banner home

DATA PROTECTION

 

I Name and address of the Controller

The Controller within the meaning of the General Data Protection Regulation and other national data protection regulations of the Member States and other data protection regulations is:
 
 
Care-Food GmbH
Schlossstraße 1
Schloss Martinsburg
56112 Lahnstein
Deutschland
Telefon: 02621-9218-139
Telefax: 02621-9218-143
mail(at)care-food.de
www.care-food.de


II Data processing

1. Scope of the processing of personal data
In general, we only process the personal data of our users to the extent necessary to provide a functional website and our content and services. The personal data of our users are generally only processed with the consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
 
2. Legal basis for the processing of personal data
If we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
If the processing of personal data is required to fulfil a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations which are required to carry out pre-contractual measures.
If the processing of personal data is necessary for our company in order to fulfil a legal obligation, Article 6 (1) (c) GDPR serves as the legal basis.
If processing of personal data is required in the vital interests of the data subject or another natural person, Article 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.  

3. Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which are applicable to the Controller. The data will also be blocked or erased if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.


III Provision of the website and creation of log files

1. Description and scope of the data processing
Every time you access our website, our system automatically collects data and information from the computer system of the accessing computer.  
The following data are collected:
- Information about the browser type and version used
- The user's operating system
- The user's internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system accessed our website
- Websites accessed by the user's system via our website
The data are also stored in the log files of our system. These data are not stored with other personal data of the user.

2. Legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR.

3. Purpose of the data processing
The temporary storage of the IP address by the system is required in order to enable the website to be delivered to the user's computer. The user's IP address must be saved for the duration of the session for this purpose.
The data are stored in log files in order to ensure the functionality of the website. We also use the data to optimise the website and ensure the security of our information technology systems. The data are not evaluated for marketing purposes in this context.
Our legitimate interest in data processing also lies in these purposes in accordance with Art. 6 (1) (f) GDPR.

4. Duration of storage
Data will be erased as soon as they are no longer necessary to achieve the purpose of their collection. If data are collected for the provision of the website, they will be erased when the respective session has ended.
If the data are stored in log files, they will be erased after seven days at the latest. The data may be stored for longer periods. In this case, the IP addresses of users are erased or anonymised so that it is no longer possible to associate them with the accessing client.  

5. Opting out and removal option
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. It is therefore not possible for the user to opt out.  

IV Use of cookies

1. Description and scope of the data processing
Our website uses cookies. Cookies are text files which are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters which enables the browser to be clearly identified when you return to the website at a later date.  
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can also be identified after changing web pages. The following data are stored and transferred in the cookies:
- Language settings
- Items in a shopping cart
- Log-in information  

2. Legal basis for the data processing
The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR.

3. Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions, the browser also needs to be recognised after changing web pages. We need cookies for the following applications:
- Shopping cart
- Adopting language settings
- Remembering search terms
The user data collected by technically necessary cookies are not used to create user profiles.
Our legitimate interest in the processing of personal data also lies in these purposes in accordance with Art. 6 (1) (f) GDPR.

4. Duration of storage, opting out and removal option
Cookies are stored on the user's computer and transferred to our website from there. As a user, you therefore have full control over the use of cookies. You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be erased at any time. They can also be erased automatically. If cookies are disabled for our website, it is possible that not all functions of the website can be used to their full extent.

V Registration

1. Description and scope of the data processing
We offer users the opportunity to register on our website by providing personal data. The data are entered in a form and are transferred to us and stored. The data will not be passed on to third parties. The following data are collected during the registration process: First and last name, address, telephone, email
At the time of registration, the following data are also stored:
- The IP address of the user
- Date and time of registration
Within the scope of the registration process, the user's consent to the processing of these data are obtained.

2. Legal basis for the data processing
If the user has given consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.
If the registration serves the fulfilment of a contract to which the
user is a contractual party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.

3. Purpose of the data processing
The registration of the user is required to fulfil a contract with the user or to carry out pre-contractual measures.

4. Duration of storage
Data will be erased as soon as they are no longer necessary to achieve the purpose of their collection.
This is the case during the registration process to fulfil a contract or to carry out pre-contractual measures if the data are no longer required for the execution of the contract. After termination of the contract, it may be necessary to store personal data of the contractual partner in order to meet contractual or legal obligations.

5. Opting out and removal option
As a user, you can cancel your registration at any time. You can have the data stored about you amended at any time.
If the data are required to fulfil a contract or implement pre-contractual measures, the premature erasure of the data is only possible if there are no contractual or legal obligations which prevent erasure.

VI Contact form and email contact

1. Description and scope of the data processing
A contact form is available on our website and can be used to contact us electronically. If a user makes use of this option, the data entered in the form will be transferred to us and saved. These data include:
First and last name, address, telephone, email
At the time the form is sent, the following data are also stored:
- The IP address of the user
- Date and time of registration
Your consent to the processing of the data is obtained when the form is submitted, whereby reference will be made to this Privacy Policy.
Alternatively, you can contact us using the email address provided. In this case, the user's personal data submitted in the email will be saved. The data will not be passed on to third parties within this context. The data will only be used within the scope of the conversation.

2. Legal basis for the data processing
If the user has given consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.
The legal basis for processing the data transferred in an email is Article 6 (1) (f) GDPR. If the aim of the email contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. Purpose of the data processing
We process the personal data in the form solely in order to establish contact. If you contact us by email, there is also a necessary legitimate interest in processing the data.
Other personal data processed during the submission process is required to prevent misuse of the contact form and ensure the security of our information technology systems.

4. Duration of storage
Data will be erased as soon as they are no longer necessary to achieve the purpose of their collection. The personal data in the contact form and any sent via email will be erased when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively dealt with.  
Additional personal data collected during the sending process will be erased at the latest after a period of seven days.

5. Opting out and removal option
The user has the option of withdrawing consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
In this case, all personal data which was stored when making contact will be erased.

VII Rights of the data subject

If your personal data are processed, you are the data subject within the meaning of GDPR and you have the following rights towards the Controller:

1. Right to information
You can request confirmation from the Controller as to whether we are processing personal data relating to you.  
If this is the case, you can request the following information from the Controller:
(a) the purposes for which the personal data are processed;
(b) the categories of personal data being processed;
(c) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(d) the existence of a right to rectification or erasure of your personal data, a right to restrict processing by the Controller or a right to object to this processing;

2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the Controller if the processed personal data concerning you are incorrect or incomplete. The Controller must make the rectification without delay.

3. Right to restriction of processing
Under the following conditions, you can ask for the processing of your personal data to be restricted:
(a) if you dispute the accuracy of the personal data concerning you for a period of time that enables the Controller to check the accuracy of the personal data;
(b) the processing is unlawful and you refuse erasure of the personal data and instead request that the use of the personal data be restricted;
(c) the Controller no longer needs the personal data for processing purposes, but you need them to assert, exercise or defend legal claims, or
(d) if you have lodged an objection to the processing of the data in accordance with Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the Controller outweigh your reasons.
If the processing of your personal data has been restricted, these data – apart from its storage – may only be processed with your consent or to assert, exercise or defend legal claims, to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing has been restricted in accordance with the aforementioned conditions, you will be informed by the Controller before the restriction is lifted.

4. Right to erasure
Erasure obligation:
You can request the Controller to erase the personal data relating to you immediately, and the Controller is obliged to erase these data immediately if one of the following reasons applies:
(a) The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
(b) You have withdrawn your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR and there is no other legal basis for the processing.
(c) You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.
(d) The personal data concerning you have been processed unlawfully.
(e) The erasure of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States applicable to the Controller.
(f) The personal data relating to you were collected in connection with information society services offered in accordance with Art. 8 (1) GDPR.
Information disclosed to third parties:
If the Controller has made the personal data concerning you public and is obliged to erase these data in accordance with Art. 17 (1) GDPR, the Controller will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform these controllers who are processing the personal data that you, as the data subject, have requested the erasure of all links to these personal data and all copies or replications of these personal data.  
Exceptions:
The right to erasure does not exist if processing is necessary
(a) to exercise the right to freedom of expression and information;
(b) to fulfil a legal obligation which requires processing under the law of the Union or of the Member States to which the Controller is subject, or to perform a task which is in the public interest or in order to exercise official authority which has been transferred to the Controller;
(c) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) GDPR;
(d) for archiving purposes in the public interest, for scientific or historical research purposes and for statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the right mentioned under (a) is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or
(e) for the establishment, exercise or defence of legal claims.

5. Right to be informed
If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the Controller, the Controller is obliged to notify all recipients of the personal data concerning you about this rectification or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the Controller.

6. Right to data portability
You have the right to receive the personal data concerning you which you have provided to the Controller in a structured, common and machine-readable format. You also have the right to transfer these data to another controller without hindrance from the Controller to whom the personal data were provided, provided that
(a) the processing is based on consent in accordance with Article 6 (1) (a) GDPR, Article 9 (2) (a) GDPR or a contract in accordance with Art. 6 (1) (b) GDPR and
(b) the processing is carried out using automated procedures.
When exercising this right, you also have the right to have the personal data relating to you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not impair the freedoms and rights of other people.
The right to data portability does not apply to the processing of personal data which is necessary for the performance of a task in the public interest or in order to exercise official authority which has been transferred to the Controller;

7. Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.
The Controller will no longer process the personal data relating to you unless he can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
If the personal data relating to you are processed in order to send direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising. This also applies to profiling, to the extent that this is associated with such direct mail.
If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
Irrespective of Directive 2002/58/EC, you have the option, in connection with the use of information society services, of exercising your right of objection by means of automated procedures in which technical specifications are used.

8. Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the lawfulness of the processing carried out on the basis of your consent up to the point of withdrawal.

9. Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which has a legal impact on you or which significantly affects you in a similar manner. This does not apply if the decision
(a) is necessary for the conclusion or performance of a contract between you and the Controller,
(b) is permissible on the basis of legal provisions of the Union or Member States applicable to the Controller and these legal provisions contain appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
(c) is made with your express consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 (1) GDPR unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (a) and (c), the Controller will take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain intervention by a person on the part of the Controller, to express their own point of view and to contest the decision.

10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data infringes the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.