The following information is intended to give you an overview of how we process your personal data and of your data protection rights when you visit our English-language company website rapunzel.de/en/ here. We will inform you separately about data processing when you visit other websites of our company, for example in other countries.
The use of rapunzel.de/en/ is generally possible without entering personal data. However, if you want to use special services via our website or other options, processing of personal data could become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.
As the controller, we always try to ensure the most complete protection of personal data processed through this website by means of up-to-date technical and organizational measures, just as we attach great importance to security and data protection friendliness in our other processing activities. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection against unauthorized access by third parties cannot be guaranteed. For this reason, you are free to contact us by telephone or mail, for example, and to transmitpersonal data to us in this way as well.
RAPUNZEL NATURKOST GmbH
Phone: +49 (0) 8330 - 529 1402
Fax: +49 (0) 8330 - 529 1139
Web: rapunzel.de (German) | rapunzel.de/en/ (English)
For further information please refer to our imprint.
DATA PROTECTION OFFICER
If you have any questions about data processing here or about data protection at RAPUNZEL NATURKOST GmbH (Rapunzel), you can contact our data protection officer at any time.
You can reach him by mail to the above address (please note 'Attn. Data Protection Officer' on the envelope), by e-mail to firstname.lastname@example.org or confidentially via our data protection portal.
TRANSFER OF DATA TO THIRD PARTIES
We do not transfer your personal data to third parties for purposes other than those listed below when you visit our website. We only pass on your personal data to third parties if:
- you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a DSGVO,
- the disclosure is permissible for the protection of our legitimate interests in accordance with Art. 6 Para. 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- in the event that there is a legal obligation to disclose your data in accordance with Art. 6 Para. 1 lit. c DSGVO, as well as
- this is legally permissible and necessary according to Art. 6 para. 1 lit. b DSGVO for the processing of contractual relationships with you.
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser contains a "https://" instead of a "http://" and by the lock symbol in your browser line. We use this technology to protect your transmitted data.
DATA COLLECTION WHEN VISITING THE WEBSITE
When you use our website for informational purposes only, i.e. when you do not register or otherwise transmit information to us, we collect only such data as your browser transmits to our server (in so-called "server log files"). Our website collects a series of general data and information with each call of a page by you or by an automated system. This general data and information is stored in the server log files. The following can be recorded
- browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system arrives at our website (so-called referrer),
- the sub-websites that are accessed via an accessing system on our website,
- the date and time of an access to the Internet site,
- an Internet protocol address (anonymized IP address) and,
- the Internet service provider of the accessing system.
- deliver the contents of our Internet site correctly,
- to optimize the content of our website as well as the advertising for it,
- to ensure the long-term operability of our IT systems and the technology of our website, and
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above.
HOSTING BY DATAGROUP
We host our website at DATAGROUP Ulm GmbH, Magirus-Deutz-Straße 17, 89077 Ulm, a subsidiary of DATAGROUP SE in 72124 Pliezhausen. When you visit our website, your personal data (e.g. IP addresses in log files) are processed on DATAGROUP's servers. The use of DATAGROUP is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in the most reliable presentation and provision as well as safeguarding of our website. We have concluded an order processing agreement (AVV) pursuant to Art. 28 DSGVO with DATAGROUP. This is a contract prescribed by data protection law, which ensures that DATAGROUP only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
Data protection information: https://www.datagroup.de/datenschutz/
PLUGINS AND OTHER SERVICES
a) Google Tag Manager
On this website we use the Google Tag Manager service. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dub-lin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
b) YouTube (videos)
We have integrated components from YouTube on this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal. Each time you call up one of the individual pages of this website that is operated by us and on which a YouTube component (YouTube video) has been integrated, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube.
Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google receive information about which specific sub-page of our website is visited by you.
If you are logged in to YouTube at the same time, YouTube recognizes which specific sub-page of our website you are visiting when you call up a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account. YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged into YouTube at the same time as calling up our website; this takes place regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before accessing our website. These processing operations are only carried out if you have given your express consent in accordance with Art. 6 Para. 1 lit. a DSGVO. YouTube privacy notice: https://www.google.de/intl/de/policies/privacy/.
c) Retailer Search with OpenStreetMap
We can help you find our local organic retail distribution partners who sell our products in many other countries around the world.
You can use the Rapunzel Partners link to search for our distribution partners on an online map. We have integrated map sections of the online map tool "OpenStreetMap" there. This is a so-called open source mapping, which we can access via an API (interface). This function is offered by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. By using this service, you can, for example, see our location or that of our dealers, and it makes it easier for you to find where you can buy our products in your area. Thus, when you access the sub-pages in which OpenStreetMap is integrated, information about your use of our website (such as your IP address, data about your browser, device type, operating system) is transmitted to OpenStreetMap and stored there.
By default, the integration is deactivated for data protection reasons and is only enabled for the map view after requesting your consent. After that, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO. Detailed information on OpenStreetMap can be found at: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
d) Font Awesome (local hosting)
e) Google Web Fonts (local hosting)
Our website uses so-called Web Fonts for the uniform display of fonts. The Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
CONTENT AND CONTACT OPTIONS
Here we inform you about Rapunzel as a company as well as about our products and novelties in English language. More comprehensive information and more features can be found on our German company website. In addition to Rapunzel Naturkost organic products, you will find information about cooking with Rapunzel Naturkost, our fair trade program HAND IN HAND and our Rapunzel Bio-Cent campaign. We refer by links to other projects such as "jedes-essen-zaehlt.de" (in German) and other websites of our family of companies, which may be operated via other server locations and in other languages.
We distribute our products all over the world and inform you here about our local distributors and how to contact them. We offer our business customers a login for our specialized trade store as well as for downloading via our media database. These pages are currently only available in German. We give you various possibilities for a dialog with our contacts and also offer different ways to get in touch with us.
a) Contact via contact forms
In case of questions of any kind, we offer you the possibility to contact us via one of the forms provided on the website. On the one hand, this is our general form for contact inquiries for general questions and one for complaints about products.
First of all, a valid e-mail address and a name are required so that we know from whom the inquiry originates and so that we can answer it. Which further data is collected can be seen from the respective contact form.
If you have a complaint about a product and use the form for this purpose, we request further data from you so that we can assign the complaint to a specific order and, if applicable, to a specific product batch, in particular your address. This enables us to clearly allocate orders to the processing of complaints and to be able to send you replacement products without having to ask for your data again. If you do not wish to do this, you can also contact us by telephone or via the general contact form. If you make a callback request, it is necessary to provide a telephone number so that our contact persons can contact you.
The information you provide in the form fields will be stored and used solely for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f DSGVO. If your contact aims at the conclusion or reclamation of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
We have secured our forms with a simple check question that does not require data processing or transfer to third parties. You can attach files, such as photos, to the forms. The information submitted is transmitted to us in a secure manner.
Your data will be deleted after your request has been processed. This is the case if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no legal storage obligations to the contrary. Alternatively, you can contact us directly and informally and request us to delete your data.
b) Contact via e-mail
If you contact us via one of the e-mail addresses provided by us, the personal data provided by you will be processed exclusively for the purpose of processing your respective inquiry, for correspondence with you, as well as for the possible initiation and substantiation of a contract, for inquiries for products and complaints, etc. with you in accordance with Art. 6 Para. 1 S. 1 lit. b) DSGVO. The personal data collected will be automatically deleted once your inquiry has been dealt with; this is the case if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no legal obligations to retain data.
c) Download via our media database
We provide you with a wide range of information for download on our various pages. You will find our Rapunzel media database as well as our data protection information on our German company page.
d) LogIn for business customers
The login to our specialized trade store is also available to our registered business customers via our German company page here.
e) Contact for application purposes
We also inform about job offers and apprenticeship training positions at Rapunzel via our German company page here.
f) Use of the e-paper application of 1000grad.de
We use the application of the company 1000° DIGITAL Gesellschaft für Multimedia und E-Commerce mbH, Mozartstr. 3, 04107 Leipzig, Germany (1000grad) to offer you our PDF articles, such as our bio-magazine natur.post or topic-related brochures, as interactive, page-turning documents in an e-paper version. The use of 1000grad's technology is in the interest of an appealing presentation of our magazines and articles also online in your browser. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. The data packets displayed and retrieved via your browser are hosted on our own servers.
If we use tracking techniques when using our e-papers in order to improve our offers for you with analyses of usage data, we do this exclusively after your voluntary consent to this, which can be revoked at any time for the future, in accordance with Art. 6 (1) a) DSGVO.
OUR ACTIVITIES IN SOCIAL NETWORKS
a) Links to media appearances
b) Presence on social networks
We use the aforementioned social networks to inform users about our products and information offers, to discuss with interested parties and to bring our entrepreneurial, ecological, economic, social and political actions closer to our interested parties and to publicize recipes and news.
You can contact us directly via the respective platform at your own request and instigation. The aforementioned social media channels complement our web presence and offer a further, supplementary information and communication option.
As soon as you access the respective Rapunzel social media profile in the corresponding network, the terms and conditions and data protection information of the respective operator apply. We only process visitor data on the social media sites ourselves if you contact and communicate with us, for example through comments or direct messages.
A processing of your personal data is necessary for the purpose of the use of the Social-Media platform by yourself.
The described processing of personal data is carried out in accordance with Art. 6 (1) f DSGVO on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a timely manner or to inform you about our services.
If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 (1) lit. a DSGVO in connection with Art. 7 DSG-VO. Art. 7 DSG-VO.
Since we do not have access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider despite a possible joint responsibility with the social media portal operators.
Further information on the processing of your data in the social networks and the possibility to make use of your right of objection or revocation (so-called opt-out), we have listed below with the respective provider of social networks used by us.
c) Social media services:
(Co-)responsible for data processing in Europe:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Opt-out and advertising settings: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
(Co-)responsible for data processing in Germany:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
(Co-) controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.
(Co-) controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
(Joint) controller for data processing in Europe:
Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
WEB ANALYTICS WITH GOOGLE ANALYTICS 4
With your declared consent, Google Analytics 4 is used on our website, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Scope of processing
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your website visit, your user behavior is recorded in the form of "events". Events can be:
- Page views
- First visit to the website
- Start of session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- clicks on external links
- internal search queries
- interaction with videos
- file downloads
- seen / clicked ads
- language settings
- Your approximate location (region)
- your IP address (in shortened form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/ via which advertising medium you came to this website)
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.
Recipients of the data are/may be
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as data processor according to Art. 28 DSGVO)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.
The data sent by us and linked to cookies are automatically deleted after 2 months. The deletion of data whose retention period has been reached takes place automatically once a month.
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO.
You can revoke your consent at any time with effect for the future by calling up the cookie settings here and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by
- not giving your consent to the setting of the cookie or
- downloading and installing the browser add-on to disable Google Analytics HERE.
a) General information about cookies
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
b) Information on how to avoid cookies in common browsers.
You have the option of deleting cookies, allowing only selected cookies or deactivating cookies completely at any time via the settings of the browser you are using. For more information, please visit the support pages of the respective providers:
- Chrome: https://support.google.com/chrome/answer/95647
- Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac
- Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen
- Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09.
We use the consent management platform "Usercentrics" of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service enables us to obtain and manage the consent of website users for data processing. Usercentrics collects data generated by end users who use our website. When an end user provides consent, Usercentrics automatically logs the following data:
- Browser information.
- Date and time of access.
- Device information.
- The URL, from the page visited.
- Geographic location.
- Page path of the website.
- The consent status of the end user, which serves as proof of consent.
The functionality of the website is not guaranteed without the described processing. There is no possibility for the user to object as long as there is a legal obligation to obtain the user's consent to certain data processing operations (Art. 7 para. 1, 6 para. 1 p. 1 lit. c DSGVO). Usercentrics is a recipient of your personal data and acts as a processor for us. Detailed information on the use of Usercentrics can be found at: https://usercentrics.com/privacy-policy/.
You can manage and change your consents here:
CHANGE YOUR PRIVACY SETTINGS
YOUR RIGHTS AS A DATA SUBJECT
Right to confirmation - You have the right to request confirmation from us as to whether personal data relating to you is being processed.
Right to information according to Art. 15 DSGVO - You have the right to receive from us, at any time and free of charge, information about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.
Right to rectification according to Art. 16 DSGVO - You have the right to demand the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
Right to erasure according to Art. 17 DSGVO - You have the right to demand that we erase the personal data concerning you without delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
Right to restriction of processing according to Art. 18 DSGVO - You have the right to demand that we restrict processing if one of the legal prerequisites applies.
Right to data portability according to Art. 20 DSGVO - You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transferred directly from one controller to another controller to the extent that this is technically feasible and provided that the rights and freedoms of other persons are not adversely affected thereby.
Right of objection according to Art. 21 DSGVO - You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) DSGVO. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.
In individual cases, we process personal data to conduct direct marketing. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is related to such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) DSGVO, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
Right to withdraw consent under data protection law - You have the right to withdraw consent to the processing of personal data at any time with effect for the future.
Right to complain to a supervisory authority - You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data. You can find a compilation of the contact details of the data protection officers in the federal states and the supervisory authorities for the non-public sector and in other countries on the pages of the Federal Commissioner for Data Protection and Freedom of Information, BfDI under Addresses and Links.
AUTOMATED DECISION MAKING & PROFILING
We do not use profiling in the context of the use of our websites iSv. Art. 22 DSGVO.
STORAGE, DELETION AND BLOCKING
We process and store your personal data only for the period of time required to achieve the purpose of storage or if this has been provided for by the legal provisions to which our company is subject. If the storage purpose ceases to apply or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.
FURTHER DATA PROTECTION ISSUES
On our company homepage you will find further information about our products, our company and also about data protection. If you have further questions, comments or other requests regarding your personal data that are not answered here, simply contact us via our contact details or at: email@example.com.