Data protection

1. Purpose and scope

We take your privacy and data security very seriously. This data privacy policy is intended to inform you about what type of personal data may collected, how it is processed and for what purposes. We always treat your data in accordance with the provisions of the law, as well as this data privacy policy.

2. Data Controller

FreshDetect GmbH
Kirchplatz 1
82049 Pullach
T: +49 89 324 939 210
F: +49 89 324 939 211
E:

3. Data Protection Officer

Christian Schmoll
Rechtsanwalt, Fachanwalt IT-Recht
Kaiserplatz 2
80803 München

All questions and suggestions related to data privacy can be addressed directly to our data protection officer.

4. Visiting our website

Every time you access our website, the data and information transmitted to us by your Internet browser will be automatically stored by our systems. In order for the website pages to be displayed in your browser, the IP address of the device you are using must be retrieved and stored. We also store additional information related to the browser in your end device.

We are legally obligated to ensure the confidentiality and integrity of the personal data that is stored and processed by our IT systems. This data is furthermore utilized for the purposes of resolving problems with our website.

The following data is collected for these purposes:
– IP address of the computer device
– Operating system used by the computer device
– Browser type and version
– Name of the file being retrieved
– Date and time of the retrieval
– Amount of data transmitted
– URL of the corresponding website or page

This data is deleted on a regular basis. Our website is hosted by a third-party provider in Europe through a processor agreement pursuant to Article 28 of the EU General Data Protection Regulation (hereafter referred to as “GDPR”).

We process this data pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is the operation of this website and the implementation of the protection measures designed to ensure the confidentiality, integrity and availability of the personal data.

5. Contact information and customer database

If you contact us to request information or services, the information you provide will be stored for the purpose of processing your request. The information you enter into the contact form is required in order to process your inquiry, to address you properly and to provide you an answer.
Inquiries and orders are stored in our CRM system. We may use this data for the purpose of direct advertising. However, you have the right to object to the use of your data for direct advertising purposes at any time. Further details regarding the right to object can be found in Section 21 (right to object) of this Privacy Policy.

We analyze the CRM system on a regular basis to determine if data can be deleted. If specific data is no longer required for the purposes of maintaining a relationship with a customer or other interested party, or if a legitimate customer interest prevails, the data will be deleted, provided that we are not legally required to retain it.

We store and process personal data pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is to manage communications with our customers, interested parties and suppliers, manage our customer relationships and carry out direct marketing measures. If the objective of contacting FreshDetect GmbH is the execution of a contract, Art. 6 (1) lit. f) GDPR serves as an additional legal basis for the processing of your personal data.

6. Contractual services (customers and suppliers)

We process data from our customers and suppliers as part of delivering our contractual services. If required, we process user data (first and last name of the contact person, address), contact data (e-mail address, telephone number), contract data (objective of the agreement, duration), payment data, and other data that is needed in order to deliver the contractual services.

We store and process data for the fulfillment of a contract, or to complete pre-contract measures, pursuant to Art. 6 (1) lit. b) GDPR.

7. Newsletter

7.1 Registering for the newsletter
You can use our website to register to receive our newsletter via e-mail. When registering, the data from the input screen, the IP address of the computer device and date and time of the registration, will be transferred to us. In order to process the data, your consent will be obtained as part of the registration, including a reference to this data privacy policy.

The newsletter can be cancelled at any time by using the unsubscribe link provided in each newsletter, or by contacting FreshDetect GmbH (for contact details please see Section 2).

We process data upon registration of the newsletter with your consent pursuant to Art. 6 (1) lit. f) GDPR.

7.2 Newsletter analysis
We may analyze our newsletter by using statistics drawn from user data. This includes collecting information such as whether the e-mail is opened, the internal clicks and other information regarding the time the e-mail was opened and the IP address. We use this information to measure the effectiveness of the newsletter campaign, to optimize the newsletter by designing the content to make it more relevant to our target groups, and to optimize the appearance from a technical standpoint.

This analysis is carried out pursuant to Art. 6 (1) f) GDPR. Our overriding, legitimate interest is the analysis and optimization of the communications with customers and other interested parties.

7.3 Newsletter provider
We use Newsletter2GO GmbH, a German-based service provider, for sending out and analyzing our newsletter. A data processing agreement pursuant to Art. 28 GDPR is in place. Further information regarding Newsletter2GO’s data protection and data privacy policy can be found at: https://www.newsletter2go.de/datenschutz-uebersicht/

8. Cookies

We use cookies so that you can utilize our website. Cookies are information that our web server, or third-party web servers, send to your browser where they are stored for retrieval at a later time. Cookies can be small data files or other types of information storage. Cookies contain information that is generated in connection with the specific device used in each case. Cookies contain a characteristic series of characters that makes it possible to uniquely identify the browser when the website is called-up again.

Cookies also contain information regarding the origin and storage period. However, this does not mean that we receive direct information regarding your identify.

We use cookies to improve the user-friendliness of our website.

We use so-called session cookies that are stored only for the duration of your website visit (such as for storing the contents of your shopping basket). Session cookies contain a randomly-generated, unique identification number, a so-called session ID. Session cookies are automatically deleted once you leave our website.

We also use temporary cookies (so-called first party cookies) that we store on your end device for a specific period of time. If you return to our website, we automatically detect that you are a return visitor and what information and settings you previously used, so that you don’t have to re-enter the information.

We also use cookies for other purposes, such as for web analyses and retargeting/remarketing. These cookies are also automatically deleted after a specified period of time. This utilization is explained in more detail below.

You have the option of rejecting the use of cookies through your browser settings. It should be noted however that without cookies, the use and convenience of our website is restricted. Cookies do not result in programs or other applications being installed or launched on your computer.

You can reject cookies used for the purposes of coverage analysis and advertising through the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/), the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

We use cookies for the processing of personal data pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is the operation, analysis and optimization of our website and interaction with customers.

9. Web analytics

We use web analysis services on all or parts of our website to understand how users utilize our website, as well as to optimize the overall functionality and appearance.

We process data for web analysis purposes pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the analysis, optimization and cost-effective operation of our website and interaction with customers.

We use Google Analytics with IP anonymization, a web analytics services operated by Google Inc. in the United States (“Google”). We use cookies in conjunction with Google Analytics. As part of the IP anonymization, Google shortens the user’s IP address within Europe before transmitting it to servers in the United States. Complete IP addresses are sent to Google in the United States where they are then shortened, on an exception basis only. The transmitted IP addresses are not merged with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings in your browser. You can also prevent the collection of data created by cookies, and through the use of the website (including your IP address), as well as prevent the processing of this data by Google, by downloading and installing a JavaScript browser add-on (http://tools.google.com/dlpage/gaoptout?hl=de), which notifies Google Analytics that no data or information regarding website visits may be transmitted to Google Analytics.

The use of Google Analytics involves the transmission of personal data to a third-party outside of Europe through a processing agreement pursuant to Article 28 of the GDPR. The third-party provider is in possession of a privacy shield certificate that can be downloaded here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate protections for data transmission are in place pursuant to Article 46 of the GDPR.

10. Videos

Videos embedded in our website are made available through a plug-in from YouTube, LLC in the United States (“YouTube”).

For these embedded YouTube videos, we use the “advanced data privacy settings,” which means that YouTube does not use cookies. When you visit a website with the YouTube plug-in however, it forces a connection to YouTube, including transmitting your IP address to YouTube. This information is also conveyed to YouTube when you launch a video by clicking on it. If you log-on to YouTube, the transmitted information can be linked to your account under certain circumstances.

Further information regarding YouTube’s privacy policy, plus the YouTube privacy and safety center, can be found here: https://support.google.com/youtube/topic/2803240?hl=de&ref_topic=6151248

As a subsidiary of Google, YouTube is certified under the privacy shield agreement and therefore guarantees adherence to European data privacy regulations: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Data is processed in conjunction with the use of YouTube pursuant to Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the optimization and cost-effective operation of our website.

11. Google Maps

We use the Google Maps service from Google LLC in the United States on our website. Google Maps enables the display of interactive maps. When you access the subpages of websites that are using Google Maps, information about your use of our websites (such as your IP address) is transmitted to and stored by Google on servers in the United States.

When using Google Maps, personal data is transferred to a third party outside the EU. Google’s Privacy Shield certification is available at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate protections for data transmission are in place pursuant to Article 46 of the GDPR.

For further information, please refer to Google’s privacy policy: https://www.google.com/policies/privacy

Data is processed with the use of web analytics pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is the analysis, optimization, and cost-effective operation of our website and interaction with customers.

12. Fonts

In order to display the content of our websites in a correct and graphically appealing manner across all browsers, we use the Google Fonts library from Google LLC in the United States (https://www.google.com/webfonts/).

Google Fonts are transferred to your browser’s cache to avoid repeated downloads. If your browser does not support Google Fonts or does not allow access, content will be displayed in a default font.

When script or font libraries are accessed, a connection to the provider is automatically established. It is also possible that Google may collect your personal data, in particular, your IP address.

You can prevent the use of such libraries and the associated data transfer by installing a JavaScript blocker from sites such as www.noscript.net.

For further information, please refer to Google’s privacy policy: https://www.google.com/policies/privacy.

Google’s Privacy Shield certification is available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate protections for data transmission are in place pursuant to Article 46 of the GDPR.

We process data for these purposes pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is the analysis, optimization, and cost-effective operation of our website and interaction with customers.

13. CloudFlare

In order to ensure the functionality of our website and to optimize page-loading times, we use the CloudFlare content delivery network from CloudFlare Inc., 101 Townsend St, 94107 San Francisco, in the United States (“CloudFlare”). It is possible that personal data is transmitted to CloudFare as part of this service.

Data is processed for the purposes of using CloudFare, including transmission of personal data to CloudFare, pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is to ensure we provide secure and efficient web services.

For further information, please refer to CloudFare’s privacy policy: https://www.cloudflare.com/security-policy.

When using CloudFare, personal data is transferred to a third party outside the EU. CloudFare’s Privacy Shield certification is available at https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active. The appropriate protections for data transmission are in place pursuant to Article 46 of the GDPR.

14. Social media

Various social media links for YouTube, LinkedIn and Xing, are integrated into our websites, recognizable by their respective logos.

Clicking on one of these social media links, redirects you to our respective social media profile. In this case, the social media network provider will be informed that your browser has accessed the corresponding page of our websites, even if you do not have a profile on, or are logged-in to, that particular social media network. This information (including your IP address) is transmitted directly from your browser to a server operated by the respective social media network provider. If you click on a social media link and are either logged-in to the respective social media network or then log-in to the page of the respective social media network, the transmitted information can be linked to your social media account on that network.

For information on the purpose and scope of data collection and processing by social media network providers, the provider identification, contact details, your rights and your options in configuring your privacy settings, please refer to the privacy policy of the respective social media network provider.

We incorporate and use the social media links pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is in marketing our services and our website.

15. Social Media-Pages (“fan pages”)

We maintain public profiles on social media networks (“social media pages” or “fan pages”) such as YouTube, LinkedIn and Xing.

When you visit one of our social media pages and log-in to the respective network, the respective provider may analyze your user behavior, as well as link and expand the information that is collected, to your account with the social media network. Even if you are not logged-in to, or don’t even have an account with the respective social media network, it’s possible that the provider will collect your personal data, such as your IP address or data collected by a cookie.

The operators of these social media networks can use this data to create user profiles, which in turn can be used to show you advertisements on their own or other websites.

When you visit one of our social media pages, we and the social media network are mutually responsible for the collection and processing of your personal data that occurs on the page. As we have no additional information regarding the privacy policy of the social media networks that we utilize, you can obtain this information directly:
YouTube: https://support.google.com/youtube/topic/2803240?hl=de&ref_topic=6151248
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Xing: https://www.xing.com/privacy

Upon request, we will provide you information regarding appropriate guarantees for the transmission of data to third-party countries pursuant to Article 46 of the GDPR at any time.

With respect to the personal data processed by our social media pages, you have certain rights pursuant to Chapter 3. of the GDPR (right to information, correction, deletion, access, portability) that you may assert through FreshDetect GmbH, as well as through the respective social media network provider. It should be noted that with respect to our social media pages, we can influence the processing of personal data and your rights only to the extent allowed by the respective social media network provider.

We process personal data for use on our social media pages pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is to present and market our products and services through the Internet.

16. Employment applications

We collect and process the personal data of employment applicants for the purpose of conducting the application process. If an applicant submits his or her application documents to us electronically, this processing is carried out electronically.

If we enter into an employment contract with an applicant, the data transmitted will be processed in compliance with the statutory provisions for the purpose of the employment relationship. If no employment contract is entered into with the applicant, the application documents will be deleted immediately after the application process has been completed, provided that deletion does not conflict with a prevailing legal interest, such as the defense against a claim or preservation of evidence pursuant to the General Act on Equal Treatment (Allgemeinen Gleichbehandlungsgesetz, AGG).

We process and store data in this context for the purposes of contract fulfillment or to carry out precontract measures pursuant to Art. 6 (1) b) GDPR.

17. Age restrictions

This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about any person under the age of 16.

18. Receiving data

In order to carry out certain tasks, our company’s internal departments or organizational units may receive your data. This data may be used to fulfill contracts with you, to process data with your consent, or to safeguard our legal interests.

Data will be shared with third parties only within valid legal frameworks. We share your data with third parties only when necessary, such as for contractual purposes pursuant to Art. 6 (1) lit. f) GDPR, or to safeguard our legal interests pursuant to Article 6 (1) lit. f) GDPR in the effective execution of our business operations.

If we use service providers or third parties in order to make our websites and/or services available, we take appropriate legal precautions and technical and administrative measures to ensure the protection of your personal data.

If we use content or tools from service providers or third party providers within the scope of making our website and/or services available, and if the provider is located in a third country, data is transferred to a third country on a regular basis. Third countries are those in which the GDPR laws are not directly applicable, such as countries outside the EU or the European Economic Area. Data is transferred to third countries only when an appropriate level of data protection or consent or other legal permission — specifically, an applicable guarantee in accordance with Article 46 of the GDPR — is in place.

It is possible that we may acquire or sell the company or parts of the company or individual assets. Personal data may be transferred in connection with such a sale, merger, reorganization, or similar event. In this case, your personal data will continue to be processed in accordance with this privacy policy. Such a transfer would be carried out pursuant to Art. 6 (1) f) GDPR. Our overriding, legitimate interest is the effective execution and further development of our business operations.

19. Your rights

You have the right to unrestricted access to information about your stored personal data—its origin, recipients, and the purpose of processing your data—and a right to correct, block, or delete this data. You also have the right to restrict and/or object to your personal data being processed.

You also have the right to have your data, which we process automatically, transferred to you or to a third party in a standard, machine-readable format.

To assert your rights, please contact the Responsible Authority using the contact details in Section 2. of this privacy policy.

You also have a right to lodge a complaint with the responsible data protection authority in the German state of Bavaria: Bayerische Landesamt für Datenschutzaufsicht (BayLDA) (https://www.lda.bayern.de/en/index.html/).

20. Revoking your consent

Some types of data processing are possible only with your express consent. You may revoke your consent at any time simply by sending us an informal e-mail. The legal basis for the processing of your data prior to the revocation of your consent remains unaffected.

21. Right to object

INSOFAR AS WE PROCESS YOUR DATA BASED ON OUR OVERRIDING LEGITIMATE INTERESTS, AS OUTLINED IN THIS PRIVACY POLICY, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING EFFECTIVE FOR THE FUTURE. TO ASSERT YOUR RIGHT TO OBJECT, PLEASE CONTACT THE RESPONSIBLE AUTHORITY USING THE CONTACT DETAILS PROVIDED IN SECTION 2. OF THIS PRIVACY POLICY. YOU ARE ENTITLED TO OBJECT ONLY FOR REASONS RELATED TO YOUR SPECIFIC SITUATION PURSUANT TO ARTICLE 21, PARAGRAPH 1 OF THE GDPR. ONCE YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN PROVIDE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING, WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA PURSUANT TO ARTICLE 21, PARAGRAPH 2 OF THE GDPR, AFTER WHICH WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES IRRESPECTIVE OF THE GROUNDS FOR OBJECTION.

22. Mandatory information

Providing personal data is neither required by law nor by contract, nor are you obligated to provide personal data. However, personal information is required for the fulfillment of a contract insofar as certain details are absolutely necessary in order to be able to fulfill a contract.

23. Automated decision making

We do not carry out automated decision making, including profiling.

24. Storage and deletion

We adhere to the principles of data avoidance and reduction. That means we store your personal data only for as long as is necessary to achieve the purposes stated here, or your personal data is retained for a period as stipulated in applicable laws.

If there is no longer a purpose for storing your personal data, or if a retention period stipulated by law expires, the personal data will be rendered inaccessible or deleted in accordance with applicable statutory provisions.

25. Technical and organizational measures

We employ suitable technical and organizational measures to protect your data against coincidental or intentional manipulation, partial or full loss, destruction or unauthorized access by third parties, and to ensure compliance with applicable data protection laws. Our security measures are constantly adapted to keep pace with the latest developments in technology.

Our websites use SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries, or payment data that you send to us.

26. Changes to this privacy policy

We reserve the right to revise this privacy policy because of changes or enhancements to our website and our services, or because of changing legal or regulatory requirements. If you visit our website after such changes have been implemented, the new privacy policy is effective.