1. Name and contact data of the person responsible for data processing and the company data protection officer
This Privacy Statement applies to data processing by:
HERZA Schokolade GmbH & Co. KG
Segeberger Chaussee 132
22850 Norderstedt, Germany
telephone: +49 / (0) 40 / 500 176-0
The company data protection officer of HERZA can be contacted at the above address, Attn. Mr Sven Naucke, or at firstname.lastname@example.org
2. Acquisition and storage of personal data and the nature and purpose of their use
a) During visits to our website
- When you access our website www.herza.de, information is automatically sent to the server of our website by the browser used on your terminal. This information is stored temporarily in a so-called logfile. The following information is collected without your assistance and stored until it is automatically erased:
- IP address of the enquiring computer;
- Date and time of access;
- Name and URL of the file requested;
- Website from which access has taken place (referrer URL);
- The browser used, and possibly the operating system of your computer and the name of your access provider.
We process the above data for the following purposes:
- To ensure that the connection to our website can be established smoothly;
- To ensure convenient use of our website;
- To assess the security and stability of the system;
- For further administrative purposes.
The legal basis for processing the data is provided by Art. 6 Subparagraph 1 S. 1 Point f GDPR. Our legitimate interest follows from the listed purposes of data acquisition. In no case do we use the data acquired in order to draw conclusions concerning your person.
b) When you register for our newsletter
If you have given your express consent pursuant to Art. 6 Subparagraph 1 S. 1 Point a GDPR, we will use your email address in order to send you our newsletter regularly. To receive the newsletter it is sufficient to state an email address.
Your registration can be cancelled at any time, for example by using a link at the end of each newsletter. Alternatively, you can also express your wish to cancel your registration at any time by sending an email to email@example.com.
c) When using our contact form
If you have questions of any kind, we offer you the option of contacting us with the form provided on the website. It is necessary to state a valid email address so that we know who the enquiry has come from and in order to answer it. Any further information given is voluntary.
Data processing for the purpose of establishing contact with us takes place according to Art. 6 Subparagraph 1 S. 1 Point a GDPR on the basis of your consent, which is given voluntarily.
The personal data collected by us for the purpose of using the contact form are erased automatically when your enquiry has been handled.
3. Circulation of data
Your personal data will not be passed on to third parties except for the purposes listed below.
We will only pass your personal data on to third parties if:
- -You have given us your express consent pursuant to Art. 6 Subparagraph 1 S. 1 Point a GDPR ;
- Circulation is necessary pursuant to Art. 6 Subparagraph 1 S. 1 Point f GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest in the protection and non-circulation of your data;
- Data have to be passed on in order to comply with a legal obligation pursuant to Art. 6 Subparagraph 1 S. 1 Point c GDPR;
- It is legally permissible and necessary for performance of a contract with you pursuant to Art. 6 Subparagraph 1 S. 1 Point b GDPR.
The cookie stores information generated in connection with the particular terminal used. However, that does not mean we acquire a direct knowledge of your identity.
We also use temporary cookies to optimize the user friendliness of our site; these are stored on your terminal for a certain specified time. If you visit our site again in order to make use of our services they recognize automatically that you have visited us before and know what entries and settings you have used, so that you do not have to enter them again.
The data processed by cookies are necessary for the stated purpose of pursuing our legitimate interests and those of third parties pursuant to Art. 6 Subparagraph 1 S. 1 Point f GDPR.
Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies can be stored on your computer or so that a warning always appears before a new cookie is set up. However, if you deactivate cookies completely you may not be able to use all the functions on our website.
5. Analysis tools
a) Tracking tools
The following tracking tools used by us are applied on the basis of Art. 6 Subparagraph 1 S. 1 Point f GDPR. By using these tracking tools we hope to ensure that our website is designed in keeping with users’ needs and in order to optimize it continuously. Secondly, we use the tracking tools to record the use of our website statistically and optimize our offer to you. These interests are to be deemed legitimate in the meaning of the above provision.
The different purposes of data processing and data categories can be seen from the relevant tracking tools.
i) Google Analytics1
To permit design of the website in keeping with user needs and optimize it continuously, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). In this connection, pseudonymized user profiles are created and cookies used (see Section 4). The information generated by the cookie about your use of this website, such as
- browser type/version,
- operating system used,
- referrer URL (the site previously visited),
- host name of the accessing computer (IP address),
- time of the server enquiry,
is transferred to a Google server in the USA, where it is stored. The information is used to analyze use of the website, to compile reports on the website activities and to provide other services in connection with use of the website and the internet for the purposes of market research and suitable design of the internet sites. In some cases such information is communicated to third parties if this is required by law, or to the extent that third parties have been commissioned to process the data. On no account will your IP address be merged with other data collected by Google. The IP addresses are anonymized so that no assignment to specific persons is possible (IP masking).
You can prevent the installation of cookies by applying the relevant setting in your browser software. Please note, however, that in this case you may not be able to make full use of all the functions on this website.
Moreover, you can prevent Google from recording the data generated by the cookie on your use of the website (including your IP address), and also processing of these data by Google, by downloading and installing the browser add-on available under the following link: (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially with browsers on mobile terminals, you can also prevent recording by Google Analytics by clicking this link. This sets an opt-out cookie that prevents any future recording of your data when you visit this website. The opt-out cookie is only applicable to this browser and only to our website, and it is installed on your device. If you erase the cookies in this browser, you must set the opt-out cookie again.
You will find more information on data protection in connection with Google Analytics at Google Analytics Help
ii) Google AdWords Conversion Tracking
In order to record use of our website statistically and evaluate the information for optimizing the website for you, we also use Google Conversion Tracking. To permit this, Google AdWords sets a cookie on your computer (see Section 4) if you have reached our website through a Google advertisement.
These cookies lose their validity after 30 days and do not serve to permit personal identification. If the user visits certain pages of the website of the AdWords customer and the cookie has not yet expired, Google and the customer can see that the user has clicked the advertisement and been directed to this page.
Each AdWords customer is issued with a different cookie. This means that cookies cannot be traced via the websites of AdWords customers. The information acquired with the aid of conversion cookies is used to draw up conversion statistics for AdWords customers who have decided to use conversion tracking. The AdWords customers are informed of the total number of users who have clicked the advertisement and been directed to a site with a conversion tracking tag. However, they do not receive any information with which users can be identified personally.
We use the open source software Matomo for analysis and statistical evaluation of use of the website. Cookies are used for this purpose (see Section 4). The information generated by the cookie on use of the website is transferred to our server and compiled in pseudonymous user profiles. The information is used for evaluating use of our website and enabling need-based design. The information is not passed on to third parties.
On no account will the IP address be merged with other data relating to the user. The IP addresses are anonymized so that no allocation to specific persons is possible (IP masking).
Your visit to this website is currently being recorded by Matomo Web Analytics. Click here (https://www.eff.org/issues/do-not-track) to prevent your visit from being recorded.
6. Social media plugins
On the basis of Art. 6 Subparagraph 1 S. 1 Point f GDPR our website makes use of social plugins for the social networks Facebook, Twitter and Instagram in order to make our company better known through these media. The commercial purpose behind this is to be deemed a legitimate interest in the meaning of the GDPR. Responsibility for operation in compliance with the data protection laws lies with the provider concerned. These plugins are incorporated by us using the “two-click method” in order to protect visitors to our website to the fullest possible extent.
Our website uses social media plugins from Facebook in order to personalize its use. For this we use the “LIKE” or “SHARE” button. This is an offer provided by Facebook.
When you call up a page of our website that contains a plugin of this kind, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transferred directly from Facebook to your browser, and from there it is incorporated into the website.
Through incorporation of the plugin, Facebook receives the information that your browser has called up this page of our website, even if you do not have a Facebook account or are not logged in to Facebook at the moment. This information (including your IP address) is transferred from your browser directly to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example if you activate the “LIKE” or “SHARE” button, the corresponding information is also communicated directly to a Facebook server and stored there. Moreover, the information is published on Facebook and shown to your Facebook friends.
Facebook can use this information for the purpose of advertising, market research and user-friendly design of the Facebook sites. To do so, Facebook draws up user, interest and relationship profiles, for example in order to evaluate your use of our website in respect of the advertisements displayed to you by Facebook, to inform other Facebook users about your activities on our website or to perform other services in connection with the use of Facebook.
If you do not want Facebook to assign the data collected through our website to your Facebook account, you must log out of Facebook before visiting our website.
Plugins from the short message service of Twitter Inc. (Twitter) are integrated into our webpages. You can identify the Twitter plugins (tweet button) by the Twitter logo on our website. You will find an overview of tweet buttons here (https://dev.twitter.com/web/tweet-button).
When you call up a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. In this way, Twitter receives the information that you have visited our website with your IP address. If you click the Twitter “tweet button” while you are logged in to your Twitter account, you can link the content of our pages to your Twitter profile. This enables Twitter to assign the visit to our pages to your user account. Please note that we, as the originator of the website, receive no information about the content of the data transferred or how they are used by Twitter.
If you do not want Twitter to be able to assign the visit to our pages, please log out of your Twitter user account.
Our website also uses so-called social plugins (“plugins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).
The plugins are indicated by an Instagram logo, for example in the form of an “Instagram camera”.
When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Instagram servers. Instagram transfers the content of the plugin directly to your browser and incorporates it into the website. Through this incorporation of the plugin, Instagram receives the information that your browser has called up this page of our website, even if you do not have an Instagram profile or are not logged in to Instagram at the moment.
Your browser communicates this information (including your IP address) directly to an Instagram server in the USA, where it is stored. If you are logged in to Instagram, Instagram can assign your visit to our website directly to your Instagram account. If you interact with the plugins, for example by activating the “Instagram” button, this information is also communicated directly to an Instagram server and stored there.
The information is also published on your Instagram account and shown to your contacts there.
If you do not want Instagram to assign the data acquired through our website directly to your Instagram account, you must log out of Instagram before visiting our website.
7. Rights of the data subject
You have the following rights:
- Pursuant to Art. 15 GDPR you have the right to obtain information on the data concerning your person which are processed by us. In particular you can request information on the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification, erasure or restriction of processing of personal data or to object to such processing, the right to lodge a complaint, the right to know the source of the personal data if these have not been collected by us and the existence of automated decision-making, including profiling and, where appropriate, meaningful information on the details thereof.
- Pursuant to Art. 16 GDPR you have the right to demand, without undue delay, the rectification of inaccurate personal data or completion of any incomplete personal data stored by us.
- Pursuant to Art. 17 GDPR you have the right to obtain erasure of your personal data stored by us unless their processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims.
- Pursuant to Art. 18 GDPR you have the right to obtain restriction of processing of your personal data if you contest the accuracy of the data, if the processing is unlawful and you oppose their erasure and we no longer need the data but you require them for the establishment, exercise or defence of legal claims and have objected to their processing pursuant to Art. 21 GDPR.
- Pursuant to Art. 20 GDPR you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to have those data transmitted to another controller.
- Pursuant to Art. 7 Subparagraph 3 GDPR you have the right to withdraw the consent given to us at any time. As a result, we shall in future no longer be permitted to continue processing the data for which this consent was originally given.
- Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority. As a rule, you can lodge the complaint with the supervisory authority of your habitual place of residence, your place of work or the seat of our law firm.
8. Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Subparagraph 1 S. 1 Point f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to processing of your personal data on grounds relating to your particular situation or if the reason for the objection is processing of the data for direct marketing purposes. In the latter case you have a general right to object, which we shall respect without the assertion that a particular situation exists.
If you wish to exercise your right to withdraw consent or to object, it is sufficient to send an email to firstname.lastname@example.org.
9. Data security
During your visit to the website we use the well-known SSL (Secure Socket Layer) system in conjunction with the highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we resort to 128-bit v3 technology instead. You can see whether an individual page of our website is encrypted from the closed image of the key or the lock symbol in the bottom status bar of your browser.
For the rest, also, we take suitable technical and organizational security measures in order to protect your data against chance or deliberate manipulation, partial or total loss, destruction, or unauthorized access by third parties. Our security measures are improved continuously to keep pace with technical developments.
10. Topicality and amendment of this Privacy Statement
This Privacy Statement is currently valid and has the status of May 2018.
The continued development of our website and the offers made, and also changes to legal or administrative regulations, may make it necessary to amend this Privacy Statement. You can access and print out the currently valid version of the Privacy Statement at any time from the website at www.herza.de.
1 For the legitimate use of Google Analytics, data protection authorities require the conclusion of a commissioned processing contract. Google offers a specimen contract at http://www.google.com/analytics/terms/de.pdf .