis of user behaviour by network providers, and we have no control over this. If the provider creates user profiles, cookies are often used or user behaviour may be assigned directly to your own member profile on the respective social network (if you are logged in).

The processing operations of personal data described are carried out in accordance with Article 6 Paragraph 1(f) GDPR on the basis of our legitimate interests and the legitimate interests of the respective provider in order to communicate with you in a timely manner or to inform you about our services. If you have to grant your consent to the respective providers to process your data as a user, the legal basis for this processing is Article 6 Paragraph 1(a) GDPR in conjunction with Article 7 GDPR.

Since we have no access to these providers‘ databases, we would like to point out that you would be best placed to exercise your rights (e.g. to information, rectification, erasure, etc.) directly with the respective provider. More information on the processing of your data on social networks and your options for exercising your right to object or your right of revocation (opt out) is listed below for each of the social network providers we use:

9.1 LinkedIn

(Jointly) Data controller responsible for data processing in Europe:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Notice: https://www.linkedin.com/legal/privacy-policy.
 

10. Web analytics

10.1 Matomo

We have integrated the Matomo component of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, on this website. Matomo is a software tool for web analysis, i.e. for elicitation, collection and evaluation of data on the behaviour of visitors to our websites. Among other things, data is collected about the website from which a data subject has accessed a website (so-called referrer), which sub-pages of the website have been accessed or how often and for how long a sub-page has been viewed. This is used to optimise the website and for cost-benefit analysis of internet advertising.

The software is operated on the server of the controller, the data protection-sensitive log files are stored exclusively on this server.

Matomo stores a cookie on your IT system. Setting the cookie enables us to analyse the use of our website. Each time one of the individual pages of this website is called up, the internet browser on your IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical procedure, we obtain knowledge of personal data, such as the IP address of the person concerned, which we use, among other things, to trace the origin of visitors and clicks.

By using the cookie, personal information such as the access time, the location from which an access originated and the frequency of visits to our website are stored. Each time you visit our website, this personal data, including the IP address of the internet connection you are using, is transmitted to our server. This personal data is stored by us. We do not pass on this personal data to third parties.

These processing operations are only carried out when express consent is given in accordance with Art. 6 (1) lit. a GDPR.

Additional information on the service can be found at the following link: https://matomo.org/privacy/
 .

11. Plugins and other services

11.1 Google Maps

We use Google Maps (API) on our website. The operating company of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, for example, our location can be displayed to you and a possible approach can be facilitated.

Already when calling up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. In addition, Google Maps reloads the Google Web Fonts. The provider of the Google WebFonts is also Google Ireland Limited. When you call up a page that embeds Google Maps, your browser loads the web fonts required to display Google Maps into your browser cache. Also for this purpose, the browser you are using establishes a connection to Google's servers. Through this, Google obtains knowledge that our website was accessed via your IP address. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, and to exercise this right you must contact Google as follows.

If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely disabling the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.

These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 (1) lit. a GDPR.

Additional information on the service can be found at the following links https://www.google.de/intl/de/policies/terms/regional.html and https://www.google.com/intl/de_US/help/terms_maps.html

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. There is hereby an adequacy decision pursuant to Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.

The privacy plicy of Google Maps could be found here: ("Google Privacy Policy"): https://www.google.de/intl/de/policies/privacy/.
 

11.2 Microsoft Teams

We use the tool "Microsoft Teams" ("MS-Teams") to conduct our communication both in written form (chat) and in the form of telephone conferences, online meetings and video conferences. The operating company of the service is Microsoft Ireland Operations ("Microsoft"), Ltd., 70 Sir John Rogerson's Quay, Dublin, Ireland. Microsoft Ireland Operations, Ltd. is part of the Microsoft group of companies headquartered at One Microsoft Way, Redmond, Washington, USA.

When using MS Teams, the following personal data are processed:

  • Meetings, chats, voicemails, shared files, recordings, and transcriptions.
  • Data that is shared about you. Examples include your e-mail address, profile picture and phone number.
  • A detailed history of the phone calls you make.
  • Call quality data.
  • Support/feedback data Information related to troubleshooting tickets or feedback sent to Microsoft.
  • Diagnostic and Service Data Diagnostic data related to service usage.

To enable the display of video and the playback of audio, data from your end device microphone and from an end device video camera will be processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the "Microsoft Teams" applications.

If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR. In the context of an employee relationship, corresponding data processing is carried out on the basis of § 26 German Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG]). The legal basis for the use of the service in the context of existing contractual relationships or contractual relationships to be initiated is Art. 6 (1) lit. b GDPR. In all other cases, the legal basis for processing your personal data is Art. 6 (1) lit. f GDPR. Here, our interest is in the effective implementation of online meetings.

When we record online meetings, we will tell you before we start and, if necessary, ask you to consent to the recording. If you do not wish to do so, you can leave the online meeting.

As a cloud-based service, "MS-Teams" processes the aforementioned data in the course of providing the service. To the extent "MS-Teams" processes personal data in connection with Microsoft's legitimate business operations, Microsoft is an independent data controller for such use and, as such, is responsible for compliance with applicable laws and obligations of a data controller. To the extent you access the MS Teams website, Microsoft is the data controller. Accessing the Internet site is necessary to download the MS-Teams software.

If you do not wish to or are unable to download the software, the service can be provided via your browser and to that extent also via the Microsoft website.

This US company is certified under the EU-US Data Privacy Framework. There is hereby an adequacy decision pursuant to Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.

Additional information on the service can be found at the following link: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.
 

12. Data protection in the job portal

To make it easier for you to apply for a job with us, we provide you with the Job Portal function in your browser. Your information will be processed exclusively in the browser you are using. A transfer to our web server does not take place. The legal basis for the processing of the data in the case of a contract initiation or execution is Art. 6 para. 1 lit. b) GDPR in conjunction with §26 BDSG-2018 and in all other cases Art. 6 para. 1 lit. f) GDPR. By submitting your application via the "Apply now" button, your application will be sent to our jobs mailbox via the e-mail protocol and transferred to the application process processing activity. A transfer to third countries is not intended. By using the job portal, no further processing takes place on our web server. With regard to processing in the application process, we expressly refer to this section. Your data will only be processed within the European Union and countries within the European Economic Area (EEA). It is not absolutely necessary to use the job portal for your application.
 

13. Data protection for applications and in the application process

Type and purpose of processing:

We collect and process the personal data of applicants for the purpose of handling the application process. The processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form on the website.

Legal basis:

The processing of data is carried out for the preparation of an employment contract with the applicant. The legal basis for data processing is the implementation of pre-contractual measures to which the data subject is a party (Art. 6 (1) (b) GDPR).

Receiver:

Recipients of your information are human resources employees for contact with you and contractual cooperation (including the fulfillment of pre-contractual measures) as well as managers involved in the decision-making process. Your data may be passed on to service providers who work for us as processors, e.g. support or maintenance of EDP or IT applications and data destruction. All service providers are contractually bound and, in particular, obliged to treat your data confidentially. Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations.

Storage period:

If we agree on an employment contract with you as an applicant, the transmitted data will be stored for the purpose of carrying out the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with you as an applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
 

Third country transfer:

Your data will only be processed within the European Union and countries within the European Economic Area (EEA).

Provision prescribed or required:

As part of the application process, you must provide the personal data that is necessary for the commencement, implementation and termination of the contractual relationship and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to adequately consider you in the decision-making process for filling vacancies.
 

14. Processing of customer and supplier data

Type and purpose of processing:

In order to process customer orders and in the context of procurement processes, we process personal data of our customers and suppliers as well as the individual contact persons at our customers/suppliers. We store the data in our ERP system and use it in all processes of service fulfillment or procurement. Furthermore, we use the data for an active approach in customer relations and for the support of suppliers, including an internal supplier evaluation.

Legal basis:

For the fulfilment of contractual obligations (Art. 6 (1) (b) GDPR) The processing of data is carried out for the execution of our contract On the basis of legal requirements (Art. 6 (1) (c) GDPR) We are subject to various legal obligations that entail data processing. These include, for example:

  • Tax laws and statutory accounting
  • the fulfillment of inquiries and requirements from regulatory or law enforcement authorities
  • the fulfillment of control and reporting obligations under tax law

In addition, the disclosure of personal data may become necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution or enforcement of civil law claims. In the context of the balancing of interests (Art. 6 para. 1 f GDPR) If necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Examples of such cases are:

  • Processing in the CRM system for active addressing of customers
  • Evaluation of suppliers
  • Assertion of legal claims and defence in legal disputes

Receiver:

Employees for contact with you and contractual cooperation (including the fulfillment of pre-contractual measures). Your data may be passed on to service providers who work for us as processors, e.g. support or maintenance of EDP or IT applications and data destruction. All service providers are contractually bound and, in particular, obliged to treat your data confidentially. Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations. Recipients of personal data may be, for example:

  1. 1. Public bodies and institutions (e.g. financial or law enforcement authorities) in the event of a legal or official obligation
  2. Credit and financial service providers (processing of payment transactions)
  3. Tax consultant or auditor or auditor (statutory audit mandate)

Storage period:

We process and store your personal data as long as this is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted on a regular basis. Exceptions arise,

  1. 1. insofar as statutory retention obligations are to be fulfilled, e.g. German Commercial Code (HGB) and German Fiscal Code (AO), are required. The periods for storage and documentation specified there are usually six to ten years;
  2. for the preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
  3. If necessary, more.

If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The above-mentioned exceptions apply.

Third country transfer:

Your data will only be processed within the European Union and countries within the European Economic Area (EEA).

Revocation of consent:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) of the GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Provision prescribed or required:

As part of the contractual relationship, you must provide the personal data that is necessary for the establishment, implementation and termination of the contractual relationship and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract with you.
 

15. Your rights as a data subject

Right to confirmation

You have the right to request confirmation from us as to whether personal data relating to you will be processed.

Right to information (Article 15 GDPR)

You have the right to obtain information about the personal data stored about you at any time, free of charge, as well as the right to access a copy of such data from us, in accordance with the statutory provisions.

Right to rectification (Article 16 GDPR)

You have the right to request the immediate rectification of incorrect personal data relating to yourself. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

Erasure (Article 17 GDPR)

You have the right to demand that we erase the personal data relating to you be deleted without delay, provided that one of the reasons provided by law applies and if processing or further storage is not required.

Restriction to processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your data if one of the legal requirements is met.

Data transferability (Article 20 GDPR)

You have the right obtain personal data relating to you that you provided us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us, to whom the personal data was provided, provided that the processing is based on the consent pursuant to Article 6 Paragraph 1(a) GDPR or Article 9 Paragraph 2(a) GDPR or on a contract pursuant to Article 6 Paragraph 1(b) GDPR, and the data are processed using automated procedures, unless processing is necessary to complete a task, is in the public interest or is carried out in the exercise of an official authority assigned to us.

Furthermore, when exercising your right to data transferability pursuant to Article 20 Paragraph 1 GDPR, you have the right to have personal data transferred directly from one controller to another, provided this is technically feasible and does not impede the rights and freedoms of other persons.

OBJECTION (ARTICLE 21 GDPR)

YOU HAVE THE RIGHT TO LODGE AN OBJECTION TO THE PROCESSING OF PERSONAL DATA RELATING TO YOU FOR REASONS RELATING TO YOUR PARTICULAR SITUATION WHERE THIS IS DONE ON THE BASIS OF ARTICLE 6 PARAGRAPH 1(E) (DATA PROCESSING IN THE PUBLIC INTEREST) OR (F) (DATA PROCESSING ON THE BASIS OF THE WEIGHING OF LEGITIMATE INTERESTS) GDPR.

THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS PURSUANT TO ARTICLE 4 NUMBER 4 GDPR.

SHOULD YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING AND LEGITIMATE REASONS FOR SUCH PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR WHERE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IN INDIVIDUAL CASES, WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES. YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. THIS ALSO APPLIES TO PROFILING WHERE THIS IS CONNECTED TO THIS KIND OF DIRECT MARKETING. SHOULD YOU OBJECT TO THE PROCESSING OF YOUR DATA FOR DIRECT MARKETING PURPOSES, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR THIS PURPOSE.

IN ADDITION, YOU HAVE THE RIGHT TO OBJECT TO OUR PROCESSING OF YOUR PERSONAL DATA FOR SCIENTIFIC OR HISTORICAL RESEARCH PURPOSES OR FOR STATISTICAL PURPOSES PURSUANT TO ARTICLE 89 PARAGRAPH 1 GDPR FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, UNLESS SUCH PROCESSING IS NECESSARY FOR THE PERFORMANCE OF A TASK IN THE PUBLIC INTEREST.

YOU ARE FREE TO EXERCISE YOUR RIGHT TO LODGE AN OBJECTION IN RELATION TO THE USE OF INFORMATION SOCIETY SERVICES, DIRECTIVE 2002/58/EC NOTWITHSTANDING, BY MEANS OF AUTOMATED PROCEDURES USING TECHNICAL SPECIFICATIONS.

Revocation of consent regarding data protection

You have the right to revoke any consent to the processing of personal data at any time with future effect.

Lodging a complaint with a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
 

16. Routine storage, erasure and blocking of personal data

We process and store your personal data only for the period of time necessary to meet the storage purpose or as required by the legal provisions to which our company is subject.

If the storage purpose no longer applies or if a required retention period expires, personal data will be routinely blocked or erased in accordance with the statutory provisions.

17. Duration of storage of personal data

The criterion for the duration of the retention of personal data is the respective legal retention period. Once this period expires, the data in question will be routinely erased, provided it is no longer required for the fulfilment or initiation of the contract.

18. Version and amendments to the Privacy Notice

This Privacy Policy is currently valid as of: 2023/08.

ue to the further development of our Internet pages and offers or due to changed legal or official requirements, it may become necessary to change this Privacy Policy. You can access and print out the current data protection declaration at any time on the website under "https://www.foodmasters-freiberg.com/datenschutz".

This privacy statement has been prepared with the assistance of the privacy software: audatis MANAGER.