The following privacy policy applies to use of our website www.stroetmann.de (hereinafter “Website”).

We attach great importance to data protection. Your personal data is collected and processed in compliance with the applicable data protection legislation, in particular the General Data Protection Regulation (GDPR).

 

1. Controller

The controller for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 of the GDPR is
L. Stroetmann Lebensmittel GmbH & Co. KG, Harkortstr. 30, 48163 Münster, Germany, Phone: +49 (0)251 718 20, Fax: +49 (0)251 7182 130, E-mail: info@stroetmann.de

If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either in whole or in individual instances, you can address your objection to the controller.
You can save and print this privacy policy at any time.

 

2. General purpose of processing

We use personal data for the purpose of operating the Website, and for processing and responding to enquiries and applications through our Website.

 

3. What data we use, and why

3.1 Hosting

The hosting services that we use provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the Website.

In doing so, we or our hosting provider process user-related data, contact data, content data, contract data, usage data, metadata and communication data relating to customers, interested parties and visitors to this Website on the basis of our legitimate interest in making our Website available efficiently and securely, in accordance with Art. 6(1) Sentence 1 (f) of the GDPR in conjunction with Art. 28 of the GDPR.

 

3.2 Access data

We collect information about you when you use this Website. We automatically record information about your usage patterns and interaction with us, and we log data about your computer or mobile device. We collect, store and use data about every access to our Website (server log files). Access data includes:

› Name and URL of the downloaded file
› Date and time of the download
› Data volume transferred
› Message about successful download (HTTP response code)
› Browser type and browser version
› Operating system
› Referrer URL (i.e. the webpage previously visited)
› Websites that are accessed by the user’s system via our Website
› User’s Internet service provider
› IP address and the requesting provider

We use this log data for statistical analyses, without associating it with you personally or otherwise creating a profile, for the purpose of operating, securing and optimising our Website. It is also used to anonymously record the number of visitors to our Website (traffic), to find out how our Website and services are used, and for accounting purposes to measure the number of clicks received from our partners. This information enables us to provide personalised and location-based content and to analyse traffic, find and fix faults, and improve our services.
This also constitutes our legitimate interest within the meaning of Art. 6(1) Sentence 1 (f) of the GDPR.

We reserve the right to review the log data retrospectively if there is a justified suspicion of unlawful use on the basis of specific indications. We store IP addresses in the log files for a limited period of time if this is required for security purposes or necessary for providing services, e.g. if you take up one of our offers. At the end of the visit to our Website, the IP address is deleted if it is no longer required for security purposes. We also store IP addresses if we have a specific suspicion that a criminal offence has been committed in connection with the use of our Website.

We may use session cookies to optimise our Website. A session cookie is a small text file that is sent by the server when you visit a website and is temporarily stored on your hard disk. This file as such contains a session ID, enabling various requests from your browser to be assigned to the shared session. This allows your computer to be recognised when you return to our Website. These cookies are deleted after you close your browser.

Our legitimate interest in the use of cookies in accordance with Art. 6(1) Sentence 1 (f) of the GDPR is to make our Website more user-friendly, effective and secure.
The following data and information may be stored in the cookies:

› Log-in information
› Language settings
› Search keywords entered
› Information about the number of visits to our Website and the use of its individual functions.

When the cookie is activated, it is assigned an identification number; your personal data is not associated with this identification number. Your name, IP address, or similar data that would enable the cookie to be attributed to you, are not stored in the cookie. Using cookie technology we can only receive pseudonymised information, e.g. about which pages of our Website were visited, etc.

You can configure your browser so that you are informed in advance about the setting of cookies and can decide on a case-by-case basis whether to reject cookies in certain cases or in general, or to prevent cookies completely. The functionality of the Website may be limited as a result.

 

3.3 Data required in order to fulfil our contractual obligations

We process personal data that we require in order to fulfil our contractual or pre-contractual obligations, such as name, address, e-mail address, telephone number, and details for processing the enquiry or application when you contact us. It is necessary to collect this data in order to respond to enquiries and applications and possibly to conclude a contract.

The legal basis for processing this data is Art. 6(1) Sentence 1 (b) of the GDPR because this data is required in order that we can fulfil our pre-contractual and contractual obligations towards you.

We only process further personal data if you consent to this (Art. 6(1) Sentence 1 (a) of the GDPR) or we have a legitimate interest in processing your data (Art. 6(1) Sentence 1 (f) of the GDPR). Responding to an enquiry from you, for example, constitutes a legitimate interest.

 

4. Storage period

Unless specifically stated, we only store personal data for as long as is necessary to fulfil the intended purposes.

In some cases, e.g. when a contractual relationship is formed, legislation provides for the retention of personal data. In these cases, we will only continue to store the data for these statutory purposes. We will not process it in any other way and will delete it after the statutory retention period has expired.

 

5. Your rights as a data subject affected by data processing

Under the applicable legislation, you have various rights concerning your personal data. If you wish to exercise these rights, please send your request by post or fax, clearly identifying yourself, to the address given in section 1.

An overview of your rights is presented below.

 

5.1 Right to confirmation and information

You are entitled to clear information on the processing of your personal data.

Specifically:

You have the right to obtain confirmation from us at any time as to whether personal data relating to you is processed. If this is the case, you have the right to request information from us, free of charge, concerning the personal data stored about you, together with a copy of this data. You are also entitled to the following information:

  1. the purposes of processing the data;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organisations;
  4. if possible, the period for which the personal data is stored, or if that is not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data relating to you, or restriction of processing, or to object to processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. if the personal data is not collected from you, all available information about the origin of the data;
  8. the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

 

If personal data is transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in relation to the transfer.

 

5.2 Right to rectification

You have the right to request that we rectify and, if necessary, complete personal data relating to you.

Specifically:

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

5.3 Right to erasure (“right to be forgotten”)

In certain circumstances, we are obliged to erase personal data relating to you.

Specifically:

Under Art. 17(1) of the GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  2. You withdraw consent on which the processing is based according to Art. 6(1) Sentence 1 (a) of the GDPR or Art. 9(2) (a) of the GDPR, and where there is no other legal ground for the processing.
  3. You object to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
  4. The personal data has been unlawfully processed.
  5. The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
  6. The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.
  7. Where we have made the personal data public and are obliged pursuant to Art. 17(1) of the GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

Where we have made the personal data public and are obliged pursuant to Art. 17(1) of the GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

 

5.4 Right to restriction of processing

In certain circumstances, you are entitled to request that we restrict the processing of your personal data.

Specifically:

You have the right to obtain from us restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  3. we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
  4. you have objected to processing pursuant to Art. 21(1) of the GDPR, pending the verification whether the legitimate grounds of our company override yours.

 

5.5 Right to data portability

You have the right to receive personal data concerning you in machine-readable format, to transfer it or to have it transferred by us.

Specifically:

You have the right to receive the personal data relating to you that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, where

  1. the processing is based on consent pursuant to Art. 6(1) Sentence 1 (a) of the GDPR or Art. 9(2) (a) of the GDPR, or on a contract pursuant to Art. 6(1) Sentence 1 (b) of the GDPR, and
  2. the processing is carried out by automated means.

In exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

 

5.6 Right to object

You have the right to object to processing of your personal data if there are grounds relating to your particular situation and if our interests in the processing are not overriding.

Specifically:

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1) Sentence 1 (e) or (f) of the GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) of the GDPR, you, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

5.7 Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

There is no automated decision-making based on the personal data that is collected.

 

5.8 Right to withdraw consent given under data protection law

You have the right to withdraw consent to the processing of personal data at any time.

 

5.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you is unlawful.

 

6. Data security

We make every effort to ensure the security of your data within the scope of the applicable data protection legislation and technical feasibility.

To ensure the security of your data, we implement technical and organisational security measures in accordance with Art. 32 of the GDPR, which we continually adapt to the state of the art.

We nevertheless wish to point out that data transfer via the Internet (such as communication by e-mail) may have security gaps. Upon request, we will arrange for you to communicate with us via encrypted e-mail.

We do not guarantee that our Website will be available at certain times; faults, interruptions or downtime cannot be ruled out. The servers that we use are carefully backed up on a regular basis.

 

7. Disclosure of data to third parties, no data transfer to non-EU countries

As a matter of principle, we only use your personal data within our company.

We will pass on enquiries and applications addressed to other companies in our group to the companies you are seeking to contact. The legal basis for this is Art. 6(1) (a) of the GDPR, because your enquiry or application to a particular company results in your consent to transfer of your data to that company.

In the event that we outsource certain parts of data processing (“external data processing”), we contractually oblige data processors to use personal data only in compliance with the requirements of data protection legislation and to ensure that the data subject’s rights are protected.

Apart from the case mentioned in this policy in section 4, data is not transferred to entities or persons outside the EU, nor is such transfer planned.

 

8. Data Protection Officer

If you have any questions or concerns about data privacy, please contact our Data Protection Officer:

L. Stroetmann Lebensmittel GmbH & Co. KG
Frank Rohls
Harkortstr. 30
48163 Münster
Germany
Phone: +49 (0)251 7182 247
E-mail:
dsbkontakt@stroetmann.de