Data Protection

 

Data Protection Declaration and Consents

Table of Contents
1. Objectives & Responsible Organisation
2. Principles of Data Processing
3. Processing Personal Data
4. Collection of Access Data
5. Cookies & Reach Measurement
6. Google Analytics
7. Google Marketing & Remarketing Services
8. Facebook Social Plugins
9. Facebook Remarketing
10. Jetpack (WordPress Stats)
11. Twitter Buttons
12. Pinterest Buttons
13. +1 Schaltfläche von Google+
14. Newsletter
15. Integration of Third-Party Services & Contents
16. Users’ Rights & Deletion of Data
17. Alterations to the Data Protection Declaration

1. Objectives & Responsible Organisation

This Data Protection Declaration informs with regard to the nature, extent and purpose of the personal data we handle (obtain, process and use, as well as obtain consent) within our online service and the corresponding websites, functions and contents (hereinafter named “online service” or “website”). The Data Protection Declaration applies irrespective of the domains, systems or platforms used and the devices (e.g. desktop or mobile) on which the online service” is executed.

The provider of the online service and the organisation responsible for data protection is [Veggielutions, proprietor Matthias Beuger, Kaiser-Wilhelm-Ring 27-29, 50672 Cologne, Germany] (hereinafter named “service provider”, “we” or “us”). To make contact, see our credits/legal notice.

The term “user” includes all customers and visitors to our online service.

2. Principles of Data Processing

We process user’s personal data only within the bounds of applicable data protection regulations in accordance with the principles of data minimisation and data avoidance. This means that the user’s data are only processed if permitted by law, especially if the data are necessary for fulfilling our contractual obligations and online services, if required by law or if consent has been given by the user.

We implement state-of-the-art organisational, contractual and technical security measures to ensure that the requirements of data protection law are fulfilled and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

If within the framework of this Data Protection Declaration contents, tools or other resources from other providers (hereinafter generally named “third parties”) are used and the third parties’ headquarters are outside Germany, it must be assumed that data transfer to the countries in which the third parties are seated. Data transfer to third countries takes place either on the basis of statutory permission, a user’s consent or specific contractual clauses that guarantee legally required data security.

3. Processing Personal Data

In addition to the purpose expressly named in this Data Protection Declaration, personal data are used for the following purposes based on statutory permission or the user’s consent:
– provision, execution, maintenance, optimisation and security of our services for users;
– guaranteeing effective customer service and technical support.

We transfer the user’s data only to third parties when this is necessary for accounting purposes (e.g. a payment service provider) or for other purposes when these are necessary for fulfilling our contractual obligations toward the user (e.g. providing the address to deliverers).

When we are contacted (by contact form or e-mail), the data supplied by the user are stored for the purpose of processing the query as well as in case subsequent questions arise.
Personal data are deleted when there have fulfilled their purpose and no record-keeping requirements preclude deletion.

4. Collection of Access Data

We collect data on every access to the server on which this service is sited (so-called server log files). The access data include the name of the website visited, file, date and time of the page view, the volume of data transferred, report of successful page view, browser type and version, the user’s operating system, referrer URL (the previously visited site), IP address and the querying provider.

In accordance with statutory requirements, we only use the protocol data for statistic evaluation for the purpose of operating, securing and optimising our online service without assigning the data to the user’s person or any other profiling. However, we reserve the right to retrospectively review the protocol data if there are specific reasons to suspect illegal use.

5. Cookies & Reach Measurement

Cookies are data packets that are transferred from our web server or third parties’ web servers to the user’s web browser and stored there for later retrieval. This Data Protection Declaration informs the users about the use of cookies in the framework of pseudonymous reach measurement.

It is also possible to view this online service without cookies. In case the users do not wish cookies to be saved on their computer, they will be asked to deactivate the respective option in their browser’s system settings. Saved cookies can be deleted in the browser’s system settings. Excluding cookies can lead to restricted functionality in this online service.

It is possible to manage many online advertising cookies from companies using the US website http://www.aboutads.info/choices or the EU site http://www.youronlinechoices.com/uk/your-ad-choices.

6. Google Analytics

We use Google Analytics, a web analysis service that belongs to Google Inc. (“Google”). Google uses cookies. The information generated by the cookie by the user accessing the online serice are usually transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our online service by users, to compile reports on the activities within this online service and to perform further services to us connected to using this online service and the internet. In this context pseudonymous user profiles can be compiled from the processed data.

We only use Google Analytics with activated IP anonymisation. This means that the users’ IP address is abbreviated by Google within Member States of the European Union or in other member states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted by Google to a server in the USA and abbreviated there.

The IP address transferred from the user’s browser is not combined with other data from Google. The users can prevent cookies being saved by using a corresponding setting in the browser software; the users can additionally prevent the data generated by the cookie with regard to the use of the online service being gathered and processed by Google, by downloading and installing a browser plugin available under the following: http://tools.google.com/dlpage/gaoptout?hl=en.

There is further information on the use of data for advertising purposes by Google, possible settings and how to opt out on Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“How Google uses data when you use our partners’ sites or apps”), http://www.google.com/policies/technologies/ads (“Advertising”), http://www.google.com/settings/ads (“Control the information Google uses to show you ads”) and http://www.google.com/ads/preferences (“Control the information Google uses to show you ads”).

7. Google Marketing & Remarketing Services

We use Marketing und Remarketing Services (“Google marketing services” for short) from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google“).

Google marketing services allow us to more targetedly display advertising for and on our website, so as to present only those advertisements to our users that potentially correspond to their interests. If users are shown advertisements for products they showed interest in on other websites, that is called “Remarketing”. To this end Google executes a code when our website and other websites are visited on which Google marketing services are active, and so-called remarketing tags are added to the website (invisible files or code, also known as “web beacons”). With the help of these tags, an individual cookie, i.e. a small file, is saved on the user’s device (comparable technologies can also be used instead). The cookies saved can be from different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file notes which sites the user visits, which contents interest her/him and which offers are clicked, also technical information on the browser and operating system, referring websites, visit duration and other data on the use of the online service. The user’s IP address is also recorded, whereby we inform you that in the context of Google Analytics the IP address is abbreviated within European Union Member States or in other member states of the Agreement on the European Economic Area and is only transmitted to a Google server in the USA and abbreviated there in exceptional cases. The IP address is not combined with the user’s data in other Google services. The aforementioned information can also be connected with such data from other sources. When the user subsequently visits other websites, she/he can be shown personalised advertisments based on her/his interests.

The users’ data are processed pseudonymously within the framework of Google’s marketing services, i.e. Google does not save or process users’ names or e-mail addresses but processes the relevant data from the cookie within pseudonymous user profiles. This means from Google’s point of view advertisements are not managed and displayed for a specific identified person, but rather for the owner of the cookie, regardless of who the cookie owner is. This does not apply when a user expressly allows Google to process the data without using a pseudonym. User data collected by “DoubleClick” are transmitted to Google and stored on servers in the USA.

The Google Marketing Services we use include: the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies cannot be tracked through the websites of AdWords customers. The information collected using the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers can see the total number of users who have clicked on their ad and have been redirected to a conversion tracking tag. However, they do not receive any information that allows users to be personally identified.

We use third-party advertising on the basis of Google’s DoubleClick marketing service. DoubleClick uses cookies that enable Google and its affiliate sites to serve ads on the basis of user visits to the site or other sites on the Internet.

We also include advertisements from third parties based on Google’s AdSense advertising service. AdSense uses cookies that enable Google and its affiliate sites to display ads based on users’ visits to the site or other sites on the Internet.

For more information about Google’s use of data for marketing purposes, visit the main page: https://www.google.com/policies/technologies/ads, Google’s Privacy Policy is available at https://www.google.com/policies/privacy.

If you don’t want your data collected by Google marketing services, you can use Google’s set-up and opt-out options: http://www.google.com/ads/preferences.

8. Facebook Social Plugins

Our online service uses social plugins from the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins are recognisable by one of the Facebook logos (white “f” on a blue tile, the expression “Like” or a “thumbs up” sign) or are marked “Facebook Social Plugin”. The list of the Facebook Social Plugins and their appearance can be viewed here: https://developers.facebook.com/docs/plugins.

When a user accesses a function of this online service that contains such a plugin, her/his device establishes a direct connection with Facebook’s servers. The plugin’s content is directly transmitted by Facebook directly to the user’s device and integrated into the online service. The users’ data can be used to create user profiles. We therefore have no influence on the extent of the data Facebook collects and therefore inform the users based on the knowledge available to us.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online service. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example press the Like button or comment, the corresponding information from your device is sent directly to Facebook and stored there. If a user is not a member of Facebook, there is nonetheless the possibility that Facebook will obtain and save her/his IP address and save it. According to Facebook, in Germany only an anonymous IP address is stored.

The purpose and scope of the data collection and further processing and use of the data by Facebook, as well as the rights and settings for the protection of the privacy of the users, can be found in Facebook’s Privacy Notice: https://www.facebook.com/about/privacy.

If a user is a member of Facebook and does not want Facebook to collect data about him through this website, and to link her/his member data stored on Facebook, she/he must log out of Facebook before using our online service and delete the cookies. Further settings and how to object to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads, the US site http://www.aboutads.info/choices or the EU site http://www.youronlinechoices.com. The settings are independent of the platform, i.e. they are used for all devices, such as desktop computers or mobile devices.

9. Facebook Remarketing

In our online service, the so-called Facebook pixel that belongs to the social network Facebook and is provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, and operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, if you live in the EU (“Facebook”). With the help of the Facebook pixel, Facebook is able to determine visitors of our service as target group for the display of advertisements, so-called Facebook Ads. Accordingly, we use the Facebook pixel to display our Facebook ads only to those who have also shown interest in our website. This means that with the help of the Facebook pixel we aim to ensure that our Facebook ads match the users’ potential interests and are not bothersome. With the help of the Facebook pixel we can also evaluate the effectiveness of Facebook’s advertising for statistical and market research purposes, by seeing if users were redirected to our website after clicking on a Facebook ad.

The Facebook pixel is directly integrated by Facebook when our websites are accessed and can store a so-called cookie, i.e. a small file, on your device. If you then log into Facebook or visit Facebook while logged in, visits to our online service are noted in your profile. The data obtained regarding you are anonymous and thus allow no inferences as to the users’ identity. However, the data are stored and processed by Facebook, so that a connection to the respective user profile is possible. Facebook processes the data within the framework of Facebook’s Data Policy. You can find further information on how the remarketing pixel works and how Facebook Ads are generally displayed in Facebook’s Data Policy: https://www.facebook.com/policy.php.

You can opt out of data collection by the Facebook pixel and the use of your data for displaying Facebook Ads. To do so, you can view the page set up by Facebook and follow the instructions for the settings for user-based advertising: https://www.facebook.com/settings?tab=ads or declare your opt-out on the US website http://www.aboutads.info/choices or the EU website http://www.youronlinechoices.com. The settings are independent of the platform, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

 

10. Jetpack (WordPress Stats)

We use the Plugin Jetpack (here the function “Wordpress Stats”), which integrates a tool for statistical evaluation of visits to a website and is provided by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses “cookies”, text files saved to your computer that enable an analysis of your use of the website.

The information generated by the cookie on your use of this online service is saved on a server in the USA. The processed data can be used to generate user profiles, whereby these are only used for analysis and not for advertising purposes. You can find out more in Automattic’s Privacy Policy: https://automattic.com/privacy and information on Jetpack cookies: https://jetpack.com/support/cookies.

11. Twitter Buttons

We use buttons of the service Twitter. These buttons are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognisable by expressions such as “Twitter” or “Follow” or in connection with a stylised blue bird. These buttons make it possible to share a post or website belonging to this online service on Twitter or to follow the provider of the service on Twitter.

When a user browses a web page of this online service that contains such a button, her/his browser establishes a direct link to the Twitter servers. The content of the Twitter buttons is transmitted directly from Twitter to the user’s browser. We therefore have no influence on the extent of the data that Twitter collects with the help of this plugin and inform the users according to our knowledge, which is that only the user’s IP address is transmitted along with the URL of the respective web page when the button is referred to, but not used for any purposes other than to show the button.
You can find further information on this in Twitter’s Privacy Policy at http://twitter.com/privacy.

12. Pinterest Buttons

We use the buttons (“Pin It”) of the service Pinterest, http://pinterest.com. With the help of the buttons it is possible for the users to share our articles or websites on their “Pinterest Boards”.
When a user visits a web page that contains a “Pin It” button, her/his browser connects directly to Pinterest’s servers. The content of the “Pin It” button is sent by Pinterest directly to the user’s browser. We therefore have no influence on the scope of the data that Pinterest collects with the help of the “Pin It” button and informs the users according to the knowledge available to us. After this, only the user’s IP address and the URL of the respective web page are transmitted, but only used for the purpose of displaying the “Pin It” button and sharing its content.

You can find further information in Pinterest’s Privacy Policy at http://pinterest.com/about/privacy.

13. Google+

We use the Google+ social buttons (e.g. “+1” button) operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
When a user browses a web page that contains such a button, the browser connects directly to Google’s servers. The content of the buttons is transmitted directly by Google to its browser and is integrated into the website. The provider therefore has no influence on the extent of the data that Google collects with the buttons.

According to Google, no personal data are collected without a click on the button. Only when members of Google+ are logged in will such data, including the IP address, be collected and processed.
For more information about how Google processes your data, visit the overview page: https://www.google.com/policies/technologies/ads. Google’s Privacy Policy is available at https://www.google.com/policies/privacy.

If you don’t want Google marketing services to collect your data, you can use the set-up and opt-out possibilities provided by Google: http://www.google.com/ads/preferences.

14. Newsletter

In the following we advise you about the contents of our newsletter and the procedures for registration, dispatch and statistical evaluation, as well as your rights of objection. By subscribing to our newsletter you agree to receive the newsletter and with the described procedures.

Newsletter contents: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter named “newsletter”) only with the consent of the recipients or on the basis of statutory permission. If the contents of a newsletter are specifically outlined in the process of registering for the newsletter, they are definitive for the consent. Our newsletter contains the following information: Our products, new stocks and special offers.

Double opt-in and logging: Subscriptions to our newsletter takes place using a so-called double opt-in. This means that you receive an e-mail after registering, in which you are asked to confirm your registration. This confirmation is necessary to prevent someone subscribing with other people’s e-mail addresses. Subscriptions to the newsletter are logged, in order to be able to prove that the registration complies with legal requirements. This entails saving the point in time when the registration and confirmation took place, as well as the IP address. Changes to data stored by the mailing service are also logged.

Mailing service: The newsletter is sent using Mail Chimp from the mailing service provider The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (hereinafter named “mailing service provider”). The Mail Chimp Privacy Policy is available here: https://mailchimp.com/legal/privacy.

Our newsletter subscribers’ e-mail addresses and their other data described in this advisory text are saved on the mailing service provider’s servers. The mailing service provider uses these data on our behalf to send and evaluate the newsletter. The mailing service provider can also use these data to optimise or improve its own services, for instance to technically optimise mail dispatch and how the newsletter is displayed, or for economic purposes to determine which countries the recipients come from. However, the mailing service provider does not use our newsletter subscribers’ data to directly contact them or pass on the data to third parties.

Registration data: You only need to state your e-mail address to subscribe to the newsletter.

Statistical survey and analysis: the newsletters contain a “web beacon”, a pixel-sized file that is accessed by the mailing service provider’s server when the newsletter is opened. When this happens, technical information, such as about the browser and your operating system, your IP address and the time, are collected. This information is used to technically improve the service on the basis of the technical data or the target groups and their reading habits based on the places they read the newsletters (this can be determined with the help of the IP address) or when they do so. Statistical surveys include the information whether the newsletters are opened, when they are opened and which links are clicked on. This information can be technically assigned to the individual newsletter recipients, but it is neither our intent nor that of the mailing service provider to observe individual users. Instead, the evaluation serves to recognise our users’ reading habits and to be able to customise our contents to them or to send different contents that correspond to our users’ interests.

Unsubscribe/retract: You can unsubscribe our newsletter any time your retract your consent to dispatch by the mailing service provider and the statistical analysis. Unfortunately, a separate retraction of the dispatch by the mailing service provider or the statistical analysis is not possible. There is an unsubscribe link at the end of each newsletter.

15. Integration of third party services and content

It may happen that within our online service third-party content or services such as city maps or fonts are integrated from other websites. The inclusion of third-party content always means that the third-party vendors are aware of the users’ IP address, as they cannot otherwise send the content to the user’s browser without the IP address. The IP address is therefore required for the display of these contents. Furthermore, the providers of third-party content can set their own cookies and process the users’ data for their own purposes. The processed data can be used to create user profiles We will use this content in a data-minimising and data-avoiding manner, as well as choosing third-party providers that are reliable with regard to data security.

The following is an overview of third-party providers and their contents, together with links to their data protection declarations/privacy policies, which provide further information on the processing of data and the opt-outs already mentioned.

– External fonts from Google, Inc., https://www.google.com/fonts (“Google Fonts”). Google Fonts are included by accessing a Google server (usually in the USA). Privacy Policy: https://www.google.com/policies/privacy. Opt-out: https://www.google.com/settings/ads.

– Map material from the “Google Maps” service provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy. Opt-out: https://www.google.com/settings/ads.

– Videos from the platform “YouTube” provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy. Opt-out: https://www.google.com/settings/ads.

16. Users’ Rights and Deletion of Data

Users have the right to request and receive free of charge information on the personal data that we have stored about them.
In addition, users have the right to correct incorrect data, revoke consent, block and delete their personal data, as well as the right to submit a complaint to the relevant supervisory authority if they suspect unlawful data processing.

The data stored by us will be deleted as soon as they are no longer necessary for the purpose they were collected for and are not subject to any statutory record-keeping requirements.

17. Alterations to the Data Protection Declaration

We reserve the right to alter the Data Protection Declaration, in order to adapt them to altered legal requirements, changes to the service or changes in data processing. However, this only applies to declarations regarding data processing. If users’ consent is required or parts of the Data Protection Declaration contain stipulations of the contractual relationship with the users, the alterations only take effect with the users’ consent.
Users are asked to regularly familiarise themselves with the contents of the Data Protection Declaration.

25 May 2017