1. Purpose and scope
2. Data Controller
T: +49 89 324 939 210
F: +49 89 324 939 211
3. Data Protection Officer
Rechtsanwalt, Fachanwalt IT-Recht
All questions and suggestions related to data privacy can be addressed directly to our data protection officer.
4. Visiting our website
Every time you access our website, the data and information transmitted to us by your Internet browser will be automatically stored by our systems. In order for the website pages to be displayed in your browser, the IP address of the device you are using must be retrieved and stored. We also store additional information related to the browser in your end device.
We are legally obligated to ensure the confidentiality and integrity of the personal data that is stored and processed by our IT systems. This data is furthermore utilized for the purposes of resolving problems with our website.
The following data is collected for these purposes:
– IP address of the computer device
– Operating system used by the computer device
– Browser type and version
– Name of the file being retrieved
– Date and time of the retrieval
– Amount of data transmitted
– URL of the corresponding website or page
This data is deleted on a regular basis. Our website is hosted by a third-party provider in Europe through a processor agreement pursuant to Article 28 of the EU General Data Protection Regulation (hereafter referred to as “GDPR”).
We process this data pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is the operation of this website and the implementation of the protection measures designed to ensure the confidentiality, integrity and availability of the personal data.
5. Contact information and customer database
If you contact us to request information or services, the information you provide will be stored for the purpose of processing your request. The information you enter into the contact form is required in order to process your inquiry, to address you properly and to provide you an answer.
We analyze the CRM system on a regular basis to determine if data can be deleted. If specific data is no longer required for the purposes of maintaining a relationship with a customer or other interested party, or if a legitimate customer interest prevails, the data will be deleted, provided that we are not legally required to retain it.
We store and process personal data pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is to manage communications with our customers, interested parties and suppliers, manage our customer relationships and carry out direct marketing measures. If the objective of contacting FreshDetect GmbH is the execution of a contract, Art. 6 (1) lit. f) GDPR serves as an additional legal basis for the processing of your personal data.
6. Contractual services (customers and suppliers)
We process data from our customers and suppliers as part of delivering our contractual services. If required, we process user data (first and last name of the contact person, address), contact data (e-mail address, telephone number), contract data (objective of the agreement, duration), payment data, and other data that is needed in order to deliver the contractual services.
We store and process data for the fulfillment of a contract, or to complete pre-contract measures, pursuant to Art. 6 (1) lit. b) GDPR.
7.1 Registering for the newsletter
The newsletter can be cancelled at any time by using the unsubscribe link provided in each newsletter, or by contacting FreshDetect GmbH (for contact details please see Section 2).
We process data upon registration of the newsletter with your consent pursuant to Art. 6 (1) lit. f) GDPR.
7.2 Newsletter analysis
We may analyze our newsletter by using statistics drawn from user data. This includes collecting information such as whether the e-mail is opened, the internal clicks and other information regarding the time the e-mail was opened and the IP address. We use this information to measure the effectiveness of the newsletter campaign, to optimize the newsletter by designing the content to make it more relevant to our target groups, and to optimize the appearance from a technical standpoint.
This analysis is carried out pursuant to Art. 6 (1) f) GDPR. Our overriding, legitimate interest is the analysis and optimization of the communications with customers and other interested parties.
7.3 Newsletter provider
Cookies also contain information regarding the origin and storage period. However, this does not mean that we receive direct information regarding your identify.
We use so-called session cookies that are stored only for the duration of your website visit (such as for storing the contents of your shopping basket). Session cookies contain a randomly-generated, unique identification number, a so-called session ID. Session cookies are automatically deleted once you leave our website.
We also use temporary cookies (so-called first party cookies) that we store on your end device for a specific period of time. If you return to our website, we automatically detect that you are a return visitor and what information and settings you previously used, so that you don’t have to re-enter the information.
You can reject cookies used for the purposes of coverage analysis and advertising through the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/), the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
9. Web analytics
We use web analysis services on all or parts of our website to understand how users utilize our website, as well as to optimize the overall functionality and appearance.
We process data for web analysis purposes pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the analysis, optimization and cost-effective operation of our website and interaction with customers.
The use of Google Analytics involves the transmission of personal data to a third-party outside of Europe through a processing agreement pursuant to Article 28 of the GDPR. The third-party provider is in possession of a privacy shield certificate that can be downloaded here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate protections for data transmission are in place pursuant to Article 46 of the GDPR.
Videos embedded in our website are made available through a plug-in from YouTube, LLC in the United States (“YouTube”).
As a subsidiary of Google, YouTube is certified under the privacy shield agreement and therefore guarantees adherence to European data privacy regulations: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Data is processed in conjunction with the use of YouTube pursuant to Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the optimization and cost-effective operation of our website.
11. Google Maps
We use the Google Maps service from Google LLC in the United States on our website. Google Maps enables the display of interactive maps. When you access the subpages of websites that are using Google Maps, information about your use of our websites (such as your IP address) is transmitted to and stored by Google on servers in the United States.
When using Google Maps, personal data is transferred to a third party outside the EU. Google’s Privacy Shield certification is available at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate protections for data transmission are in place pursuant to Article 46 of the GDPR.
Data is processed with the use of web analytics pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is the analysis, optimization, and cost-effective operation of our website and interaction with customers.
In order to display the content of our websites in a correct and graphically appealing manner across all browsers, we use the Google Fonts library from Google LLC in the United States (https://www.google.com/webfonts/).
Google Fonts are transferred to your browser’s cache to avoid repeated downloads. If your browser does not support Google Fonts or does not allow access, content will be displayed in a default font.
When script or font libraries are accessed, a connection to the provider is automatically established. It is also possible that Google may collect your personal data, in particular, your IP address.
Google’s Privacy Shield certification is available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate protections for data transmission are in place pursuant to Article 46 of the GDPR.
We process data for these purposes pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is the analysis, optimization, and cost-effective operation of our website and interaction with customers.
In order to ensure the functionality of our website and to optimize page-loading times, we use the CloudFlare content delivery network from CloudFlare Inc., 101 Townsend St, 94107 San Francisco, in the United States (“CloudFlare”). It is possible that personal data is transmitted to CloudFare as part of this service.
Data is processed for the purposes of using CloudFare, including transmission of personal data to CloudFare, pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is to ensure we provide secure and efficient web services.
When using CloudFare, personal data is transferred to a third party outside the EU. CloudFare’s Privacy Shield certification is available at https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active. The appropriate protections for data transmission are in place pursuant to Article 46 of the GDPR.
14. Social media
Various social media links for YouTube, LinkedIn and Xing, are integrated into our websites, recognizable by their respective logos.
Clicking on one of these social media links, redirects you to our respective social media profile. In this case, the social media network provider will be informed that your browser has accessed the corresponding page of our websites, even if you do not have a profile on, or are logged-in to, that particular social media network. This information (including your IP address) is transmitted directly from your browser to a server operated by the respective social media network provider. If you click on a social media link and are either logged-in to the respective social media network or then log-in to the page of the respective social media network, the transmitted information can be linked to your social media account on that network.
We incorporate and use the social media links pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is in marketing our services and our website.
15. Social Media-Pages (“fan pages”)
We maintain public profiles on social media networks (“social media pages” or “fan pages”) such as YouTube, LinkedIn and Xing.
When you visit one of our social media pages and log-in to the respective network, the respective provider may analyze your user behavior, as well as link and expand the information that is collected, to your account with the social media network. Even if you are not logged-in to, or don’t even have an account with the respective social media network, it’s possible that the provider will collect your personal data, such as your IP address or data collected by a cookie.
The operators of these social media networks can use this data to create user profiles, which in turn can be used to show you advertisements on their own or other websites.
Upon request, we will provide you information regarding appropriate guarantees for the transmission of data to third-party countries pursuant to Article 46 of the GDPR at any time.
With respect to the personal data processed by our social media pages, you have certain rights pursuant to Chapter 3. of the GDPR (right to information, correction, deletion, access, portability) that you may assert through FreshDetect GmbH, as well as through the respective social media network provider. It should be noted that with respect to our social media pages, we can influence the processing of personal data and your rights only to the extent allowed by the respective social media network provider.
We process personal data for use on our social media pages pursuant to Art. 6 (1) lit. f) GDPR. Our overriding, legitimate interest is to present and market our products and services through the Internet.
16. Employment applications
We collect and process the personal data of employment applicants for the purpose of conducting the application process. If an applicant submits his or her application documents to us electronically, this processing is carried out electronically.
If we enter into an employment contract with an applicant, the data transmitted will be processed in compliance with the statutory provisions for the purpose of the employment relationship. If no employment contract is entered into with the applicant, the application documents will be deleted immediately after the application process has been completed, provided that deletion does not conflict with a prevailing legal interest, such as the defense against a claim or preservation of evidence pursuant to the General Act on Equal Treatment (Allgemeinen Gleichbehandlungsgesetz, AGG).
We process and store data in this context for the purposes of contract fulfillment or to carry out precontract measures pursuant to Art. 6 (1) b) GDPR.
17. Age restrictions
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about any person under the age of 16.
18. Receiving data
In order to carry out certain tasks, our company’s internal departments or organizational units may receive your data. This data may be used to fulfill contracts with you, to process data with your consent, or to safeguard our legal interests.
Data will be shared with third parties only within valid legal frameworks. We share your data with third parties only when necessary, such as for contractual purposes pursuant to Art. 6 (1) lit. f) GDPR, or to safeguard our legal interests pursuant to Article 6 (1) lit. f) GDPR in the effective execution of our business operations.
If we use service providers or third parties in order to make our websites and/or services available, we take appropriate legal precautions and technical and administrative measures to ensure the protection of your personal data.
If we use content or tools from service providers or third party providers within the scope of making our website and/or services available, and if the provider is located in a third country, data is transferred to a third country on a regular basis. Third countries are those in which the GDPR laws are not directly applicable, such as countries outside the EU or the European Economic Area. Data is transferred to third countries only when an appropriate level of data protection or consent or other legal permission — specifically, an applicable guarantee in accordance with Article 46 of the GDPR — is in place.
19. Your rights
You have the right to unrestricted access to information about your stored personal data—its origin, recipients, and the purpose of processing your data—and a right to correct, block, or delete this data. You also have the right to restrict and/or object to your personal data being processed.
You also have the right to have your data, which we process automatically, transferred to you or to a third party in a standard, machine-readable format.
You also have a right to lodge a complaint with the responsible data protection authority in the German state of Bavaria: Bayerische Landesamt für Datenschutzaufsicht (BayLDA) (https://www.lda.bayern.de/en/index.html/).
20. Revoking your consent
Some types of data processing are possible only with your express consent. You may revoke your consent at any time simply by sending us an informal e-mail. The legal basis for the processing of your data prior to the revocation of your consent remains unaffected.
21. Right to object
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA PURSUANT TO ARTICLE 21, PARAGRAPH 2 OF THE GDPR, AFTER WHICH WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES IRRESPECTIVE OF THE GROUNDS FOR OBJECTION.
22. Mandatory information
Providing personal data is neither required by law nor by contract, nor are you obligated to provide personal data. However, personal information is required for the fulfillment of a contract insofar as certain details are absolutely necessary in order to be able to fulfill a contract.
23. Automated decision making
We do not carry out automated decision making, including profiling.
24. Storage and deletion
We adhere to the principles of data avoidance and reduction. That means we store your personal data only for as long as is necessary to achieve the purposes stated here, or your personal data is retained for a period as stipulated in applicable laws.
If there is no longer a purpose for storing your personal data, or if a retention period stipulated by law expires, the personal data will be rendered inaccessible or deleted in accordance with applicable statutory provisions.
25. Technical and organizational measures
We employ suitable technical and organizational measures to protect your data against coincidental or intentional manipulation, partial or full loss, destruction or unauthorized access by third parties, and to ensure compliance with applicable data protection laws. Our security measures are constantly adapted to keep pace with the latest developments in technology.
Our websites use SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries, or payment data that you send to us.