Data protection

Note on data processing

In all respects of data processing (e.g. collection, processing, transmission) we act in accordance with the respective legal regulations. The following explanation gives you an overview particularly with regard to the kind of data collected and in which way they are used and transmitted, which security measures are taken and which rights are available to you as the data subject.

I. Controller in charge of the processing of personal data

The person in charge of the data processing according to the data protection regulation is:

GILDE – Ihr Partner für das Lebensmittelhandwerk eG
Grüne Straße 40-42
60316 Frankfurt am Main
Tel. +49 69 4077-0
Fax +49 69 4077-290
E-mail: info@gilde.eu

II. Data protection officer

Contact info of the data protection officer:

GILDE – Ihr Partner für das Lebensmittelhandwerk eG
Grüne Straße 40-42
60316 Frankfurt am Main
Tel.: +49 6404 6580-351
E-mail: datenschutz@gilde.eu

III. General information on data processing

1. Extent of personal data processing

We process personal data of our users in principal only when this is necessary to ensure functioning of our website and its contents and our services. Personal data of our users are only processed on the basis of the consent of the user with exceptions in case that it is not possible to obtain the prior consent for factual reasons and the processing of the data is lawful by legal rules.

2. Legitimate basis for personal data processing

The legitimate basis for our processing of personal data with the consent of the data subject is Art. 6 (1) lit. a EU-General Data Protection Regulation (GDPR). The legitimate basis for processing of personal data necessary for the performance of a contract to which the data subject is party is Art. 6 (1) lit. b GDPR. This is also true for processing in order to take steps at the request of the data subject prior to entering into a contract. If personal data processing is necessary for compliance with a legal obligation to which our company is subject the legitimate basis is Art. 6 (1) lit. c GDPR e. If personal data processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject the legitimate basis is Art. 6 (1) lit. f GDPR.

3. Data erasure and storage duration

The personal data of the data subject concerned are erased or made unavailable as soon as the purpose for the storage ceases to exist. Personal data may be stored for longer periods insofar as this is required by the European or national legislator in federal regulations, laws or other legal acts to which the controller is subject. The data are also erased or made unavailable if a storage period required by the standards referred to expires unless a requirement for further storing is necessary to enter into a contract or to fulfil a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Every time a user visits our website our system will automatically collect data and information from the user’s computer.

Following data are thus collected:

• Your IP-address (partly anonymised, i.e. without the last block of numbers (e.g. 192.168.100.xxx)
• URL of the accessed pages
• Your browser type
• Your operating system
• Date and time of your access
• The functions used on the web page

The data are also stored in the log files of our system. This does not concern the IP-address of the user or other data which might identify the user. This kind of data are not stored together with personal data of the user.

2. Legitimate basis for data processing

The legitimate basis for the temporary data and log files storage is Art. 6 (1) lit. f GDPR.

3. Purpose of the data processing

The temporary storage of the IP-address by the system is necessary to deliver the webpage to the computer of the user. Therefor the IP-address of the user must be stored for the duration of the session.

The storage in log files is done in order to ensure the functioning of the web site. The data are also used to optimize the web site and to ensure the security of our IT systems. No data analysis for marketing purposes takes place in this context.

These purposes constitute our legitimate interest in data processing as per Art. 6 (1) lit. f GDPR.

4. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection. For data recording in order to deliver the web site this is the case when the respective session is finished.

For data recording in log files this is the case after seven days at the latest. Further storage is possible. In this case the IP-addresses of the users are erased or alienated so that the user can no more be identified.

5. Right to object and disposal options

The data recording in order to deliver the web site and the storage of the data in log files is compelling for the functioning of the web site. Thus, there is no possibility to object for the user.

V. Utilisation of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files, which are downloaded to the internet browser and then stored from the internet browser to the computer system of the user. When a user accesses a website, cookies can be stored on his operating system. This cookie contains a certain sign sequence which permits an identification of the browser when accessing the web site again.

We use cookies to make our site user friendly. Some elements on our web page necessitate that the accessing browser can be identified even after changing to another web page.

We also use cookies on our web site which enable us to analyse the navigation of the user.

When using cookies data (e.g.log-in information, language choice, etc.) are stored and transmitted.

The data thus collected are pseudonymized by technical means. The user can therefore not be identified any more. The data are not stored together with other personal data of the data subject.
When accessing our web site, the users are informed by an info banner on utilisation of cookies for analysing purposes and reference is made to this data protection policy. By means of buttons on the info banner, the customer can refuse or allow the use of cookies or make an individual choice via the cookie settings.

2. Legitimate basis for data processing

The Legitimate basis for personal data processing when using Cookies is Art. 6 (1) lit. f GDPR.

The Legitimate basis for personal data processing when using cookies for analysing purposes with the consent of the data subject is Art. 6 (1) lit. a GDPR.

3. Purpose of the data processing

The purpose of the utilisation of technically necessary cookies is to make the navigation on the web site easier for the user (e.g. remembering key words). Some features of our web site cannot be used without enabling cookies. For these it is necessary that the accessing browser can be identified even after changing to another web page.

The user data collected by technically necessary cookies are not used to build user profiles.

The purpose of using analyse cookies is to upgrade the quality of our web site and its contents. Analyse cookies inform us on how the web site is used and this enables us to continually ameliorate our offer.

These purposes constitute our legitimate interest in the personal data processing as per Art. 6 (1) lit. f GDPR.

4. Storage duration, Right to object and disposal options

Cookies are stored on the computer of the user and transmitted to our web site. You as user have the full control over utilising cookies. You can change the settings in your internet browser and thus deactivate or limit the transmission of cookies. Already stored cookies can be deleted by you at any time. This can also be done by automated means. If you choose to decline cookies, you may not be able to fully experience the features of our site.

The transmission of flash-cookies cannot be deactivated by a change in the browser settings but by a change in the settings of the flash player.

VI. Newsletter

1. Description and scope of data processing

On our web site you have the possibility to subscribe to a free newsletter. During the subscription the address that you enter into the template will be transmitted to us.

Following data are also collected:

(1) IP-address of the accessing computer
(2) date and time of registration
(3) date and time of your access

During the subscription process we ask for your consent for the data processing and reference is made to this data protection policy.

In order to send you our newsletter your e-mail address is processed by the service Brevo of the provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin. You will find further information under chapter XI. 5. of this data protection policy.

2. Legitimate basis for data processing

The legitimate basis for processing of data after the data subject subscribed to the newsletter with the consent of the data subject is Art. 6 (1) lit. a GDPR.

3. Purpose of the data processing

The purpose of collecting the user’s e-mail address is to send the newsletter.

4. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection. The user’s e-mail address is stored as long as the newsletter subscription is active.

5. Right to object and disposal options

The newsletter subscription can be cancelled at any time by the user. the user can do this by using for example the “unsubscribe” link in each newsletter or he can send an e-mail to website@gilde.eu.

VII. Registration

1. Description and scope of data processing

The user has the possibility on our web site to register for an account by indicating personal data. The data are entered into a template and are transmitted to us and stored. They are not transmitted to third parties.

During the registration process following data are collected:

(1) Your first name and family name
(2) your e-mail address
(3) username

You may also indicate following data which is not absolutely needed for the registration but which may be helpful:

(1) your company name
(2) your postal address (street, zip code, city)
(3) your telephone numbers

You also have to choose a password; together with your e-mail address this will enable you to login easily without re-entering all the data.

2. Legitimate basis for data processing

The legitimate basis for processing of data with the consent of the data subject is Art. 6 (1) lit. a GDPR.

3. Purpose of the data processing

A user registration on our web site is necessary for accessing certain contents and services meant to be only available to members of the GILDE – Ihr Partner für das Lebensmittelhandwerk eG.

4. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection. This is the case for the data collected during the registration process when the registration is cancelled or modified on our web page.

5. Right to object and disposal options

As a user you have the possibility to cancel your registration at any time. You can ask at any time the collected data on you to be modified.

VIII. E-mail contact

1. Description and scope of data processing

You can contact us via the e-mail addresses at your disposal. In this case the personal data of the user transmitted with the e-mail are stored. In this context the data are not transmitted to third parties. The data are used exclusively for the processing of the conversation.

2. Legitimate basis for data processing

The legitimate basis for data processing collected when sending an e-mail is Art. 6 (1) lit. f GDPR.

3. Purpose of the data processing

The processing of the personal data from the template is only used for the processing of the contact. In case of a contact by e-mail this constitutes our legitimate interest in the personal data processing.

4. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection. For the personal data received by e-mail this is the case when the conversation with the user is finished. The conversation is considered finished wen the circumstances indicate that the matter at hand is conclusively resolved.

5. Right to object and disposal options

The user has the possibility at all times to withdraw his consent to the processing of personal data. When a user contacts us by e-mail he can object to the storage at any time. In such a case the conversation cannot be continued. For the withdrawal of consent the user can for example send an e-mail to website@gilde.eu. All personal data stored during the contact are in this case erased.

IX. Photo and film footage

1. Description and scope of data processing

During our events we regularly make films and take pictures. It is possible that you might be recognisable and identifiable on that footage as a participant in our events.
We use these photos and films in press releases, invitations, newspapers, trade journals, brochures, newsletters, social media channels and on our web sites for company and product presentation purposes.

2. Legitimate basis for data processing

The legitimate basis for the data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest as organiser resides in the documentation of the held events and to present them to third parties in the interest of our company and of our products.

3. Storage duration

The data are erased as soon as they are not necessary any more for the purpose of their collection.

X. Transmission/Collection of data to/by third parties

1. Transmission for contract handling

Forwarding or any other transmission of your personal data to third parties occurs only when the transmission is necessary for compliance with our cooperative obligations or if you have expressly given your consent. The service providers contracted for the above-mentioned purposes are given only the information required to fulfil their specific task. No other utilisation of the information is permitted.

Contracted service providers and therefor possible recipients of the data are:

– Logistic and shipping providers
– Providers of financial and accounting services
– External warehousing contractors
– Digital agencies
– Credit assessment and collection service providers

We point out that, we are, by order of the competent authority, entitled to furnish particulars about data, provided that this is required to carry out prosecution proceedings, to enable the police forces of the German federal states to prevent crimes, to fulfil the statutory tasks of the constitution protection authorities of the German federal government, the German federal states, the Federal Intelligence Services or Military Intelligence, or to enforce intellectual property rights. Data are only transmitted within the framework of mandatory national legislation.

2. Utilisation of Google Analytics

This web site uses Google Analytics, a web analytics service provided by Google LLC. The responsible entity for users in the European Union is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so called „ cookies “, text files that are stored on your computer and which permit an analysis of your use of our web site. The information generated by the cookie about your use of our site (including your IP address) will be transmitted to and stored by Google on their servers in the USA.
Activating the ip anonymisation on this web page your IP address will be previously truncated by Google within the member states of the European Union or in other contracting States to the Agreement on the European Economic Area. Only in exceptional cases the ip address is sent in full length to a google server in the United States and will be truncated there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. The data sent by us interlinked with cookies, user identification (e.g. user-id) or advertising ids are deleted automatically after 14 months. At the end of their storage period the data are automatically deleted once a month. You may block the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Google LLC bases the data transfers to the USA on standard contractual clauses which have been approved by the EU Commission. The standard contractual clauses are agreed between Google LLC and its clients as part of its general terms and conditions.

To learn more about the purpose and extent of data collection, processing and the use of this data by Google Analytics and about your rights and setting options for the protection of your privacy, please refer to the data protection information of Google Analytics:

https://support.google.com/analytics/topic/2919631?hl=de&ref_topic=1008008

You have the right to object to the collection of usage data by Google Analytics. Google offers the possibility to install a deactivation add-on on your browser under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de

Alternatively, you have the possibility to object to the collection of user data by Google Analytics by clicking on the following link. An opt-out cookie will be installed, which will prevent future acquisition of your data when you visit this website: click here to deactivate Google Analytics

3. Linking to our Facebook page

a)
This website provides a link to our page on the well-known social media platform Facebook under the statement “You can also find us on:” and the subsequently displayed logo. If you click on the Facebook logo, you will be redirected to our Facebook page.
b)
Facebook is operated by Meta Platforms, Inc, 1601 Willow Road, Menlo Park, CA 94025, USA (“Facebook”). The website facebook.de is operated by the subsidiary Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is transmitted by your browser directly to a Facebook server in the USA and stored there.
Facebook uses this information for the purposes of advertising, market research and needs-based design of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles. By means of the cookies used, Facebook is able to track your user behavior (across devices for logged-in users) on other websites beyond the Facebook platform. This applies both to persons registered with the Facebook platform and to persons not registered there.
Facebook bases the data transfers to the USA on standard contractual clauses, which have been approved by the EU Commission. The standard contractual clauses are agreed by Facebook as part of its General Terms and Conditions with customers.
The purpose and scope of data collection, the further processing and use of the data by Facebook, as well as your rights in this regard and settings options for protecting your privacy, can be found in Facebook’s privacy policy: http://www.facebook.com/policy.php

4. Use of Google Maps

This website uses Google Maps, a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you use Google Maps (e.g. address entry, route planning or location display) Google Maps collects and processes the data entered and may use various sources in order to pinpoint your current position.

Google LLC bases the data transfers to the USA on standard contractual clauses which have been approved by the EU Commission. The standard contractual clauses are agreed between Google LLC and its clients as part of its general terms and conditions.

More information pertaining to Google Maps are to be found under the following link:

https://support.google.com/maps/answer/3093609?hl=de&authuser=0&p=newmaps_mylocation&rd=1

Terms of use for Google Maps are to be found under the following link:

https://www.google.com/intl/de_de/help/terms_maps.html

5. Newsletter-distribution by means of Brevo

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter.
We use the so-called double opt-in procedure to ensure that the newsletter is sent with your consent. In the course of this, the potential recipient allows himself to be included in a distribution list. Subsequently, the user is given the opportunity to confirm the registration in a legally secure manner by means of a confirmation e-mail. Only if the confirmation is received, the address will be actively included in the distribution list.
We use this data exclusively for sending the requested information and offers.
Brevo from Sendinblue GmbH is used as the newsletter software. Your data will be transmitted to Sendinblue GmbH. Sendinblue GmbH is prohibited from selling your data and using it for purposes other than sending newsletters. Sendinblue GmbH is a German, certified provider, which was selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act.
You can find more information here: https://www.brevo.com/de/informationen-newsletter-empfaenger/?rtype=n2go
You can revoke your consent to the storage of data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter.
The data protection measures are always subject to technical updates, for this reason we ask you to inform yourself about our data protection measures at regular intervals by consulting our privacy policy.

XI. Data security

We have taken numerous security measures to protect personal information adequately and on an appropriate scale.

Our data bases are secured by physical and technical measures and an access protection which limit the access to the information on specially authorized persons in compliance with this data privacy statement. Our information system is secured by a software firewall to prevent the access by other networks which are connected to the internet. Only personnel in need of this information to proceed a special task are granted access to individual-related data. Our personnel are trained in matters of security and data protection practice.

Personal data collected via our website are transmitted in encrypted form using the industry standard Secure Socket Layer (“SSL”) technology. Sensitive data, such as credit card information or bank account information, are even further encrypted.

For the registration of your client account or newsletter, we use the so-called double-opt-in-technique. After the registration we will send you an e-mail to confirm your contact details. The registration becomes effective only when you confirm the registration via the respective link in the e-mail.

Generated passwords are managed encrypted and not stored as „clear text“ in the system.
Never disclose your password for accessing our website to third parties and it is recommended you change your password regularly. Properly log out and close your browser whenever you leave our website in order to avoid unauthorized parties obtaining access to your user account.

Complete data security cannot be guaranteed in e-mail communication.

XII. Rights of the data subject

When personal data of you are processed you are the data subject in the sense of the GDPR and you have the following rights vis-à-vis the controller:

1. Right of access to personal data

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.

If that is the case, you can ask the controller to give you access to the following information:

(1) the purposes of the personal data processing;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data you concerning or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed whether your personal data has been transferred to a third country or to an international organisation. In this context you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to obtain from the controller rectification if the data is inaccurate and/or to have incomplete personal data completed. The controller must proceed without undue delay.

3. Right to restriction of processing

You have the right to obtain restriction of processing where one of the following applies:

(1) you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
(4) you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you obtained restriction of processing you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Obligation to erasure

You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase your personal data without undue delay where one of the following grounds applies:

(1) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) you withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
(3) you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2).
(4) your personal data have been unlawfully processed.
(5) your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Information to third parties

Where the controller has made your personal data public and is obliged pursuant to Article 17 paragraph 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right erasure shall not apply to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.

5. Right to notification

If you have enforced the right to rectification, erasure or restriction of processing vis-à-vis the controller, he shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform you about those recipients if you request it.

6. Right to data portability

You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

(1) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) GDPR and
(2) the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to object to the declaration of consent to data processing

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated individual decision-making including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This shall not apply if the decision:

(1) is necessary for entering into, or performance of, a contract between you and the data controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.

These decisions shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this GDPR Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Supervisory authority:
The Hessian commissioner for data and freedom of information
Gustav-Stresemann-Ring 1
65189 Wiesbaden