Details in accordance with Article 4 Para. 7 of the GDPR
Data Protection Commissioner
Frau Magdalena Koziel
Mählmann Gemüsebau GmbH & Co. KG
Im Siehenfelde 13
Security and protection of your personal data
We view it as our primary task to ensure the confidentiality of the personal data provided by you and to protect this against unauthorised access. Therefore, we take the utmost care and apply the most modern security standards to ensure maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations in the German Federal Data Protection Act (BDSG). We have undertaken technical and organisational measures to ensure that the regulations regarding data protection are observed both by us and our external service providers.
Legislators demand that personal data is processed in a lawful manner, in good faith and in a manner comprehensible to the affected person (“Lawful, processing in good faith, transparency”). In order to ensure this, we hereby inform you on the individual definitions of terms as used in this Data Protection Declaration:
1. Personal data
“Personal data” is all information which refers to an identified or identifiable natural person (in the following “affected person”); a natural person is viewed as identifiable if they can be identified directly or indirectly, in particular through the classification of identifiers such as names, identification numbers, location data, online identification or one or several special features which express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” is every executed procedure or sequence of procedures, with or without the help of automated processes, in connection with personal data such as collection, recording, organisation, sorting, storing, adaptation or changing, reading, retrieval, use, disclosure through transmission, distribution or other forms of provision, comparison or linking, restriction, deletion or destruction.
3. Restriction of processing
“Restriction of processing” is the marking of stored personal data with the objective of restricting its future processing.
“Profiling” is any type of automated processing of personal data which comprises this personal data being used to evaluate certain aspects which refer to a natural person regarding the analysis or forecasting of work performance, economic situation, health, personal preferences, interests, reliability, conduct, place of residence or change of location of this natural person.
“Pseudonymisation” is the processing of personal data in such a way that the personal data can no longer be attributed to a specific person without the use of additional information, if this additional information is separately stored and subject to technical and organisational measures which ensure that the personal data cannot be assigned to an identified or identifiable person.
6. File system
A “file system” is any structured collection of personal data which is accessible according to certain criteria, independent of whether this collection is managed centrally, non-centrally or according to functional or geographical aspects.
7. Responsible person
A “responsible person” is an individual or legal entity, authority, institute or other office who decides solely or jointly with others regarding the purpose and means of processing personal data; if the purpose and means of this processing are specified by union law or the law of the member state, then the responsible person or the defined criteria for their designation may be provided according to Union law or the law of the member state.
8. Order processor
An “order processor” is a natural person or legal entity, authority, institute or other office who processes personal data on behalf of the responsible person.
“Recipient” is an individual or legal entity, authority, institute or other office to whom personal data is disclosed, irrespective of whether it concerns a third party or not. However, authorities which might receive personal data within the scope of a defined investigation order according to union law or the law of the member state are not deemed recipients; the processing of this data by the stated authorities occurs in harmony with the valid data protection regulations according to the purposes of the processing.
10. Third party
“Third party” is a natural or legal entity, authority, institute or other office, except the affected person, the responsible person, the order processor and the persons who are authorised under the direct responsibility of the responsible person or the order processor to process personal data.
The “consent” by the affected person is every voluntary, informed and unambiguous indication of wishes in a specific case made in the form of a declaration or another clearly corroborative action through which the affected person communicates that they agree with the processing of the personal data pertaining to themselves.
Lawfulness of processing
The processing of personal data is only lawful if a legal basis exists for this processing. A legal basis for processing acc. Article 6 Para.1 lit. a – f of the GDPR could in particular be:
a. The affected person has issued their consent for the processing of personal data pertaining to them for one or several defined purposes;
b. The processing is required for the fulfilment of a contract of which the affected person is a contractual party, or for the execution of pre-contractual measures which occur on request by the affected person;
c. The processing is required for the fulfilment of a legal obligation which is incumbent on the responsible person;
d. The processing is required to protect essential interests of the affected person or another natural person;
e. The processing is required for the assumption of a task which is in the public interest or occurs during the exercising of official authority which is incumbent on the responsible person;
f. The processing is required for safeguarding the legitimate interests of the responsible person or a third party, insofar as this does not outweigh the interests or basic rights and fundamental freedoms of the affected person which necessitate the protection of personal data, in particular if the affected person is a child.
Information regarding the collection of personal data
(1) In the following, we inform you regarding the collection of personal data when using our website. Personal data is, for example, name, address, email addresses, user behaviour.
(2) In case you should contact us via email or via a contact form, the data provided by you (your email address, if applicable your name and telephone number) is stored by us in order to answer your questions. We delete data accumulating in connection with this process after the storage is no longer required, or the processing is restricted in case a legal period of retention exists.
Collection of personal data during a visit to our website
In case of your use of our website to obtain information, i.e. if you do not register or otherwise transmit information to us, we only collect personal data which is transmitted by your browser to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to ensure stability and security (The legal basis is Art. 6 Para.1 S. 1 lit. f of the GPDR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Respectively transmitted data volume
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(1) In addition to the aforementioned data, cookies are stored in your computer if you use our website. Cookies are small text files which are stored on your hard drive as assigned by your browser, and through which the entity placing the cookie receive certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the overall range of Internet offers available to you more user-friendly and effective.
(2) This website uses the following types of cookies, the scope and function of which are explained in the following:
- Transient cookies (see a.)
- Persistent cookies (see b.).
a. Transient cookies are automatically deleted when you close the browser. This especially includes session cookies. These store a so-called session ID which allows different requests from your browser to be assigned for the mutual session. As a result, your computer can recognise whether you return to our website again. The session cookies are deleted when you log out or close your browser.
b. Persistent cookies are automatically deleted after a specified time which can differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
c. You may configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. So-called “third-party cookies” are cookies which have been set by a third party, and subsequently not actually by the website which you are currently visiting. We hereby wish to point out that, through the deactivation of cookies, you may not be able to use all functions of the website.
Further functions and offers of our website
(1) We offer various services besides the purely informative use of our website, which you may use if you are interested. For this purpose, you must normally provide further personal data which we use to render the respective service and for which the aforementioned principles of data processing apply.
(2) In part, we operate with external service providers for the processing of your data. These have been carefully selected and commissioned by us, are bound to our instructions and are regularly checked.
(3) Furthermore, we may transfer your personal data to third parties if special offer participations, competitions, contractual conclusions or similar performances are offered by us together with mutual partners. You will receive more detailed information regarding this after stating your personal data or below, under the description of the offer.
(4) If our service providers or partners have their headquarters in a state outside the European Economic Area (EEA), then we will inform you of the consequences of these circumstances in the description of the offer.
Our offer is always directed at adults. Persons under 18 years should not transmit personal data to us without the permission of their parents or legal guardian.
Rights of the affected person
(1) Revocation of consent
Provided the processing of personal data is based on granted consent, you have the right at any time to revoke this consent. Through the revocation of the consent, the lawfulness of prior processing based on this consent shall not be affected until revocation.
You may contact us at any time to exercise your right to revocation.
(2) Right to confirmation
You have the right to request confirmation from the responsible person as to whether we are processing personal data pertaining to you. You may request confirmation at any time under the aforementioned contact data.
(3) Right to information
If personal data is processed, then you may request information regarding this personal data and regarding the following information at any time:
a. The processing purposes;
b. The categories of personal data which are processed;
c. The recipient or categories of recipients to whom the personal data has been disclosed or will be disclosed, in particular in case of recipients in third countries or with international organisations;
d. If possible the planned duration for which the personal data is stored, or if this is not possible, the criteria for the determination of this duration;
e. The existence of a right of correction or deletion of personal data pertaining to you or to a restriction of the processing by the responsible persons or a right to revocation of this processing;
f. The existence of a right to lodge complaints with a supervisory authority;
g. If the personal data is not collected from the affected person, then all available information regarding the origin of this data;
h. The existence of automated decision-making including profiling acc. Article 22 Paragraphs 1 and 4 of the GDPR and – at least in these cases – informative information regarding the involved logic and the implications and desired effects of such processing for the affected person.
If personal data is transmitted to a third country or an international organisation, then you have the right to be informed of suitable guarantees acc. Article 46 of the GDPR in connection with the transmission. We provide a copy of the personal data which is the object of the processing. For all further copies which you personally request, we may demand an appropriate fee for administration costs. If you submit the application electronically, then the information is to be provided in a usual electronic format, if not otherwise stated. The right to the receipt of a copy acc. Paragraph 3 must not impair the rights and freedoms of other persons.
(4) Right to correction
You have the right to request from us the immediate correction of incorrect personal data pertaining to you. Under consideration of the purposes of the processing, you have the right to demand the completion of incomplete personal data– also through a supplementary declaration.
(5) Right to deletion (“Right to be forgotten”)
You have the right to demand from the responsible person that personal data pertaining to you is immediately deleted, and we are obligated to immediately delete personal data provided one of the following reasons applies:
a. The personal data is no longer necessary for the purposes for which it was collected or has been otherwise processed.
b. The affected person revokes their consent on which the processing is based acc. Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, and no other legal basis for processing exists.
c. The affected person objects acc. Article 21 Paragraph 1 of the GDPR to the processing and no overriding reasons for the processing exist, or the affected person objects acc. Article 21 Paragraph 2 of the GDPR to the processing.
d. The personal data has been incorrectly processed.
e. The deletion of personal data is required for compliance with legal obligations according to union law or the law of a member state to which the responsible person is subject.
f. The personal data was collected with regard to services offered by the information Society acc. Article 8 Paragraph 1 of the GDPR.
If the responsible person has disclosed personal data and is obligated acc. Paragraph 1 to its deletion, then, under consideration of the available technologies and the implementation costs, they will take appropriate measures, also of a technical nature, to inform the person responsible for processing the personal data that an affected person has demanded the deletion of all links by them regarding this personal data, or any copies or replications of this personal data.
The right to deletion (“Right to be forgotten”) shall not exist if the processing is necessary for:
- Exercising the right to freedom of speech and information
- The fulfilment of a legal obligation required according to the law of the union or the member state to which the responsible person is subject, or for the performance of a task which is in the public interest or the exercising of official authority which is incumbent on the responsible person
- Reasons of public interest in the area of public health acc. Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 of the GPDR
- Archival purposes in the scope of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 Paragraph 1 of the GPDR, insofar as this does not foreseeably render the achievement of the processing objective to be impossible or seriously impaired
- The assertion, exercising or defence of legal claims.
(6) Right to restriction of processing
You have the right to demand a restriction of the processing of your personal data from us if one of the following prerequisites exist:
a. The accuracy of the personal data is disputed by the affected person, and this for a period which allows the responsible person to check the accuracy of the personal data
b. The processing is improper and the affected person rejects the deletion of the personal data and instead demands a restriction of the use of the personal data;
c. The responsible person no longer requires the personal data for the purposes of processing, however the affected person requires it for the assertion, exercising or defence of legal claims
d. The affected person objects to the processing acc. Article 21 Paragraph 1 of the GDPR, provided it is not yet established whether the legitimate reasons of the responsible person do not outweigh those of the affected person.
If the processing has been restricted according to the aforementioned prerequisites, then this personal data – except its storage – shall only be processed with the consent of the affected person or for the assertion, exercising or defence of legal claims or for the protection of rights of another individual or legal entity or for reasons of significant public interest of the union or a member state.
To assert the right to a restriction of processing, the affected person may contact us at any time under the stated contact data.
(7) Right to data portability
You have the right to retain your personal data which you have provided to us in a structured, usual and machine-readable format, and you have the right to transmit this data to another responsible person without hindrance by the responsible person to whom the personal data has been provided, provided:
a. The processing is based on consent acc. Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a or on a contract acc. Article 6 Paragraph 1 Letter b of the GDPR
b. The processing occurs with the aid of an automated procedure.
In case of exercising the right to data portability acc. Paragraph 1, you have the right to cause the personal data to be directly transmitted from one responsible person to another responsible person, if this is technically possible. Exercising the right to data portability shall not affect the right to deletion (“Right to be forgotten”). This right shall not apply for processing which is required for executing a task which is in the public interest or which occurs during the exercising of official authority which has been bestowed on the responsible person.
(8) Right to object
You have the right to object at any time, for reasons arising from a specific situation, to the processing of personal data pertaining to you which occurs based on Article 6 Paragraph 1 Letters e or f of the GDPR; this also applies for profiling based on these regulations. The responsible person will no longer process the personal data, unless they can verify compelling reasons for this processing worthy of protection which outweigh the interests, rights and freedoms of the affected person, or the processing serves the assertion, exercising or defence of legal claims.
If personal data is processed in order to pursue direct advertising, then you have the right at any time to object to the processing of personal data pertaining to you for the purposes of such advertising; this also applies for profiling if it is in connection with such direct advertising. If you object to processing for the purposes of direct advertising, then the personal data shall no longer be processed for these purposes.
In connection with the use of services of the information society, despite the Regulation 2002/58/EU, you may object through an automated procedure in which technical specifications are used.
You have the right, for reasons which arise from a specific situation, to object to the processing of personal data pertaining to you which occurs for scientific or historical research purposes or for statistical reasons acc. Article 89 Paragraph 1, unless the processing is necessary for fulfilling a task which is in the public interest.
You may exercise the right to object at any time by contacting the respective responsible person.
(9) Automated decisions in individual cases including profiling
You have the right not to be subjected to a decision exclusively based on automated processing – including profiling – which becomes legally effective against you or significantly impairs you in a similar way. This shall not apply if the decision:
a. Is necessary for the conclusion or fulfilment of a contract between the affected person and the responsible person
b. Is permissible due to legal stipulation of the union or the member state to which the responsible person is subject, and these legal stipulations contain appropriate measures for safeguarding the rights and freedoms and the legitimate interests of the affected person
c. Occurs with the express consent of the affected person
The responsible person shall take appropriate measures to safeguard the rights and freedoms and the legitimate interests of the affected person, such as at least including the right to cause the intervention of a person on behalf of the responsible person, to state their own point of view and to contest decisions.
This right may be exercised at any time by the affected person by contacting the respective responsible person.
(10) Right to complain to a supervisory authority
Furthermore, irrespective of other administrative or judicial remedies, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, workplace or location of the suspected violation if the affected person is of the opinion that the processing of the personal data pertaining to them violates this regulation.
(11) Right to an effective legal remedy
Irrespective of an available administrative legal or extrajudicial legal remedy, including the right to complain to a supervisory authority acc. Article 77 of the GDPR , you have the right to an effective legal remedy if you are of the opinion that rights vested through this regulation have been violated as a result of not processing your personal data in harmony with this regulation.
Integration of Google Maps
(1) We use the range of offers provided by Google Maps on this website. As a result, we can display interactive maps to you directly on the website and enable your convenient use of the maps function.
(2) Through your visit to the website, Google receives information that you have called up the corresponding sub-page of our website. Furthermore, the data stated under § 3 of this declaration is transmitted. This occurs dependent on whether Google provides a user account via which you are logged in, or whether no user account exists. If you are logged into Google, then your data is assigned to your account. If you do not wish the assignment to your profile with Google, then you must log out prior to activating the button. Google stores your data as a user profile and uses it for the purposes of advertising, market research and/or needs-based design of their website. Such analysis occurs in particular (even for non-logged in users) for rendering needs-based advertising and to inform other users of the social network regarding your activities on our website. You are entitled to object to the formation of a user profile, whereby you must contact the respective plug-in provider to exercise this right.
(3) Further information regarding the purpose and extent of the data collection and its processing by the plug-in provider can be obtained in the data protection declarations of these providers. Here you will obtain further information regarding your rights and settings possibilities for the protection of your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.