Data privacy statement

1. Name and contact data of the person responsible for data processing and the company data protection officer.

This Privacy Statement applies to data processing by:

Party responsible:
HERZA Schokolade GmbH & Co. KG
Segeberger Chaussee 132
22850 Norderstedt, Germany
Email: data@herza.de
Telefon: +49 / (0) 40 / 500 176-0

The company data protection officer of Stern-Wywiol Gruppe can be contacted at the above address, Attn. Mr Sven Naucke, or at data@herza.de erreichbar.

2. Acquisition and storage of personal data and the nature and purpose of their use

a) During visits to our website

When you access our website www.stern-wywiol-gruppe.de, information is automatically sent to the server of our website by the browser used on your terminal. This information is stored temporarily in a so-called logfile. The following information is collected without your assistance and stored until it is automatically erased:

IP address of the enquiring computer;
Date and time of access;
Name and URL of the file requested;
Website from which access has taken place (referrer URL);
The browser used, and possibly the operating system of your computer and the name of your access provider.
We process the above data for the following purposes:

To ensure that the connection to our website can be established smoothly;
to ensure convenient use of our website;
To assess the security and stability of the system; 

For further administrative purposes.

The legal basis for processing the data is provided by Art. 6 Subparagraph 1 S. 1 Point f GDPR. Our legitimate interest follows from the listed purposes of data acquisition. In no case do we use the data acquired in order to draw conclusions concerning your person.

In addition, we use cookies and analysis services when our website is visited. You will find more detailed information on this under Sections 4 and 5 of this Privacy Statement.

b) When you register for our newsletter

If you have given your express consent pursuant to Art. 6 Subparagraph 1 S. 1 Point a GDPR, we will use your email address in order to send you our newsletter regularly. To receive the newsletter it is sufficient to state an email address.

Your registration can be cancelled at any time, for example by using a link at the end of each newsletter. Alternatively, you can also express your wish to cancel your registration at any time by sending an email to data@stern-wywiol-gruppe.de.

c) When using our contact form

If you have questions of any kind, we offer you the option of contacting us with the form provided on the website. It is necessary to state a valid email address so that we know who the enquiry has come from and in order to answer it. Any further information given is voluntary.

Data processing for the purpose of establishing contact with us takes place according to Art. 6 Subparagraph 1 S. 1 Point a GDPR on the basis of your consent, which is given voluntarily.

The personal data collected by us for the purpose of using the contact form are erased automatically when your enquiry has been handled.

3. Circulation of data

Your personal data will not be passed on to third parties except for the purposes listed below. We will only pass your personal data on to third parties if:

You have given us your express consent pursuant to Art. 6 Subparagraph 1 S. 1 Point a GDPR ;

Circulation is necessary pursuant to Art. 6 Subparagraph 1 S. 1 Point f GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest in the protection and non-circulation of your data;
Data have to be passed on in order to comply with a legal obligation pursuant to Art. 6 Subparagraph 1 S. 1 Point c GDPR;
It is legally permissible and necessary for performance of a contract with you pursuant to Art. 6 Subparagraph 1 S. 1 Point b GDPR.

4. Cookies

We use cookies on our website. Cookies are small text files created automatically by your browser and stored on your terminal (laptop, tablet, smartphone etc.) when you visit our website. Cookies do no damage to your terminal; they contain no viruses, trojans or other malicious software.

The cookie stores information generated in connection with the particular terminal used. However, that does not mean we acquire a direct knowledge of your identity.

Firstly, we use cookies to make the information offered by us easier for you to use. For example, we use “session cookies” in order to see that you have already visited certain pages of our website. These cookies are erased automatically when you leave our website.

We also use temporary cookies to optimize the user friendliness of our site; these are stored on your terminal for a certain specified time. If you visit our site again in order to make use of our services they recognize automatically that you have visited us before and know what entries and settings you have used, so that you do not have to enter them again.

Secondly, we use cookies in order to record the use of our website statistically and optimize our offer to you (see Section 5). These cookies enable us to see automatically, when you visit our site again, that you have visited us before. They are erased automatically after a certain defined time.

The data processed by cookies are necessary for the stated purpose of pursuing our legitimate interests and those of third parties pursuant to Art. 6 Subparagraph 1 S. 1 Point f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies can be stored on your computer or so that a warning always appears before a new cookie is set up. However, if you deactivate cookies completely you may not be able to use all the functions on our website.

5. Analysis tools

a) Tracking-Tools: The following tracking tools used by us are applied on the basis of Art. 6 Subparagraph 1 S. 1 Point f GDPR. By using these tracking tools we hope to ensure that our website is designed in keeping with users’ needs and in order to optimize it continuously. Secondly, we use the tracking tools to record the use of our website statistically and optimize our offer to you. These interests are to be deemed legitimate in the meaning of the above provision.

The different purposes of data processing and data categories can be seen from the relevant tracking tools.

i) Google Analytics¹

To permit design of the website in keeping with user needs and optimize it continuously, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google). In this connection, pseudonymized user profiles are created and cookies used (see Section 4). The information generated by the cookie about your use of this website, such as

browser type/version,
operating system used,
referrer URL (the site previously visited),
host name of the accessing computer (IP address),
time of the server enquiry,
is transferred to a Google server in the USA, where it is stored. The information is used to analyze use of the website, to compile reports on the website activities and to provide other services in connection with use of the website and the internet for the purposes of market research and suitable design of the internet sites. In some cases such information is communicated to third parties if this is required by law, or to the extent that third parties have been commissioned to process the data. On no account will your IP address be merged with other data collected by Google. The IP addresses are anonymized so that no assignment to specific persons is possible (IP masking).

You can prevent the installation of cookies by applying the relevant setting in your browser software. Please note, however, that in this case you may not be able to make full use of all the functions on this website.

Moreover, you can prevent Google from recording the data generated by the cookie on your use of the website (including your IP address), and also processing of these data by Google, by downloading and installing the browser add-on available under the following link: (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially with browsers on mobile terminals, you can also prevent recording by Google Analytics by clicking this link. This sets an opt-out cookie that prevents any future recording of your data when you visit this website. The opt-out cookie is only applicable to this browser and only to our website, and it is installed on your device. If you erase the cookies in this browser, you must set the opt-out cookie again.

You will find more information on data protection in connection with Google Analytics at Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

ii) Google Adwords Conversion Tracking

In order to record use of our website statistically and evaluate the information for optimizing the website for you, we also use Google Conversion Tracking. To permit this, Google AdWords sets a cookie on your computer (see Section 4) if you have reached our website through a Google advertisement.

These cookies lose their validity after 30 days and do not serve to permit personal identification. If the user visits certain pages of the website of the AdWords customer and the cookie has not yet expired, Google and the customer can see that the user has clicked the advertisement and been directed to this page.

Each AdWords customer is issued with a different cookie. This means that cookies cannot be traced via the websites of AdWords customers. The information acquired with the aid of conversion cookies is used to draw up conversion statistics for AdWords customers who have decided to use conversion tracking. The AdWords customers are informed of the total number of users who have clicked the advertisement and been directed to a site with a conversion tracking tag. However, they do not receive any information with which users can be identified personally.

If you do not wish to take part in the tracking system, you can reject the cookie required for this too – for instance with the browser setting that deactivates the installation of cookies in general. You can also deactivate cookies for conversion tracking by configuring your browser in such a way that cookies from the domain „www.googleadservices.com“ are blocked. You will find Google’s privacy policy on conversion tracking here (https://services.google.com/sitestats/de.html).

iii) Matomo

We use the open source software Matomo for analysis and statistical evaluation of use of the website. Cookies are used for this purpose (see Section 4). The information generated by the cookie on use of the website is transferred to our server and compiled in pseudonymous user profiles. The information is used for evaluating use of our website and enabling need-based design. The information is not passed on to third parties.

On no account will the IP address be merged with other data relating to the user. The IP addresses are anonymized so that no allocation to specific persons is possible (IP masking).

Your visit to this website is currently being recorded by Matomo Web Analytics. Click here (https://www.eff.org/issues/do-not-track)to prevent your visit from being recorded.

iiii) Google Maps

In the contact area of our website you have the possibility to call up the service “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The use of the link is voluntary. The data processed by Google may include, in particular, IP addresses and location data of users. The data may be processed in the USA. The use of Google Maps is in the interest of the visitor to find the location better. The legal bases are granted consent pursuant to Art. 6 para. 1 lit. a GDPR or legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information on the handling of user data can be found in Google’s privacy policy: https://www.google.com/policies/privacy/

6. Social Media Plug-ins

On the basis of Art. 6 Subparagraph 1 S. 1 Point f GDPR our website makes use of social plugins for the social networks Facebook, Twitter and Instagram in order to make our company better known through these media. The commercial purpose behind this is to be deemed a legitimate interest in the meaning of the GDPR. Responsibility for operation in compliance with the data protection laws lies with the provider concerned. These plugins are incorporated by us using the “two-click method” in order to protect visitors to our website to the fullest possible extent.

a) Facebook

Our website uses social media plugins from Facebook in order to personalize its use. For this we use the “LIKE” or “SHARE” button. This is an offer provided by Facebook.

When you call up a page of our website that contains a plugin of this kind, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transferred directly from Facebook to your browser, and from there it is incorporated into the website.

Through incorporation of the plugin, Facebook receives the information that your browser has called up this page of our website, even if you do not have a Facebook account or are not logged in to Facebook at the moment. This information (including your IP address) is transferred from your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example if you activate the “LIKE” or “SHARE” button, the corresponding information is also communicated directly to a Facebook server and stored there. Moreover, the information is published on Facebook and shown to your Facebook friends.

Facebook can use this information for the purpose of advertising, market research and user-friendly design of the Facebook sites. To do so, Facebook draws up user, interest and relationship profiles, for example in order to evaluate your use of our website in respect of the advertisements displayed to you by Facebook, to inform other Facebook users about your activities on our website or to perform other services in connection with the use of Facebook.

If you do not want Facebook to assign the data collected through our website to your Facebook account, you must log out of Facebook before visiting our website.

You will find information on the purpose and extent of data acquisition and further processing and use of the data by Facebook, on your rights in this connection and on possibilities of configuring your browser to protect your privacy, in Facebook’s privacy policy (https://www.facebook.com/about/privacy/).

b) LinkedIn

Social plugins (“plugins”) from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland are operated on our website.

These plugins are marked by a LinkedIn logo, for example in the form of the letters “IN” in white type.

When you access a page on our website that has such a plugin, your browser will connect directly to LinkedIn’s servers. The content of the plugin is sent by LinkedIn directly to your browser and incorporated into the page. This tells LinkedIn that your browser has accessed the respective page of our website, even if you don’t have a LinkedIn profile, or have one but are not logged in there.

This information (including your IP address) is sent by your browser directly to a LinkedIn server and stored there. If you’re logged onto LinkedIn, LinkedIn can associate your visit to our website directly with your LinkedIn account. When you interact with the plugins, for example by clicking the “LinkedIn” button, this information is likewise sent directly to a LinkedIn server and stored there.

The information is also published on your LinkedIn account and shown to your contacts there.

If you don’t want LinkedIn to associate data gathered by our website directly with your LinkedIn account, you’ll need to log off LinkedIn before visiting our website.

For more information, see the LinkedIn Privacy Policy (https://www.linkedin.com/legal/privacy-policy).

7. Rights of the data subject

You have the following rights:

Pursuant to Art. 15 GDPR you have the right to obtain information on the data concerning your person which are processed by us. In particular you can request information on the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification, erasure or restriction of processing of personal data or to object to such processing, the right to lodge a complaint, the right to know the source of the personal data if these have not been collected by us and the existence of automated decision-making, including profiling and, where appropriate, meaningful information on the details thereof.

Pursuant to Art. 16 GDPR you have the right to demand, without undue delay, the rectification of inaccurate personal data or completion of any incomplete personal data stored by us.

Pursuant to Art. 17 GDPR you have the right to obtain erasure of your personal data stored by us unless their processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims.

Pursuant to Art. 18 GDPR you have the right to obtain restriction of processing of your personal data if you contest the accuracy of the data, if the processing is unlawful and you oppose their erasure and we no longer need the data but you require them for the establishment, exercise or defence of legal claims and have objected to their processing pursuant to Art. 21 GDPR.

Pursuant to Art. 20 GDPR you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to have those data transmitted to another controller.

Pursuant to Art. 7 Subparagraph 3 GDPR you have the right to withdraw the consent given to us at any time. As a result, we shall in future no longer be permitted to continue processing the data for which this consent was originally given.

Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority. As a rule, you can lodge the complaint with the supervisory authority of your habitual place of residence, your place of work or the seat of our law firm.

8. Right to object

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Subparagraph 1 S. 1 Point f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to processing of your personal data on grounds relating to your particular situation or if the reason for the objection is processing of the data for direct marketing purposes. In the latter case you have a general right to object, which we shall respect without the assertion that a particular situation exists.

If you wish to exercise your right to withdraw consent or to object, it is sufficient to send an email to an data@herza.de.

9. Data security

During your visit to the website we use the well-known SSL (Secure Socket Layer) system in conjunction with the highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we resort to 128-bit v3 technology instead. You can see whether an individual page of our website is encrypted from the closed image of the key or the lock symbol in the bottom status bar of your browser.

For the rest, also, we take suitable technical and organizational security measures in order to protect your data against chance or deliberate manipulation, partial or total loss, destruction, or unauthorized access by third parties. Our security measures are improved continuously to keep pace with technical developments.

10. Topicality and amendment of this Privacy Statement

This Privacy Statement is currently valid and has the status of May 2018.

The continued development of our website and the offers made, and also changes to legal or administrative regulations, may make it necessary to amend this Privacy Statement. You can access and print out the currently valid version of the Privacy Statement at any time from the website at www.herza.de.

¹For the legitimate use of Google Analytics, data protection authorities require the conclusion of a commissioned processing contract. Google offers a specimen contract a https://www.google.com/analytics/terms/de.pdf.

Our website uses a service provided by Matelso GmbH, Stuttgart. When you call a number switched for us by Matelso, information about the call is transferred to a web analytics service we use (e.g. Google Analytics). Matelso also reads cookies set by our analytics service or other parameters of the website you visit, for example referrer, document path, remote user agent. The corresponding information is processed by Matelso according to our instructions and stored on servers in the EU. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Einwilligung erteilen
Wir nutzen Cookies, um Ihre Nutzererfahrung auf dieser Webseite zu verbessern. Sie können Einstellungen in Ihrem nutzen, um diese Cookies zu blockieren oder zu entfernen. Zudem nutzen wir Inhalte und Skripte von Drittanbietern, welche unter Umständen Tracking-Technologien verwenden. Sie können auf dieser Seite selektiv Ihr Einverständnis für die Nutzung solcher Einbindungen von Drittanbietern geben. Für vollständige Informationen zu Cookies, den Daten, die wir sammeln und wie wir diese verwenden, besuchen Sie bitte unsere Datenschutzerklärung.
Einwilligung für die Anzeige von Inhalten von - Youtube
Einwilligung für die Anzeige von Inhalten von - Vimeo
Google Maps
Einwilligung für die Anzeige von Inhalten von - Google
Einwilligung für die Anzeige von Inhalten von - Spotify
Sound Cloud
Einwilligung für die Anzeige von Inhalten von - Sound