The protection of your personal data is important to us, which is why we would like to provide you with information about contact options and the data concerned as simply and accurately as possible.
First of all, you will receive information below on how to contact our data protection officer as well as options for encrypted contact. We will then introduce you to the legal and technical terms that will be used in the following. You will then receive an overview of the rights of the data subject. You will then be informed about the data controller. Finally, the technologies used, services and our handling will be discussed
1 Contact to the data protection officer
If you have any questions or require information, you can contact our external data protection officer at any time:
Oliver Offenburger, M.Sc.
E-Mail: dataprotection@tannenhof-schinken.de
eye-i4 GmbH
Data protection department
Mönchweilerstraße 12
78048 Villingen-Schwenningen
Fon: 00497721 69724 00
Fax:00497721 69724 01
Web: https://eye-i4.de
Our preferred method of contact is by e-mail. However, you are also welcome to contact the data protection officer by post or telephone. If you wish to encrypt your e-mail to our data protection officer, we recommend that you read the following section.
Notes on inquiries:
If you send us an inquiry by e-mail during regular business hours, we will confirm receipt of your message on the same day. If you do not receive a confirmation, please contact us by telephone.
If you make a postal request, we will send you confirmation of receipt on the same day of delivery, but no later than one day after delivery. If you do not receive a confirmation, please contact us by telephone.
Please use the telephone number of our data protection partner, eye-i4 GmbH, to contact us directly by telephone.
1.1 Encryption of emails to our data protection officer
We are advocates of encrypted transmission by e-mail. We therefore offer you the option of encrypting your inquiries to the data protection officer to ensure confidentiality and integrity.
We use PGP for encryption. You can find information about free usage options and how to set this up on the website of our data protection partner, see the following link:
https://eye-i4.de/blog-kostenlose-pgp-verschluesselung.html
You can download our PGP key via the link below:
[Icon] [Link zu PGP-Schlüssel]
Should you require verification of the fingerprint, please contact our data protection partner, eye-i4 GmbH, by telephone.
If you have any further questions about encryption, please contact our data protection officer.
2 Terms in a legal context
Before we go on to discuss legal issues, we would first like to introduce you to the relevant terms:
2.1 EU-DSGVO (also called DSGVO)
The term EU GDPR (hereinafter also referred to as "GDPR") refers to the General Data Protection Regulation. This is a basic regulation of the European Union that regulates how personal data may be processed. For information, the legal text of the GDPR can be viewed via the following link:
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679
2.2 Person responsible
"Person responsible" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.3 Personal data and data subject
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.4 Processing
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.5 Restriction of processing
"Restriction of processing" means the marking of stored personal data with the aim of restricting its future processing.
2.6 Processor
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
2.7 Recipient
The "recipient" is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
2.8 Third party
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
2.9 Consent
"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.10 Violation of the protection of personal data
"Violation of the protection of personal data" means a breach of security leading to the destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
2.11 Health data
"Health data" means personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, and from which information about their health status is derived.
2.12 Company
"Company" means a natural or legal person that carries out an economic activity, regardless of its legal form, including partnerships or associations that regularly carry out an economic activity.
2.13 Supervisory authority
The "supervisory authority" shall be an independent public authority established by a Member State in accordance with Article 51.
2.14 Relevant and reasoned objection
"Relevant and reasoned objection" means an objection as to whether or not there is an infringement of this Regulation or whether the envisaged action against the controller or processor is in compliance with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data in the Union.
3 Terms in a technical context
Before we go into more detail on the technical aspects, we would first like to introduce you to the associated terms:
3.1 File system
The "file system" is any structured collection of personal data that is accessible according to certain criteria, regardless of whether this collection is managed centrally, decentrally or according to functional or geographical aspects.
3.2 Cookies
Cookies are text files that are stored on your end device by a website using your browser. These text files can be used to implement technical functions such as a shopping cart mechanism or to record your visitor behavior. For this purpose, the text files can be provided with identification features and additional information. You have the option of preventing the storage of cookies in the browser of your end device. If cookies are deactivated, there may be technical restrictions when using the website.
3.3 Server logs
Server logs are log files that are created by the web server and document access to a website. A variety of information can be collected in a log entry, such as the access time, the browser type, the IP address of the visitor, etc.
3.4 Referrer
The referrer refers to the website from which the person responsible was accessed. In the case of server logs, for example, the referrer can be read.
4 Rights of data subjects
The rights of data subjects arise from the DSGVO as well as from the respective national legal provisions on data protection. If you wish to assert your rights, please contact our data protection officer using the option described above. In the following, we would like to draw your attention to your rights arising from the DSGVO , in particular Chapter 3:
4.1 Information obligation
The data subject has the right to obtain information about the data subject's personal data stored if the data was collected from the data subject or if the data was not collected from the data subject. This is regulated in chapter Art. 13 and 14 DSGVO.
4.2 Right of information
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and further information in accordance with Art. 15 DSGVO.
4.3 Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4.4 Right of erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds pursuant to Art. 17 DSGVOapplies.
4.5 Right to restriction of processing
The data subject has the right to obtain from the controller restriction of processing where one of the conditions set out in Art. 18 DSGVO applies.
4.6 Duty to notify
The person responsible shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 (1) and Art. 18 DSGVOto each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The person responsible shall inform the data subject of these recipients if the data subject so requests.
4.7 Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
4.8 Right of objection
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
4.9 Complaint to the supervisory authority
In accordance with Art. 77 DSGVO , you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of the controller. Our competent supervisory authority is: State Commissioner for Data Protection and Freedom of Information, Stuttgart
5 Details of the responsible person
The person responsible according to Art. 24 DSGVOis listed below: Tannenhof Schwarzwälder Fleischwaren GmbH & Co. KG Gewerbestr. 4 78078 NiedereschachFurther information about the person responsible can be found in the Imprint.
6 Web technologies used
6.1 Encryption of the data transfer
We use the SSL procedure (Secure Socket Layer) to encrypt the transmission and request of data to our website. For this purpose, we use a 128-bit key with SHA256 hash. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
6.2 Server logs
If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO): - Anonymized IP address, - Date and time of the request, - Time zone difference to Greenwich Mean Time (GMT), - Content of the request (specific page), - Access status/HTTP status code, - Amount of data transferred in each case, - Website from which the request comes (referrer), - Browser, - Operating system and its interface, - Language and version of the browser software.
6.3 Cookies
Cookies are stored on your computer when you use our website. You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the functions of this website. This website uses the following types of cookies, the scope and function of which are explained below: - Transient cookies, - Persistent cookies.
6.3.1 Transient Cookies
Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
6.3.2 Persistente Cookies
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
6.4 Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=en.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are further processed in abbreviated form, thus excluding the possibility of personal references. If the data collected about you is personally identifiable, it is immediately excluded and the personal data is deleted immediately. We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f DS-GVO.
Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms of use:
www.google.com/analytics/terms/en.html
www.google.com/intl/de/analytics/learn/privacy.html
www.google.de/intl/de/policies/privacy.
You can prevent the use of Google Analytics by activating the opt-out: [Link].
6.5 Piwik
This website uses the web analysis service Piwik to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the use of Piwik is Art. 6 para. 1 sentence 1 lit. f GDPR. Cookies (see § 3 for more details) are stored on your computer for this analysis. The information collected in this way is stored by the controller exclusively on its server in [Germany]. You can stop the analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. You can prevent the storage of cookies by changing the settings in your browser. You can prevent the use of Piwik by unchecking the following box to activate the opt-out plug-in: [Piwik iFrame].
6.6 Google Maps
We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
7 Social Media
We currently use the following social media plug-ins: Facebook, Xing. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box above its initial letter or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offering. In addition, the data mentioned under § 3 of this declaration will be transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (for US providers in the USA). As the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the grayed-out box. We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider. The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. We offer you the opportunity to interact with the social networks and other users via the plug-ins so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR. Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy. Addresses of the respective plug-in providers and URL with their data protection notices: - Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. - Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; www.xing.com/privacy.
8 Youtube
We have integrated YouTube videos into our online offering, which are stored on www.youtube.com and can be played directly from our website. By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration is transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
9 Newsletter
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The only mandatory information for sending the newsletter is your e-mail address. [The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, [via this form on the website,] by e-mail to [Newsletter@example.com] or by sending a message to the contact details given in the imprint. We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data to the actions you take on our website. You can object to this tracking at any time by clicking on the separate link provided in every email or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.
10 Transfer to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if: - you have given your express consent in accordance with Art. 6 Para. 1 S1. lit a. DSGVO, - the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, - in the event that the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO there is a legal obligation, and - this is legally permissible and necessary for the processing of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b DSGVO.