Mandatory information

Kräuter Mix GmbH
Wiesentheider Str. 4
97355 Abtswind
Germany
Phone: +49 9383 / 204-0
Fax: +49 9383 / 204-243
E-mail: info@kraeuter-mix.de
Web: www.kraeuter-mix.de

Managing Directors:
Christoph Mix, Bernhard Mix, Silke Wurlitzer

Kräuter Mix GmbH
May 2022

Kräuter Mix privacy policy

Welcome to our website! We appreciate your interest in our company. Protecting your personal data is a matter of importance to us. We process your data in compliance with the applicable legislation on the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and the applicable country-specific regulatory statutes. This privacy policy informs you about how Kräuter Mix processes your personal data and about your rights with regard to data protection. In this context, personal data is defined as information that can identify an individual and includes, among other things, a person’s name, e-mail address and IP address. The term anonymous data means that information cannot be traced back to a specific user.

Responsible entity and data protection officer

Kräuter Mix GmbH
Wiesentheider Str. 4
97355 Abtswind
Germany
Contact for data protection officer: datenschutz@kraeuter-mix.de

Rights of users (data subjects)

First off, we want to inform you about your rights as a user (data subject) based on Art. 15–22 GDPR. These include:

  • Right of access by the data subject (Art. 15 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)

If you intend to assert any of these rights or have questions concerning data processing at our company, please contact: datenschutz@kraeuter-mix.de. Furthermore, you have the right to file a complaint with the relevant data protection authority.

Right to object

In regard to your right to object, please note the following: If we process your personal data for the purpose of direct advertising, you have the right to object to the data processing at any time without giving reasons. The same applies to profiling, insofar as it is connected to the direct advertising. If we process your data to safeguard legitimate interests, you have the right to object to the data processing at any time due to reasons related to your particular situation. The same applies to profiling based on these provisions. From your objection onward, we will no longer process your personal data unless we can provide compelling and legitimate grounds for the processing that override your interests, fundamental rights and freedoms as the data subject, or data is processed for the assertion, exercise or defense of legal claims. To assert these rights, please contact: datenschutz@kraeuter-mix.de.

Data privacy

In general, we use your personal data to answer your queries, process your order, or provide you with access to further information or offers. This may require the storing and processing of your personal data (first name, last name, address, etc.). In doing so, we adhere to the principle of data economy; i.e. we only collect, store, process and use data that are relevant to the stated purpose. Please note that not all information requested is mandatory. We do not create user profiles. Customer master data is exclusively generated from information in our ERP system and provided by our customers with their consent. This consent can be revoked at any time with future effect in sending an e-mail to datenschutz@kraeuter-mix.de. Furthermore, we collect data about the number of visits to our websites. This data gives us information about the general interests and preferences of our website visitors; it is statistical, not personal in nature. We also automatically collect and store information provided by your browser, including the IP address. All personal data is handled in accordance with legal requirements. We use your data to meet contractual and legal obligations, for the performance of contractual agreements, product and service offers, as well as to strengthen customer relationships, which may involve direct advertising.

Data disclosure to third parties

We will only transfer your data to third parties within the limits of statutory provisions or if you have given us consent to do so. In all other cases, no data will be transferred to third parties, provided that we are not obligated to disclose data based on mandatory legal provisions (transfer to third parties, such as regulatory authorities or law enforcement).

Security and cookies

Kräuter Mix GmbH protects your personal data through suitable technical and organizational means to prevent any loss, falsification, manipulation, access by unauthorized third parties and/or disclosure. We continuously improve our security measures based on the technological developments on the internet. When using the Kräuter Mix GmbH website for purely informational purposes, no cookies are used, and no user data is collected. If our security system detects an attack, the IP and the time of the attack will be saved. When a user logs into the secure customer area, a user session is created for as long as the login is valid, and the technical information on this is then stored, for the benefit of the user, in the system and in a session cookie on their computer. The system only stores the session data that is required for technical purposes and not any additional personal data.

Data transmission

Data transmission to and from our website is encrypted. The transmission protocol offered for our website is HTTPS, always with the latest encryption protocols. Furthermore, feel free to use alternative means of communication (e.g. postal mail) when contacting us. If you send us a contact request, we collect and process the following data: name of contact, e-mail address, contact information, other interests and requests. The legal basis for data processing in connection with a contact request is Art. 6 (1) (f) and (b) GDPR. If you send us an application through our website or by e-mail, we collect and process the following data: contact information, application material. We furthermore use data we have lawfully obtained from publicly accessible directories (e.g. professional networks). If you contact us by e-mail, we will use the personal data contained in your e-mail exclusively for processing your request. No further data is collected. The legal basis is Art. 6 (1) (a) and (b) GDPR.

Corporate news [Art. 6 (1) (a) GDPR]

Free corporate news can be viewed on our website, among other things, by using a link in our e-mail signature. This viewing is subject to a voluntary act and is not a recurring automatic e-mail procedure. We do not collect any contact data in order to display our corporate news.

Protected customer area [Art. 6 (1) (a) and (b) GDPR]

On our website we allow authorized customers access to the protected customer area. Customers receive the log-in data by applying to their contact partner at Kräuter Mix GmbH. In this context the principles of data economy and data avoidance are observed, since only those data required for the registration are collected. These are, for example the e-mail address as well as contact information. Through your request your contact data are stored at us and checked for authorization. After successful registration by Kräuter Mix GmbH, the IP address of the user, the date and the time of the login are furthermore stored (technical background data). When you complete the registration process, we save your data in order to allow you to use the secure customer area.

Each time you enter the login data or press the ‘login’ button, you consent to the processing of your data. Please note that data required for technical purposes, such as the IP address, is transmitted and stored during the login process. As soon as you log in to our website with your username and password, a user session is created for as long as the login is valid, and the technical information on this is stored for your benefit in the website system and in session cookies on your computer. The website system only stores the session data that is required for technical purposes and not any additional personal data. If you click on ‘Stay logged in’, these cookies will be valid for longer.

The legal basis for this is our legitimate interest in providing you with our customer information service in accordance with Article 6 (1) f EU GDPR, as well as Article 6 (1) b) EU GDPR due to the customer or client/contractor relationship between us.

Access to the protected customer area can be revoked at any time with future effect. In order to assert these rights, please contact: datenschutz@kraeuter-mix.de.

Data recipients / categories of recipients

We ensure that at our company only those individuals gain access to your data who require it to meet contractual and legal obligations. In many cases, service providers support our in-house departments in performing tasks on your behalf. All our service providers have signed the required data protection agreements.

Transfer to third countries / intent of transfer to third countries

Data will only be transferred to third countries (outside the European Union and European Economic Area) if it is necessary for the execution of the contract, the law requires it, or you have given your consent accordingly. We transfer your personal data to service providers outside the European Economic Area, specifically to the USA and UK. We ensure data is sufficiently protected using methods such as EU standard data protection clauses and – if necessary – additional guarantees. Service providers are obligated via contractual regulations to adhere to data protection standards, thereby ensuring the data is protected to the same degree as in the EU. Data may also be processed or stored in third countries with your consent (Art. 49 (1) (a) GDPR), and you will be informed of this separately when giving your consent if this is the case.

Data storage periods

We store your personal data only for the time period required to fulfill the relevant purpose. Please note that various retention periods require us to continue to store data beyond this period. This applies in particular to retention periods in accordance with commercial or fiscal law (e.g. commercial code, tax code, etc.). Provided that no further retention periods apply, we routinely delete your data after the stated purpose has been fulfilled. We may continue to store data if we have obtained your consent to do so or if there is a chance of a legal dispute, for which we may use evidence within the statutory limitation periods (depending on the specific situation, up to thirty years); the regular limitation period is three years.

Cookies are stored for the minimum time required for their intended purpose. If you click on ‘Stay logged in’, some of these cookies will be valid for an additional 14 to 30 days.

Obligation to provide information

A variety of personal data is required for the establishment, execution and termination of a contractual relationship and the performance of associated contractual and legal obligations. The same applies to the use of our websites and the features provided therein. We have summarized details about this issue above. In certain cases, data must be collected and/or provided due to applicable statutory provisions. Please note that we are unable to process your request or execute the underlying contractual relationship if relevant data is not provided.

Use of embedded videos on YouTube, etc.

We have embedded videos on some of our web pages that are stored on YouTube servers, the video platform of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, hereafter referred to as YouTube. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA , hereafter referred to as Google. Google processes some data outside the European Union and the European Economic Community. Contractual regulations and guarantees ensure that the data transfers and processing are subject to the same degree of protection in third countries as they would be in the EU. Data may also be processed or stored in third countries on the basis of your consent (Art. 49 (1) (a) GDPR). If this is the case, you will be informed separately when we ask for your consent.

While we do use their embedding technology, we do so in a way that ensures your data is protected. On the one hand, we try to decouple your viewing habits as much as possible via a two-factor authentication process, and on the other hand, we use YouTube’s nocookie domain wherever possible, employing the privacy-enhanced mode to prevent a cookie being set. We use YouTube to show you videos via its privacy-enhanced mode wherever possible. The legal basis for this is Art. 6 (1) a) GDPR. However, privacy-enhanced mode only relates to the collection of user behavior information, not to ad services, as well as loading additional third-party content, information relating to fonts and potential connections to your YouTube user account. When you start the video, these additional data processing operations are triggered. We have no control over this. This connection is required to display the relevant video on our website via your internet browser. As a result, YouTube collects and processes your IP address, the date and time, and the website you visited, as a minimum. In addition, Google also establishes a connection to the ‘DoubleClick’ advertising website. If you are simultaneously logged into YouTube, YouTube assigns the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our site or adjust the relevant settings in your YouTube user account.

We request your consent for the use of embedded YouTube content directly from the respective video. In order to protect your data, this external content on our pages is generally blocked or protected via a double opt-in confirmation process. All YouTube content is deactivated by default and is only loaded and displayed by the YouTube servers after you click on the ‘Activate content’ button. By clicking, you consent for data such as your IP address, referrer information and browser data to be transmitted to YouTube and for cookies to be set in your browser.

You can give your consent to access individual videos in accordance with Art. 6 (1) (a) GDPR. Your consent is only valid as long as you are on this page and must be given again when you leave or reload the page. Therefore it is not possible to revoke consent even further, but it is also not necessary. We are not responsible for any recall of data on YouTube.

In order to ensure the functionality of its site and analyze user behavior, YouTube permanently stores cookies onto your device via your internet browser. If you do not consent to processing, you can prevent cookie storage using the settings in your internet browser. Further information on this can be found above under ‘Cookies’. Further information on how data is collected and used, your data protection rights, and details of how you can protect your data can be found in Google’s data privacy statement, accessible via https://policies.google.com/privacy.

This section on YouTube is partly based on the sample privacy policy of law firm Weiß & Partner.

Use of the Cerber firewall

We have integrated the ‘Cerber’ firewall into this website. Cerber is designed to protect our website from unwanted access or malicious cyberattacks. However, our website only connects to IP analysis servers in the event of suspicious traffic so that Cerber can compare its databases with the hits made on our website and block them if necessary.

Our use of Cerber is based on Article 6 (1) f GDPR in conjunction with our obligation to protect our system in accordance with Section 64 of the German Data Protection Act (BDSG). We have a legitimate interest in providing our website with the best possible protection against cyberattacks.

Any data transfer to the USA is kept to a minimum and is underpinned by the agreements in force, such as the standard contractual clauses of the European Commission.

Use of analytics tool ‘Statify’

This website uses the analytics tool Statify to carry out anonymous statistical analysis of visitors to the site in accordance with data protection regulations. Statify only records page views, not IPs or other personal data. We also do not use any on-page analytics tools from external third-party providers.

Social networks

Our website features direct links to social networks such as Facebook and YouTube. These are only passive external links and not active plug-ins. Therefore, no user data or connection data is transmitted to these sites when using our website.

If you follow these links, you will be directed to Kräuter Mix GmbH’s respective pages on these social media services. When you click on the link to one of these social media sites, you will leave our website and establish a connection to the servers of that social media service, as with any other external link. Depending on your browser settings, this may cause various data to be transmitted to the servers of these social media sites, such as the website address on which the activated link was located. We explicitly do not transmit any personal data or user-tracking information from our site when you navigate using these links.

The respective social media site is responsible for any subsequent data collection or user tracking. Please take the time to inform yourself about how these sites protect your data and which technologies they use. You can find out more about our responsibilities with regard to our membership of these social media or websites in the following section, ‘Our social media presence’.

If you are already logged into the social media site when you activate the link, the social media service provider may be able to determine your username or even your real name from the transmitted data and assign this information to your personal user account on the social media site. You can prevent this from happening by logging out of your user account before you click the link. The servers used by the social media services are located in the USA and other countries outside the European Union. This means that data may be processed by these social media service providers outside the EU. Please be aware that companies in these countries are subject to data protection laws that generally do not protect personal data to the same degree as the laws in European Union Member States. Please note that we do not have any control over the scope or purpose of processing or the way in which data is processed by social media service providers. Further information on the use of your data by social media services linked via our website can be found in the privacy policies of those social media platforms.

Our social media presence

Kräuter Mix GmbH maintains a presence on various social media channels, including Facebook, YouTube, Instagram, LinkedIn, Xing und Kununu. Insofar as we have control over how your data is processed, we ensure the applicable data protection regulations are complied with. Below you will find the most important information on data protection law in relation to our social media pages.

Name and address of the data controller

In addition to Kräuter Mix GmbH, the following are considered data controllers for our company presence on social media sites in the meaning of the EU General Data Protection Regulation (GDPR) and other data protection regulations:

  • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
  • YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
  • Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)
  • Kununu (Kununu GmbH, Neutorgasse 4-8, Top 3.02, 1010 Vienna, Austria)

However, the responsibility for how you use these platforms rests on you. This particularly applies to the use of their interactive functions (e.g. commenting, sharing, reacting).

Please note that your data may be processed outside the European Union. This may incur risks for the user, such as making it more difficult to enforce users’ rights. Providers who process or store data in third countries are obliged by contractual regulations to comply with EU data protection standards. Data may also be processed or stored in third countries on the basis of your consent (Art. 49 (1) (a) GDPR). If this is the case, you will be informed separately when we ask for your consent. We maintain our pages to communicate with visitors to these pages and inform them about our offers. We also collect data for statistical purposes in order to continue developing and optimizing our content and make our offer more attractive. The data we need for this (e.g. total number of page views, page activity, data provided by the user, interactions) is processed by the social networks and provided to us. We have no control over how the data is generated or presented.

In addition, your personal data is processed by the social media providers and Kräuter Mix GmbH for market research and advertising purposes. This means usage profiles may be created based on your usage behavior and the interests that can be derived from that. This means that ads that correspond to your interests can be placed both on and off the platforms. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected on your end devices may also be stored in your usage profiles. This data storage and analysis is carried out across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

Beyond that, we do not collect or process any personal data. Kräuter Mix GmbH processes your personal data on the basis of our legitimate interests in providing effective information and communication in accordance with Art. 6 (1) (f) GDPR. If you are asked for your consent to data processing, i.e. if you declare your consent by clicking a button or similar (opt-in), the legal basis of processing is Art. 6 (1) (a), Art. 7 GDPR.

Your rights / Opportunity to object

If you are a member of a social network and you do not want the network to collect data when you access our page and link it with your stored user data, you need to

  • log out of the relevant social media site before you access our page,
  • delete cookies from your device and
  • close and relaunch your browser.

Please note that you need to follow this process separately for each device you use. However, when you log in again, the site will once more be able to recognize you as a specific user. The following links give a detailed description of how data is processed for each social media site:

  • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland – Privacy policy)
  • Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland – Privacy policy)
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland – Privacy policy)
  • YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – Privacy policy)
  • Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany – Privacy policy)
  • Kununu (Kununu GmbH, Neutorgasse 4–8, Top 3.02, 1010 Vienna, Austria – Privacy policy)

In general, you have the following rights in relation to the processing of your personal data:

  • Right of access by the data subject (Art. 15 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object to data processing (Art. 21 GDPR)

You also have the right to appeal to a data protection supervisory authority. However, since Kräuter Mix GmbH does not have complete access to your personal data, you should contact the providers of the social media directly if you wish to assert your rights, as they each have access to the personal data of their users and can take appropriate measures and provide information. Of course, if you need help with this, we are happy to assist. Please contact us on datenschutz@kraeuter-mix.de.

Automated case-by-case decisions

We do not apply fully automated processing systems to reach a decision.

Online offerings and minors

Minors under 16 years of age are not permitted to transfer personal data to us and/or give informed consent without the permission of their legal guardians. We would like to encourage parents and legal guardians to show an active interest in their children’s online activities and interests.