endori food GmbH & Co. KG
Telephone: +49 (0)951 917 975-0
We have appointed the following data protection officer for our company in Germany:
IT-Consulting & Service
Telephone: +49 (0)911 401 823
- Website visitors
- Contact with us
- Participation in prize games
- Rights of data subjects
- Updates and changes
I. Website visitors
When you visit our website, we process your personal data and access your terminal device. Our website is hosted by CANCOM SE, Erika-Mann-Str. 69, D-80363 Munich (group headquarters), who we have engaged under data privacy laws.
1. Server and error logfiles
With each visit to our website, your browser transmits access data (so-called server logfiles or access logs) which we process to ensure system security. These logfiles record the following information:
- Previously visited websites (if applicable, which search engine is used including keywords used);
- Requested websites including number of loaded pages and most recently opened page before leaving the website;
- Browser type and browser version;
- Operating system used and type of device;
- Date and time of access;
- Length of stay;
- IP address.
Temporary storage of this data is required for use of the website in order to allow successful delivery of the website. Further storage in protocol files (logfiles/logs) is carried out to ensure the website’s functionality and system security.
In addition, error logfiles are written where the page fails to load or cannot be navigated correctly. These logfiles record the data and time of the visit, the error type and the IP address. This information is required in order to be able to analyse and fix the error.
Such processing of data is also necessary for the purposes of our legitimate interests (Art. 6 (1)(f) EU-GDPR), the acquisition of data is imperative for the provision of our website for the stated reasons (§ 25 Abs. 1 TTDSG / (German) Teleservices Data Protection Act). Data shall be deleted as soon as it is no longer required for these purposes. In the provision of the website, this is the case when the current session is ended. Protocol files are stored for 90 days to ensure full system security and enable errors to be effectively analysed and fixed. The recording of data for the purpose of making the website available and storing data in logfiles is absolutely necessary for the operation of the website. As a result, the user shall not have the option to object to such processing.
2. Consent Management Tool ("cookie banner")
We have integrated the usercentrics tool via the Google Tag Manager, a kind of organizational tool provided by Google Ireland Ltd, Dublin, which enables us, as the website operator, to organize the tools on our site and control their use. In particular, this enables us to ensure that certain tools are only activated if, after and as long as you have given your consent (and not revoked it).
Your selection on the banner, i.e. whether and if so to what extent you agree to the use of further tools or that you do not consent to this, is recorded and stored in a database for verification purposes and stored in local storage on the device used by you, in order to ensure this during your session and also thereafter during further visits to our website. For this purpose, we collect and process the following information via usercentrics in addition to your consent decision (yes / no):
- Device Information
- Browser Information
- Anonymized IP address
- Opt-in and opt-out data
- Date and time of the visits
For our verification purposes, this data is processed - in addition to being stored in the local storage of your terminal - in a database with location in the EU.
The use of this Consent Management Platform including the Google Tag Manager is necessary for us to comply with our legal obligations, to inform you about the use of the tools and to ask for your consent for all those tools that are not absolutely necessary, to collect, prove, keep and, if necessary, transfer the data to third parties. This is imperative in view of the legal requirements to be observed by us under data protection and ePrivacy law (§ 25 Abs. 1 TTDSG / (German) Teleservices Data Protection Act). We will retain your decisions for as long as they are valid and for more than three years thereafter, to be able to prove whether you have consented and/or revoked your consent. This is in our legitimate interest (legal basis: Art. 6 (1) f GDPR).
You can change your choice of which tools are used on our website at any time. To do so, click here to open the Consent Management Platform again and change your settings, e.g. to give further consent or to revoke consent you have given. These changes will be stored again in local storage on your device and will be recorded by us for verification purposes. Once you have agreed to the setting of cookies, they will not be deleted even if you revoke them. Instead, the execution of the underlying script is prevented, so we start one step ahead with the usercentrics-solution. This prevents the cookies from remaining active. They then no longer record any information and also no longer allow access to information from your device.
You can find further information about data processing by usercentrics GmbH here: https://usercentrics.com/privacy-policy/
For more information about the data processing by Google, whose tag manager we use, please see here about the tag manager: https://www.google.com/intl/de... and here about data protection: https://policies.google.com/privacy?hl=en
3. Our cookies
When you visit our website, we use a cookie to store language recognition information (“i18n_redirected”) which allows us to make our website available to you with your selected language settings (legal basis: § 25 Abs. 1 TTDSG / (German) Teleservices Data Protection Act). The cookie stays in place for 12 months and is automatically deleted after this period.
4. Google Analytics (with consent)
This website uses the usage analysis tool of the web analytics service Google Analytics, on this website and on the websites www.endori-professional.com and www.endori-shop.de. Google Analytics is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Analytics script is loaded each time the page is loaded. However, Google Analytics cookies will only be used on your end device and data collected and evaluated from this website and the two other websites with your consent.
Google Analytics uses so-called “cookies” for this reach analysis in the event of your consent. These are text files that are stored on your computer and allow your use of the website to be analysed. Google claims to store all data and information in the EU; however, support access from the USA cannot be ruled out.
Google only uses the IP address to derive location data and then deletes it immediately. According to its own information, this always takes place in a member state of the EU or the EEA. Google uses this information on behalf of the operator of this website to evaluate your use of the website, compile web activity reports and deliver other services pertaining to website and Internet use in relation to the website operator. The IP address transmitted from your browser as part of Google Analytics will not be matched with other Google data.
You can also prevent the storage of cookies through your browser settings. However, please note that this may result in you not being able to use all functions of this website to their full extent. You can also prevent the recording of data created by cookies and pertaining to your use of the website (incl. your IP address) at Google and the processing of such data by Google by downloading and installing the browser plug-in via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
You can prevent the recording of your data by Google Analytics and revoke any consent provided for the use of Google Analytics by clicking on the following link Change settings. This link leads to our Consent Management Platform where you can change your settings for the future.
Contract data processing
We have concluded a contract with Google on contract data processing and implement the strict provisions of the German data privacy authorities for the use of Google Analytics.
Duration of storage
Cookies used by Google remain on your end device even after you leave our website (for up to 2 years). The use of long-term cookies allows us to recognise you on your next visit to our website. This recognition is performed using cookies to optimise the content of our website. User and event-level data stored at Google which is linked to cookies, user recognition (e.g. user ID) or ad IDs (e.g. DoubleClick cookies, Android ad ID) will be anonymised or deleted after 14 months. You can find details on this at the following link: https://support.google.com/analytics/answer/7667196?hl=en
5. Personalised ads: Meta- (Facebook & Instagram), Pinterest and TikTok tracking pixels, Google Ads Remarketing (with consent)
With your consent, we use so-called pixels or tags from Facebook, Instagram, Pinterest, LinkedIn and TikTok as well as Google Ads Remarketing in our online content.
We use these pixels and Google Ads to show you ads esp. on Facebook, Instagram, Pinterest, LinkedIn and TikTok for our products after you have shown interest in by previously visiting our website. Our aim is to target our ads to such people who are interested in our products. To do so, we also use the services of Google Ireland Ltd. (Tag Manager, Remarketing, Analytics).
Meta Pixel: Facebook and Instagram
With your consent, we use the Meta pixel on the Facebook and Instagram social media platforms. Both of these are operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If you visit our website, the pixel sends hashed information to Meta for the Facebook and Instagram networks. This means that if you visit our website, give your consent and are a Facebook and/or Instagram user, the pixels will send the information that you visited our website and whether you performed certain actions (so-called events, e.g. searched for a recipe) together with a hashed version of your Facebook/Instagram ID to the relevant network. We use pixels exclusively for this website and do not link them with other websites. We also do not disclose any information about you, such as customer information, to Facebook.
We also use conversion information via the Meta pixel: This allows us to receive statistical information from Facebook on how many visitors on Facebook and Instagram visited our website through the ads placed there. This then allows us to better target our advertising on Facebook and Instagram to those who are actually interested in our products.
endori does not process any personal data for this purpose as it is not possible for us to allocate the hashed versions of your Facebook/Instagram ID to you as a person. This can only be done by Meta. We also do not receive any information on you such as your name, age etc.
Google Ads Remarketing
We use the remarketing technology of Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") This feature is used to present interest-based advertisements to visitors to our website of the online offering as part of the Google advertising network. To this end, so-called "cookies", text files, are stored on your end device which make it possible to recognise the visitor when calling up an online offer which belongs to the Google advertising network.
On these pages, the visitor can then be presented with advertisements relating to content that the visitor has previously called up on other online offers that use Google's remarketing function. According to its own statements, Google does not collect any personal data during this process. To the best of our knowledge, Google stores a small file containing a sequence of numbers in the browsers of visitors to the website. This number is used to record visits to the website and data on the use of the website.
LinkedIn Insight Tag
With your consent, we will set a LinkedIn insight tag that will allow to recognize you when you visit LinkedIn and to display targeted advertising from us there. LinkedIn members can control the use of their personal information for advertising purposes in their account settings. The LinkedIn insight tag further allows us to better understand the acceptance and success of our ads. Finally, we receive demographic information from your LinkedIn profile, if you maintain one, such as your job title, the industry you work in, or your employer.
For this purpose we will set pixels and LinkedIn will also set a unique LinkedIn browser cookie on the device you use. LinkedIn uses this cookie to collect the following data, which is not made available to us - we only receive analysis data from LinkedIn, but not information relating to you. LinkedIn collects the following information: Metadata such as IP address, timestamps and page events (e.g., page views), URL, referrer URL, IP address, device and browser information (user agent). The IP addresses are truncated or hashed. The direct identifiers are removed within seven days in order to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days.
With your consent, we also use the so-called Pinterest tag offered by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, to place personalised and targeted ads on the platform via our advertising account.
If you visit our website, the tag sends hashed information to Pinterest for use on its website and/or app. This means that if you visit our website, give your consent and are a Pinterest user, the tags will send the information that you visited our website and whether you performed certain actions (so-called events, e.g. searched for a recipe) together with a hashed version of your Pinterest ID to the network. We use tags exclusively for this website and do not link them with other websites. We also do not disclose any information about you, such as customer information, to Pinterest.
We also use conversion information via the Pinterest tag: This allows us to receive statistical information from Pinterest on how many visitors on Pinterest visited our website through the ads placed there. This then allows us to better target our advertising on Pinterest to those who are actually interested in our products.
We use the TikTok pixel of the social media platform TikTok with your consent. This platform is operated under joint responsibility by TikTok Technology Limited, 10 Earlsfort Terrace, D02 T380, Co. Dublin, Dublin, D02t380, Ireland, and TikTok Information Technologies UK Limited, 1 London Wall, London, EC2Y 5EB, UK.
In the event of a visit to our website, the pixel sets cookies and transmits hashed information to TikTok. Specifically, this means: If you visit our website, have given us your consent and are a user of TikTok, the pixel transmits the information that you have visited our website and whether you have performed certain actions there (so-called events, such as searching for a recipe) together with a hashed version of your TikTok ID. We use the pixels solely for this website and do not link them to other websites, nor do we transmit any other information about you to TikTok, such as customer information.
We also use conversion information through the TikTok pixel: We receive statistical information from TikTok about how many visitors to TikTok have visited our website via our advertisements placed there, so that we can better target our campaigns on TikTok to the people who are actually interested in our products.
endori does not regularly process any personal data in this context, as it is not possible for us to assign the hashed version of your TikTok ID to you as a person; only TikTok can do this. We also do not receive any information about you, such as your name, age, etc.
Consent and revoking consent
Processing of the aforementioned personal data and use of pixels as well as Google Ads is permitted with your consent (§ 25 Abs. 1 TTDSG / (German) Teleservices Data Protection Act; Art. 6 (1)(a) EU-GDPR), which you can also give and revoke individually for each service and which is also obtained in accordance with ePrivacy law. You may prevent your data from being recorded and revoke any given consent to the aforementioned ad tracking by clicking the following link Change settings. This link leads to our Consent Management Platform where you can change your settings for the future.
To also prevent further data processing by Meta/Facebook, Pinterest and TikTok, use the following link and change your settings there:
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fpreferences%2F%3Fentry_product%3Dad_settings_screen → Deactivate your Pinterest tag ad preferences: Check the box in your Pinterest account settings (https://www.pinterest.de/settings/privacy) next to “Use information from our partners to improve which recommendations and ads you see”.
In the TikTok app, click "Me/I" and go to the settings page. There, click the three dots in the upper right corner, then click Personalization and data, and then use the toggle. You can change this setting at any time.
Alternatively, you can delete your browser history or uncheck the option to show ads based on partner data under “Ad preferences” or “Personalized Ads on Pinterest” in your Facebook, Instagram and/or Pinterest account. These settings will be applied to all devices used with the corresponding Facebook/Instagram login (computer, smartphone etc.).
You can find more information on data processing by Facebook using so-called Custom Audiences, supported by the Facebook and Instagram pixels, directly from the responsible third-party provider:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; in particular in relation to the Facebook pixel under https://www.facebook.com/business/learn/facebook-ads-pixel and in relation to data privacy under https://de-de.facebook.com/privacy/explanation and under https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc=368390626577968&bc=285881641526716
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, particularly under https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag. More information on the possibility to revoke consent on Pinterest can be found on the third-party provider’s website under: https://help.pinterest.com/de/article/personalized-ads-on-pinterest.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, in particular under http://www.google.com/privacy/ads/.
In particular, as the parent companies are US companies (TikTok: China), information may also be transferred to the USA or China. In cases of possible transfers of data to US-servers, the EU-US Data Privacy Framework ensures an adequate level of data protection (adequacy decision of the EU-Commission) as far as providers are certified according to the referred framework. Information on the certification of individual providers can be found at: https://www.dataprivacyframework.gov/s/participant-search.
As far as providers are not yet certified, in the case of data transfer to China or in case of a data transfer to other third countries without an adequacy decisiona suitable level of data protection is enhanced by the use of standard contractual clauses issued by the EU-Commission. However, no adequate level of data protection may currently be ensured for the transfer of personal data to China or to non-certified providers in the US. Your data may be subject to access by authorities for control and monitoring purposes, against which neither effective legal remedies nor data subject rights can be enforced. Therefore, please only consent to the transfer of your data to third countries if you nevertheless agree to this (Art. 49 I 1 a GDPR).
Duration of storage
Pixels are only active for the duration of your visit to our website. Coookies set by the TikTok Pixel have a duratio of 13 months. We do not have any control over the duration for which Meta, Pinterest and TikTok process data transferred to them. We delete data in Google Ads Remarketing with revocation.
6. Google Maps (with confirmation)
This website uses the mapping service Google Maps via an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To ensure data protection on this website, Google Maps is deactivated when you enter this website. A direct connection to Google's servers will only be established if you activate Google Maps yourself: Before you click on "Confirm", the map is hidden. Only after you have clicked will the map become visible and data about your visit will be transmitted to Google (generally only your IP address, as we have excluded the transmission of the referrer URL in our referrer policy; however, we cannot rule out the possibility that Google may use your data for its own purposes). This prevents your data from being transferred to Google when you first enter the site.
In addition, we link to the third-party service of Google Maps in some places. If you click on these links, you will be redirected to the Google Maps website; as a rule, your IP address will then also be transmitted there, but not the information about which page you came from, as we have excluded this in our referrer policy.
We only actively use Google Maps after your click and thus with your consent (§ 25 Abs. 1 TTDSG / (German) Teleservices Data Protection Act; Art. 6 I 1 a, Art. 49 I 1 a EU-DSGVO). You can always revoke further processing for the future by deleting your browser history and the confirmation given is thus no longer noted.
Your IP address transmitted to Google in the event of consent is usually transmitted to a Google server in the USA and stored there. We have no influence on this data transfer after activating Google Maps. If data is transferred to the US, the EU-US Data Privacy Framework ensures an adequate level of data protection (adequacy decision of the EU-Commission) as Google is certified under the EU-US Data Privacy Framework.
7. Social media presence (with confirmation)
We use the social media platforms Facebook, YouTube, Instagram, Pinterest, LinkedIn and TikTok. We have created company pages on these platforms and we also provide links to these pages on our website using the corresponding icons.
Our presence on the social media platforms Facebook, YouTube, Instagram, Pinterest, LinkedIn and TikTok, as well as the links to these on our website, allow you to share our content with others or get in touch with us and discuss our products. Clicking on the relevant icon on our website or visiting our social media pages directly allows you to log in to the relevant platform using your account and interact with the relevant social media page.
Wherever we refer to our social media pages on our website, using icons for example, we always work with the 2-click solution. This means that your information, generally your IP address, is only transmitted to third-party providers when you click on the icon or the link. These icons and links otherwise remain “deactivated”. An information box will appear when you click on the corresponding icons or links leading to third-party pages.
Clicking on an icon will redirect you from our website to our corresponding social media page and your data will be transferred to this third-party provider, generally your IP address. Information pertaining to the site from which you came will not be disclosed based on our Referrer Policy. This also applies if you do not have an account with the relevant provider or are not logged in. If you have your own account, the provider will regularly link this information with your account. This is also possible even if you are not logged in.
TikTok collects certain data from users when they visit the platform, even if they use the TikTok app without an account. The data processed, according to TikTok, includes IP address, instance IDs (which allow them to determine which devices to deliver messages to), mobile carrier, time zone settings, identifiers for advertising purposes, and the version of the app being used, as well as data about the device being used to access the platform, such as the device model, device system, network type, device ID, screen resolution and operating system, audio settings, and connected audio devices. When users log in from multiple devices, TikTok can use the profile data to analyze activity across devices.
If you visit Facebook, we will possibly present you a Facebook leads ad from us there. If you click on it, you can register for our newsletter. We will explain the details under „newsletter“.
We have no control over what personal data is collected by this third-party provider and how it uses such data if you use the social media platforms. We are also not aware of how such data is processed.
Facebook usage statistics
We use usage statistics disclosed by Meta/Facebook and by TikTok (“Page Insights”) to continuously improve our presences there. This data is only collected by Facebook / TikTok and disclosed to us if you have your own account and visit our page. Facebook / TikTok and endori are joint controllers for such data processing. We have concluded an agreement with Facebook in this respect which governs in a transparent manner the distribution of duties (Art. 26 EU-GDPR; available to download at https://www.facebook.com/legal/terms/page_controller_addendum). An important aspect of this agreement is the stipulation that Facebook is primarily responsible for processing visitor data and fulfils all relevant EU-GDPR obligations pertaining to the processing of visitor data (including, but not limited to, fulfilling the rights of the data subject). We have also entered into a corresponding agreement with TikTok (Art. 26 EU GDPR; available at https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms) to define the respective responsibilities for compliance with the obligations under the GDPR with respect to joint processing. The essence of the agreement is that we are responsible for providing you with this information and TikTok is responsible for enabling the rights of data subjects under Articles 15-20 of the GDPR with respect to the personal data stored or otherwise processed by TikTok pursuant to the joint processing. We outline below where you can find further information on data processing by Facebook and TikTok.
Our social media pages, including links to them, allow you to receive even more attractive offers on other channels and communicate directly with these pages and their users. In turn, this enables us to make our website and its information more attractive and interesting for you. The use of social media is therefore in our legitimate interests (Art. 6 (1)(f) EU-GDPR). By actively clicking on the social media icons, you can decide whether your personal data is disclosed to the third-party providers. The evaluation of analyses disclosed to us by Meta/Facebook and TikTok (“Page Insights”) is also in our legitimate corporate interests (Art. 6 (1)(f) EU-GDPR). User data is provided via Facebook / TikTok in anonymised form.
Data processing by third-party providers
We have no control over what personal data is collected by these third-party providers and how they use such data. We are also not aware of how such data is processed. Please note that some of these providers are located outside of the EU and your data is therefore likely to be transmitted to third countries for which a suitable level of data privacy is not necessarily ensured. More information on the use of your data can be obtained from the relevant third-party providers:
Here also Instagram, as well as: https://help.instagram.com/519522125107875?helpref=page_content
In particular, as the parent companies are US companies (TikTok: China), information may also be transferred to the USA or China. In cases of possible transfers of data to the US, the EU-US Data Privacy Framework ensures an adequate level of data protection (adequacy decision of the EU-Commission) as far as providers are certified according to the referred framework. Information on the certification of individual providers can be found at: https://www.dataprivacyframework.gov/s/participant-search.
As far as providers are not yet certified, in the case of data transfer to China or to other third countries without a adequacy decision, a suitable level of data protection is enhanced by the use of standard contractual clauses issued by the EU-Commission. However, no adequate level of data protection may currently be ensured for the transfer of personal data to China or to non-certified providers in the USA. Your data may be subject to access by authorities for control and monitoring purposes, against which neither effective legal remedies nor data subject rights can be enforced. Therefore, please only consent to the transfer of your data to third countries if you nevertheless agree to this (Art. 49 I 1 a GDPR)
8. Online shop
You can access our online shop via our website. Please note this online shop is made available by a third-party provider and not endori. If you visit this online shop, your data will be disclosed to office direkt. Third-party provider information: office direkt Service-Center GmbH, In der Wässerscheid 49, 53424 Remagen, email@example.com
If you would like to receive the newsletter offered on our website and on Facebook in order to keep up to date with new products, you will be required to provide your email address. We need this so that we can send the newsletter.
Newsletter registration on our website
If you register on our website for our newsletter, we will ask you for your e-mail address and have it confirmed via a double opt-in.
We obtain your consent prior to sending the first newsletter (Art. 6 (1)(a) EU-GDPR). This consent can be revoked and you can unsubscribe from the newsletter at any time by clicking on “Unsubscribe” in the newsletter or sending an email to firstname.lastname@example.org.
We verify your consent for signing up to our newsletter mailing list via a confirmation email sent to you (“double opt-in”). Only if you click on the link in this confirmation email you will receive future newsletters. We store your IP address and the time stamp when you register for the newletter for the first time and when you confirm your subscription to the newsletter via double opt-in so that we can track and prove your consent (this is in our legitimate interest, Art. 6 (1)(f) EU-GDPR). We store your data as long as you receive our newsletter and for three years after termination of the contractual relationship.
Newsletter registration via Facebook Lead Ads
We thereby obtain your consent (legal basis: Art. 6 (1)(a) EU-GDPR). You can revoke this at any time and unsubscribe from the newsletter for the future by clicking on "unsubscribe" in the newsletters or by sending us an e-mail to email@example.com.
We verify your consent via a confirmation e-mail to you ("double opt-in"). Only if you click on the link in this confirmation mail will you receive the newsletter in the future. We save your IP address and the time stamp when you register for the newletter for the first time and when you confirm your subscription to the newsletter via double opt-in so that we can track and prove your consent (this is in our legitimate interest, Art. 6 (1)(f) EU-GDPR). We store your data as long as you receive our newsletter and for three years after termination of the contractual relationship.
If you click on the confirmation link, we will transfer your e-mail address with the information from the double opt-in and that it was generated via Facebook Lead Ads to our newsletter database. In this case, the processing instructions as described below apply, especially to the integrated service provider Sendinblue.
The extent to which Meta/Facebook processes your data is beyond our influence and we do not know. Facebook processes your data based on the relationship between you and Facebook. Further information:
Irrespective of the way you have registered for our newsletter, we will use the data you provide us with for the newsletter subscription to send it to you, including the measurement of statistical values for our newsletter dispatch, i.e. whether the newsletter was successfully delivered, whether it was opened and whether articles from it were clicked on. In order to collect this information, a web beacon is integrated into the respective newsletter. This is an image file in the e-mail that your browser downloads when you open the e-mail. In the process, information is sent to us, addressed via your IP and e-mail address, as to whether the delivery was successful, the newsletter was opened and whether individual articles were clicked on.
For the technical processing of the newsletter, we use Sendinblue. This is a service provided by the external provider Sendinblue GmbH, Koepenicker Straße 126, 10179 Berlin. We have carefully selected this provider and engaged him under data privacy laws on the basis of a Data Processing Agreement, in compliance with the requirements of Art. 28 EU-GDPR. More information about data privacy at Sendinblue can be found at https://www.sendinblue.com/gdpr/ and at https://www.sendinblue.com/legal/privacypolicy/.
From time to time we offer promotions, such as the creation of a veggie menu. In the course of this, we process the data requested from you in order to be able to carry out the actions. In each case, we ask for your consent (legal basis: Art. 6 I 1 a GDPR), which you can revoke at any time for the future by sending a message to our contact details provided at the beginning. You will then no longer be able to participate in the promotion. If you do not revoke your consent, your data will be deleted at the latest after the end of the promotion and expiry of statutory retention rights and obligations.
To carry out the promotions, we involve external service providers in a data protection-compliant manner, regularly as order processors, such as agencies or printers. To carry out our promotions, we also use the survey tool "Lamapoll", a service provided by Lamano GmbH & Co. KG, Berlin. For this purpose, we have concluded an order processing agreement with Lamano GmbH & Co. KG.
11. Data security
For security reasons and to protect the transfer of confidential information that you send to us as the site operator, we use effective encryption on our site (TLS 1.2, ECDHE_RSA with P-256, and AES_128_GCM). You can identify an encrypted connection through the address bar switching from “http://” to “https://” and the padlock symbol in the browser bar. If encryption is active, data you disclose to us cannot be read by third parties.