Privacy & Cookies Policy

As the operator of this website, we take the protection of your personal data very seriously and treat it confidentially and in accordance with the current statutory data protection regulations and this privacy policy.

In the following, we inform you about the processing in accordance with Article 13 of the EU General Data Protection Regulation (EU GDPR) of your personal data (hereinafter referred to as “data”).

1.Definition

The following data protection declaration is based on the terms used by the European Directive and legislators used in the enactment of the EU GDPR. In order to ensure easy readability and comprehensibility, we would like to explain the terminology used in advance. We use the following terms, among others, in this privacy policy:

a) Personal data

Personal data is any information relating to an identified or identifiable natural person (in the hereinafter referred to as “data subject”). An identifiable natural person is a person who, directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special characteristics that express the physical, physiological,the genetic, psychological, economic, cultural or social identity of that natural person, can be.

b) Data subject (user)

A data subject is any identified or identifiable natural person whose personal data is processed by the controllers.

c) Processing

Processing means any operation or set of operations which is performed on the website or on sets of operations, whether or not by automated means. Connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparison or linking with: Restriction, deletion or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of ensuring their future restrict processing.

e) Profiling

Profiling is any form of automated processing of personal data consisting of the fact that these personal data may be used to identify certain personal aspects relating to a natural person to evaluate, in particular, to take into account aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement of that natural person analyze or predict.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information provided that this additional information is kept separately and for technical and organisational purposes are subject to measures to ensure that the personal data is not subject to an identified or identifiable natural person.

g) Controller or controller responsible for the processing

The controller or controller responsible for the processing is the natural or legal person, public authority, agency or any other entity which, alone or jointly with others, determines the purposes and means of the processing of personal data. Are the purposes and means of such processing covered by Union law or the law of the Member States, the controller or persons may meet the specific criteria its designation may be provided for in accordance with Union law or the law of the Member States.

h) Processors

Processor means a natural or legal person, public authority, agency or other body that: personal data processed on behalf of the Controller.

i) Recipient

The recipient is a natural or legal person, public authority, agency or other body that provides personal data will be disclosed, regardless of whether it is a third party or not. Authorities operating in the context of a specific inquiry mandate under Union law or the law of the Member States may receive personal data, but are not considered recipients.

j) Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controllers or processors are authorised to process the personal data.

k) Consent

Consent is any consent given by the data subject voluntarily for the specific case, in an informed manner, and unequivocal expression of intent in the form of a declaration or other unambiguous affirmative act by which the data subject indicates that he or she is involved in the processing of data concerning him or her personal data.

2.Controller

Betterfoods GmbH

Bottenhorner Weg 33

60489 Frankfurt am Main

Legal Representative: Zefan Ket

Phone: +4969247572347

E-mail: info@betterfoods.de

3. General information on data processing

a) Scope of data processing

As a matter of principle, we process the personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception shall be made in cases where prior consent cannot be obtained for factual reasons and the processing of the data by legal regulations is permitted.

b) Legal basis for data processing

Insofar as we obtain the consent of the data subject for the processing of personal data, Kind. 6 (1) (a) of the General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data necessary for the performance of a contract to which the is necessary, serves Art. 6 para. 1 lit. b EU-GDPR serves as the legal basis. This also applies to:

Processing operations necessary to carry out pre-contractual measures. Insofar as processing personal data is necessary to comply with a legal obligation to which our company is subject, serves Art. 6 para. 1 lit. c EU-GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person processing of personal data, Art. 6 para. 1 lit. d EU-GDPR serves as the legal basis. Is the processing necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Kind. 6 para. 1 lit. f EU-GDPR serves as the legal basis for the processing.

c) Duration of processing

We process your data only for as long as it is necessary for the performance of the contract, to maintain our relationship or in accordance with applicable legislation.

Different retention periods apply to the storage of business documents. For data according to the Tax Code, a retention period of 10 years usually applies to tax relevance, for other data according to the requirements of the Commercial Code, 6 years.

As long as you do not object, we will use your data as part of our trusting business relationship with mutually beneficial. If you wish your data to be deleted, we will delete it immediately, insofar as the deletion does not conflict with legal retention obligations.

4. Provision of the website and creation of log files

a) Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the system of the calling device. The following data is collected:

Browser type and version used

User’s operating system

User’s Internet Service Provider

IP address of the user

Date and time of access

Websites from which the system accesses our website

Websites that are accessed by the user’s system via our website

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

b) Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f EU-GDPR.

c) Purposes of processing

The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must be stored for the duration of the session stay.

The data is stored in log files in order to ensure the functionality of the website. In addition, we use the data for optimization of the website and to ensure the security of our information technology systems. An evaluation of data for marketing purposes does not take place in this context.

For these purposes, we also have a legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f EU-GDPR.

d) Duration of processing

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that a mapping of the calling client is no longer possible.

e) Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the Website mandatory. Consequently, there is no possibility of objection on the part of the user.

5. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the user.

Internet browsers are stored on the user’s computer system. When a user accesses a website, a Cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly.

It is important that the calling browser can be identified even after a page change.

In addition, cookies are used to analyse the surfing behaviour of users.

The user data collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be shared with other personal data of the users.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.

b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f EU GDPR.

c) Purpose of the processing

The purpose of using technically necessary cookies is to simplify the use of websites for users.

Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The technically necessary Cookies collected user data are not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its content.

Through the analysis of cookies, we learn how the website is used and can thus constantly optimize our offer.

For these purposes, we also have a legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 lit. f EU-GDPR.

d) Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted from there to our site. Therefore, you have as a user, full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated from our website, it may no longer be possible to use all functions of the website to their full extent.

6. Online Marketing

a) Description and scope of data processing

On our website, we process personal data for online marketing purposes, including in particular the presentation of advertising and other content (collectively referred to as “content”) on the basis of the potential interests of users as well as the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in so-called cookies or similar procedures by means of which the information about the user relevant to the presentation of the aforementioned content is stored.

This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used, and information on usage times. If the user has consented to the collection of his location data, these are processed.

The user’s IP address is also stored. However, we use IP masking procedures (i.e., Pseudonymization by shortening the IP address) to protect the user. In general, within the framework of the Online marketing procedures do not store any clear data of the user (such as e-mail addresses or names), but Pseudonyms. This means that the identity of the user is not known, but only the information stored in his profile. The information in the profile is usually stored in the cookies or by means of similar procedures. These cookies can be later generally also on other websites that use the same online marketing process and for the purpose of displaying content, it is analysed as well as supplemented with other data and stored on the server of the online website marketing procedure provider.

Exceptionally, clear data can be assigned to the profile. This is the case if, for example, the user is a member of a social network, whose online marketing procedures we use and the network connects the user’s profile with the aforementioned information. It should be noted that the user has made additional agreements with the providers, e.g. by Consent in the context of registration.

As a matter of principle, we only have access to summarized information about the success of our advertisements.

However, as part of so-called conversion measurements, we can check which of our online marketing procedures a so-called conversion, i.e., for example, to the conclusion of a contract with us. Conversion measurement is used solely to analyze the success of our marketing measures.

b) Legal basis for data processing

If the user has given his consent, the legal basis for the processing of personal data is Art. 6

Para. 1 lit. a EU-GDPR. Otherwise, the legal basis for the processing of personal data is Art. 6 para. 1 lit. f EU-GDPR, i.e. our legitimate interests (e.g. the provision of efficient, economic and recipient-friendly services).

c) Purpose of the processing

The purposes of data processing are tracking (e.g. interest/behavioural profiling, use of cookies), remarketing, visit action evaluation, interest-based and behavioural marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors), target group formation (determination of for marketing purposes relevant target groups or other output of content), cross-device tracking (cross-device processing of User data for marketing purposes), click tracking.

For these purposes, we also have a legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 lit. f EU-GDPR.

The purposes of data processing are:

Tracking (e.g. interest/behavioural profiling, use of cookies)

Remarketing

Visit Action Evaluation

Interest-based and behavioural marketing

Profiling (creation of user profiles)

Conversion measurement (measurement of the effectiveness of marketing measures)

Reach measurement (e.g. access statistics, recognition of returning visitors)

Target group formation (determination of target groups relevant for marketing purposes or other output of Contents)

Cross-device tracking (cross-device processing of user data for marketing purposes)

Click Tracking

d) Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted from there to our site. Therefore, you have as a user, full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated from our website, it may no longer be possible to use all functions of the website to their full extent.

(e) services and service providers used

Google Analytics

Dienstanbieter: Google LLC. (Mountain View, Kalifornien, USA)

Website: https://analytics.google.com/

Privacy Policy: https://policies.google.com/privacy?hl=de

Google Tag Manager

Dienstanbieter: Google LLC. (Mountain View, Kalifornien, USA)

Website: https://marketingplatform.google.com/intl/de/about/tag-manager/

Privacy Policy: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

https://policies.google.com/privacy?hl=de

7.Google Fonts (web fonts)

a) Scope of data processing

Our website page uses certain fonts from Google to display it. When a page is called up, the browser load

of the user these fonts. The IP address of the user and the page (Internet address) that the user is visiting a server of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). More information about Google fonts can be found at https://developers.google.com/fonts/faq and Google’s privacy policy can be found at https://www.google.com/policies/privacy/.

b) Legal basis for data processing

The legal basis for the processing of the personal data of the user is Art. 6 para. 1 lit. f EU-GDPR.

c) Purpose of data processing

The use of Google Fonts is used for the visual representation of text content.

8. Contact form and e-mail contact

a) Description and scope of data processing

There is a contact form on our website, which can be used to contact us electronically can. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. These data are:

contact_fields

additional

In addition, the following data is collected during registration:

Date/Time

Browser

Devices

Anonymized IP of visitors

Anonymized IP of returning visitors

For the processing of the data, your consent is obtained as part of the sending process and based on this Privacy Policy.

Alternatively, you can contact us via the e-mail address provided. In this case, the transmitted personal data of the user.

In this context, the data will not be passed on to third parties. The data will be used exclusively for the purpose of processing the conversation.

b) Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a EUDSGVO.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Para. 1 lit. f EU-GDPR. If the aim of the e-mail contact is to conclude a contract, there is an additional legal basis for processing Art. 6 para. 1 lit. b EU-GDPR.

c) Purpose of data processing

The processing of the personal data from the input mask serves us solely to process the Contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

d) Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is then over if it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be processed after a period of time at the latest of seven days.

e) Possibility of objection and removal

The user has the option to revoke his consent to the processing of personal data at any time.

If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of contacting us will be deleted.

9. Processors

We use external service providers (processors), e.g. for the dispatch of goods, newsletters or Payment processing. A separate order processing contract was concluded with each of the service providers in order to ensure the protection of your personal data.

We work with the following service providers:

HKS Fulfilment Solution GmbH, Kolenbeekstieg 2, 21435 Stelle, Germany

10. Your rights as a data subject

According to the EU GDPR, you have the following rights:

a) Right to information

You may request confirmation from the controller as to whether personal data concerning you, are processed by us.

If this is the case, you can request the following information from the controller:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if specific information is not possible to do so, criteria for determining the duration of storage;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the origin of the data, if the personal data are not stored by the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and the intended effects of such processing on the data subject.

You have the right to request information as to whether the personal data concerning you has been transferred to a third country or to an international organisation. In this context, you may request that the appropriate safeguards pursuant to Art. 46 EU-GDPR in connection with the transfer.

b) Right to rectification of your data

You have a right to rectification and/or completion vis-à-vis the person responsible, provided that the processed personal data concerning you are incorrect or incomplete. The controller has the rectification without delay.

c) Right to restriction of the processing of your data

Under the following conditions, you may request the restriction of the processing of data concerning you: request personal data:

(1) if you dispute the accuracy of the personal data concerning you for a period of time that is necessary for the enables controllers to verify the accuracy of personal data;

(2) the processing is unlawful and you refuse the deletion of the personal data and instead request restriction of the use of personal data;

(3) the controller no longer needs the personal data for the purposes of the processing, you need to assert, exercise or defend legal claims, or

(4) if you have objected to the processing pursuant to Art. 21 para. 1 EU-GDPR and have not yet it clear whether the legitimate reasons of the person responsible outweigh your reasons. If the processing of your personal data has been restricted, such data may – from your Storage apart from – only with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of the important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the Controller before the restriction is lifted.

d) Right to deletion of your data

aa) Obligation to delete You have the right to obtain from the controller the processing of personal data concerning you without undue delay. and the controller is obliged to delete this data immediately if one of the following

Reasons apply:

(1) The personal data concerning you are necessary for the purposes for which they were collected or otherwise were no longer necessary.

(2) You revoke your consent on which the processing is based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a EU-GDPR and there is no other legal basis for the processing.

(3) In accordance with Art. 21 para. 1 EU-GDPR and there are no overriding legitimate reasons for the processing, or you submit pursuant to Art. 21 para. 2 EU-GDPR processing.

(4) The personal data concerning you have been processed unlawfully.

(5) The deletion of your personal data is necessary to fulfil a legal obligation under the Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you have been collected in relation to the offer of information society services. In accordance with Art. 8 para. 1 EU-GDPR.

bb) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17(1) EU GDPR to delete them, he shall take into account the available technology and the implementation costs reasonable measures, including technical measures, in order to provide data controllers, who process the personal data, to inform them that you, as the data subject, have the deletion of all links to this personal data or of copies or replications of this personal data.

cc) Exemptions

The right to deletion does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation that requires processing under Union or Member State law, to which the controller is subject, requires, or for the performance of a task carried out in the public interest, or is carried out in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Kind. 9 para. 3 EU GDPR;

(4) for archival purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 para. 1 EU-GDPR, insofar as the right referred to in section a) is likely to be the renders impossible or seriously impairs the achievement of the purposes of such processing, or

(5) to establish, exercise or defend legal claims.

e) Right to information

Do you have the right to rectification, erasure or restriction of processing vis-à-vis the person responsible, the latter is obliged to inform all recipients to whom the personal data concerning you have been disclosed, to communicate this correction or deletion of the data or restriction of processing, unless because this proves to be impossible or involves a disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

f) Right to data portability

You have the right to request the personal data concerning you, which you have provided to the person responsible, in a structured, common and machine-readable format. In addition, you have the right to use this data, in another controller without hindrance from the controller to whom the personal data have been made available provided that:

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a EU-GDPR or Art. 9 para. 2 lit. a EU-GDPR or on a contract pursuant to Art. 6 para. 1 lit. b EU-GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the exercise of data a task which is in the public interest or which is carried out in the exercise of official authority, which is necessary for the responsible persons.

g) Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of the personal data concerning you, which is processed on the basis of Art. 6 (1) (e) or (f) of the EU GDPR, objection to be pickled; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you, unless he can obtain mandatory demonstrate legitimate grounds for the processing which override your interests, rights and freedoms, or processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such to insert advertising; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will be data will no longer be processed for these purposes.

In connection with the use of information society services, you have the option of Directive 2002/58/EC – to exercise your right to object by means of automated procedures involving technical specifications.

h) Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. By revoking the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

i) Right to lodge a complaint with the data protection supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to: lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence or place of work, or of the place of the alleged infringement, if you believe that the processing of data concerning you personal data violates the EU GDPR. The supervisory authority to which the complaint was lodged informs the complainant of the progress and outcome of the complaint, including the

Possibility of a judicial remedy pursuant to Art. 78 EU-GDPR

The responsibility of the supervisory authority depends on your place of residence. A list of supervisory authorities can be found here:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

This privacy policy was created by b2.legal Rechtsanwälte.