Policy

Who is responsible and how can I contact you?

Responsible for the processing of personal data, compliant to the General Data Protection Regulation (GDPR)

Flammkuchen-Profi GmbH

Im Schlangengarten 4

76877 Offenbach / Queich, Germany

Phone: +49 (0) 6348.95.963-0

Fax: +49 (0) 6348.95.963-22

Data protection officer

Sovestro GmbH

Jörg Hoffmann

Am Borsigturm 48

13507 Berlin, Germany

datenschutz@flammkuchen-profi.de

Why privacy policy?

This data protection policy meets the legal requirements for transparency in the processing of personal data, meaning all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior when visiting a website. Information for which we cannot establish a connection (or only establish a connection with a disproportionate effort)  to your person, e.g. through anonymization, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data are deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. Within the individual processing steps, we will inform you about specific storage periods or criteria for storage. Irrespective of this, we will store your personal data in individual cases for the assertion, exercise or defense of legal claims, and in the event of statutory storage obligations.

Who receives my data?

We only pass on your personal data, which we process on our website, to third parties if this is necessary for the fulfilment of the purposes and is covered by the legal basis (e.g. consent or protection of legitimate interests) in individual cases. In individual cases, we may pass on personal data to third parties if this serves to assert, exercise or defend legal claims. Possible recipients may then be, for example, law enforcement agencies, lawyers, auditors, courts, etc.

Insofar as we use service providers for the operation of our website who process personal data on our behalf within the scope of order processing in accordance with Article 28 GDPR, these service providers may be recipients of your personal data. You will find more detailed information on the use of contract processors and web services in the overview of the individual processing procedures.

Do you use cookies?

Cookies are small text files sent to your end device’s browser by us and are stored there during your visit to our webpages. An alternative to using cookies is to store information in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (essential cookies). Other cookies enable us to perform various analyses that enable us, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). Cookies enable us to make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs and cannot contain viruses.

We provide information about the respective services for which we use cookies in the following processing steps. Detailed information on the cookies used can be found in the [Cookie settings of this privacy policy / Consent Manager].

What rights do I have?

Under the conditions of the legal regulations of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), you have the following rights as an affected subject:

* Access to information in accordance with Article 15 GDPR, Section 34 BDSG about the data stored about you in the form of meaningful information on the details of the processing and a copy of your data;

* Rectifications according to Article 16 GDPR of incorrect or incomplete data that is stored by us;

* Deletion according to Article 17 GDPR of the data stored by us, as far as the processing is not necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

* Restriction of processing data in accordance with Article 18 GDPR if the accuracy of the data is disputed, the processing is unlawful, we no longer require the data and you refuse to delete it because you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR.

* Data transferability in accordance with Article 20 GDPR, insofar as you have provided us with personal data within the scope of a consent in accordance with Article 6 paragraph 1 lit. a GDPR or on the basis of a contract in accordance with Article 6 paragraph 1 lit. b GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another responsible person, as far as this is technically feasible.

* Objection in accordance with Article 21 GDPR to the processing of your personal data, insofar as this takes place on the basis of Article 6 paragraph 1 lit. e, f GDPR and there are reasons for this that arise from your particular situation, or the objection is directed against direct advertising. The right of objection does not exist if predominant, compelling reasons for processing worthy of protection are proven or the processing is carried out for the assertion, exercise or defense of legal claims. If the right of objection does not apply to individual processing operations, this is indicated there.

* Revocation according to Article 7 paragraph 3 DSGVO of your given consent with effect for the future.

* Complaint according to Article 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. You can contact the supervisory authority at your place of residence, your place of work or our company’s headquarters.

How is my data processed in particular?

In the following, we inform you about the individual processing procedures, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Website provision

Type and scope of processing

When you access and use our website, we collect personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

* IP address of the computer making the request

* Date and time of access

* Name and URL of the retrieved file

* Website that is accessing (referrer URL)

* Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

[We do not host the website, instead we have a service provider that, for the purpose of providing the website, processes the mentioned data on our behalf in accordance with Article 28 GDPR.]

Purpose and legal basis

The processing is carried out in order to safeguard our predominant legitimate interest in displaying our website and to guarantee security and stability on the basis of Article 6 Section f GDPR. The collection of data and storage in log files is mandatory for the operation of the website. There is no right of objection to the processing due to the exception in accordance with Article 21 Section 1 GDPR. Insofar as the further storage of log files is required by law, the processing is based on Article 6 Section 1 lit. c DSGVO. There is no legal or contractual obligation to provide the data, but it is technically impossible to call up our website without providing the data.

Storage duration

The data mentioned above will be stored for the duration of displaying the website [and for technical reasons for a maximum of [7 days]].

Contact Form

Type and scope of processing

On our website, we offer you the option to contact us via a provided form. The information collected via mandatory fields is required to process your request. You can voluntarily provide additional information that you feel is necessary to process the contact request.

When using the contact form, your personal data will not be passed on to third parties.

Purpose and legal basis

The processing of your data by using our contact form is for the purpose of communication and processing of your request based on your consent in accordance with Article 6 Section 1 lit. a GDPR. Insofar as your inquiry relates to an existing contractual relationship with us, processing for the purpose of fulfilling the contract is based on Article 6 Section 1 lit. b GDPR. There is no legal or contractual obligation to provide your data, but the processing of your inquiry is not possible without providing the information of the mandatory fields. If you do not wish to provide this data, please contact us by other means.

Storage duration

When you use the contact form on the basis of your consent, we will store the data collected for each inquiry for a period of three years, starting with the completion of your inquiry or until your consent is revoked.

[If you use the contact form within the framework of a contractual relationship, we will store the data collected for each inquiry for a period of [three years]  from the end of the contractual relationship.]

Presence on social media platforms

We maintain so-called fan pages or accounts or channels on the networks mentioned below to provide you with information and offers on social networks and offer further ways to contact us and find out about our offers. In the following, we inform you about which data we or the respective social networks process from you in connection with accessing and using our fan pages/accounts.

Data that we process from you

If you wish to contact us via Messenger or via Direct Message over the respective social network, we usually process your user name through which you contact us and, if necessary, store further data provided by you to the extent necessary to process/answer your request.

The legal basis is Article 6 Section 1 Sentence 1 f) GDPR (processing is necessary to safeguard the legitimate interests of the controller.)

(Static) usage data that we receive from social networks

We automatically receive provided statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, information about page activities and post interactions, reach, video views and the percentage of men/women among our fans/followers.

The statistics contain only aggregated data and cannot be related to individuals. They are not identifiable to us.

Which of your data social networks process

In order to view the contents of our fan pages or accounts, you do not have to be a member of the respective social network and therefore no user account is required for the respective social network.

Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is accessed (e.g. technical data to be able to show you the website) and use cookies and similar technologies, over which we have no influence. For details, please refer to the privacy policy of the respective social network (see the corresponding links above).

If you want to interact with the content on our fan pages/accounts, e.g. comment, share or link our postings/contributions and/or contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required.

We have no influence on the data that is processed by the social networks you are using. As far as we are concerned, your data is particularly stored and processed due to the provision of the services of the respective social network, and also for the analysis of usage behavior (using cookies, pixel/web beacons and similar technologies) on the basis of which advertising based on your interests is played out both inside and outside the respective social network. It cannot be ruled out that your data may be stored by the social networks outside the EU/EEA and passed on to third parties.

Information on, among other things, the exact scope and purposes of processing your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the privacy policy/cookie policy of the respective social networks. You can also find information on your rights and the possibility of objection there.

Facebook page

When you visit our Facebook page, Facebook records your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information about this at the following link: https://de-de.facebook.com/help/pages/insights [https://de-de.facebook.com/help/pages/insights].

It is not possible for us to draw conclusions about individual users on the basis of the statistical information provided. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We collect your data via our facebook page only to provide a possible provision for communication and interaction with us. This collection usually includes your name, news content, commentary content and the profile information you have "publicly" provided.

The processing of your personal data for our purposes mentioned above is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Article 6 Section 1 f) GDPR. If you as a user have given your consent to the respective provider of the social network to process your data, the legal basis for processing extends to Article 6 Section 1 a), Article 7 GDPR.

As the social network provider is processing actual data, our access to your data is limited. Only the provider of the social network is authorized to have full access to your data. Hence, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, request for deletion, opposition, etc.). The assertion of your respective rights is thus most effectively carried out directly against the respective provider.

Jointly with Facebook, we are responsible for the personal content of the fan page. Rights of affected persons can be asserted with Facebook Ireland as well as with us.

According to the GDPR, the primary responsibility for the processing of Insights lies with Facebook and Facebook fulfils all obligations arising from the GDPR with regard to the processing of Insights, Facebook Ireland provides the essentials of the Page Insights supplement to the affected persons.

We do not make any decisions regarding the processing of Insights and all other information resulting from Article 13 GDPR, including legal basis, identity of the person responsible and storage period of cookies on user terminals.

Further information can be found directly on Facebook (supplementary agreement with Facebook):

https://www.facebook.com/legal/terms/page_controller_addendum [https://www.facebook.com/legal/terms/page_controller_addendum].

Instagram page

When you visit our Instagram site, Instagram collects, among other things, your IP address and other information that is stored on your PC as cookies. This information is used to provide us, as the operator of the Instagram page, with statistic information about the use of the Instagram page. For more information, Instagram provides the following link: http://de-de.facebook.com/help/pages/insights [http://de-de.facebook.com/help/pages/insights].

It is not possible for us to draw conclusions about individual users on the basis of the statistical information provided. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We collect your data via our facebook page only to provide a possible provision for communication and interaction with us. This collection usually includes your name, news content, commentary content and the profile information you have "publicly" provided.

The processing of your personal data for our purposes mentioned above is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Article 6 Section 1 f) GDPR. If you as a user have given your consent to the respective provider of the social network to process your data, the legal basis for processing extends to Article 6 Section 1 a), Article 7 GDPR.

As the social network provider is processing actual data, our access to your data is limited. Only the provider of the social network is authorized to have full access to your data. Hence, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, request for deletion, opposition, etc.). The assertion of your respective rights is thus most effectively carried out directly against the respective provider.

Jointly with Instagram, we are responsible for the personal content of the fan page. Rights of affected persons can be asserted with Facebook Ireland as well as with us.

According to the GDPR, the primary responsibility for the processing of Insights lies with Facebook and Facebook fulfils all obligations arising from the GDPR with regard to the processing of Insights, Facebook Ireland provides the essentials of the Page Insights supplement to the affected persons.

We do not make any decisions regarding the processing of Insights and all other information resulting from Article 13 GDPR, including legal basis, identity of the person responsible and storage period of cookies on user terminals.

Further information can be found directly on Facebook (supplementary agreement with Facebook):

https://www.facebook.com/legal/terms/page_controller_addendum [https://www.facebook.com/legal/terms/page_controller_addendum].

Google DoubleClick

Type and scope of processing

We have integrated components from DoubleClick by Google on our website. DoubleClick is a brand of Google, under which predominantly special online marketing solutions are marketed to advertising agencies and publishing houses. DoubleClick by Google transfers data to the DoubleClick server with each impression as well as with clicks or other activities.

Each of these data transfers triggers a cookie request to the browser of the respective person. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID that is required to complete the technical process. For example, the cookie ID is required to display an advertisement in a browser. DoubleClick may also use the cookie ID to track which ads have already been displayed in a browser to avoid duplication. The cookie ID also enables DoubleClick to track conversions. For example, conversions are captured when a user has previously seen a DoubleClick ad and subsequently makes a purchase on the advertiser's website using the same Internet browser.

A DoubleClick cookie does not contain any personal information, but it may contain additional campaign identifiers. A campaign identifier is used to identify campaigns you have already been in contact with on other websites. As part of this service, Google will learn about data that will also be used by Google to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and DoubleClick by Google's applicable privacy policy can be found at https://policies.google.com/privacy.

Purpose and legal basis

We process your data with the help of the Double-Click cookie for the purpose of optimizing and displaying advertising based on your consent in accordance with Article 6 Section 1 lit. a GDPR. You give your consent by adjusting the settings for the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future in accordance with Article 7 Section 3 GDPR. Among other things, the cookie is used to place and display user-relevant advertisements and to create reports on advertising campaigns or to improve them. The cookie is also used to avoid multiple displays of the same advertisement. Each time you access a single page on our website that has a DoubleClick component built in, your browser is automatically prompted by the DoubleClick component to submit data to Google for the purposes of online advertising and commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, a visit to our website is possible without restriction, but not all functions may be available in full.

Storage duration

The actual storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. You can find further information in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.

Google Fonts

Type and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you connect to Google Ireland Limited's servers and your IP address is transmitted.

Purpose and legal basis

The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision as well as the optimization of our online offer according to Article 6 Section 1 lit. f. GDPR.

Storage duration

The actual storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. You can find further information in the privacy policy for Google Fonts: https://policies.google.com/privacy.

Google Maps

Tyoe and Scope of Processeing

We use the map service Google Maps to create directions. Google Maps is a service of Google Ireland Limited, which displays a map on our website.

When you access this content on our website, you connect to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, where your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google Maps.

Purpose and legal basis

The use of Google Maps is based on our legitimate interests in accordance with Article 6 Section 1 lit. f. GDPR, i.e. our interest in making it easier for you to find the locations mentioned on the website.

Storage duration

The actual storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. You can find further information in the privacy policy for Google Maps: https://policies.google.com/privacy.

Google reCAPTCHA

Type and scope of processing

We have integrated components from Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request comes from a natural person or is automated by a program. When you access this content, you are connecting to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, where your IP address and possibly browser information such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user's dwell time and mouse movements to distinguish automated requests from human ones. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis

The use of the Service is based on our legitimate interests, i.e. for protection when submitting forms in accordance with Article 6 Section 1 lit. f. GDPR.

Storage duration

The actualstorage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. You can find further information in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

DATA PROTECTION REGULATIONS FOR THE USE OF EXTERNAL PAYMENT SERVICE PROVIDERS (PAYPAL)

(1) General information about PSD2/SCA

The PSD2 (Payment Service Directive 2) requires banks and financial service providers to provide strong customer authentication (SCA) for the processing of transactions in order to clearly identify account access and verify payment transactions. They are therefore requested to perform a so-called two-factor authentication (2FA) during the payment process. This means that you must choose two out of three possible factors (possession, knowledge, inherence) to process the payment. The selection and technical design of the SCA is the responsibility of the respective banks and payment service providers.

Every payment transaction requires the processing of personal data in order to fulfil the payment service contract (Section 675f of the German Civil Code BGB) – at least if the payee or payer is a natural person or if the purpose of the payment transaction contains information about a natural person. Data processing is limited to what is necessary for the execution of the payment service contract and its legally required documentation. Thus, no explicit consent of the customer is required, since the parties involved in the transaction rely on the legal permission to process data for the purpose of fulfilling the contract. Accordingly, the payment transaction is covered by Article 6 Section 1 lit. b GDPR (performance of a contract).

In order to process the payment, our payment service provider transmits in particular the following data to the selected customer payment service provider:

- Transaction-related and technical information (transaction ID, payment amount, currency, etc.)

- Customer-related information (private or business customer, telephone number, etc.);

- Invoice-related information (billing address with city, country, postal code);

- Delivery related information (delivery address with city, country, zip code).

For more information on PSD2, SCA and 2FA, as well as the collection and processing of personal data, please contact your account-holding bank or payment service provider.

(2) Paypal

In addition to cash payment on site at delivery, we offer payment via Paypal. If you decide for the payment method PayPal, your personal data will be transmitted to PayPal. Prerequisite for the use of PayPal is the opening of a PayPal account. With the use or opening of a PayPal account, name, address, telephone number and e-mail address must be transmitted to PayPal. The legal basis for the transmission of data is Article 6 Section 1 lit. a GDPR (consent) and Article 6 Section 1 lit. b GDPR (processing for the performance of a contract).

Operator of the payment service PayPal is

PayPal (Europe) S.à r.l. et Cie, S.C.A.

22-24 Boulevard Royal

L-2449 Luxembourg

E-Mail: impressum@paypal.com

With the payment option PayPal you agree to the transmission of personal data such as name, address, telephone number and e-mail address to PayPal. What other data is collected by PayPal can be found in the respective PayPal privacy policy. This can be found under: www.paypal.com/de/webapps/mpp/ua/privacy-full

Wix

Type and scope of processing

Our website was created with the website building block system Wix. Wix is a service of Wix.com, Inc. and offers web development technology, web design and layout tools, domain hosting and other applications for marketing and workflow management.

We use Wix for web hosting and the presentation of our website, among other things. In addition, Wix collects statistical information about visits to our website.

The following data is usually transmitted: website accessed, date and time of access, amount of data transmitted, message whether an access was successful, browser type and version, user's operating system, the previously visited website (referrer) and IP address.

This log data is processed exclusively for the above-mentioned purposes, as well as to maintain the security, functionality and optimization of the Wix offer.

Purpose and legal basis

The use of the service is based on our legitimate interests, i.e. interest in a secure and efficient provision, as well as the optimization of our online offer according to Article 6 Section 1 lit. f. GDPR.

Storage duration

The actual storage period of the processed data cannot be influenced by us, but is determined by Wix.com, Inc. For more information, please refer to the Wix privacy policy: https://de.wix.com/about/privacy.

Wix CDN

Type and scope of processing

We use Wix CDN for proper delivery of the content of our website. Wix CDN is a service of Wix.com, Inc. which acts as a Content Delivery Network (CDN) on our website.

A Content Delivery Network (CDN) helps to make the contents of our online offer, especially files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of Wix.com, Inc, where your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of Wix CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Article 6 Section 1 lit. f. GDPR.

Storage duration

The actual storage period of the processed data cannot be influenced by us, but is determined by Wix.com, Inc. For more information, please see the Wix CDN Privacy Policy: https://de.wix.com/about/privacy.

YouTube Video

Type and scope of processing

We have integrated YouTube video on our website. YouTube Video is a component of the video platform of YouTube, LLC, where users can upload content, share it over the Internet and receive detailed statistics.

YouTube Video allows us to integrate content from the platform into our website.

YouTube Video uses cookies and other browser technologies to analyze user behavior, recognize users and create user profiles. This information is used, among other things, to analyze the activity of the content listened to and to generate reports. If a user is registered with YouTube, LLC, YouTube Video may associate the videos played with the profile.

When you access this content, you will connect to servers at YouTube, LLC, and your IP address and, if applicable, browser information such as your user agent will be transmitted.

Purpose and legal basis

The use of this service is based on our legitimate interests, i.e. the interest in a platform-independent provision of content in accordance with Article 6 Section 1 lit. f. GDPR.

Storage duration

The actual storage period of the processed data cannot be influenced by us, but is determined by YouTube, LLC. For more information, please see the Privacy Policy for YouTube Video: https://policies.google.com/privacy.

Version: 10/2020