Christoph Mix, Bernhard Mix, Silke Wurlitzer
Kräuter Mix GmbH
Responsible entity and data protection officer
Kräuter Mix GmbH
Wiesentheider Str. 4
Contact for data protection officer: firstname.lastname@example.org
Rights of users (data subjects)
First off, we want to inform you about your rights as a user (data subject) based on Art. 15–22 GDPR. These include:
• Right of access by the data subject (Art. 15 GDPR),
• Right to erasure (Art. 17 GDPR),
• Right to rectification (Art. 16 GDPR),
• Right to data portability (Art. 20 GDPR),
• Right to restriction of processing (Art. 18 GDPR),
• Right to object (Art. 21 GDPR).
If you intend to assert any of these rights or have questions concerning data processing at our company, please contact: email@example.com. Furthermore, you have the right to file a complaint with the relevant data protection authority.
Right to object
In regard to your right to object, please note the following: If we process your personal data for the purpose of direct advertising, you have the right to object to the data processing at any time without giving reasons. The same applies to profiling, insofar as it is connected to the direct advertising. If we process your data to safeguard legitimate interests, you have the right to object to the data processing at any time due to reasons related to your particular situation. The same applies to profiling based on these provisions. From your objection onward, we will no longer process your personal data unless we can provide compelling and legitimate grounds for the processing that override your interests, fundamental rights and freedoms as the data subject, or data is processed for the assertion, exercise or defense of legal claims. To assert these rights, please contact: firstname.lastname@example.org.
In general, we use your personal data to answer your queries, process your order, or provide you with access to further information or offers. This may require the storing and processing of your personal data (first name, last name, address, etc.). In doing so, we adhere to the principle of data economy; i.e. we only collect, store, process and use data that are relevant to the stated purpose. Please note that not all information requested is mandatory. We do not create user profiles. Customer master data is exclusively generated from information in our ERP system and provided by our customers with their consent. This consent can be revoked at any time in writing. Furthermore, we collect data about the number of visits to our websites. This data gives us information about the general interests and preferences of our website visitors; it is statistical, not personal in nature. We also automatically collect and store information provided by your browser, including the IP address. All personal data is handled in accordance with legal requirements. We use your data to meet contractual and legal obligations, for the performance of contractual agreements, product and service offers, as well as to strengthen customer relationships, which may involve analyses for marketing purposes and direct advertising.
Data disclosure to third parties
We will only transfer your data to third parties within the limits of statutory provisions or if you have given us consent to do so. In all other cases, no data will be transferred to third parties, provided that we are not obligated to disclose data based on mandatory legal provisions (transfer to third parties, such as regulatory authorities or law enforcement).
Security and cookies
Data transmission to and from our website is encrypted. The transmission protocol offered for our website is HTTPS, always with the latest encryption protocols. We also offer users content encryption for contact forms and applications. This data can only be decrypted by us. Furthermore, feel free to use alternative means of communication (e.g. postal mail) when contacting us. If you send us a contact request, we collect and process the following data: name of contact, e-mail address, contact information, other interests and requests. If you send us an application through our website or by e-mail, we collect and process the following data: contact information, application material. We furthermore use data we have lawfully obtained from publicly accessible directories (e.g. professional networks). If you contact us by e-mail, we will use the personal data contained in your e-mail exclusively for processing your request. No further data is collected.
Corporate news (Art. 6 (1) (a) GDPR)
Free corporate news can be viewed on our website, among other things, by using a link in our e-mail signature. This viewing is subject to a voluntary act and is not a recurring automatic e-mail procedure. We do not collect any contact data in order to display our corporate news.
Protected customer area (Art. 6 (1) (a) and (b) GDPR)
On our website we allow authorized customers access to the protected customer area. Customers receive the log-in data by applying to their contact partner at Kräuter Mix GmbH. In this context the principles of data economy and data avoidance are observed, since only those data required for the registration are collected. These are, for example the e-mail address as well as contact information. Through your request your contact data are stored at us and checked for authorization. After successful registration by Kräuter Mix GmbH, the IP address of the user, the date and the time of the login are furthermore stored (technical background data). By applying for the log-in data or respectively by clicking the “Register” button, you consent to the processing of your data. By completing the registration process your data are stored with us for using the protected customer area. As soon as you log in on our website with your user name and password, these data are made available on our website. Access to the protected customer area can be terminated at any time in writing. In order to assert these rights, please contact: email@example.com.
Data recipients / categories of recipients
We ensure that at our company only those individuals gain access to your data who require it to meet contractual and legal obligations. In many cases, service providers support our in-house departments in performing tasks on your behalf. All our service providers have signed the required data protection agreements.
Transfer to third countries / intent of transfer to third countries
No data is transferred to third countries (outside of the European Union and/or the European Economic Area).
Data storage periods
We store your personal data only for the time period required to fulfill the relevant purpose. Please note that various retention periods require us to continue to store data beyond this period. This applies in particular to retention periods in accordance with commercial or fiscal law (e.g. commercial code, tax code, etc.). Provided that no further retention periods apply, we routinely delete your data after the stated purpose has been fulfilled. We may continue to store data if we have obtained your consent to do so or if there is a chance of a legal dispute, for which we may use evidence within the statutory limitation periods (depending on the specific situation, up to thirty years); the regular limitation period is three years.
Obligation to provide information
A variety of personal data is required for the establishment, execution and termination of a contractual relationship and the performance of associated contractual and legal obligations. The same applies to the use of our websites and the features provided therein. We have summarized details about this issue above. In certain cases, data must be collected and/or provided due to applicable statutory provisions. Please note that we are unable to process your request or execute the underlying contractual relationship if relevant data is not provided.
Our website features direct links to social networks such as Facebook, Xing, YouTube and Kununu. However, these are external links and not active plugins. No data is sent to the social networks when sites are accessed.
Use of embedded videos on YouTube, etc.
We have embedded videos on some of our web pages that are stored on YouTube servers, the video platform of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, hereafter referred to as ‘YouTube’. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA , hereafter referred to as ‘Google’. Google and its subsidiary YouTube hold a EU-US Privacy Shield certification, ensuring that EU data protection requirements are also adhered to when data is processed in the USA.
While we do use their embedding technology, we do so in a way that ensures your data is protected. On the one hand, we try to decouple your viewing habits as much as possible via an upstream link, and on the other hand, we use YouTube’s nocookie domain wherever possible, employing the ‘privacy-enhanced mode’ to prevent a cookie being set. We use YouTube to show you videos via its privacy-enhanced mode wherever possible. The legal basis for this is Art. 6 (1) f) GDPR. Our legitimate interest is improving the quality of our internet presence. According to YouTube, its privacy-enhanced mode means that the data specified in more detail below is only transmitted to the YouTube servers when you actually start watching a video.
If the privacy-enhanced mode is not activated, a connection to the YouTube servers in the USA is established as soon as you access one of our sites that with an embedded YouTube video. This connection is required to display the relevant video on our website via your internet browser. As a result, YouTube collects and processes your IP address, the date and time, and the website you visited, as a minimum. In addition, Google also establishes a connection to the ‘DoubleClick’ advertising website. If you are simultaneously logged into YouTube, YouTube assigns the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our site or adjust the relevant settings in your YouTube user account.
In order to ensure the functionality of its site and analyze user behavior, YouTube permanently stores cookies onto your device via your internet browser. If you do not consent to processing, you can prevent cookie storage using the settings in your internet browser. Further information on this can be found above under ‘Cookies’.
Further information on how data is collected and used, your data protection rights, and details of how you can protect your data can be found in Google’s data privacy statement, accessible via https://policies.google.com/privacy.
Automated case-by-case decisions
We do not apply fully automated processing systems to reach a decision.
Online offerings and minors
Minors under 16 years of age are not permitted to transfer personal data to us and/or give informed consent without the permission of their legal guardians. We would like to encourage parents and legal guardians to show an active interest in their children’s online activities and interests.