We would like to explain to you below which data we – the company Küchenzauber, owner Dina Maier – collect, process and use, when and for what purpose. This will explain how our services work and how the protection of your personal data is ensured. We only collect, process and use personal data if you have consented to it or if the law permits it.


II. Responsible Parties
The responsible party within the meaning of data protection laws is:

Küchenzauber
Ms. Dina Maier
Tel: +49-7113002425
Fax: +49-7113002427
‍
Email: dina.maier@kuechenzauber.de

For general questions or suggestions regarding data protection, you can contact us at any time by phone at +49(0)711 3002425 or by e-mail at info@kuechenzauber.de.


‍III. Data collection on our website
1. Collection of personal data
When registering for our online shop, we collect the following personal data from you – and with your cooperation and consent:
Name
Company
Address
Email address
Phone number/Fax number
VAT ID no.

We process this information to identify you as part of pre-contractual measures, i.e., when you visit our online shop to browse our products. If you have already become our customer through an order, we process your data for the execution of the contract. The legal basis for this data processing is Art. 6 para. 1 sentence 1 b) GDPR. We only process further personal data if you consent to it (Art. 6 para. 1 sentence 1 a) GDPR), if we are legally obliged to do so (pursuant to Art. 6 para. 1 lit. c GDPR) or if it is in the public interest (pursuant to Art. 6 para. 1 lit. e GDPR) or if we have a legitimate interest in processing your data (Art. 6 para. 1 sentence 1 f) GDPR). A legitimate interest exists, for example, in replying to your order or e-mail.
‍
2. Data collection by our provider
The hosting services we use are for the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.
Here, we, or our hosting provider, process data and information from the computer system of the accessing computer for the purpose of creating visitor statistics about the use of our website and improving our website. The following data is collected:

- Name and URL of the retrieved file
- Date and time of retrieval
- Amount of data transferred
- Message about successful retrieval (HTTP response code)
- Browser type and browser version
- Operating system Referrer URL (i.e. the previously visited page)
- Websites accessed by the user's system via our website
- User's Internet Service Provider
- IP address and the requesting provider

3. Data collection by Webflow Inc.
Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103 (hereinafter "WebFlow") is a service provider for webshop systems. We have set up our webshop with WebFlow. We have concluded an agreement with WebFlow on the processing of your data in accordance with the standards that comply with the GDPR. Webflow processes personal data for the purpose of providing the services described and agreed in our service agreement with WebFlow. The customer himself controls which data he transmits to the services. As a rule, this will be the data we collect for the fulfillment of contractual obligations (pursuant to Art. 6 para. 1 lit. b GDPR) (see section IV.1 below). Further details can be found in the WebFlow Data Processing Agreement.
‍
‍4. Google Analytics and Google Optimize
Google Analytics is a web analytics service and Google Optimize is a web analytics and optimization service of Google LLC. (USA). The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics and Google Optimize use so-called "cookies", text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

If you have given your consent, Google Analytics and Google Optimize will be used on this website.

Scope of processing
Google Analytics, like Google Optimize, uses cookies that enable an analysis of your use of our websites. The information collected by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google has submitted to and certified under the Privacy Shield Agreement concluded between the European Union and the USA. Google thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
‍
Due to the ECJ's decision of 16.07.2020 (ref.: C-311/18), the EU-US Privacy Shield agreement is no longer sufficient to ensure adequate data protection when using Google services. With regard to the Google Analytics and Google Optimize services we use, Google has now supplemented its contractual terms with standard contractual clauses that ensure that the requirements of the GDPR and the ECJ are met.
‍
5. Facebook Like Button
This website uses Facebook Social Plugins, which are operated by Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). The integrations can be recognized by the Facebook logo or by the terms "Like", "Gefällt mir", "Share" in Facebook's colors (blue and white). Information on all Facebook plugins can be found at the following link: https://developers.facebook.com/docs/plugins/

The plugins are only activated when you click on the corresponding buttons. If these are displayed in gray, the plugins are inactive. You have the option to activate the plugins once or permanently.

The plugins establish a direct connection between your browser and the Facebook servers. This only happens after the plugin has been activated. The website operator has no influence whatsoever on the nature and scope of the data that the plugin transmits to the servers of Facebook Inc. Information on this can be found here: https://www.facebook.com/help/186325668085084

The plugin informs Facebook Inc. that you as a user have visited this website. It is possible that your IP address will be stored. If you are logged into your Facebook account while visiting this website, the information mentioned will be linked to it.

If you use the functions of the plugin - for example, by sharing a post or "liking" it - the corresponding information will also be transmitted to Facebook Inc.

6. Facebook Button
‍6.1. Our Facebook page.
By clicking on the Facebook button on our website, you will be redirected to our Facebook page. We are pleased about your visit and inform you below about how personal data is processed in connection with visiting or interacting with our Facebook page or its content.
‍
6.2. Responsible party for the storage of personal data.
Insofar as personal data is processed in connection with our Facebook page and Facebook alone decides on the purposes and means of processing, Facebook Ireland Limited (hereinafter "Facebook Ireland"), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is solely responsible for the processing.

Insofar as personal data is processed by Facebook Ireland and us in connection with our Facebook page or its content and we contribute to the decision on the purposes and means of this processing, Facebook Ireland and we are jointly responsible for the processing within the meaning of Art. 26 Para. 1 Sentence 1 GDPR and in accordance with the decision of the European Court of Justice of 5 June 2018.

We assume that the scope of joint responsibility extends exclusively to the processing of so-called "Insights data". Insights data are personal data under the GDPR that are collected and processed in connection with a visit to or an interaction of persons with a page and its content, insofar as this

- is under the influence and control of the page owner
- for the purpose of generating and evaluating "Page Insights"

occurs.

Page Insights are statistics that Facebook Ireland provides to us (hereinafter "Page Statistics").

In the Page Insights supplement regarding the controller (hereinafter "Agreement regarding the Controller") within the meaning of Art. 26 Para. 1 Sentence 2 GDPR, we and Facebook Ireland have stipulated that Facebook Ireland assumes primary responsibility for fulfilling all obligations and, in particular, for exercising the rights of the data subjects in accordance with the GDPR with regard to the processing of Insights data. The Agreement regarding the Controller supplements the Policies for Pages, Groups and Events and the Terms of Use that we have agreed to in the operation of our Facebook page. We implicitly agree to the Agreement regarding the Controller by operating our Facebook page.

6.3. Information on data processing by Facebook Ireland.
Facebook Ireland's data policy lists the categories of personal data that are processed when using Facebook products (see I. there), generally describes the purposes for which this data is used (see II. there) and lists the categories of recipients to whom this data may be made accessible (see III., IV. and VIII. there). Under the linked data policy, you will also find information about the legal basis for the processing of this data (see V. there) and information on how you can revoke a given consent regarding the processing of personal data. Further information on the respective legal basis can be found here. In the data policy, you will find information on how you can exercise your rights to information, rectification, portability and erasure vis-à-vis Facebook Ireland (see VI. there). Under this point, you will also find information on your right to object to certain processing of personal data. Further information on the right to object can be found in this help article. The data policy also contains information on the duration for which personal data is stored and information on the criteria for determining this duration (see VII. there). The data policy refers to Facebook Ireland's intention to transmit data to third countries, if necessary, on the basis of adequacy decisions issued by the European Commission (see IX. there). The US company Facebook Inc., to which Facebook Ireland belongs, is certified under the EU-US Privacy Shield. You can view the status of this certification here.

6.4. Information on the use of cookies by Facebook Ireland.
If you visit our Facebook page and your browser allows the storage of cookies, Facebook Ireland stores information in the form of small text files in your browser's memory (hereinafter "cookies") and can access this information when you visit the Facebook platform or a website that integrates Facebook technologies. Further information on the purpose of the cookies used, on the integration of these cookies by other websites and on your control options in this regard can be found in Facebook Ireland's Cookie Policy. A detailed overview of the cookies used by Facebook Ireland is available in the linked Cookie Policy by clicking on the "Cookies" link under "Why do we use cookies?".

We would like to point out that Facebook Ireland is able to track your user behavior (across devices for logged-in users) beyond the Facebook platform on other websites using the cookies used. This applies to both registered and unregistered persons on the Facebook platform. In particular, information about you is transmitted to Facebook Ireland when you visit websites that integrate a "Like" button.

We would also like to point out that we have no influence on the data processing carried out by Facebook Ireland in connection with cookies. Visiting our Facebook page is also possible if you configure your browser so that no cookies from the Facebook platform are stored. Information on how to adjust the cookie settings in your browser can usually be found in the help section of the browser you are using.

If you are registered or logged in to the Facebook platform and want to prevent Facebook Ireland from linking your visit to our Facebook page to your user account, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies on your device, and close and restart your browser.

Facebook Ireland has assured us that no personal data that is directly generated from cookie information is used for the page statistics we use.

6.5. Data processing during interactions on our Facebook page.
Our Facebook page offers you the opportunity to react to our posts, comment on them, create a post yourself and send us private messages. Please check carefully which personal data you share with us via Facebook. If you want to prevent Facebook from processing personal data transmitted by you to us, please contact us by other means.

6.5.1. Scope of data processing.
In addition to the content you submit, we have access to information about your profile, your likes, and your posts, depending on your privacy settings. You can find out how to change your privacy settings in this help article.

6.5.2. Legal basis for data processing.
The processing of your data when you contact or interact with our page or its content is carried out by us on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

6.5.3. Purpose of data processing. We process the data provided by you in this context and, if applicable, accessible to us, in order to protect our overriding legitimate interests in communicating with customers and interested parties within the scope of a balancing of interests. Our interest lies in offering you a platform on which we can display current information and with the help of which you can address your concerns to us and we can respond to your concerns as quickly as possible.

This also includes our legitimate interests in data processing according to Art. 6 Abs. 1 S. 1 lit. f GDPR.

6.5.4. Duration of data storage.
Your data will be deleted as far as possible when our Facebook page ceases operation. If Facebook Ireland stores this data for a longer period, this is exclusively subject to the provisions in their data policy and terms of use.

6.6. Data processing for statistical purposes.
For our Facebook page, we use page statistics provided by Facebook Ireland, which provide us with insights into the visitors of our Facebook page and their interactions with our Facebook page and its content.

6.6.1. Contribution to the decision on the means and purposes of processing.
We have no influence on the creation of page statistics and cannot prevent their generation when operating our Facebook page. In particular, we do not parameterize or otherwise instruct Facebook Ireland to process personal data for the creation of page statistics in a specific way. In the agreement regarding the controller, it was determined that only Facebook Ireland can make and implement decisions regarding the processing of Insights data. Our contribution to the decision on the means and purposes of processing Insights data is therefore limited to the goals of controlling or promoting our activities in connection with the operation of our Facebook page, for which purpose we can evaluate the page statistics provided to us by Facebook Ireland and based on Insights data.

6.6.2. Scope of data processing.
Facebook Ireland explains in the information on Page Insights data which data is used for the creation of the page statistics we use. In principle, this data is only provided to us in anonymized form. However, if you have set your "Likes" for pages to public, we may be able to assign this information to your profile. On the basis of the aforementioned Insights data, Facebook Ireland provides us with page statistics. The exact content of the page statistics and the views available can be found in the explanations on the page statistics. According to Facebook Ireland, a change in the views listed there does not lead to additional data processing. We only use the page statistics within the scope of the functions provided to us by Facebook Ireland and available to us as described above. There is no transfer or other further processing of this data.
Facebook Ireland has informed us that page statistics do not show information about people who are not registered or logged in to the Facebook platform.

6.6.3. Legal basis for data processing.
We assume that the processing of Insights data by Facebook Ireland for the provision of the page statistics used by us takes place within the framework of the fulfillment of contractual services in connection with the contract concluded between Facebook Ireland and the data subject regarding the terms of use of the Facebook platform in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In the case of persons with limited legal capacity, we assume that Facebook Ireland may carry out the processing to protect a legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. An overview of the interests cited by Facebook Ireland in this context and further information on their legal bases can be found here.

We process the page statistics provided to us and the Insights data collected under joint responsibility for their creation to protect our overriding legitimate interests in improving our information offering within the scope of a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. For the Insights data processed under joint responsibility, only data of persons who have agreed to the terms of use and the data policy of Facebook Ireland during their registration on the Facebook platform are processed. Facebook Ireland's data policy refers to the intention of this processing under the point "Partners who use our analytics services".

6.6.4. Purpose of data processing.
The purpose of processing the Insights data collected under joint responsibility is the creation of page statistics. These page statistics may be evaluated by us to understand how visitors interact with our Facebook page and thus serve to improve the information offered to visitors of our Facebook page. We use page statistics to understand trends. We do not use page statistics to draw conclusions about individual persons.

These purposes also represent our legitimate interest in data processing according to Art. 6 Abs. 1 S. 1 lit. f GDPR.

5.6.5. Duration of data storage. The page statistics we use include Insights data for a period of two years and are not further processed by us thereafter. If Facebook Ireland stores this data for a longer period, this is exclusively governed by the provisions in their data policy and terms of use.

‍7. Instagram button
‍7.1. Our Instagram page.
By clicking on the Instagram button on our website, you will be redirected to our Instagram page. We are pleased about your visit and inform you below about how personal data is processed in connection with visiting or interacting with our Instagram page or its content. Instagram is an online photo and video sharing service belonging to Facebook.

7.2. Responsible party for the storage of personal data.
Insofar as personal data is processed in connection with our Instagram page and Facebook alone decides on the purposes and means of processing, Facebook Ireland Limited (hereinafter "Facebook Ireland"), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is solely responsible for the processing.

7.3. The Instagram Privacy Policy lists the categories of personal data that are processed when using Facebook products (see I. there), generally describes the purposes for which this data is used (see II. there) and lists the categories of recipients to whom this data may be made accessible (see III., IV. there). Under the linked data policy, you will also find information about the legal basis for the processing of this data (see V. there) and information on how you can revoke a given consent regarding the processing of personal data. Further information on the respective legal basis can be found here. In the privacy policy, you will also find information on how you can exercise your rights to information, rectification, portability and erasure vis-à-vis Facebook Ireland (see VI. there). Under this point, you will also find information on your right to object to certain processing of personal data. Further information on your control options can be found in this help article. The privacy policy also contains information on the duration for which personal data is stored and information on the criteria for determining this duration and the possibility of blocking or deleting Instagram accounts (see VII. there). The privacy policy refers to Facebook Ireland's intention to transmit data to third countries, if necessary, on the basis of adequacy decisions issued by the European Commission (see IX. there). The US company Facebook Inc., to which Facebook Ireland belongs, is certified under the EU-US Privacy Shield. You can view the status of this certification here.

7.4. Information on the use of cookies by Facebook Ireland.
If you visit our Instagram page and your browser allows the storage of cookies, Facebook Ireland stores information in the form of small text files in your browser's memory ("cookies") and can access this information when you visit the Facebook platform or a website that integrates Facebook technologies. Further information on the purpose of the cookies used, on the integration of these cookies by other websites and on your control options in this regard can be found in the information on Instagram cookies.

We would like to point out that Facebook Ireland is able to track your user behavior (across devices for logged-in users) beyond the Instagram platform on other websites using the cookies used. This applies to both registered and unregistered persons on the Instagram platform.

We would also like to point out that we have no influence on the data processing carried out by Facebook Ireland in connection with cookies. Visiting our Instagram page is also possible if you configure your browser so that no cookies from the Facebook platform are stored. Information on how to adjust the cookie settings in your browser can usually be found in the help section of the browser you are using.

If you are registered or logged in to the Instagram or Facebook platform and want to prevent Facebook Ireland from linking your visit to our Facebook page to your Instagram or Facebook user account, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies on your device, and close and restart your browser.

7.5. Data processing during interactions on our Instagram page. Our Instagram page offers you the opportunity to react to our posts, comment on them and send us private messages. Please check carefully which personal data you share with us via our Instagram page. If you want to prevent Facebook from processing personal data transmitted by you to us, please contact us by other means.

In addition to the content you submit, information about your profile, your likes, and your posts is visible to us, depending on your privacy settings. You can find out how to change your privacy settings in this help article.

The processing of your data when you contact or interact with our page or its content is carried out by us on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in responding to your request. If your contact aims at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

We process the data provided by you in this context and, if applicable, accessible to us, in order to protect our overriding legitimate interests in contacting and communicating with our interested parties within the scope of a balancing of interests. This also includes our legitimate interests in data processing according to Art. 6 Abs. 1 S. 1 lit. f GDPR.

Your data will be deleted as far as possible when our Instagram page ceases operation. If Facebook Ireland stores this data for a longer period, this is exclusively subject to the provisions in the Instagram Privacy Policy and Instagram Terms of Use.

7.6. Processing of anonymized data for statistical purposes.
We have set up our Instagram page as a business profile and use anonymized page statistics ("Instagram Insights") provided by Facebook Ireland, which provide us with insights into the visitors of our Instagram page and their interactions with our Instagram page and its content. We do not contribute to the decision on the means and purposes of processing event data that serve to create page statistics. The statistics include the following information:

- Reach, page views, dwell time for video posts
- Interactions such as liking, commenting or sharing posts
- Demographic information on age, gender and location

We use this data to identify trends. We cannot trace these events back to individual persons.

8. Cookies‍

9. Newsletter‍‍
On our website, users are given the opportunity to subscribe to our company's newsletter. Which personal data is transmitted to the controller when ordering the newsletter results from the input mask used for this purpose.

We inform our customers about our offers at regular intervals by means of a newsletter. The newsletter can generally only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers for newsletter dispatch. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by a data subject for the first time for newsletter dispatch using the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address as the data subject has authorized the receipt of the newsletter.

When registering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration, as assigned by the Internet service provider (ISP), as well as the date and time of registration. The collection of this data is necessary to trace the (possible) misuse of a data subject's e-mail address at a later date and therefore serves to legally protect the controller.

The personal data collected during registration for the newsletter will be used exclusively for sending our newsletter. Furthermore, newsletter subscribers could be informed by e-mail if this is necessary for the operation of the newsletter service or a registration in this regard, as could be the case in the event of changes to the newsletter offer or changes in technical conditions. No personal data collected within the scope of the newsletter service will be passed on to third parties. The subscription to our newsletter can be canceled by the data subject at any time. The consent to the storage of personal data that the data subject has given us for newsletter dispatch can be revoked at any time. A corresponding link for the purpose of revoking consent can be found in each newsletter. Furthermore, it is possible to unsubscribe from the newsletter dispatch directly on the website of the controller at any time or to inform the controller of this by other means.


‍IV. Collection, processing and use of personal data in other contexts, in particular in connection with the initiation and execution of an order
The personal data provided by you will be processed by us in accordance with the provisions of the European Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) in the following cases:
‍
‍1. For the fulfillment of contractual obligations (pursuant to Art. 6 para. 1 lit. b GDPR)
In this case, we collect, store, modify or transmit personal data or use it as a means to fulfill our own business purposes, if this is necessary for the establishment, execution or termination of a legal or similar obligation. This includes:

- First name, last name
- Email address(es)
- Postal address/invoice address
- Phone number(s),
- Fax number(s)
- Your bank details
- Your request
- Documents submitted by you that contain personal and company-related data
- VAT ID no.

We collect, process and use this data to contact you and to be able to examine your request for acceptance of an order.

In the context of pre-contractual measures (e.g. master data collection), the provision of your personal data is necessary. If the requested data is not provided by you, a contract cannot be concluded.

Furthermore, the data is collected

- to be able to identify you as our customer;
- to be able to advise you appropriately;
- for correspondence with you;
- for invoicing;
- for the processing of any existing liability claims and the assertion of any claims against you;

To provide our services, it may also be necessary to process personal data that we have lawfully received from other companies or other third parties, e.g. tax authorities, your business partners, etc., for the respective purpose.
‍
‍2. Due to legal requirements (pursuant to Art. 6 para. 1 lit. c GDPR) or in the public interest (pursuant to Art. 6 para. 1 lit. e GDPR)
In this case, the purposes of data processing arise from legal requirements or are in the public interest (e.g. compliance with retention obligations, proof of compliance with notification and information obligations).
‍
‍3. Due to consent (pursuant to Art. 6 para. 1 lit. a GDPR)
In this case, the purposes of processing personal data arise from the granting of consent. Consent given can be revoked by you at any time with effect for the future. Consent given before the GDPR came into force (May 25, 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation. Example: Sending a newsletter, passing on data provided by you to third parties at your request (e.g. supplier, your customer, etc.).
‍
‍4. In the context of balancing interests (pursuant to Art. 6 para. 1 lit. f GDPR)
The purposes of processing arise here from the protection of our legitimate interests. It may be necessary to process the data provided by you beyond the actual fulfillment of the contract. Our legitimate interest can be used to justify the further processing of the data provided by you, provided that your interests or fundamental rights and freedoms do not outweigh them. Our legitimate interest can be, in individual cases: assertion of legal claims, defense against liability claims, prevention of criminal offenses.


‍V. No automated decision-making
For the establishment and execution of customer or supplier relationships, we do not use fully automated decision-making in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, if required by law.


VI. Transfer of personal data within our company and to third parties
Within our company, those persons who need it to fulfill contractual and legal obligations and who are authorized to process this data receive access to the personal data provided by you. In fulfillment of the contract concluded with you, only those bodies that require it for legal reasons, e.g. tax authorities and social security institutions, receive the data provided by you. In the course of providing our services, we commission processors who contribute to the fulfillment of contractual obligations, e.g. data center service providers, IT partners, etc. These processors are contractually obliged by us to comply with the requirements of the GDPR and the BDSG.


‍VII. Duration of storage (deletion criteria)
The processing of the data provided by you takes place as long as it is necessary to achieve the contractually agreed purpose, generally as long as the contractual relationship with you exists. After the termination of the contractual relationship, the data provided by you will be processed to comply with legal retention obligations or due to our legitimate interests. After the expiration of the legal retention periods and/or the cessation of our legitimate interests, the data provided by you will be deleted.

Anticipated periods of our retention obligations and our legitimate interests:

- Fulfillment of commercial, tax and professional retention periods. The periods specified there for retention or documentation are two to ten years.
- Preservation of evidence within the scope of limitation regulations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.


‍VIII. Your rights as a data subject
According to applicable laws, you have various rights regarding your personal data. If you wish to assert these rights, please send your request by e-mail or post to the address specified in Section 1, clearly identifying yourself. Below you will find an overview of your rights:
‍
‍1. Right to confirmation and information
You have the right to clear information about the processing of your personal data.

Specifically:

You have the right at any time to receive confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to request free information from us about the personal data stored about you, along with a copy of this data. Furthermore, you have the right to the following information:

1. the purposes of processing;
2. the categories of personal data that are processed;
3. the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
4. if possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5. the existence of the right to request from us rectification or erasure of personal data concerning you or restriction of processing of personal data concerning you or to object to such processing;
6. the existence of the right to lodge a complaint with a supervisory authority;
7. where the personal data are not collected from you, any available information as to their source;
8. the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

If personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
‍
‍2. Right to rectification
You have the right to demand that we rectify and, if necessary, complete personal data concerning you.

Specifically:

You have the right to request from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
‍
‍3. Right to erasure ("right to be forgotten")
In a number of cases, we are obliged to erase personal data concerning you.

Specifically:

In accordance with Art. 17 Para. 1 GDPR, you have the right to demand from us that personal data concerning you be erased without undue delay, and we are obliged to erase personal data without undue delay where one of the following grounds applies:

1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing is based according to Art. 6 Para. 1 Sentence 1 a) GDPR or Art. 9 Para. 2 a) GDPR, and where there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR.
4. The personal data have been unlawfully processed.
5. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
6. The personal data have been collected in relation to the offer of information society services referred to in Art. 8 Para. 1 GDPR.

Where we have made the personal data public and are obliged pursuant to Art. 17 Para. 1 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
‍
‍4. Right to restriction of processing
In a number of cases, you are entitled to request from us a restriction of the processing of your personal data. Specifically: You have the right to request from us the restriction of processing where one of the following applies:

1. the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
2. the processing is unlawful and you oppose the erasure of the personal data and request instead the restriction of their use;
3. we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
4. you have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether our legitimate grounds override yours.
‍
‍5. Right to data portability
You have the right to receive personal data concerning you in a machine-readable format, to transmit it, or to have it transmitted by us.

Specifically:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where

1. the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR or Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 b) GDPR and
‍
2. the processing is carried out by automated means. In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
‍
‍6. Right to object
You have the right to object to a lawful processing of your personal data by us if this is based on your particular situation and our interests in the processing do not outweigh yours.

Specifically:

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 sentence 1 e) or f) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Where personal data are processed by us for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you for scientific or historical research purposes or statistical purposes pursuant to Art. 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
‍
‍7. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. Automated decision-making based on the collected personal data does not take place.
‍
‍8. Right to withdraw data protection consent
You have the right to withdraw consent to the processing of personal data at any time.
‍
‍9. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection laws.


‍IX. Note on data transfer via the Internet
We expressly point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps and complete protection against access by third parties is not possible. Our website is currently not SSL encrypted, but it also does not offer possibilities for transmitting personal data to us (no contact form).


X. Contact person for data protection
For questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data, please contact our data protection officer:
datenschutz@kuechenzauber.de