Privacy policy

1.       INTRODUCTION

In the operation of our website www.nonfood.de (hereinafter referred to as “website”) we process personal data. We handle this data confidentially and process it according to the current laws, in particular the EU General Data Protection Regulation (GDPR) and Germany’s Federal Data Protection Act (BDSG-new). In this privacy policy we want to inform you which personal data we collect from you, for what purpose we collect it, on what legal basis we use it and, where applicable, to whom we disclose it. Furthermore we will clarify your rights with regard to protecting and enforcing your data privacy.

2.       DEFINITIONS

Our privacy policy contains specialist terms which appear in the GDPR and the new BDSG. To give you a better understanding of these terms, we want to start by explaining them more simply:

2.1       Personal data

“Personal data” refers to any information relating to an identified or identifiable person (Art. 4 (1) GDPR). Information about an identified person can be their name or email address, for example. However, personal data is also data from which a person’s identity is not directly discernible but which still allows an identity to be determined: personal information or external information is merged and it can thus be established who the data pertains to. For example, a person can be identified by their address or bank details, their date of birth or username, their IP address and/or their location data. Of relevance here is all information that in some way permits inference to a specific person.

2.2       Processing:

Under Art. 4 (2) of the GDPR, “processing” is defined as any operation performed in connection with personal data. This refers in particular to the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, disseminating or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

3.       CONTROLLER

The controller for this data processing is:

Company: NonFood Werbeagentur GmbH ("we")
Legal representative: Stipo Juric, Christoph Drescher (Managing Director)
Address: Tarpen 40 (ValvoPark, Haus 5b), 22419 Hamburg
Telephone: +49 (0) 40 / 39 9999 0
Fax: +49 (0) 40 / 39 9999 150
Email: info@nonfood.de

 

4.       DATA PROTECTION OFFICER

We have appointed an external data protection officer for our company. You can reach him at:

Name: Arne Platzbecker
Address: HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg
Telephone: 040/ 18189800
Fax: 040/ 181898099
Email: datenschutz@habewi.de

5.       SCOPE OF PROCESSING: WEBSITE

Within the framework of the website with the URL www.nonfood.de , we process your personal data as outlined in detail in clauses 6-13. We only process data from you which you actively input on our website (e.g. by filling out forms) or which you automatically make available by using our content.

Your data is processed exclusively by us and in principle is never sold, distributed or passed on to third parties. If we employ external service providers to help process your personal data, this takes place as part of so-called “order processing”, during which we are entitled as the contracting authority to issue directives to our contractor. To operate our website we employ external service providers for hosting, maintenance, care and further development. If further external service providers should be employed for the specific processing activities stated in clauses 6-13, they shall be named there.

As a basic principle the transmission of data to third countries does not occur and is also not intended. We will inform you of any exceptions to this policy within the subsequent clauses describing our processing activities.

6.       PROVISION OF THE WEBSITE AND SERVER LOG FILES

6.1       Description of processing activities

Every time you access the website, we automatically collect information which your browser transmits to our server. This information is also stored in the so-called log files on our server. The following data is transmitted:

  • Your IP-address
  • The browser software which you are using, as well as the version and language
  • The operating system you are using
  • The website from which you arrived at our website (so-called “referrer”)
  • The subpages which you accessed on our website
  • The date and time when you accessed our website
  • Your internet service provider
  • The volume of data transferred

It is necessary for the system to temporarily store your IP address so that we can deliver our website to the user’s end device. For this purpose, the user's IP address must be stored for the duration of the session. However, your IP address is not recorded in our log files.

6.2       Purpose

Processing occurs in order to facilitate access to the website, as well as to ensure its stability and security. Furthermore, the processing aids the statistical analysis and improvement of our online content.

6.3       Legal basis

Processing is required to protect the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest is in the purpose stated in clause 6.2.

6.4       Storage period

The data is erased as soon as it is no longer required for the purpose of its initial collection. In the event of data being collected for the provision of the website, this is the case when the respective session ends. The log files are erased after 30 days.

 

7.       CONTACT FORM AND CONTACTING US VIA EMAIL

7.1       Description of processing activities

We have provided a contact form on our website which you can use to contact us. When using this form you are invited to provide us with your email address, your name and a message. If you press the “submit” button, the data will be transmitted to us using an SSL encryption (see clause 14). The contact form can only be transmitted if you accept our Privacy Policy by clicking on the corresponding checkbox. You can also contact us using the email addresses stated on the website. In this case, we process any personal data transmitted by the user with the email.

7.2       Purpose

By providing a contact form on our website, we want to present you with a convenient option for getting in touch with us. The data transmitted with and in the contact form or your email respectively is exclusively used for the purposes of handling and responding to your request.

7.3       Legal basis

Processing is required to protect the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest is in the purpose stated in clause 7.2. If the email is aimed at concluding or fulfilling a contract, data processing occurs for the performance of a contract (Art. 6 (1) (b) GDPR).

7.4       Storage period

We erase the data as soon as it is no longer required for the purpose of its initial collection. This is normally the case when the respective communication with you is concluded. The communication is completed when circumstances indicate that your request has been conclusively resolved. If legal retention periods prevent the erasure of data, we erase it immediately following the expiration of the legal retention period.

8.       APPLICATION DOCUMENTS

8.1       Description

We process data that is connected to your application. This can be general data pertaining to your person (such as name, address or contact details), information on your professional qualifications and school education or your professional development, or other information that you transmit to us in connection with your application. Apart from that, we can process information relating to your profession that you have made publicly accessible, such as for example a profile on professional social media networks. For this purpose you can create a profile with us using the link https://nonfood.de/de/jobs and send any data uploaded there to us directly.

8.2       Purpose and legal basis for processing

We process your personal data for the purpose of your application for employment, so far as this is necessary to take a decision regarding the establishment of an employment relationship with us. Furthermore, we can process your personal data in so far as this is necessary to protect us against any asserted legal claims relating to the application process. The legal basis for this is Art. 6 (1) (f) of the GDPR, the legitimate interest is, for example, a burden of proof in legal proceedings pursuant to Germany’s General Equal Treatment Act (AGG). If an employment relationship should arise between our company and your person, we can continue to process the personal data which we have already obtained from you for employment-related purposes as per § 26 para. 1 BDSG, if this is necessary in order to carry out or terminate the employment relationship or to exercise or satisfy rights and obligations of employee’s representation laid down by law or by collective agreements or other agreements between the employer and staff council.

8.3       Transmission

The data is not transmitted to third parties.

9.       COOKIES

9.1       Description of processing activities

Our website uses cookies. Cookies are small text files that are stored on the user's end device upon visiting a website. Cookies contain information that facilitates the recognition of an end device and, where applicable, specific functions of a website. For the most part we only use so-called “session cookies”. These are automatically erased when you end your internet session and close the browser. Other cookies remain stored on your end device for a longer period of time. On our website we use the following cookies:

  • Cookie name: Session Cookie
  • Purpose/Function: Administration
  • Storage period: These cookies expire at the end of the browser session.

9.2       Purpose

We use cookies to make our website more user-friendly and to provide the functions described in clause 9.1.

9.3       Legal basis

Processing is required to protect the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest is in the purpose stated in clause 9.2.

9.4       Storage period

Cookies are automatically erased upon the end of a session or upon the expiration of the specified storage period. As cookies are stored on your end device, you as a user also have full control over the use of cookies. By altering the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies which have already been stored can be erased at any time. This can also take place automatically. If cookies are deactivated for our website, certain individual functions of our website will be unavailable or restricted.

10.    GOOGLE WEBFONTS

10.1    Description of processing activities

Our website uses “Google Webfonts”, a font replacement service provided by the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). With Google Webfonts, when our website is displayed the standard fonts of your end device are replaced with fonts from the Google catalogue. If your browser prevents the integration of Google Webfonts, the text on our website is displayed using the standard fonts of your end device. The Google Fonts are downloaded directly from a Google server. To allow this to happen, your browser sends a request to a Google server. Consequently we send Google the address of our website, together with your IP address where necessary. However, Google Webfonts does not store any cookies on your end device. According to Google, data which is processed as part of the Google Webfonts service will be transmitted to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. It will not be associated with data which, where applicable, is connected to the use of other Google services such as the search engine of the same name, or Gmail. Further information regarding data protection at Google Webfonts can be found here: https://developers.google.com/fonts/faq?hl=de-DE&csw=1. General information on data protection at Google can be accessed here: https://policies.google.com/privacy?hl=policies.

10.2    Purpose

Processing occurs so that we can make the text on our website more readable and more aesthetically appealing for you.

10.3    Legal basis

Processing is required to protect the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest is in the purpose stated in clause 10.2.

10.4    Recipients und transmission to third countries

Through the use of Google Webfonts, personal data is transmitted to Google where necessary. Google also processes your personal data in the USA and has committed to adhering to the EU-US Privacy Shield. Further information regarding the EU-US Privacy Shield can be found here: https://www.privacyshield.gov/EU-US-Framework.

11.    ZENDRIVER VIDEOS

11.1    Description of processing activities

Our website uses services from “Zendriver”, a video service operated by Brightcove INC, 290 Congress Street, Bosten, USA (hereinafter referred to as “Zen”). We use Zen by embedding videos on our website with the help of the Zen Player, so that they can be played directly on our website. If you visit a subpage of our website which has a video embedded in it, a connection to the Zendriver servers is established and the video is thus displayed within our website. Because of this, Zendriver receives information about which website you visited. If necessary, your IP address is also transmitted to Zendriver. Further information regarding data protection at Zendriver can be found here: https://www.brightcove.com/en/legal/privacy

11.2    Purpose

Processing occurs so that we can show you videos on our website.

11.3    Legal basis

Processing is required to protect the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest is in the purpose stated in clause 11.2.

11.4    Recipients und transmission to third countries

Zendriver also processes data in the USA.

12.    GOOGLE ANALYTICS

12.1    Description of processing activities

Our website uses “Google Analytics”, a web analysis service provided by the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Analytics uses cookies (see clause 10) to enable an analysis of how you use our content. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. However, we only use Google Analytics when IP anonymization is enabled. Consequently, your IP address is first truncated within member states of the European Union or in other states party to the Agreement on the European Economic Area. The complete IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases. The IP address transmitted by your browser in line with Google Analytics is not merged with other data from Google. The statistics compiled by Google Analytics primarily record how many users visit our website, from which country or location the website is accessed, which subpages are accessed and the links or search terms from which visitors arrive at our website. The user conditions of Google Analytics can be found here: https://www.google.com/analytics/terms/gb.html. An overview of data protection at Google Analytics is available here: https://support.google.com/analytics/#topic=1008008. You can view Google’s Privacy Policy here: https://policies.google.com/privacy?hl=policies.

12.2    Purpose

Processing occurs so that we can analyse the use of our website. The information that we gain from this processing serves the improvement and customised design of our online appearance.

12.3    Legal basis

Processing is required to protect the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest is in the purpose stated in clause 12.2.

12.4    Storage period and right to object

We have outlined the storage period as well as your control and settings options regarding cookies in clause 10. You can object to the processing of your data by Google Analytics at any time by downloading and installing the browser add-on provided by Google at https://tools.google.com/dlpage/gaoptout?hl=en. Alternatively you can choose to click on the following link. This will result in an opt-out cookie being stored on your end device, which prevents your data from being recorded on future visits to this website. We automatically erase the analysis data which is processed and stored by Google Analytics after 14 months.

12.5    Recipients und transmission to third countries

Google Analytics acts as a service provider for us as part of order processing. Google also processes your personal data in the USA and has committed to adhering to the EU-US Privacy Shield. Further information regarding the EU-US Privacy Shield can be found here: https://www.privacyshield.gov/EU-US-Framework.

13.    GOOGLE MAPS

13.1    Description of processing activities

Our website uses “Google Maps”, a service provided by the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). We use Google Maps by integrating a map showing our business address into our website. The map is downloaded directly from a Google server. To allow this to happen, your browser sends a request to a Google server. Consequently we send Google the address of our website, together with your IP address where necessary. However, Google Maps does not store any cookies on your end device. If you are logged in to Google upon your visit to our website, Google will assign this information to your Google user account. Google stores your data as usage profiles and uses it for advertising purposes, market research, and/or to customise the design of Google websites. You have the right to object to the creation of this user profile, and you must contact Google directly to exercise this right. Further information regarding data protection at Google can be found here: https://policies.google.com/privacy?hl=policies.

13.2    Purpose

Processing occurs so that we can show you an interactive map on our website.

13.3    Legal basis

Processing is required to protect the overriding legitimate interests of the controller (Art. 6 (1) (f) GDPR). Our legitimate interest is in the purpose stated in clause 13.2.

13.4    Recipients und transmission to third countries

Google also processes your personal data in the USA and has committed to adhering to the EU-US Privacy Shield. Further information regarding the EU-US Privacy Shield can be found here: https://www.privacyshield.gov/EU-US-Framework.

14.    SECURITY MEASURES

In order to protect your personal data from unauthorised access, we have equipped our website with an SSL/TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security”, and they encrypt the communication of data between a website and a user’s end device. You can recognise an active SSL/TLS encryption by a small lock symbol which is displayed on the far left of the address line in the browser.

15.    YOUR RIGHTS AS A DATA SUBJECT

With regards to the data processing activities carried out by our company as described above, you have the following rights as a data subject:

15.1    Access (Art. 15 GDPR)

You have the right to obtain confirmation from us as to whether or not personal data pertaining to you is being processed. If this is the case, under the conditions stated in Art. 15 of the GDPR you have a right of access to this personal data and to other information as listed in Art. 15 of the GDPR.

15.2    Rectification (Art. 16 GDPR)

You have the right to obtain from us without undue delay the rectification of inaccurate personal data and the completion of incomplete personal data pertaining to your person.

15.3    Erasure (Art. 17 GDPR)

You have the right to obtain the erasure of any personal data pertaining to you, provided that one of the individual grounds stated in Art. 17 of the GDPR applies, e.g. if we no longer need your data for the purposes for which it was collected.

15.4    Restriction of processing (Art. 18 GDPR)

You have the right to obtain from us a restriction of processing if one of the conditions stated in Art. 18 of the GDPR applies, e.g. if you contest the accuracy of your personal data, data processing will be restricted for the amount of time required for us to verify the accuracy of your data.

15.5    Data portability (Art. 20 GDPR)

Under the conditions stated in Art. 20 of the GDPR you have the right to receive any data pertaining to you in a structured, commonly used and machine-readable format.

15.6    Withdrawal of consent (Art. 7 (3) GDPR)

For any processing that is based on your consent, you have the right to withdraw your consent at any time. The withdrawal is valid from the time that you assert your right. In other words, it is effective in the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

15.7    Complaints (Art. 77 GDPR)

If you are of the view that the processing of personal data pertaining to you is in violation of the GDPR, you have the right to lodge a complaint with a supervisory authority. You can exercise this right at a supervisory authority in the EU member state of your habitual residence, place of work or place of the alleged infringement.

15.8    Ban on automated individual decision-making/ profiling (Art. 22 GDPR)

Decisions which lead to legal repercussions for you or which significantly affect you may not be based solely on the automated processing of personal data, including profiling. We declare to you that we do not use any automated decision-making processes, including profiling, with regard to your personal data.

15.9    Objection (Art. 21 GDPR)

If we process your personal data on the basis of Art. 6 (1) (f) of the GDPR (to protect overriding legitimate interests), you have the right to lodge an objection under the conditions laid out in Art. 21 of the GDPR. This however only applies if grounds exist as a result of your particular situation. After an objection, we will no longer process your personal data, unless we can verify compelling grounds for this processing which are worthy of protection and which override your interests, rights and freedoms. Likewise we do not need to cease processing if it is required for the establishment, exercise or defence of legal claims. In all cases – regardless of a particular situation – you have the right to object at any time to the processing of your data for direct advertising purposes.

 

Date: May 2018