Privacy policy

Mandatory information

Kräuter Mix GmbH
Wiesentheider Str. 4
97355 Abtswind
Germany
Phone: +49 9383 / 204-0
Fax: +49 9383 / 204-243
E-mail: info@kraeuter-mix.de
Web: www.kraeuter-mix.de

Managing Directors:
Christoph Mix, Bernhard Mix, Marco Grasmeder

January 2026

Kräuter Mix privacy policy

We welcome you to our company website and appreciate your interest in our company. Protecting your data is our top priority. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and the country-specific implementing laws that apply to us. This privacy policy provides you with comprehensive information about the processing of your personal data by Kräuter Mix GmbH and your rights. Personal data is information that enables the identification of a natural person. This includes, in particular, your name, email address and IP address. Anonymous data is data that cannot be used to identify a specific user.

Responsible entity and data protection officer

Kräuter Mix GmbH
Wiesentheider Str. 4
97355 Abtswind
Germany
Contact for data protection officer: datenschutz@kraeuter-mix.de

Rights of users (data subjects)

First off, we want to inform you about your rights as a user (data subject) based on Art. 15–22 GDPR. These include:

• the right to information (Art. 15 GDPR)
• the right to erasure (Art. 17 GDPR)
• the right to rectification (Art. 16 GDPR)
• the right to data portability (Art. 20 EU GDPR),
• the right to restriction of data processing (Art. 18 GDPR)
• the right to object to data processing (Art. 21 GDPR)To exercise these rights, please contact: datenschutz@kraeuter-mix.de. The same applies if you have any questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority. If we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to object

Please note the following in connection with your rights to object: If we process your personal data for direct marketing purposes, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is related to direct marketing. In the event that we process your data to protect legitimate interests, you may object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. To exercise these rights, please contact: datenschutz@kraeuter-mix.de.

Data privacy

We generally use your personal data to respond to your enquiry, to process your order or to provide you with access to further information or offers. In order to meet your requirements, it may be necessary for us to store and process your personal data (surname, first name, address, etc.). In doing so, we follow the principle of data minimisation by only collecting, storing, processing and using data that fulfils the specified purpose. Please note that not all information is mandatory. We do not create user profiles. We only collect customer master data from our merchandise management system that has been provided by the customer with their consent.

This consent can be revoked at any time with future effect in sending an e-mail to datenschutz@kraeuter-mix.de.

In addition, we collect data on the number of visits to our websites. This information provides us with information about the general interests and preferences of our visitors. However, this data is not personal, but only statistical in nature. Furthermore, we automatically collect and store information that is transmitted to us by your browser, e.g. your IP address. All personal data is treated in accordance with the statutory provisions. We use your data to fulfil contractual and legal obligations, to execute the contractual relationship, to offer products and services, and to strengthen customer relations, which may also include direct marketing.

Data disclosure to third parties

We will only disclose your data to third parties within the scope of legal provisions or with your consent. Otherwise, data will not be disclosed to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).

Security and cookies

Kräuter Mix GmbH takes technical and organisational precautions to ensure the security of your personal data. Your data is conscientiously protected against loss, falsification, manipulation or unauthorised access or disclosure. Our security measures are continuously improved in line with technological developments on the Internet. No cookies are used and no user data is collected when using the Kräuter Mix GmbH website for purely informational purposes. If our security system detects an attack, the IP address and the time of the attack are recorded. When you log in to the protected customer area, a user session is created for the duration of the login and the technical information is stored in the system and in a session cookie on the user’s computer in the interest of the user. The system only stores the session data necessary for technical operation and no other personal data.

Cookies that are set by our system in some places are purely functional and serve to provide our services. When we use analytics, we do so without cookies and without personal data or data that allows conclusions to be drawn about users.

In particular, these cookies may be:

Cookie ‘wpcf7_guest_user_id’:
Purpose: File upload in the application form:

This cookie only stores a random number, which is used during the upload process of applicant files to ensure that the files are stored in a randomly generated directory and that the user can complete the upload process. These directories and all uploaded files that are older than 1 hour are automatically deleted by the system. This cookie is only relevant for the user themselves insofar as the uploaded files are all stored in the same directory – but this is different for each user. The system does not perform any further linking or evaluation. The cookie expires after 12 hours and does not store any personal data.

We weighed up the interests of this cookie variant against the alternative of leaving applicant files containing significantly more personal information on the web server for several days so that Kräuter Mix HR staff could download them via the email sent, just to avoid using cookies. In view of the increased protection of applicant data, we decided in favour of the cookie variant.

Since the upload form is only used as part of the application process, the lawfulness of the use of the technically necessary cookie is based on Article 6(1)(b) GDPR and the legitimate interest pursuant to Article 6(1)(f) GDPR to protect the applicant data transmitted during the upload process.

Cookie: wordpress_test_cookie
Purpose: Test cookie from WordPress

This session cookie does not store any personal data and is purely functional in nature. The system only checks whether cookies can be set. It expires immediately after the session.

 

Cookie: wordpress_logged_in_*
Purpose: Cookies for logged-in users (see ‘Protected customer area’)

Cookies are stored on the system for the internal user area when a user logs in. As user accounts are only created within the framework of a company partnership or customer relationship, the agreements concluded with our customers and partners also apply here. The website does not allow public registrations or user accounts.

 

Data transmission

Data exchanged to and from our website is encrypted. We use HTTPS as the transmission protocol for our website, using the latest encryption protocols. It is also possible to use alternative communication channels, e.g. postal mail. When you contact us, we collect and process the following data: contact person, email address, contact details and other interests and enquiries. The legal basis for data processing in connection with a contact request is Art. 6 (1) (f), (b) GDPR. For online applications via email, we collect and process the following data: contact details, application documents. We also use data that we have obtained from publicly accessible directories (e.g. professional networks) in a permissible manner. If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your enquiry. No further data collection takes place. The legal basis is Art. 6 (1) (a), (b) GDPR.

Corporate news [Art. 6 (1) (a) GDPR]

On our website, free company news can be viewed via a link in our email signature, among other places. Viewing this information is voluntary and is not a recurring, automatic mailing process. We do not collect any contact details for the purpose of displaying our company news.

Protected customer area [Art. 6 (1) (a) and (b) GDPR]

On our website, we give authorised customers access to the protected customer area. Customers can obtain their login details by submitting a request to their contact person at Kräuter Mix GmbH. The principles of data minimisation and data avoidance are observed here, as only the data necessary for registration is collected. This includes, for example, your email address and contact details. When you submit your request, we store your contact details and check them for activation. After successful registration by Kräuter Mix GmbH, the user’s IP address, the date and time of registration are also stored (technical background data). Once the registration process is complete, your data will be stored by us for use in the protected customer area. By requesting the login data or clicking on the ‘Login’ button, you give your consent to the processing of your data.

Please note that technically necessary data such as your IP address will be transmitted and stored when you log in. As soon as you log in to our website with your user name and password, a user session will be created for the duration of the log-in, and the technical information will be stored in the website system and in session cookies on your computer in your interest. The website system only stores the session data necessary for technical operation and no other personal data. If you click on the ‘Stay logged in’ option, these cookies will be given a longer validity period (usually 2 weeks, updated with each access). The legal basis for this is the legitimate interest in providing our customer information service to you in accordance with Art. 6 (1) (f) GDPR and Art. 6 (1) (b) GDPR on the basis of the customer or client/contractor relationship between us. Access to the protected customer area can be revoked at any time with effect for the future. To exercise these rights, please contact: datenschutz@kraeuter-mix.de.

Raffle / consent to receiving marketing communications (Article 6 (1) (a) and (b) GDPR)

You have the opportunity to participate in our competition. When you fill out the competition card or send us the data required for participation, we will process the data provided there exclusively for the purpose of conducting the competition.

The principle of data minimisation and data avoidance is observed in that you only need to provide the data that we absolutely require to run the competition and notify you if you have won.

We collect and process the following data:

• Company
• Surname, first name
• Position
• Industry
• Postal address or address
• Email address
• Website

 

Your personal data will not be passed on to third parties unless otherwise stated in the respective competition.

Mandatory fields are marked as such, for example with an asterisk (*). For technical reasons and for legal protection, your IP address will also be processed in online competitions. The remaining information is optional and can be filled in if you wish. Unfortunately, we cannot run the competition without the mandatory fields. Participation is then not possible.

Unless otherwise stated in the competition terms and conditions, the data you provide in the context of the competition will be used exclusively for the purpose of conducting the competition and, in the event of a win, for sending the prize, and will then be deleted.

On the competition card, you also have the option of giving us your consent to receive advertising. Participation in the competition is also possible without giving your consent to receive advertising.

The legal basis for processing is an existing contract or pre-contractual measures in accordance with Art. 6 (1) (b) GDPR, as well as your express consent (in particular to the publication of competition data) in accordance with Art. 6 (1) (a) GDPR, if applicable. You can revoke the latter at any time with effect for the future. Please note that in the event of revocation, further participation in the respective competition will not be possible.

If you give us your consent (by ticking the respective checkbox or in another way), we will also process your data in order to send you information and offers about our products/services by email and to contact you. The legal basis for this promotional use of your data is your consent in accordance with Art. 6 (1) (a) GDPR.

You can revoke your consent at any time without giving reasons by sending an email to datenschutz@kraeuter-mix.de or by post to Kräuter Mix GmbH, Wiesentheider Str. 4, 97355 Abtswind, Germany.

 

Data recipients / categories of recipients

Within our company, we ensure that only those persons who need your data to fulfil contractual and legal obligations receive it. In many cases, service providers support our specialist departments in performing their tasks. The necessary data protection agreements have been concluded with all service providers.

Transfer to third countries / intent of transfer to third countries

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the performance of the contractual obligation, if it is required by law or if you have given us your consent (unless otherwise indicated in the following sections). We transfer your personal data to service providers outside the European Economic Area, namely to the USA and the UK. With regard to UK service providers, the Commission’s adequacy decision applies to maintain the level of data protection. Compliance with the level of data protection is also ensured by the use of EU standard data protection clauses and, where necessary, additional safeguards. Furthermore, US service providers are selected in accordance with the certification under the adequacy decision of the US-EU Data Privacy Framework. The service providers are obliged by appropriate contractual provisions to comply with the data protection standards and thus the level of data protection of the EU. Data processing or storage in third countries may also take place on the basis of your consent (Art. 49 (1) (a) GDPR); in this case, you will be informed of this separately when your consent is obtained.

Data storage periods

We store your data for as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data continue to be stored. This applies in particular to commercial law or tax law retention obligations (e.g. Commercial Code, Tax Code). If there are no further retention obligations, the data will be routinely deleted once the purpose has been achieved. In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within the framework of statutory limitation periods, which can be up to thirty years; the regular limitation period is three years. Cookies are stored for as short a time as possible, depending on their intended use. If you activate the ‘Stay logged in’ option when logging in, this validity period is extended to between 14 and 30 days in some cases.

Obligation to provide information

Various personal data are necessary for the establishment, implementation and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides. We have summarised the details for you in the above section. In certain cases, data must also be collected or made available due to legal requirements. Please note that it is not possible to process your enquiry or execute the underlying contractual obligation without providing this data.

Use of embedded videos on YouTube, etc.

We have embedded some films on our website that are stored on YouTube servers. YouTube is a video portal operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, hereinafter referred to as YouTube. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as Google. Some of Google’s data processing takes place outside the European Union and the European Economic Area. Data processing in the USA is secured by the US-EU Data Privacy Framework. In addition, contractual provisions and guarantees ensure compliance with European data protection standards for data transfer and processing in third countries. Data processing or storage in third countries may also take place on the basis of your consent (Art. 49 (1) (a) GDPR); in this case, you will be informed of this separately when your consent is obtained. Although we use their embedding technology, we also have your data protection in mind here. On the one hand, we endeavour to decouple your viewing behaviour as far as possible by means of an upstream two-click confirmation process, and on the other hand, we use the YouTube no-cookie domain wherever possible, thereby circumventing the setting of a cookie and thus using the so-called privacy enhanced mode.

Where possible, we use YouTube in conjunction with the ‘extended data protection mode’ function to display videos to you. The legal basis for this is Art. 6(1)(a) GDPR. However, the extended data protection mode only refers to the collection of user behaviour, not to the provision of advertisements, the reloading of further third-party content, font transmission and possible links to your YouTube user account. When you start the video, this triggers further data processing operations. We have no influence on this. This connection is necessary in order to display the respective video on our website via your internet browser. In the course of this, YouTube will at least collect and process your IP address, the date and time, and the website you visited. In addition, a connection to Google’s DoubleClick advertising network is established. If you are logged into YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account. We ask for your consent to the use of embedded YouTube content directly in the respective video.

To protect your data, this external content is therefore blocked on our pages or provided with an upstream two-click confirmation mechanism. All YouTube content is disabled by default and is only loaded and displayed from the YouTube servers after you click on the ‘Enable content’ button. By clicking this button, you consent to your IP address, referrer information and browser data being transmitted to YouTube and cookies being set in your browser. You have the option of giving your consent in accordance with Art. 6 (1) (a) GDPR for the retrieval of individual videos. This consent is only valid for as long as you are on this page and must be given again when you leave or reload it. Further revocation is therefore not possible, but also not necessary. We are not responsible for the recall of data by YouTube. For the purpose of functionality and analysis of usage behaviour, YouTube may permanently store cookies on your device via your internet browser.

If you do not agree to this processing, you have the option of preventing the storage of cookies by adjusting the settings in your internet browser. You can find more information on this under ‘Cookies’ above. Further information on the collection and use of data, as well as your rights and protection options in this regard, is available in Google’s privacy policy at https://policies.google.com/privacy.

This section on YouTube is partly based on the sample privacy policy of law firm Weiß & Partner.

Use of the Cerber firewall

We have integrated the Cerber firewall from Cerber Tech Inc. (1732 1st Ave, New York, NY 10128, USA) into this website. Cerber serves to protect our website from unwanted access or malicious cyber attacks. For this purpose, however, our website only connects to IP analysis servers in the event of suspicious access so that Cerber can compare its databases with the accesses made on our website and block them if necessary. The data processed includes your IP address and other traffic and connection data. Cerber is used on the basis of Art. 6 (1) (f) GDPR in conjunction with the obligation to protect our system in accordance with § 64 BDSG. We have a legitimate interest in protecting our website as effectively as possible against cyber attacks. Our interest in effectively protecting our website and the data processed on it outweighs any other interests, as Cerber only processes the information necessary for attack detection and only transmits data to external servers in the event of suspicious access. The data is not used for any other purposes. Alternative solutions offering comparable protection against modern cyber attacks also use comparable techniques. The remaining risks are further reduced by data minimisation, purpose limitation and appropriate protective measures.

Any data transfer to the United States is kept to a minimum and is based on prevailing agreements such as the EU Commission’s standard contractual clauses. Data processed in connection with the Cerber Firewall is stored for 60 days and then deleted.

Use of analytics tool Statify

This website uses the Statify analysis tool to statistically evaluate visitor traffic in compliance with data protection regulations. Statify records page views for this purpose. The ID, date, origin and destination of the page views are processed. Storage and processing take place directly on the web space of the website installation; the data is not passed on. The data is deleted after 120 days at the latest.

Individual users are not tracked; rather, the tool measures reach and graphically displays log file data based on the traffic and connection data that is collected anyway.

The legal basis for data processing and evaluation with Statify is our legitimate interest in tailoring our website content to the specific B2B target group, Art. 6 (1) (f) GDPR.

 

Use of the Matomo analysis tool

This website uses the Matomo analysis tool to evaluate visitor traffic anonymously in accordance with data protection regulations. Matomo is operated in a local installation, records page views and meta data, and does not pass this information on to third parties.

The ID, date, origin and destination of the page views are processed. Storage and processing take place directly on the web space of the website installation; the data is not passed on. This raw data is deleted after 180 days at the latest.

Personal data is anonymised to such an extent that we cannot identify individual users. During collection and storage, both data and IP anonymisation (last byte of the IP) and user pseudonymisation take place. Tracking is carried out without cookies. This means we receive less information, but the protection of your personal data is more important to us.

However, as we operate in the B2B sector, it is essential for us to design our website in such a way that we do not address end customers, and we therefore rely on monitoring page usage in order to be able to tailor the content accordingly.

Tracking is therefore carried out on the basis of our legitimate interest in accordance with the GDPR, as processing cannot be carried out in any other way in this specific case. We have weighed up whether our interest in this tracking analysis outweighs your rights as a data subject and, in view of the anonymisation measures, have decided in favour of the tracking analysis.

However, if you do not wish to participate in the anonymised evaluation, you can deactivate it here:

You have the option of preventing the actions you take here from being analysed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users.

 

Social networks

We use direct links to social networks such as Facebook and YouTube on our website. However, these are only passive, external links and not active plug-ins. No user or connection data is transferred to these networks when you use our website. If you follow these links, you will be taken to the Kräuter Mix GmbH company profile on the respective social media service. When you click on a link to a social media service, you leave our website and, as with any other external link, a connection is established to the servers of the social media service.

Depending on your browser settings, this may result in various data being transmitted to the servers of the social media service, such as the address of the website on which the activated link is located. We explicitly do not transfer any personal data or user tracking information when you change pages from our site. The subsequent data collection and user tracking is the responsibility of the respective site operator. Please inform yourself there about the data protection situation and the technologies used. For more information about our responsibility as a member of this social network or on these websites, please refer to the following section, ‘Presence on our social media channels’.

If you are already logged in to the relevant social media service when you activate the link, the social media service provider may be able to determine your user name and, in some cases, even your real name from the data transmitted, and assign this information to your personal user account with the social media service. You can prevent this association with your personal user account by logging out of your user account beforehand. The servers of the social media services are located in the USA and other countries outside the European Union. The data may therefore also be processed by the social media service provider in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that generally do not protect personal data to the same extent as in the Member States of the European Union. Please note that we have no influence on the scope, type and purpose of data processing by the social media service provider.

For more information on how your data is used by the social media services integrated into our website, please refer to the privacy policy of the respective social media service.

 

Our social media presence

Kräuter Mix GmbH maintains various social media accounts, including Facebook (https://www.facebook.com/kraeutermix/), Instagram (https://www.instagram.com/kraeuter_mix/), LinkedIn (https://www.linkedin.com/company/kraeuter-mix/), YouTube (https://www.youtube.com/c/KräuterMixGmbHAbtswind), Xing (https://www.xing.com/pages/kraeuter-mix) and Kununu. Insofar as we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with. Below you will find the most important information regarding data protection law in relation to our websites.

Name and address of the data controller

In addition to Kräuter Mix GmbH, the following companies are responsible for the company’s online presence in accordance with the EU General Data Protection Regulation (GDPR) and other data protection regulations:

• Facebook (Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
• Instagram (Meta Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
• YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
• Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)
• Kununu (Kununu GmbH, Neutorgasse 4-8, Top 3.02, 1010 Vienna, Austria)

However, you use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). The platforms sometimes process and store your data in a third country (USA). Where necessary, a corresponding data protection agreement has been concluded. The service providers are obliged by corresponding contractual provisions and/or by certification under the US-EU Data Privacy Framework to comply with EU data protection standards and to guarantee the European level of data protection. Data processing or storage in third countries may also take place on the basis of your consent (Art. 49 (1) (a) GDPR); in this case, you will be informed separately of this and of any associated risks.

We maintain the fan pages ourselves in order to communicate with visitors to these pages and inform them about our offers in this way. We also collect data for statistical purposes in order to further develop and optimise the content and make our offering more attractive. The data required for this (e.g. total number of page views, page activities and data provided by visitors, interactions) is processed by the social networks and made available to us. We have no influence on the generation and presentation of this data. In addition, your personal data is processed by the social media providers, but also by Kräuter Mix GmbH for market research and advertising purposes. This means that usage profiles may be created based on your usage behaviour and the resulting interests, for example. Among other things, this allows advertisements that match your interests to be displayed within and outside the platforms. Cookies are usually stored on your computer for this purpose. Regardless of this, data that is not collected directly on your end devices may also be stored in your usage profiles.

Storage and analysis also takes place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms. Beyond this, we do not collect or process any personal data. Kräuter Mix GmbH processes your personal data on the basis of our legitimate interests in effective information and communication in accordance with Art. 6(1)(f) GDPR. If you are asked to consent to data processing, i.e. if you give your consent by confirming a button or similar (opt-in), the legal basis for processing is Art. 6 (1) sentence 1 lit. a, Art. 7 GDPR.

 

Your rights / Opportunity to object

If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data on the respective network, you must

• log out of the respective network before visiting our fan page,
• delete the cookies on your device, and
• close and restart your browser.

Please note that this process must be carried out separately for each device. However, once you log in again, you will be recognisable to the network as a specific user. For a detailed description of the respective processing operations, please refer to the information linked below:

• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland – Privacy policy)
• Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland – Privacy policy)
• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland – Privacy policy)
• YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – Privacy policy)
• Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany – Privacy policy)
• Kununu (Kununu GmbH, Neutorgasse 4–8, Top 3.02, 1010 Vienna, Austria – Privacy policy)

In general, you have the following rights in relation to the processing of your personal data:

• Right of access by the data subject (Art. 15 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to object to data processing (Art. 21 GDPR)

You also have the right to lodge a complaint with a data protection supervisory authority. However, as Kräuter Mix GmbH does not have full access to your personal data, you should contact the social media providers directly when asserting your rights, as they have access to their users’ personal data and can take appropriate measures and provide information. If you still need help, we will of course try to assist you. Please contact: datenschutz@kraeuter-mix.de.

Automated case-by-case decisions

We do not apply fully automated processing systems to reach a decision.

Online offerings and minors

Persons under the age of 16 may not transmit personal data to us or submit a declaration of consent without the consent of their legal guardians. We would like to encourage parents and legal guardians to actively participate in their children’s online activities and interests.

Transparency and information obligations for Whistleblowers and further persons involved regarding the  Whistleblower System

If you submit a report via our whistleblower system, the personal data you provide will be processed in order to process your report and take further action if necessary. You always have the option of submitting anonymous reports. The personal data that is processed depends on the content of your report.

If you are an accused person or otherwise involved in the matter, we may process your personal data in order to review the report made via the whistleblower system and investigate the alleged compliance and legal violations. The data processed in this context depends on the specific report in each individual case and also on the information provided about you by the whistleblower, for example. The following data may be processed in this context:

• Contact details (e.g. private address, mobile and landline numbers, email address)
• Master data (surname, first name, name affixes, date of birth)
• Photos/video recordings
• Time recording data
• Special categories of personal data:
• Health data

 

When processing your personal data, we always comply with the provisions of the GDPR, the BDSG and all other legal provisions (such as the BetrVG, ArbZG, etc.).

If you are a reporting person, your data will be processed on the basis of your voluntary information and within the framework of the legal provisions of the Whistleblower Protection Act, Art. 6 (1) (a), (c) GDPR in conjunction with § 10 HinSchG, 8 LkSG and, if you are employed by us, in accordance with Art. 88 GDPR in conjunction with § 26 (2) BDSG. If we provide the whistleblower system without being legally obliged to do so, your data will be processed on the basis of Art. 6 (1) (f) GDPR.

Otherwise, we process your personal data as a data subject if this is necessary to safeguard the legitimate interests of the company or a third party (Art. 6 (1) lit. f, lit. c GDPR in conjunction with Section 10 HinSchG, Section 8 LkSG and Section 130 OWiG). We have a legitimate interest in processing personal data for the prevention and detection of violations and abuses reported via the whistleblower system. In addition, your personal data will be processed to the extent necessary to fulfil legal obligations.

At our company, we ensure that only those persons who need your data to process the report submitted via the whistleblower system receive it.

In certain cases, service providers (e.g. IT service providers) also assist us in fulfilling our tasks. The necessary data protection agreements have been concluded with all service providers.

Depending on the focus of the report and in order to effectively initiate follow-up measures, personal data may be passed on to our relevant specialist departments.

Furthermore, in cases prescribed by law, we are obliged to transmit certain information to authorities such as investigative authorities.

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is absolutely necessary for processing the report, is required by law, or if you have given us your consent to do so.

We transfer your personal data to a service provider outside the European Economic Area, namely to the USA. Compliance with the level of data protection is ensured by: adequacy decision and certification under the US-EU data privacy framework.

In accordance with the rights of data subjects outlined above, if you have voluntarily provided data as a reporting person, you may revoke your consent to any data processing at any time with future effect. To revoke your consent and exercise your other rights, please contact: KM.vertrauliche.Hinweise@outlook.com. The same applies if you have any questions about data processing in our company. You can also lodge a complaint against data processing with a data protection supervisory authority.