About Rapunzel

Privacy Notice

GENERAL


The following information is intended to give you an overview of how we process your personal data and of your data protection rights when you visit our English-language company website rapunzel.de/en/ here. We will inform you separately about data processing when you visit other websites of our company, for example in other countries.
The use of rapunzel.de/en/ is generally possible without entering personal data. However, if you want to use special services via our website or other options, processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.
As the controller, we always try to ensure the most complete protection of personal data processed through this website by means of up-to-date technical and organizational measures, just as we attach great importance to security and data protection friendliness in our other processing activities. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection against unauthorized access by third parties cannot be guaranteed. For this reason, you are free to contact us by telephone or mail, for example, and to transmitpersonal data to us in this way as well.
 

RESPONSIBLE


RAPUNZEL NATURKOST GmbH
Rapunzelstr. 1
87764 Legau,
Germany
Phone: +49 (0) 8330 - 529 - 0
Fax: +49 (0) 8330 - 529 1139
Web: rapunzel.de (German) | rapunzel.de/en/ (English)
E-Mail: info@rapunzel.de
For further information please refer to our imprint.
 

DATA PROTECTION OFFICER


If you have any questions about data processing here or about data protection at RAPUNZEL NATURKOST GmbH (Rapunzel), you can contact our data protection officer at any time.
You can reach him by mail to the above address (please note 'Attn. Data Protection Officer' on the envelope), by e-mail to datenschutzbeauftragter@rapunzel.de or confidentially via our data protection portal.
 

TRANSFER OF DATA TO THIRD PARTIES


We do not transfer your personal data to third parties for purposes other than those listed below when you visit our website. We only pass on your personal data to third parties if:
  1. you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a DSGVO,
  2. the disclosure is permissible for the protection of our legitimate interests in accordance with Art. 6 Para. 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  3. in the event that there is a legal obligation to disclose your data in accordance with Art. 6 Para. 1 lit. c DSGVO, as well as
  4. this is legally permissible and necessary according to Art. 6 para. 1 lit. b DSGVO for the processing of contractual relationships with you.
Within the scope of the processing operations described in this privacy policy, personal data may be transferred to the USA. The USA does not have an adequate level of data protection (ECJ: Schrems II ruling). In particular, US investigating authorities can oblige US companies to hand over or disclose personal data without the data subjects being able to take effective legal action against this. Thus, in principle, there is a possibility that your personal data will be processed by U.S. investigative authorities. We have no influence on these processing activities. To protect your data, we have concluded agreements on order processing based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) a) DSGVO may serve as the legal basis for the transfer to third countries. This may not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.
 

SSL/TLS ENCRYPTION


This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser contains a "https://" instead of a "http://" and by the lock symbol in your browser line. We use this technology to protect your transmitted data.
 

DATA COLLECTION WHEN VISITING THE WEBSITE


When you use our website for informational purposes only, i.e. when you do not register or otherwise transmit information to us, we collect only such data as your browser transmits to our server (in so-called "server log files"). Our website collects a series of general data and information with each call of a page by you or by an automated system. This general data and information is stored in the server log files. The following can be recorded
  1. browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system arrives at our website (so-called referrer),
  4. the sub-websites that are accessed via an accessing system on our website,
  5. the date and time of an access to the Internet site,
  6. an Internet protocol address (anonymized IP address) and,
  7. the Internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required in order to
  1. deliver the contents of our Internet site correctly,
  2. to optimize the content of our website as well as the advertising for it,
  3. to ensure the long-term operability of our IT systems and the technology of our website, and
  4. to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
Therefore, the data and information collected will be used by us for statistical purposes only and, on the other hand, for the purpose of increasing the data protection and data security of our enterprise so as to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above.
 

HOSTING BY DATAGROUP


We host our website at DATAGROUP Ulm GmbH, Magirus-Deutz-Straße 17, 89077 Ulm, a subsidiary of DATAGROUP SE in 72124 Pliezhausen. When you visit our website, your personal data (e.g. IP addresses in log files) are processed on DATAGROUP's servers. The use of DATAGROUP is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in the most reliable presentation and provision as well as safeguarding of our website. We have concluded an order processing agreement (AVV) pursuant to Art. 28 DSGVO with DATAGROUP. This is a contract prescribed by data protection law, which ensures that DATAGROUP only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
Data protection information: https://www.datagroup.de/datenschutz/

PLUGINS AND OTHER SERVICES


a) Google Tag Manager
On this website we use the Google Tag Manager service. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dub-lin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Through this tool, "website tags" (i.e. keywords that are embedded in HTML elements) can be implemented and managed via an interface. By using the Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can then determine which contents of our website are of particular interest to you. The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have opted out at the domain or cookie level, this will remain in effect for all tracking tags implemented with Google Tag Manager. These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 (1) lit. a DSGVO. Privacy policy of Google: https://www.google.com/intl/de/policies/privacy/.

b) YouTube (videos)
We have integrated components from YouTube on this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal. Each time you call up one of the individual pages of this website that is operated by us and on which a YouTube component (YouTube video) has been integrated, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube.
Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google receive information about which specific sub-page of our website is visited by you.

If you are logged in to YouTube at the same time, YouTube recognizes which specific sub-page of our website you are visiting when you call up a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account. YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged into YouTube at the same time as calling up our website; this takes place regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before accessing our website. These processing operations are only carried out if you have given your express consent in accordance with Art. 6 Para. 1 lit. a DSGVO. YouTube privacy notice: https://www.google.de/intl/de/policies/privacy/.

c) Retailer Search with OpenStreetMap
We can help you find our local organic retail distribution partners who sell our products in many other countries around the world.
You can use the Rapunzel Partners link to search for our distribution partners on an online map. We have integrated map sections of the online map tool "OpenStreetMap" there. This is a so-called open source mapping, which we can access via an API (interface). This function is offered by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. By using this service, you can, for example, see our location or that of our dealers, and it makes it easier for you to find where you can buy our products in your area. Thus, when you access the sub-pages in which OpenStreetMap is integrated, information about your use of our website (such as your IP address, data about your browser, device type, operating system) is transmitted to OpenStreetMap and stored there.

We use the leading open source JavaScript library from leafletjs.com in the simple plugin implementation for displaying the mobile-friendly interactive maps.
OpenStreetMap uses the Content Delivery Network (CDN) of Fastly, Inc, PO Box 78266, San Francisco, CA 94107, USA (fastly) to accelerate the service. A CDN is a service that helps to deliver the content of our online offer, especially large media files such as graphics or scripts, more quickly with the help of regionally distributed servers connected over the Internet. Your data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of the CDN. Fastly transmits personal data from the log files (e.g. IP addresses) to the USA for each data processing, as certain servers for processing the log files are only located in the USA. Fastly is therefore committed to complying with the standards and regulations of European data protection law. Privacy Policy of Fastly: https://www.fastly.com/de/privacy/.
By default, the integration is deactivated for data protection reasons and is only enabled for the map view after requesting your consent. After that, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO. Detailed information on OpenStreetMap can be found at: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

d) Font Awesome (local hosting)
This site uses Font Awesome for the consistent display of fonts. The fonts are provided by Fonticons Inc, 307 S Main St Ste 202 Bentonville, AR, USA. Font Awesome's fonts are installed locally. There is no connection to Fonticons, Inc. servers. For more information about Font Awesome, please see the Font Awesome privacy policy at: https://fontawesome.com/privacy.

e) Google Web Fonts (local hosting)
Our website uses so-called Web Fonts for the uniform display of fonts. The Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The Google Fonts are installed locally. There is no connection to Google servers. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
 

CONTENT AND CONTACT OPTIONS


Here we inform you about Rapunzel as a company as well as about our products and novelties in English language. More comprehensive information and more features can be found on our German company website. In addition to Rapunzel Naturkost organic products, you will find information about cooking with Rapunzel Naturkost, our fair trade program HAND IN HAND and our Rapunzel Bio-Cent campaign. We refer by links to other projects such as "jedes-essen-zaehlt.de" (in German) and other websites of our family of companies, which may be operated via other server locations and in other languages.
We distribute our products all over the world and inform you here about our local distributors and how to contact them. We offer our business customers a login for our specialized trade store as well as for downloading via our media database. These pages are currently only available in German. We give you various possibilities for a dialog with our contacts and also offer different ways to get in touch with us.

a) Contact via contact forms
In case of questions of any kind, we offer you the possibility to contact us via one of the forms provided on the website. On the one hand, this is our general form for contact inquiries for general questions and one for complaints about products.
First of all, a valid e-mail address and a name are required so that we know from whom the inquiry originates and so that we can answer it. Which further data is collected can be seen from the respective contact form.

If you have a complaint about a product and use the form for this purpose, we request further data from you so that we can assign the complaint to a specific order and, if applicable, to a specific product batch, in particular your address. This enables us to clearly allocate orders to the processing of complaints and to be able to send you replacement products without having to ask for your data again. If you do not wish to do this, you can also contact us by telephone or via the general contact form. If you make a callback request, it is necessary to provide a telephone number so that our contact persons can contact you.

The information you provide in the form fields will be stored and used solely for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f DSGVO. If your contact aims at the conclusion or reclamation of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

We have secured our forms with a simple check question that does not require data processing or transfer to third parties. You can attach files, such as photos, to the forms. The information submitted is transmitted to us in a secure manner.
Your data will be deleted after your request has been processed. This is the case if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no legal storage obligations to the contrary. Alternatively, you can contact us directly and informally and request us to delete your data.

b) Contact via e-mail
If you contact us via one of the e-mail addresses provided by us, the personal data provided by you will be processed exclusively for the purpose of processing your respective inquiry, for correspondence with you, as well as for the possible initiation and substantiation of a contract, for inquiries for products and complaints, etc. with you in accordance with Art. 6 Para. 1 S. 1 lit. b) DSGVO. The personal data collected will be automatically deleted once your inquiry has been dealt with; this is the case if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no legal obligations to retain data.

c) Download via our media database
We provide you with a wide range of information for download on our various pages. You will find our Rapunzel media database as well as our data protection information on our German company page.

d) LogIn for business customers
The login to our specialized trade store is also available to our registered business customers via our German company page here.

e) Contact for application purposes
We also inform about job offers and apprenticeship training positions at Rapunzel via our German company page here.

f) Use of the e-paper application of 1000grad.de 
We use the application of the company 1000° DIGITAL Gesellschaft für Multimedia und E-Commerce mbH, Mozartstr. 3, 04107 Leipzig, Germany (1000grad) to offer you our PDF articles, such as our bio-magazine natur.post or topic-related brochures, as interactive, page-turning documents in an e-paper version. The use of 1000grad's technology is in the interest of an appealing presentation of our magazines and articles also online in your browser. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. The data packets displayed and retrieved via your browser are hosted on our own servers. 
If we use tracking techniques when using our e-papers in order to improve our offers for you with analyses of usage data, we do this exclusively after your voluntary consent to this, which can be revoked at any time for the future, in accordance with Art. 6 (1) a) DSGVO.
 

OUR ACTIVITIES IN SOCIAL NETWORKS


a) Links to media appearances
No plug-ins or other interfaces of social media are integrated on our website, nor are any analytics of the services. We only link to our general company appearances on the services of Instagram, Facebook, Pinterest, YouTube and LinkedIn, which are provided with a symbol. These channels are used by our company primarily in German. After clicking on the links, you will be forwarded to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on how your personal data is handled when using these websites, please refer to the respective provider's privacy policy.

b) Presence on social networks
We use the aforementioned social networks to inform users about our products and information offers, to discuss with interested parties and to bring our entrepreneurial, ecological, economic, social and political actions closer to our interested parties and to publicize recipes and news.

You can contact us directly via the respective platform at your own request and instigation. The aforementioned social media channels complement our web presence and offer a further, supplementary information and communication option.
As soon as you access the respective Rapunzel social media profile in the corresponding network, the terms and conditions and data protection information of the respective operator apply. We only process visitor data on the social media sites ourselves if you contact and communicate with us, for example through comments or direct messages.
The responsible parties of the respective platforms carry out the data processing for their own purposes in accordance with their own privacy policy, over which we have no influence. Furthermore, we do not know the full extent of the data processing, its purposes or storage periods. In certain cases, we process your data with the social network provider on the basis of joint responsibility within the meaning of Art. 26 DSGVO.
A processing of your personal data is necessary for the purpose of the use of the Social-Media platform by yourself.

In this context, we are not the original provider of these pages, but merely use them within the scope of the possibilities offered to us by the respective providers. As a precaution, we therefore point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as safeguarding your rights, e.g. to information, deletion, objection, etc., could be more difficult and processing in the social networks often takes place directly for advertising purposes or for the analysis of user behavior by the providers, without this being able to be influenced by us. If usage profiles are created by the provider, this often involves the use of cookies or the assignment of usage behavior to your own member profile of the social networks.
The described processing of personal data is carried out in accordance with Art. 6 (1) f DSGVO on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a timely manner or to inform you about our services.

If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 (1) lit. a DSGVO in connection with Art. 7 DSG-VO. Art. 7 DSG-VO.
Since we do not have access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider despite a possible joint responsibility with the social media portal operators.
Further information on the processing of your data in the social networks and the possibility to make use of your right of objection or revocation (so-called opt-out), we have listed below with the respective provider of social networks used by us.

c) Social media services:

Facebook

(Co-)responsible for data processing in Europe:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Privacy policy (data policy): https://www.facebook.com/about/privacy
Opt-out and advertising settings: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Instagram
(Co-)responsible for data processing in Germany:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Privacy policy (data policy): https://instagram.com/legal/privacy/

LinkedIn
(Co-) controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.
Privacy policy: https://www.linkedin.com/legal/privacy-policy

YouTube
(Co-) controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: https://policies.google.com/privacy

Pinterest
(Joint) controller for data processing in Europe:
Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
Privacy policy: https://policy.pinterest.com/de/privacy-policy


Matomo QR Code Tracking


To track campaigns using QR codes, we use techniques from Matomo - a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo is a software tool for web analysis, i.e. for the collection, compilation and evaluation of data on the behavior of visitors to websites. We only evaluate how often which QR codes are scanned by visitors and which interactions with our pages take place as a result. We use the information to understand the behavior on our site, to evaluate the use of our subpages and to make possible improvements to our campaigns.

IP addresses are anonymized to ensure the privacy of our users. We do not collect any personal data from QR code users and do not track individual users. Our analyses are used exclusively for feedback analysis and to optimize our offers and assess the success of our campaigns. We are not interested in the identities of our visitors or other data.

We have therefore set Matomo so that it does not use cookies. We also do not use so-called "device fingerprinting". No profiling or retargeting takes place.

Matomo is hosted on our own servers, which ensures that the data remains within the EU and that no data is passed on to third parties.

In the case of QR code tracking, Matomo processes the anonymized IP addresses of visitors.
The legal basis for our processing is Art. 6 I lit. f) GDPR. We have a legitimate interest in the security and technically appropriate design of the functionality of our pages and in the non-personalized evaluation of our campaigns.

Further information and the applicable data protection provisions of Matomo can be found here: https://matomo.org/privacy-policy.

 

WEB ANALYTICS WITH GOOGLE ANALYTICS 4


With your declared consent, Google Analytics 4 is used on our website, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected through this about your use of this website is generally transferred to a Google server in the USA and stored there.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your website visit, your user behavior is recorded in the form of "events". Events can be:
  • Page views
  • First visit to the website
  • Start of session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links
  • internal search queries
  • interaction with videos
  • file downloads
  • seen / clicked ads
  • language settings
Also recorded:
  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/ via which advertising medium you came to this website)
Purposes of the processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.
Recipients of the data are/may be
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as data processor according to Art. 28 DSGVO)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities will access the data stored by Google.

Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.

Storage period
The data sent by us and linked to cookies are automatically deleted after 2 months. The deletion of data whose retention period has been reached takes place automatically once a month.

Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO.

Revocation
You can revoke your consent at any time with effect for the future by calling up the cookie settings here and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by
  1. not giving your consent to the setting of the cookie or
  2. downloading and installing the browser add-on to disable Google Analytics HERE.
For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.
 

COOKIES


a) General information about cookies
We use cookies for our website. These are data records as informations which your browser automatically creates and which are stored on your IT system or end device (laptop, tablet, smartphone or similar) when you visit our site. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time. The respective storage period of the cookies can be found in the settings of our consent tool.

b) Information on how to avoid cookies in common browsers.
You have the option of deleting cookies, allowing only selected cookies or deactivating cookies completely at any time via the settings of the browser you are using. For more information, please visit the support pages of the respective providers:
  • Chrome: https://support.google.com/chrome/answer/95647
  • Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac
  • Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen
  • Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09.
c) Usercentrics (Consent Management Tool / CMP).
We use the consent management platform "Usercentrics" of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service enables us to obtain and manage the consent of website users for data processing. Usercentrics collects data generated by end users who use our website. When an end user provides consent, Usercentrics automatically logs the following data:
  • Browser information.
  • Date and time of access.
  • Device information.
  • The URL, from the page visited.
  • Geographic location.
  • Page path of the website.
  • The consent status of the end user, which serves as proof of consent.
The consent status is also stored in the end user's browser so that the web site can automatically read and follow the end user's consent in all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular statute of limitations according to § 195 BGB. The data is then deleted immediately or passed on to the responsible person in the form of a data export on request.
The functionality of the website is not guaranteed without the described processing. There is no possibility for the user to object as long as there is a legal obligation to obtain the user's consent to certain data processing operations (Art. 7 para. 1, 6 para. 1 p. 1 lit. c DSGVO). Usercentrics is a recipient of your personal data and acts as a processor for us. Detailed information on the use of Usercentrics can be found at: https://usercentrics.com/privacy-policy/.
You can manage and change your consents here:
 

CHANGE YOUR PRIVACY SETTINGS


YOUR RIGHTS AS A DATA SUBJECT

Right to confirmation - You have the right to request confirmation from us as to whether personal data relating to you is being processed.
Right to information according to Art. 15 DSGVO - You have the right to receive from us, at any time and free of charge, information about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.

Right to rectification according to Art. 16 DSGVO - You have the right to demand the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

Right to erasure according to Art. 17 DSGVO - You have the right to demand that we erase the personal data concerning you without delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

Right to restriction of processing according to Art. 18 DSGVO - You have the right to demand that we restrict processing if one of the legal prerequisites applies.

Right to data portability according to Art. 20 DSGVO - You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transferred directly from one controller to another controller to the extent that this is technically feasible and provided that the rights and freedoms of other persons are not adversely affected thereby.

Right of objection according to Art. 21 DSGVO - You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) DSGVO. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.

In individual cases, we process personal data to conduct direct marketing. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is related to such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) DSGVO, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Right to withdraw consent under data protection law - You have the right to withdraw consent to the processing of personal data at any time with effect for the future.

Right to complain to a supervisory authority - You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data. You can find a compilation of the contact details of the data protection officers in the federal states and the supervisory authorities for the non-public sector and in other countries on the pages of the Federal Commissioner for Data Protection and Freedom of Information, BfDI under Addresses and Links.
 

AUTOMATED DECISION MAKING & PROFILING


We do not use profiling in the context of the use of our websites iSv. Art. 22 DSGVO.

STORAGE, DELETION AND BLOCKING
We process and store your personal data only for the period of time required to achieve the purpose of storage or if this has been provided for by the legal provisions to which our company is subject. If the storage purpose ceases to apply or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

STORAGE PERIOD
The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.

FURTHER DATA PROTECTION ISSUES
On our company homepage you will find further information about our products, our company and also about data protection. If you have further questions, comments or other requests regarding your personal data that are not answered here, simply contact us via our contact details or at: datenschutzbeauftragter@rapunzel.de.

RAPUNZEL NATURKOST GmbH
Rapunzelstraße 1, D - 87764 Legau
Telefon: +49 (0) 8330 / 529 - 0
Telefax: +49 (0) 8330 / 529 - 1188
E-Mail: info@rapunzel.de
Seite druckenSeite schliessen
RAPUNZEL NATURKOST GmbH
Rapunzelstraße 1, D - 87764 Legau
Telefon: +49 (0) 8330 / 529 - 0
Telefax: +49 (0) 8330 / 529 - 1188
E-Mail: info@rapunzel.de