Data protection

We are delighted that you are interested in our products and that you have visited this website. Data protection and data security for customers and users are a high priority for us. That is why the protection of your personal data throughout our entire business processes is very important and of particular concern to us.

As part of the ordering process, via the contact form for the purpose of establishing contact or for the purpose of subscribing to our newsletter free of charge, we may come into possession of personal data, which we will treat carefully in accordance with data protection laws.

The person responsible for data processing on this website is

European Catering Distributors
Netherland: Galvanistraat 12-2, 6716 AE Ede PO Box 385, 6710 BJ Ede
Germany: Sternstraße 106-108, D-20357 Hamburg
Chief Executives: Jos van Laarhoven, Ioannis Tsouloukidis

The following data protection declaration explains which information we collect during your visit to our website and how this information is used:

1. Collection and processing of personal data

"Personal data" is all information about specific or identifiable natural persons. A person who can be identified directly or indirectly is considered identifiable. This can even include an e-mail address.

In accordance with the legal requirement to minimise data, we aim to collect, process or use no or as little personal data as possible.

When you visit our websites, our web server temporarily records the domain name or IP address of the requesting computer as well as the access date, the client's file request (file name and URL), the HTTP response code and the website from which you are visiting us and the number of bytes transferred during the connection for the purpose of system security.

Additional personal data such as (your) name, (your) address, telephone number or email address are not recorded unless you provide this information voluntarily, e.g. as part of an online order for one of our products or for one of our services, contacting us via our contact form, a survey, a competition, an information request or for the purpose of subscribing to our free newsletter.

Personal data collected during a visit to our website is processed exclusively in accordance with the legal provisions of the General Data Protection Regulation of the Federal Data Protection Act and the Telemedia Act.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

2. Data collection on this website

2.1 Cookies

Our websites use so-called "cookies". Cookies are small text files and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies from third-party companies can also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are required to carry out the electronic communication process, to provide certain functions you require (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing will take place exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this data protection declaration and, if necessary, ask for your consent.

2.2 Consents with CCM19

Our website uses CCM19 to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn (hereinafter "CCM19").

When you enter our website, a connection is established to the CCM19 servers in order to obtain your consent and other declarations regarding the use of cookies. CCM19 then stores a cookie in your browser in order to be able to assign the consent granted or its revocation to you. The data collected in this way is stored until you ask us to delete it, delete the CCM19 cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.

CCM19 is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 Para. 1 Clause 1 Letter c GDPR.

Order processing

We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract required by data protection law, which guarantees that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

2.3 Server log data

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources. This data is recorded on the basis of Art. 6 Para. 1 Letter f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose the server log files must be recorded.

2.4 Cloudflare and Bunny.net CDN

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed through the Cloudflare network. This enables Cloudflare to analyze the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the Internet. Cloudflare can also use cookies or other technologies to recognize Internet users, but these are only used for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was requested.

Data transfer to the USA is based on the EU Commission's standard contractual clauses.

Details can be found here:
https://www.cloudflare.com/privacypolicy/.

Further information on security and data protection at Cloudflare can be found here:
https://www.cloudflare.com/privacypolicy/.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnZKAA0&status=Active.

Order processing

We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

We use the content delivery network Bunny.net. The provider is BunnyWay d.o.o., Dunajska cesta 165, 1000 Ljubljana, Slovenia (hereinafter "Bunny.net CDN").

Bunny.net CDN is a globally distributed content delivery network. Technically, the information transfer between your browser and our website is routed via the content delivery network. This enables us to increase the global accessibility and performance of our website. The CDN records the IP address, but this is anonymized. The CDN also records personal data when it is entered by the user themselves (e.g. by sending it via a contact form on the website).

The use of Bunny.net CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 Para. 1 lit. f GDPR). Further information about Bunny.net CDN can be found here: https://bunny.net/privacy/.

2.5 Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was requested.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

2.6 Inquiry by email, telephone or fax

If you contact us by email, telephone or fax, your inquiry, including all personal data resulting from it (name, inquiry), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was requested. The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

2.7 Registration on this website

You can register on this website to use additional functions on the site. We only use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.

For important changes, such as in the scope of the offer or in the case of technically necessary changes, we use the email address provided during registration to inform you in this way.

The data entered during registration is processed for the purpose of carrying out the user relationship established by the registration and, if necessary, to initiate further contracts (Art. 6 Para. 1 lit. b GDPR). The data collected during registration is stored by us as long as you are registered on this website and is then deleted. Statutory retention periods remain unaffected.

Registration with Facebook Connect

Instead of registering directly on this website, you can register with Facebook Connect. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

If you decide to register with Facebook Connect and click on the "Login with Facebook"/"Connect with Facebook" button, you will automatically be redirected to the Facebook platform. There you can log in with your usage data. This will link your Facebook profile to this website or our services. This link gives us access to the data you have stored on Facebook. This is primarily:

Facebook name
Facebook profile and cover photo
Facebook cover photo
Email address stored on Facebook
Facebook ID
Facebook friends lists
Facebook likes
Birthday, gender, country and language.
This data is used to set up, provide and personalize your account.

Registration with Facebook Connect and the associated data processing operations are based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time with effect for the future.

If personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent upon us jointly have been recorded in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert your rights as a data subject (e.g. requests for information) with regard to the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

You can find details here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://de-de.facebook.com/help/566994660333381 and
https://www.facebook.com/policy.php.

You can find further information in the Facebook Terms of Use and the Facebook Privacy Policy. These can be found at:

https://de-de.facebook.com/about/privacy/ and
https://de-de.facebook.com/legal/terms/.

he company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Activ

3. Analysis tools and advertising

3.1 Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that we can use to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated through it. However, the Google Tag Manager records your IP address, which can also be transferred to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

The company has a certification according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

3.2 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective device of the website visitor.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TDDDG. Consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information about how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics e-commerce measurement

This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors in order to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.

3.3 Google DoubleClick

This website uses functions from Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter "DoubleClick").

DoubleClick is used to show you interest-based advertisements across the entire Google advertising network. With the help of DoubleClick, the advertisements can be tailored to the interests of the respective viewer. For example, our advertising can be displayed in Google search results or in advertising banners that are linked to DoubleClick.

In order to be able to show users interest-based advertising, DoubleClick must be able to recognize the respective viewer and assign them the websites they have visited, clicks and other information about user behavior. To do this, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is summarized in a pseudonymous user profile in order to show the user interest-based advertising.

This service is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Consent can be revoked at any time.

For more information on how to object to the advertisements displayed by Google, please see the following links:
https://policies.google.com/technologies/ads and
https://adssettings.google.com/authenticated.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

3.4 Facebook Pixel

This website uses Facebook’s visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy. This enables Facebook to enable advertisements to be placed on Facebook pages and outside of Facebook. We as the site operator cannot influence this use of the data.

This service is used on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

You can also deactivate the "Custom Audiences" remarketing function in the advertising settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/

4. Plugins and tools

4.1 Google Maps

This site uses the Google Maps map service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google can use Google Web Fonts for the purpose of uniformly displaying the fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

Google Maps is used in the interest of an attractive presentation of our online offers and to make the locations we specify on the website easy to find. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

You can find more information on how user data is handled in Google's privacy policy: https://policies.google.com/privacy?hl=de.

The company has a certification according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

4.2 YouTube videos with enhanced data protection

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites on which YouTube is embedded, a connection is established to the YouTube servers. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in enhanced data protection mode. According to YouTube, videos played in enhanced data protection mode are not used to personalize surfing on YouTube. Ads played in enhanced data protection mode are also not personalized. No cookies are set in enhanced data protection mode. Instead, so-called local storage elements are stored in the user's browser, which, like cookies, contain personal data and can be used for recognition. Details on the extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.

After activating a YouTube video, further data processing operations may be triggered over which we have no influence.

YouTube is used in the interest of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

The company has a certification according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

4.3 Userlike

We use Userlike (hereinafter "Userlike") to process user inquiries via our support channels or via live chat systems. The provider is Userlike UG (limited liability), Probsteigasse 44 - 46, 50670 Cologne.

Messages that you send to us can be saved in the Userlike ticket system or answered by our employees in the live chat. If you communicate with us via Userlike, we and Userlike save, among other things, your name and email address, if you have provided them, and your chat history. Furthermore, the browser you use, your operating system, your IP address and your location are recorded. This data is summarized in a profile.

The messages addressed to us remain with us until you ask us to delete them or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular statutory retention periods - remain unaffected.

Userlike is used on the basis of Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in processing your requests as quickly, reliably and efficiently as possible. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Userlike is based in the European Union, but uses Amazon Web Services servers, so your data may also be transferred to the USA.

For more information, see Userlike's privacy policy: https://www.userlike.com/de/data-privacy and https://www.userlike.com/de/blog/live-chat-software-datenschutz-dsgvo.

Order processing

We have concluded a data processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law that guarantees that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

5. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we need an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. No other data is collected or is only collected on a voluntary basis. We use this data exclusively to send the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you have provided to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that we have stored for other purposes remains unaffected. After you have unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not time-limited. You can object to storage if your interests outweigh our legitimate interest.

5.1 MailChimp

This website uses the services of Mailchimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Mailchimp is a service that can be used, among other things, to organize and analyze the sending of newsletters. If you enter data for the purpose of subscribing to the newsletter (e.g. email address), this will be stored on Mailchimp's servers in the USA.

We can use Mailchimp to analyze our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (so-called web beacon) connects to Mailchimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

If you do not want an analysis by Mailchimp, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message for this purpose.

The data processing is carried out on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

After you unsubscribe from the newsletter mailing list, your email address may be stored in a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not time-limited. You can object to storage if your interests outweigh our legitimate interest.

For more information, see Mailchimp's privacy policy at: https://mailchimp.com/legal/terms/.

Order processing

6. Commenting via social networks

Our websites contain so-called "Share" buttons and links that allow you to share information from our websites with other users on social networks.

The corresponding functions of Facebook, Twitter and Google+ are only activated when you press the respective button on our site. By default, the corresponding functions are deactivated on our site.

If you use the commenting and forwarding functions offered on the social network pages, these networks will collect visitor data, over whose transmission, processing, storage and use we have no influence. You can avoid this by not using these functions.

7. Mobile apps

Our online offering also includes the "Service-Bund" and "Service-Bund Webshop" apps. As our customer, you can use our "Service-Bund Webshop" app to enter orders on the go and send them to your Service-Bund partner. The current version of the app includes a barcode scanner. Access to your device's camera is required for the barcode scanner to work. No images are saved or sent to us. Only the image section is used for barcode scanning. Without access to the camera, the scanner function is not available.

8. Purpose, use and disclosure of personal data

Your personal data will only be passed on or otherwise transmitted to third parties if you have given us your voluntary consent to do so or if this is necessary for the purpose of processing. Categories of possible recipients can be companies in the Service-Bund Group and, if applicable, contract processors with whom the corresponding contracts for order processing are then concluded.

If you have provided personal data as part of an online order for one of our products or for one of our services, the data protection conditions applicable within the framework of the respective product terms and conditions apply to their processing. Here you will also find the following information: categories of data processed, information on purposes and legal basis, information on the duration of storage.

Transmission to state institutions only takes place on the basis of and within the framework of mandatory legal regulations.

If the data processing is based on voluntary consent (e.g.: contacting us via our contact form, a survey, a competition, an information request or for the purpose of subscribing to our free newsletter), you can object to this at any time with effect for the future. In this case, we will delete your personal data immediately, unless contractual or legal obligations prevent this. Your personal data will only be stored for as long as the data is required to contact you, conduct the survey, process the competition or send the newsletter.

9. Additional data protection information for the application process

9.1 For what purposes and on what legal basis do we process personal data?

We process personal data about you for the purpose of your application for an employment relationship, insofar as this is necessary for the decision on establishing an employment relationship with us. The legal basis for this is Section 26 Paragraph 1 in conjunction with Paragraph 8 Sentence 2 of the Federal Data Protection Act (BDSG).

We can also process personal data about you to the extent that this is necessary to defend against legal claims asserted against us arising from the application process. The legal basis for this is Art. 6 Paragraph 1 Letter f of the GDPR; the legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

If an employment relationship arises between you and us, we can continue to process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 Paragraph 1 of the Federal Data Protection Act (BDSG) if this is necessary for the implementation or termination of the employment relationship. The same applies if your personal data is required to exercise or fulfill the rights and obligations of the employee representation arising from a law or a collective agreement, a works agreement or a service agreement (collective agreement).

9.2 What categories of personal data do we process?

We process data related to your application. This can be general data about you (such as name, address and contact details), information about your professional qualifications and school education or information about professional training or other information that you send us in connection with your application. In addition, we can process job-related information that you have made publicly available, such as a profile on professional social media networks.

9.3 What categories of data recipients are there?

We can transmit your personal data to companies in the Service-Bund Group that are affiliated with us, insofar as this is permissible within the scope of the purposes and legal bases set out. In addition, personal data is processed on our behalf on the basis of contracts in accordance with Art. 28 GDPR, in particular by host providers or providers of applicant management systems.

9.4 How long will your data be stored?

We store your personal data for as long as it is necessary to decide on your application. If an employment relationship between you and us does not come about, we can continue to store data insofar as this is necessary to defend against possible legal claims. The application documents will be deleted six months after the rejection decision is announced, unless longer storage is necessary due to legal disputes.

If you have given us voluntary consent for a longer storage period, e.g. with regard to considering your application for a later job advertisement, you can revoke this consent at any time. The revocation will then lead to the immediate deletion of your application data if the above-mentioned deadlines have expired, but at the latest when the deadlines mentioned have expired. In this case, your data will be processed on the basis of Art. 6 Paragraph 1 Letter a of GDPR

Please only use the application form offered on this website in our application portal to electronically submit your application so that the data protection requirements regarding your data can also be guaranteed within our company.

9.5 Provision of the recruiting system

By using the recruiting system, only the personal data that your browser sends to the server and that is technically necessary for the provision of the system is processed.

We work with the recruiting system of the company d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg (hereinafter "d.vinci") for the data storage, administration and processing of your data.

On behalf of Service-Bund GmbH & Co. KG, d.vinci hosts the recruiting system and carries out maintenance and care in individual cases. On our behalf, all personal data is stored or processed on a certified server of our service provider exclusively within Germany. The data processing agreement required under data protection law has been concluded with d.vinci. Further information on data processing by d.vinci can be found at https://www.dvinci.de/datenschutz/.

Every access to the recruiting system is stored in a log file (so-called log files). The following data is stored in this file as long as technically necessary:

- Information about the browser type and version used,

- the user's operating system,

- the IP address,

- the domain name of the Internet service provider,

- the date and time of access.

The data is stored centrally on d.vinci servers within Germany. d.vinci does not use the data independently or pass it on to third parties. This data is not stored together with other personal data of the applicant.

The legal basis for the temporary storage of the data is Art. 6 Para. 1 lit. f) GDPR. The temporary storage of the IP address by the system is necessary to enable the recruiting system to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. The additional information is required to make the recruiting system secure, to protect it from attacks and to ensure that it functions properly. These purposes constitute the legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f) GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the recruiting system, this is the case after the end of your respective session. Storage beyond this (max. six months) is possible in individual cases, if required by law. In this case, anonymization takes place in the form of the user's IP address being deleted or altered. It is no longer possible to identify the user who called up the data. The collection of data for provision and storage of data in log files is essential for the operation of the recruiting system. The applicant therefore has no option to object.

Cookies

Our recruiting system uses the following cookies to make the application process more user-friendly:

- JSESSIONID (validity period: session),

- Captcha (validity period: 1 day).

Some elements of the recruiting system require that the calling browser can be identified even after a page change (JSESSIONID). In addition, the Captcha cookie is used to check and prevent interactions on our recruiting system through automated access, e.g. by so-called bots. These purposes also constitute the legitimate interest in processing personal data in accordance with Art. 6 Para. 1 Clause 1 Letter f) GDPR.).

The following data is stored and transmitted in the cookies:

- Language settings,

- Allocation to the applicant position and company,

- Session information.

Cookies are stored on the user's device and transmitted from there to the recruiting system. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for the recruiting system, it may no longer be possible to use all of the website's functions to their full extent.

Profile transfer via XING or LinkedIn / upload CV via Dropbox

You have the option of transferring profile information from your XING or LinkedIn profile for the application or uploading your CV directly from Dropbox. If you make use of this option by clicking on the respective button in the application process, we will forward you to the respective provider and you will then be asked by the provider to register on the XING platform, an offer from Xing SE, Dammtorstr. 30, 20354 Hamburg, Germany (hereinafter "XING"), the LinkedIn platform, an offer from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn") or Dropbox, an offer from Dropbox International Unlimited Company, One Park Place, Floor 5, Upper Hatch Street, Dublin 2, Ireland (hereinafter "Dropbox").

The respective provider will then ask you to allow the Service-Bund Group to access your information from your XING / LinkedIn profile or to allow the upload of your CV stored on Dropbox. If you actively consent to the respective provider in accordance with Art. 6 Para. 1 lit. a) GDPR, the following data from your selected profile will be transferred to the recruiting system:

- Name

- Address

- Date of birth

- Telephone details

- Verified email address

- Profile picture

- Skills

- CV

- URL to XING profile / LinkedIn profile

XING, LinkedIn or Dropbox are responsible for this process and only the data protection regulations of XING apply: https://privacy.xing.com/de/datenschutzerklaerung, of LinkedIn: https://de.linkedin.com/legal/privacy-policy or Dropbox: https://www.dropbox.com/privacy.

We have no influence on the data and data processing operations collected by XING, LinkedIn or Dropbox, nor is the full extent of the data collection, the purposes of the processing, the storage periods and the storage location known. There is also no information on the deletion of the data collected by XING, LinkedIn or Dropbox.

The integration of the interfaces to the platforms serves to simplify the application process. For this purpose, the legitimate interest in data processing according to Art. 6 Para. 1 lit. f) GDPR as the legal basis for the profile transfer from XING or LinkedIn or the processing of the CVs uploaded by Dropbox. The forwarding to the respective platforms only takes place after you click on the respective button. The use of the offers is voluntary.

9.6 Use of the short video self-introduction function

As part of the application process, you have the opportunity to introduce yourself to us with a short video. For this purpose, we use the video recruitment technology of Cammio GmbH, Alexander Str. 1-5, D-10178 Berlin. We have concluded an order processing agreement with Cammio GmbH.

The use of the short video self-introduction function is voluntary and is based on Art. 6 Paragraph 1 Letter a of GDPR.

The short video self-introduction serves the purpose of allowing you to give us a first impression of you. Any further evaluation of the videos using technical means does not take place. Of course, you will not suffer any disadvantages in the application process if you do not want to use this function. The same deletion periods apply to the deletion of the short videos sent to us as for all other data that we become aware of during the application process.

9.7 Necessity of providing personal data

The provision of personal data is neither required by law nor by contract, nor are you obliged to provide the personal data. However, the provision of personal data is necessary for the conclusion of a contract for an employment relationship with us. This means that if you do not provide us with personal data when applying for a job, we will not enter into an employment relationship with you.

10. Rights of those affected

10.1 Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right to free information at any time about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction or deletion of this data. You can contact us at any time about this or if you have any further questions on the subject of personal data.

10.2 Right to restrict processing

You have the right to request that the processing of your personal data be restricted. You can contact us at any time about this. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data held by us, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.

If the processing of your personal data was/is occurring unlawfully, you can request that data processing be restricted instead of deletion.

If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion.

If you have lodged an objection in accordance with Article 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

10.3 Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

10.4 Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LITER. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE TERMS. THE APPLICABLE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN PROOF COMPULSORY REASONS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOM, OR THE PROCESSING IS USED TO ASSERT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ARTICLE 21 (2) GDPR).

10.5 Right to lodge a complaint with the responsible supervisory authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

11. Safety notice

We protect your data from unauthorized access, loss, manipulation or destruction using technical and organizational measures. Our security measures are constantly updated in line with technological developments. However, we cannot guarantee complete data security when communicating via email, so we recommend sending confidential information by post.