1. Responsible person and data protection supervisor
Controller in accordance with the EU data protection ordinance (Art. 4 No. 7 DSGVO) is Rapunzel NATURKOST GmbH, Rapunzelstraße 1, 87764 Legau, phone +49 (0)8330 / 529-0, E-Mail firstname.lastname@example.org
(hereinafter „Rapunzel“, „we“, „our“, „us“ etc.).
You can contact the Rapunzel data protection supervisor at Rapunzel Naturkost GmbH, c/o Data Protection Supervisor, Rapunzelstraße 1, 87764 Legau, phone +49 (0)8330 529-1208, E-Mail email@example.com
2. Personal information
Personal information means any information that may be used to identify an individual directly or indirectly, including, but not limited to your name, your address, your phone number, your fax number and your e-mail address. Non-personal data are general data that cannot be used for the identification of an individual as e.g. the number of website users.
3. Collection and processing of personal data
We process this information in order to provide you (i) the best available user experience and services when you access our website; and in order to optimize (ii) the website, its layout and contents as well as our services. The legal basis for this are our legitimate interests (Art. 6 paragraph 1 letter f. DSGVO) for presenting our website and our services to you in such a way that complies with your expectations and demands and our commercial interests.
In addition, Rapunzel can make use of this information in cooperation with your internet provider and/or local authorities in case of system abuse to determine the author of such abuse. The legal basis for this are our legitimate interests (Art. 6 paragraph 1 letter f. DSGVO) to protect the integrity of our website, of our system and our users.
3.2 Services on our website
We collect your personal data only if you consent to the processing of your data when you use one of our services (e.g. sending an inquiry via our contact form, sending a request to receive our newsletter, participating in our sweepstakes and entering complaints via the provided form). We process these personal data for purposes outlined in the following.
a. Contact form
We log your e-mail address when you send us an inquiry via our contact form. If you optionally enter your title, your name, your address, your country of residence, your phone number and/or a specific concern and/or include a text message, we will also save these personal data in order to process and answer the inquiry that you sent us via the contact form.
The legal basis for this is the fulfillment of pre-contract measures concerning your inquiry (Art. 6 paragraph 1 letter b DSGVO).
As far as you have provided your consent, we will also store your e-mail address when you register for our newsletter. If you optionally enter further personal data such as your title, your name and your address, we will also save these personal data in order to send you our newsletter.
For obtaining your consent, we use the so-called "Double-Opt-In" method: after you have registered for our newsletter you will receive an e-mail and you will be asked to click on a confirmation link. Only once you have clicked on this link your e-mail address will be activated and you will receive our newsletter.
For the administration, the sending and the evaluation of our newsletter we use the newsletter service emarsys. You can find more information under section 4 and 6.3 below.
Through activation of the relevant link in the footer of the newsletter, you can revoke your consent for receiving the newsletter at any time with future effect without prejudice to the legitimacy on the basis of the consent until the time your consent is revoked.
The legal basis for this is your consent (Art. 6 paragraph 1 letter a DSGVO and § 7 paragraph 2 No. 3 UWG).
You can send us complaints about our products using the complaint form provided on our website. In this context, we will store your name, your address, your e-mail address, your phone number, the product in question including its packaging size and its expiry date. If you optionally enter additional information such as your title, your country of residence and/or the product’s packaging time and/or its lot number and/or write us a text message, we will also save these personal data. We store these personal data in order to process and answer the inquiry that you sent us via the complaint form.
The legal basis for this is the fulfillment of our contractual obligations (Art. 6 paragraph 1 letter b DSGVO).
For our sweepstakes, we store your name, your address and your e-mail address. Depending on the terms of the specific sweepstakes, we might also collect additional personal data. For more information refer to the terms of the relevant sweepstakes. We process these personal data in order to administer the sweepstakes and to notify the winners.
The legal basis for this is the fulfillment of our contractual obligations (Art. 6 paragraph 1 letter b DSGVO) according to the terms of the specific sweepstakes.
3.3 Transfer of data
We take appropriate security measures to store your personal data. This website uses SSL- and/or TLS-encryption for security reasons and for the protection of the transmission of confidential data such as e.g. inquiries that you send us. An encrypted connection can be recognized by the „https://“ address in your browser and by the lock symbol in the status bar of your web browser.
4. Transfer of personal data
4.1 We will not transfer your personal data to third parties unless this is necessary for the fulfillment of your inquiry, unless it is permissible according to relevant legal regulations or unless you have given us your consent for doing so.
4.2 Furthermore, we are also entitled to outsource the processing and use of personal data wholly or partially to external agents who are active on our behalf as external processors (Art. 4 No. 8 DSGVO) as long as all data protection requirements are complied with. If such external agents are located outside the European Union or operate outside the agreement of the European Economic Area, we will introduce appropriate security measures in accordance with legal and official regulatory requirements in order to ensure save handling of your personal data.
Please refer to the following table for a summary of external agents including a description of their services and the existence of an adequate level of data privacy protection:
|Service provider and name of service if applicable
||Recipient country and adequate data protecction level
|ascana neue medien
|Development, maintenance and support of the website's editorial system
|IT-Informatik GmbH, Business Unit Technology, Magirus-Deutz-Straße 17, 89077 Ulm
|emarsys – Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin
||Newsletter service for the administration, for the sending and evaluation of our newsletters.
|Google Analytics – Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
||Web analysis for platform optimization. Registration of platform activities, evaluation of the activities on the basis of user profiles and compilation of reports for Rapunzel
||USA EU-US Privacy Shield certified (https://www.privacyshield.gov/participant? id=a2zt000000001L5AAI&status=Active)
5. Storage period
Your personal data are stored by us only for the time that is needed to achieve the purposes for which the data were collected for, or - if any other legal retention periods exist - for the period of the legal retention period. Subsequently, your personal data are deleted.
6. Web analysis, cookies and other technologies as well as plug-ins and tools
Cookies and other technologies help us to make your visit on our platform more pleasant, more efficient and more meaningful.
Cookies are data files that are sent from our webserver to your computer where they are logged when you visit the platform. Most browsers accept cookies automatically. However, you can configurate your browser in the setup function in such a way that cookies will not be accepted or that the server warns you when a cookie is sent. Cookies may be refused or deleted later. Generally, it is not necessary to accept our cookies for accessing our website. There are, however, certain areas and functions on the website that cannot be accessed without cookies.
In the following table, you can find instructions how to delete cookies in the most common browsers:
The cookies that we use on our website can be classified in the following categories:
a. Technically needed session cookies
Session cookies serve as identification features for a single, continuous website visit. They are only valid for a single website visit and are deleted when the browser is closed. Personal data are not logged: For each website visit only a random number is created for technical background procedures.
The legal basis for session cookies is the fulfillment of our contractual obligations (Art. 6 paragraph 1 letter b DSGVO).
b. Persistent analytical cookies on the basis of user behavior
Persistent cookies allow the storage, administration and evaluation of information about user behavior which is collected through continuous observation of the user behavior. These cookies help us to determine the number of users who visit our website and our services and they record the most popular areas on the website. With this information, we can improve website browsing and our website services.
The legal basis for this are our legitimate interests (Art. 6 paragraph 1 letter f DSGVO). Our legitimate interests in this context is the provision of a user-friendly and meaningful website that fulfills the expectations and demands and our commercial interests.
We use the following service provided by external service providers who utilize cookies and other technologies. If you do not agree with this use you may refuse these services through deactivation of the appropriate settings in your browser. Alternatively, you can deactivate the use of these services directly through an appropriate opt-out-link or other measures. You can find the opt-out-link and other measures of deactivation in the following list under the title "opt-out". You can find additional information about the different services in the data protection notices etc. of the respective services. You can access the data protection notices via the appropriate link in the following list under the heading "data protection notices". In the column "recipient countries and adequate data privacy protection" you can find information about the respective recipient country and the existing level of adequate protective measures.
External service providers that pursue tracking measures:
Google LLC, 1600 Amphi-theatre Parkway, Mountain View, CA 94043, USA, E-Mail firstname.lastname@example.org
, phone +1.650.253.0000, fax +1.650.618.1806
Description of the tracking purpose
Google Analytics performs web analyses on the platform. In doing so, the user behavior is recorded and evaluated on the basis of user profiles. Subsequently, Google Analytics compiles specific reports for us (compare https://developers.google.com/analytics/ resources/concepts/gaConceptsTrackingOverview# howAnalyticsGetsData
). In this context, your IP address is anonymized by shortening the last octet of the IP address.
Data protection notices
http://www.google.com/ intl/de/analytics/ privacyoverview.html
You can prevent the collection of your data through Google Analytics through clicking on this link
. Clicking the link activates an opt-out-cookie that prevents the collection of your data when you visit this website in the future: deactivating Google Analytics.
Recipient country and adequate level of data privacy protection: USA
EU-US Privacy Shield certified (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin
Description of the tracking purpose:
emarsys analyzes and evaluates user behavior in the context of e-mail marketing campaigns. Information is collected if and when the newsletter was opened and which links in the newsletter were activated. With these data we can better evaluate our e-mail marketing campaigns.
Data protection notices https://www.emarsys.com/de/ datenschutzrichtlinie/
opt-out via revokation of the consent to receive our newsletter (compare clause 3.2 letter b above)
Recipient countries and adequate level of data privacy protection: Germany
In addition, the following plug-ins and tools are used on the website:
On our website we use plug-ins from the social network YouTube. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit a page of our website that uses YouTube plug-ins, a connection to a YouTube server is established. The YouTube server is informed which website pages you have visited.
When you log onto your YouTube account you allow YouTube to add your surf behavior directly to you personal profile. You can prevent this by exiting your YouTube account.
The legal basis for the inclusion of YouTube plug-ins are our legitimate interests (Art. 6 paragraph 1 letter f DSGVO) to provide you an attractive, user-friendly website presentation.
. YouTube LLC is EU-US Privacy Shield certified (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
b. Google Maps
Via an interface (API) our website uses the map service Google Maps from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Accessing the functions of Google Maps requires the storage of your IP address. As a rule, this information is sent to a server from Google LLC in the USA and saved by this server. We have no influence on the transmission of this data.
The legal basis for the use of Google Maps are our legitimate interests (Art. 6 paragraph 1 letter f DSGVO) to provide you an attractive and user-friendly website presentation, especially the easy location of places that are described on our website.
. Google LLC is EU-US Privacy Shield certified (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
7. Your data protection rights
Given special reasons due to your particular situation, you might have the right to appeal the processing of your private data.
Pursuant to current data protection legislation you also have the following rights. For submitting your appeal, please contact the address described in letter 1.2 above.
a. Right of information: at any time, you have the right to get information about your private data that are stored by us.
b. Right of rectification: when processing your personal data, we attempt to ensure through adequate measures that your private data are correct and up to date for the purposes for which they were gathered. In the case that your personal data are incorrect or incomplete, you can demand the correction of these data.
c. Right of deletion or restriction: you might possibly have the right to demand the deletion and/or restriction with respect to the processing of your personal data if a legitimate business purpose for e.g. data processing pursuant to this data protection declaration no longer exists and statutory storage obligations do not preclude the deletion of data.
d. Right for data transmission: you might possibly have the right that we return relevant, personal data that you have provided to us, in a structured, common, machine-readable format or to have these data transferred to a third, responsible person.
e. Right to appeal your consent: If you have consented to the collection and processing of your personal data, you can appeal your consent at any time with effect for the future, however, without affecting the legitimacy according to which the data were processed until the time of your appeal. Moreover, you can also appeal the use of your personal data for the purpose of market and opinion research or for advertising purposes and you can unsubscribe to receiving our newsletter (compare also clause 3.2 letter b above).
f. Regulatory authority responsible for further complaints: furthermore, in the case of a complaint, you can contact also the Bayerische Landesamt für Datenschutzaufsicht, Postfach 606, 91522 Ansbach, phone +49 (0)981 53 1300, fax +49 (0)981 53 98 1300, e-mail email@example.com as the regulatory authority that is responsible for Rapunzel. You can find a list of additional, applicable regulatory authorities under https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
8. 8. Links to different internet pages
8.1 This website also has links to other internet pages. The described data protection declaration does not apply to any of these other internet pages. We recommend you visit these other internet pages for information about privacy protection and the handling of personal data. We cannot be made punishable for measures from these other internet pages nor for their contents.
8.2 Our website also has links to our company pages in the social networks Facebook and Instagram. These links are marked with the relevant logo of the corresponding network.
This does not involve so-called social plug-ins. When you visit our website, a direct connection to the servers of the relevant network providers is not established and no webserver information (compare clause 3.1 above) is transferred to the webserver of the relevant network provider. Social network providers will therefore not learn about your visit of our website.
Another condition applies only if you confirm one of the links to a social network. From the information that your webserver automatically sends to the servers of the corresponding network provider, the network provider can recognize that you have visited our website. In the event you have a user account with the relevant social network and you are logged in, the relevant network provider may connect this information with the stored information in your user account. You will find more detailed information about further data processing options by the relevant network provider, about your rights and about configuration options for the protection of your privacy in the data protection notices of the corresponding network provider.
Right of modification
We reserve the right to change this data protection declaration at any time in accordance with legal guidelines. This may be necessary e.g. if we need to comply with new legal obligations or if we provide new services to you.
Amended: May 2018