Data protection at a glance
1.2. Please note that the website www.geschwister-oetker.com may contain links that lead to websites which are not operated by us. Such websites are subject to separate “data privacy terms” and sole responsibility for the data-processing conducted on these websites is with the controller of these websites.
4.1. Personal data:
‘Personal data‘ means, as used in this Agreement, any information relating to an identified or identifiable natural person. This includes, for example, name, address, customer number, e-mail address, telephone number, IP address, machine and device data, location, usage and command data, contract data and all correspondence with data subjects (Art. 4 Nr. 1 GDPR).
4.2. Data subject:
‘Data subject’ is an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as an identification number, location data, an online identifier or to other factors specific to that natural person (Art. 4 Nr. 1 GDPR).
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 Nr. 2 GDPR).
4.4. Restriction of Processing:
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future (Art. 4 Nr. 3 GDPR).
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law (Art. 4 Nr. 7 GDPR).
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Art. 4 Nr. 8 GDPR).
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing (Art. 4 Nr. 9 GDPR).
4.8. Third party:
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data (Art. 4 Nr. 10 GDPR)
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (Art. 4 Nr. 11 GDPR).
5. Collection, Processing and Use of your Personal Data
Each time our website is accessed, certain usage data is transmitted through the respective internet browser and stored in log files, the so-called server log files. This concerns the following data:
· browser type and the browser version
· identification data of the operating system used;
· referrer URL
· host name of the accessing computer
· time and date when you accessed website
· IP-address of the accessing computer
The data are saved for 7 days. They are then deleted - subject to any statutory or official retention requirements. This data will not be merged with other data sources.
The legal basis for the collection, storage and use of these data is our legitimate interest in providing you with the information on our website without any impairment and in guaranteeing the necessary security (Art. 6 (1) Sentence 1, lit. f GDPR).
If you contact us by e-mail, telephone or post, we will collect, save and process your title, address, e-mail address, your surname and first name and the content of your message, depending on the transmission method. If you also voluntarily provide your address, telephone or fax number and other contact details, although this information is not required for the selected transmission route, we will also save and process this data.
The legal basis for the processing of your personal data is our legitimate interest in being able to communicate with you to answer your messages and to be able to answer your questions (Art. 6 (1) Sentence 1 lit. f GDPR).
After the communication with you has ended, this data will be – subject to mandatory statutory or official retention requirements or the lawfulness of the processing of the data on another legal basis – deleted. This happens after we have not communicated with you for one year.
6. Processing on Commission/Transfer of Data
6.1. Engagement of Processors
Without prejudice to other provisions, we reserve the right to transfer or disclose your data on the basis of the aforementioned legal grounds to third parties commissioned by us (so-called "processors") (e.g. in the context of IT support, hosting, file destruction, etc.). Data processing by a “processor” is always governed by a contract to ensure that the affected data is only used by the “processor” to fulfil the tasks specified by us and in compliance with the necessary technical and organizational measures for data security and data protection.
6.2. Transfer of data to third parties
Incidentally, your personal data will not be transmitted to third parties for purposes other than those listed below. We only pass on your personal data to third parties if
- you have insofar given your express consent to do so in accordance with Art. 6 (1) Sent.1 lit. a) GDPR.
- the data transfer is necessary in accordance with Art. 6 (1) Sent. 1 lit.f) GDPR due to a legitimate interest and there is no reason to assume that your interests outweigh fundamental rights or freedoms for the protection of your personal data.
- there is a legal obligation for us to transfer your data (Art. 6 (1) Sent. 1 lit. c) GDPR.
- the data transfer is necessary for the performance of a contract of which the data subject is party (Art. 6 (1) Sent. 1 lit. b) GDPR.
- the data transfer is necessary in order to protect the vital interest of the data subject or of another natural person (Art. 6 (1) Sent. 1 lit. d) GDPR.
- the data processing is necessary for the performance of a task carried out in the public interest (Art. 6 (1) Sent. 1 lit. e) GDPR.
7. Encryption / Data Security
7.1. SSL or TLS encryption:
SSL or TLS encryption: For security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the website operator, this site uses an SSL or a TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
We would like to point out that it is not possible to fully guarantee data security via email communication. For the transmission of confidential information, letter post or delivery by courier might be preferable.
In addition, we use all reasonable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties.
8. Erasure of Data / Restriction of Data Processing
In principle, your data will be erased if your consent has lapsed or if the data are no longer required for the purpose of the data processing and if there is no longer a legitimate interest in further storage and processing. If these data have to continue to be stored thereafter, however, due to existing statutory, official or contractual obligations (e.g. warranty, financial accounting), the data processing will be restricted by means of marking these data and making them unavailable.
9. Rights of the Data Subject
As the person affected by the data processing (data subject) you have the following rights:
Right of access (Art. 15 GDPR)
You have the right to obtain from us information on the personal data stored on you. This encompasses, in particular, information on the purposes of the processing, the categories of the processed personal data, the categories of recipients to whom your personal data have been or will be disclosed, the storage period, the existence of a right to rectification, or erasure or restriction of processing or to object to such processing, the existence of the right to lodge a complaint, where the data are not collected from you, information as to their source, and on the existence of automated decision-making, including profiling and, if applicable, meaningful information on the details thereof. Further, you have the right to receive a copy of your personal data undergoing processing by us.
Right to rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data and the right to have incomplete personal data completed.
Right to erasure “Right to be forgotten” (Art. 17 GDPR)
You have the right to obtain from us the erasure of your personal data subject to the statutory requirements. If the erasure is opposed by statutory or official retention obligations or to the extent that the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or of legal claims, the processing of the data shall be restricted (see below).
Right to restriction of processing (Art. 18 GDPR)
You have the right to obtain from us, subject to the statutory requirements, the restriction of the processing of your personal data, i.e. by marking the personal data and restricting the future processing thereof (blocking).
Right to data portability (Art. 20 GDPR)
You have the right to require of us, subject to the statutory requirements, that the personal data you provided be transmitted in a structured, commonly used and machine-readable format to you or to a controller named by you.
Right to object to direct marketing (Art. 21 GDPR)
You have the right to object at any time to the processing of your personal data for advertising purposes (“objection to advertising”).
Right to object to data processing in the event of the legal ground of “legitimate interest” (Art. 21 GDPR)
You have the right to object at any time to the processing of your data by us if this is based on the legal ground of “legitimate interest”. We will then discontinue processing the data unless we can demonstrate – in accordance with the statutory requirements – compelling legitimate grounds for the continued processing which override your interests.
Right to withdraw consent (Art. 7 (3) GDPR)
If you have given us your consent to the collection and processing of your data, you have the right to withdraw this consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of the processing of your data based on consent before its withdrawal. Please note that, if applicable, we can, despite your withdrawal of consent, continue to collect and process your data if this is permitted and necessary on the basis of another legal ground (e.g. to perform a contractual relationship which may exist with you, due to a legitimate interest or due to a legal obligation).
Right to lodge a complaint with the supervisory authority (Art. 77 GDPR)
You have the right to lodge a complaint with the competent supervisory authority if you consider that the processing of your personal data infringes applicable law. In this respect you have the possibility of lodging a complaint with the data protection authority responsible at your habitual residence or in your country, or with the data protection authority with responsibility for us.
10. Supervisory Authority
Die für uns zuständige Aufsichtsbehörde ist: Die Landesbeauftragte für den Datenschutz NRW, Kavalleriestr. 2-4, 40213 Düsseldorf (Tel.: 0211 / 38424-0; Fax: 0211 / 38424-999; E-Mail: firstname.lastname@example.org).
11. Duration and Changes of these Data Privacy Terms
These privacy terms are valid as per 01. November 2021.
It can become necessary to modify this Data Privacy Terms as a consequence of further developments of our website and offers or due to a change in statutory or official requirements.
The respective valid version of the Data Privacy Terms can be retrieved, stored and printed out from our website at: https://geschwister-oetker.com/privacy-policy .
Do you have any questions or suggestions? Feel free to contact us: