Data privacy declaration from Outdoorchef AG
1. DATA PROTECTION
Thank you for visiting our website. Below we would like to inform you of how we process your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
1.1 Data controller
The entity responsible for the data collection and processing described below is the company named in the imprint.
1.2 Usage data
When you visit our website, your so-called “usage data” is temporarily stored on our web server as a log file for statistical purposes and in order to improve the quality of our website. This data set consists of
- the page from which the file was requested
- the name of the file
- the date and time of the query
- the amount of data transferred
- the access status (file transferred, file not found)
- the description of the type of web browser used
- the IP address of the requesting computer, which is truncated in such a way that no reference to a specific person can be made.
- The aforementioned log data is only stored anonymously.
2. DATA TRANSFER TO THIRD PARTIES
2.1 Data transfer to third parties
Within the context of order processing and in accordance with Art. 28 GDPR, we transfer your data to service providers who assist us in the operation of our websites and the associated processes. Our service providers are strictly and contractually obliged to follow our instructions.
2.2 Transfer of data to third countries
We sometimes transfer personal data to a third country outside the EU. In each case, we have taken care to ensure an appropriate level of data protection.
In the case of [Google Analytics (USA)], an appropriate level of data protection is ensured by the corresponding participation in the Privacy Shield Agreement (Art. 45 (1) GDPR).
We use session cookies and permanent cookies on our websites. Processing takes place in accordance with Art. 6 (1f) GDPR and in the interest of optimising or facilitating user guidance and adapting the presentation of our website.
4. TRACKING TOOLS
The information generated by the cookie about use of the website by users will generally be transmitted to and stored by Google on servers in the United States. However, because we have enabled IP anonymisation on this website, Google will truncate your IP address within European Union Member States before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA (an adequate level of data protection exists in accordance with Art. 45 (1) GDPR due to Google’s participation in the Privacy Shield) and only truncated there. We have also concluded a contract with Google Inc. (USA) for order processing pursuant to Art. 28 GDPR. Google will therefore use all information strictly for the purpose of evaluating your use of our website and compiling reports on website activity.
You can object to the processing at any time. To do so, please use one of the following options:
- Furthermore, you can prevent Google’s collection and use of data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=en.
- You can also prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be saved that permanently prevents the future collection of your data when you visit this website:
5. GOOGLE RETARGETING
5.1 Retargeting technologies
We use Google retargeting technologies to offer you advertising on other websites that is as tailored as possible to your interests. The associated data processing is carried out on the basis of Art. 6 (1f) GDPR.
When you visit our website, certain recognition features within your browser or end device are retrieved, your IP address is evaluated or a recognition feature is stored as a small text file (e.g. as a so-called “third-party cookie”) on your end terminal. Your usage behaviour is recorded when you visit various websites. These recognition features are pseudonymised. If you are logged in with your Google Account, these features can be assigned directly to your profile. Google may associate and store your visits to our websites with your recognition features in order to provide you with targeted advertising on other websites. In this way, Google can also recognise your previous visit to our website. Your end device and your browser are recognised by Google, e.g. whenever you access a web page that displays advertising on behalf of Google.
We may provide keywords on our websites that contain information about the contents of the website, such as the products offered. Google receives these keywords, which contain neither personal nor sensitive information. If you visit a website with certain keywords about products, Google stores this data and assigns it to your pseudonymous recognition characteristics. Google can use this link to determine whether and, if applicable, which of our advertisements is displayed to you.
5.3 Cross-device remarketing
Google can technically link the pseudonymous features of your end devices such as a tablet, smartphone and email inbox with each other (cross-device remarketing). It is assumed that you have agreed to this data processing with Google in the past. This allows Google to target advertising campaigns to different devices.
Your data will be transmitted to Google and stored in the USA. In accordance with Art. 45 (1) GDPR, Google’s participation in the Privacy Shield represents an adequate level of data protection. We have also concluded a contract with Google Inc. (USA) for order processing pursuant to Art. 28 GDPR. Google will therefore use all information strictly for the purpose of evaluating your use of our website and compiling reports on website activity.
6. SOCIAL MEDIA
For reasons of data protection, we do not integrate any social plugins directly into our website. Therefore, when you visit our pages, no data is transmitted to social media services such as Facebook, Twitter, LinkedIn or Google+. Profile creation by third parties is therefore not possible.
You still have the option of sharing selected pages by clicking on Facebook or Twitter buttons, and can see how often they have been shared in the past when you view the posts.
7. EXPLANATION OF OUR SECURITY MEASURES
In order to protect your data against unauthorised access as comprehensively as possible, we implement certain technical and organisational measures. We use an encryption procedure on our web pages. Your information is transferred from your computer to our server and vice versa via the internet using TLS encryption. You can recognise this by the fact that the padlock symbol in the status bar of your browser is closed and the address bar begins with https://.
8. YOUR RIGHTS AS A WEBSITE USER
For the processing of your personal data, the GDPR grants you, the website user, certain rights:
- Right to information (Art. 15 GDPR):
You have the right to request confirmation as to whether personal data relating to you is being processed; if this is the case, you have the right to access this personal data and the information specified in Art. 15 GDPR.
- Right to rectification and deletion (Art. 16 and 17 GDPR):
You have the right to request the rectification without delay of incorrect personal data concerning you and, where appropriate, the completion of incomplete personal data.
You also have the right to demand that personal data relating to you be deleted immediately if one of the reasons specified in Art. 17 GDPR applies, e.g. if the data is no longer required for the stated purposes.
- Right to the restriction of processing (Art. 18 GDPR):
You have the right to demand the restriction of the processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have filed an objection against the processing for the duration of any audit.
- Right to data transferability (Art. 20 GDPR):
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.
- Right to object (Art. 21 GDPR):
If data is collected on the basis of Art. 6 (1f) (data processing to safeguard legitimate interests), you have the right to object to such processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are verifiable compelling grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.
- Right to lodge an appeal with a supervisory authority
In accordance with Art. 77 GDPR, you have the right to appeal to a supervisory authority if you believe that the processing of the data concerning you violates data protection provisions. This right of appeal may, in particular, be exercised before a supervisory authority in the Member State in which you reside, work or in which the suspected infringement occurred.
9. CONTACT DETAILS – DATA PROTECTION OFFICER
Our company’s Data Protection Officer will be happy to provide you with information or suggestions on the subject of data protection:
Dr. iur. Christian Borchers
datenschutz süd GmbH
Tel.: +49 (0)931 – 30 49 76 0
10. ADDITIONAL CONTENTS OF OUR PRIVACY STATEMENT
We use the information you provide in the context of competitions exclusively to determine and contact the winners (Art. 6 (1f) GDPR). The winners are notified in writing. We will not use your data for advertising purposes. We will delete this data immediately following the award of the prize or if you object to the use of your data. With your consent, we will send information that you provide to us in the context of competitions to the cooperation partners selected by us. If you have won, we will also publish your name on our websites with your consent.
On our website we offer you the possibility to subscribe to our newsletter. If you have given us separate permission to inform you by e-mail about our own products and services, we will process your data accordingly on the basis of Art. 6 (1a) GDPR.
The newsletter is sent by MailChimp. MailChimp is a service of MailChimp, a service in the USA. The use of MailChimp on our website essentially ensures that e-mails are sent reliably and, above all, are more likely not to end up in your spam filter.
An adequate data protection level for the processing of data by MailChimp is guaranteed by its Privacy Shield certification (list entry). We have also concluded an order processing contract with MailChimp.
Your consent may be withdrawn at any time without prejudice to the lawfulness of the processing carried out to date. If your consent is revoked, we will stop processing the associated data.
If you no longer wish to receive the newsletter in the future, you can unsubscribe at any time, e.g. via the unsubscribe link in the newsletter, which you will find in every newsletter e-mail.
10.3 Contact form
You have the option to contact us via a web form. To use our contact form, we need your name and email address. You can provide further information; however you are not required to do so.
The legal basis for the processing is Art. 6 (1b) GDPR. We process your data in our interest in order to process and answer your enquiry. Your data will not be shared with third parties.
10.4 Online shop
We store and use your personal data, which you transmit to us in the course of placing orders, exclusively for the purpose of processing of your orders in accordance with Art. 6 (1b) GDPR. We will use your e-mail address to inform you about the status of your order.
10.5 Facebook company page
We operate an official Facebook page under the URL https://www.facebook.com/outdoorchef.official/ on the basis of Art. 6 (1f) GDPR. At no time do we collect, store or process personal data of the users on this web page. Furthermore, no other data processing is carried out or initiated by us. The data you enter on our Facebook page, such as comments, videos or images, will not be used or processed by us for any other purpose at any time.
Facebook uses so-called “web tracking methods” on this web page. Please be aware of the following: it cannot be excluded that Facebook may use your profile information to evaluate your habits, personal relationships, preferences, etc. We have no influence whatsoever on the processing of your data by Facebook.
When you apply, we process data submitted by you that we need to process your application. This may include contact data, all data related to the application (CV, certificates, qualifications, answers to questions, etc.) and, if necessary, bank details (to reimburse travel expenses). The legal basis for this processing is provided by § 26 of the Federal Data Protection Act (BDSG).
If no legal retention period exists, the data will be deleted as soon as its storage is no longer necessary or the legitimate interest in its storage has expired. If your application is unsuccessful, this will normally be the case no later than three months after the end of the application procedure.
In individual cases, some data may be stored for a longer period of time (e.g. for the purpose of travel expense accounting). The duration of the storage then depends on the legal storage obligations, e.g. as specified in the Tax Code (“Abgabenordnung”, 6 years) or the Commercial Code (“Handelsgesetzbuch”, 10 years).
If you are not recruited by us, however your application is still of interest to us, we will ask you whether we may retain your application for future vacancies.
Your data will of course be treated confidentially and will not be shared with third parties. Internally within our company, access to your data is restricted to members of staff who actually need access to it (e.g. because they are responsible for applicant selection or recruitment decisions).
As required, we use service providers – who are strictly bound by our instructions and with whom separate contracts for order processing have been concluded – to assist us in certain areas such as EDP or the archiving and destruction of documents.