Privacy Policy

Data pro­tec­tion

 

We are very de­ligh­ted that you have shown in­te­rest in our en­t­er­prise. Data pro­tec­tion is of a par­ti­cu­larly high prio­rity for the ma­nage­ment of the HEY! Cof­fee. The use of the In­ter­net pa­ges of the HEY! Cof­fee is pos­si­ble wi­thout any in­di­ca­tion of per­so­nal data; howe­ver, if a data sub­ject wants to use spe­cial en­t­er­prise ser­vices via our web­site, pro­ces­sing of per­so­nal data could be­come ne­cessary. If the pro­ces­sing of per­so­nal data is ne­cessary and there is no sta­tu­tory ba­sis for such pro­ces­sing, we ge­ne­rally ob­tain con­sent from the data sub­ject.

The pro­ces­sing of per­so­nal data, such as the name, ad­dress, e-mail ad­dress, or te­le­phone num­ber of a data sub­ject shall al­ways be in line with the Ge­ne­ral Data Pro­tec­tion Re­gu­la­tion (GDPR), and in ac­cor­dance with the coun­try-​spe­ci­fic data pro­tec­tion re­gu­la­ti­ons ap­p­lica­ble to the HEY! Cof­fee. By me­ans of this data pro­tec­tion de­cla­ra­tion, our en­t­er­prise would like to in­form the ge­ne­ral pu­blic of the na­ture, scope, and pur­pose of the per­so­nal data we collect, use and pro­cess. Fur­ther­more, data sub­jects are in­for­med, by me­ans of this data pro­tec­tion de­cla­ra­tion, of the rights to which they are en­t­it­led.

As the con­trol­ler, the HEY! Cof­fee has im­ple­men­ted nu­me­rous tech­ni­cal and or­ga­niza­t­io­nal me­a­su­res to en­sure the most com­plete pro­tec­tion of per­so­nal data pro­ces­sed through this web­site. Howe­ver, In­ter­net-​ba­sed data trans­mis­si­ons may in prin­ci­ple have se­cu­rity gaps, so ab­so­lute pro­tec­tion may not be gua­ran­teed. For this re­a­son, every data sub­ject is free to trans­fer per­so­nal data to us via al­ter­na­tive me­ans, e.g. by te­le­phone.

Con­trol­ler for the pur­po­ses of the Ge­ne­ral Data Pro­tec­tion Re­gu­la­tion (GDPR), other data pro­tec­tion laws ap­p­lica­ble in Mem­ber sta­tes of the Eu­ro­pean Union and other pro­vi­si­ons re­la­ted to data pro­tec­tion is:

 

HEY! Cof­fee

Met­zer Straße 21

50677 Köln

Ger­many

Web­site: www.hey-coffee.de

 

Coo­kies

 

The In­ter­net pa­ges of the HEY! Cof­fee use coo­kies. Coo­kies are text files that are stored in a com­pu­ter sys­tem via an In­ter­net brow­ser.

Many In­ter­net sites and ser­vers use coo­kies. Many coo­kies con­tain a so-​cal­led coo­kie ID. A coo­kie ID is a uni­que iden­ti­fier of the coo­kie. It con­sists of a cha­rac­ter string through which In­ter­net pa­ges and ser­vers can be as­si­gned to the spe­ci­fic In­ter­net brow­ser in which the coo­kie was stored. This al­lows vi­si­ted In­ter­net sites and ser­vers to dif­fe­ren­tiate the in­di­vi­dual brow­ser of the dats sub­ject from other In­ter­net brow­sers that con­tain other coo­kies. A spe­ci­fic In­ter­net brow­ser can be re­co­gni­zed and iden­ti­fied using the uni­que coo­kie ID.

Through the use of coo­kies, the HEY! Cof­fee can pro­vide the users of this web­site with more user-​fri­endly ser­vices that would not be pos­si­ble wi­thout the coo­kie set­ting.

By me­ans of a coo­kie, the in­for­ma­tion and of­fers on our web­site can be op­ti­mi­zed with the user in mind. Coo­kies al­low us, as pre­viously men­tio­ned, to re­co­gnize our web­site users. The pur­pose of this re­co­gni­tion is to make it ea­sier for users to uti­lize our web­site. The web­site user that uses coo­kies, e.g. does not have to en­ter ac­cess data each time the web­site is ac­ces­sed, be­cause this is ta­ken over by the web­site, and the coo­kie is thus stored on the user's com­pu­ter sys­tem. Ano­ther ex­ample is the coo­kie of a shop­ping cart in an on­line shop. The on­line store re­mem­bers the ar­ti­cles that a cust­o­mer has pla­ced in the vir­tual shop­ping cart via a coo­kie.

The data sub­ject may, at any time, prevent the set­ting of coo­kies through our web­site by me­ans of a cor­re­spon­ding set­ting of the In­ter­net brow­ser used, and may thus per­man­ently deny the set­ting of coo­kies. Fur­ther­more, al­re­ady set coo­kies may be de­le­ted at any time via an In­ter­net brow­ser or other soft­ware pro­grams. This is pos­si­ble in all po­pu­lar In­ter­net brow­sers. If the data sub­ject de­ac­tiva­tes the set­ting of coo­kies in the In­ter­net brow­ser used, not all func­tions of our web­site may be ent­i­rely usa­ble.

 

 

Collec­tion of ge­ne­ral data and in­for­ma­tion

 

The web­site of the HEY! Cof­fee collects a se­ries of ge­ne­ral data and in­for­ma­tion when a data sub­ject or au­to­ma­ted sys­tem calls up the web­site. This ge­ne­ral data and in­for­ma­tion are stored in the ser­ver log files. Collec­ted may be 

 

Brow­ser type /​​ brow­ser ver­sion
Ope­ra­ting sys­tem used
re­fer­rer URL
Host name of ac­ces­sing com­pu­ter
Time of ser­ver re­quest

 

When using these ge­ne­ral data and in­for­ma­tion, the HEY! Cof­fee does not draw any con­clu­si­ons about the data sub­ject. Ra­ther, this in­for­ma­tion is nee­ded to (1) de­li­ver the con­tent of our web­site cor­rectly, (2) op­ti­mize the con­tent of our web­site as well as its ad­ver­ti­se­ment, (3) en­sure the long-term via­bi­lity of our in­for­ma­tion tech­no­logy sys­tems and web­site tech­no­logy, and (4) pro­vide law en­force­ment aut­ho­ri­ties with the in­for­ma­tion ne­cessary for cri­mi­nal pro­se­cu­tion in case of a cy­ber-​at­tack. The­re­fore, the HEY! Cof­fee ana­ly­zes an­ony­mously collec­ted data and in­for­ma­tion sta­ti­s­ti­cally, with the aim of in­crea­sing the data pro­tec­tion and data se­cu­rity of our en­t­er­prise, and to en­sure an op­ti­mal le­vel of pro­tec­tion for the per­so­nal data we pro­cess. The an­ony­mous data of the ser­ver log files are stored se­pa­ra­tely from all per­so­nal data pro­vi­ded by a data sub­ject.

 

Con­tact pos­si­bi­lity via the web­site

 

The web­site of the HEY! Cof­fee con­ta­ins in­for­ma­tion that enables a quick elec­tro­nic con­tact to our en­t­er­prise, as well as di­rect com­mu­ni­ca­tion with us, which also in­clu­des a ge­ne­ral ad­dress of the so-​cal­led elec­tro­nic mail (e-mail ad­dress). If a data sub­ject con­tacts the con­trol­ler by e-mail or via a con­tact form, the per­so­nal data trans­mit­ted by the data sub­ject are au­to­ma­ti­cally stored. Such per­so­nal data trans­mit­ted on a vol­un­tary ba­sis by a data sub­ject to the data con­trol­ler are stored for the pur­pose of pro­ces­sing or con­tac­ting the data sub­ject. There is no trans­fer of this per­so­nal data to third par­ties.

 

Sub­scrip­tion to our news­let­ter

 

On the web­site of the HEY! Cof­fee, users are gi­ven the op­por­tu­nity to sub­scribe to our enterprise's news­let­ter. The in­put mask used for this pur­pose de­ter­mi­nes what per­so­nal data are trans­mit­ted, as well as when the news­let­ter is or­de­red from the con­trol­ler.

HEY! Cof­fee in­forms its cust­o­m­ers and busi­ness part­ners re­gu­larly by me­ans of a news­let­ter about en­t­er­prise of­fers. The enterprise's news­let­ter may only be re­cei­ved by the data sub­ject if (1) the data sub­ject has a va­lid e-mail ad­dress and (2) the data sub­ject re­gis­ters for the news­let­ter ship­ping. A con­fir­ma­tion e-mail will be sent to the e-mail ad­dress re­gis­te­red by a data sub­ject for the first time for news­let­ter ship­ping, for le­gal re­a­sons, in the dou­ble opt-in pro­ce­dure. This con­fir­ma­tion e-mail is used to prove whe­ther the ow­ner of the e-mail ad­dress as the data sub­ject is aut­ho­ri­zed to re­ceive the news­let­ter.

Du­ring the re­gis­tra­tion for the news­let­ter, we also store the IP ad­dress of the com­pu­ter sys­tem as­si­gned by the In­ter­net ser­vice pro­vi­der (ISP) and used by the data sub­ject at the time of the re­gis­tra­tion, as well as the date and time of the re­gis­tra­tion. The collec­tion of this data is ne­cessary in or­der to un­der­stand the (pos­si­ble) mi­suse of the e-mail ad­dress of a data sub­ject at a la­ter date, and it the­re­fore ser­ves the aim of the le­gal pro­tec­tion of the con­trol­ler.

The per­so­nal data collec­ted as part of a re­gis­tra­tion for the news­let­ter will only be used to send our news­let­ter. In ad­di­tion, sub­scri­bers to the news­let­ter may be in­for­med by e-mail, as long as this is ne­cessary for the ope­ra­tion of the news­let­ter ser­vice or a re­gis­tra­tion in ques­tion, as this could be the case in the event of mo­di­fi­ca­ti­ons to the news­let­ter of­fer, or in the event of a change in tech­ni­cal cir­cum­stan­ces. There will be no trans­fer of per­so­nal data collec­ted by the news­let­ter ser­vice to third par­ties. The sub­scrip­tion to our news­let­ter may be ter­mi­na­ted by the data sub­ject at any time. The con­sent to the sto­rage of per­so­nal data, which the data sub­ject has gi­ven for ship­ping the news­let­ter, may be re­vo­ked at any time. For the pur­pose of re­vo­ca­tion of con­sent, a cor­re­spon­ding link is found in each news­let­ter. It is also pos­si­ble to un­sub­scribe from the news­let­ter at any time di­rectly on the web­site of the con­trol­ler, or to com­mu­ni­cate this to the con­trol­ler in a dif­fe­rent way.

 

News­let­ter-​Tracking

 

The news­let­ter of the HEY! Cof­fee con­ta­ins so-​cal­led tracking pi­xels. A tracking pi­xel is a mi­nia­ture gra­phic em­bed­ded in such e-mails, which are sent in HTML for­mat to enable log file re­cord­ing and ana­ly­sis. This al­lows a sta­ti­s­ti­cal ana­ly­sis of the suc­cess or failure of on­line mar­ke­ting cam­pai­gns. Ba­sed on the em­bed­ded tracking pi­xel, the HEY! Cof­fee may see if and when an e-mail was opened by a data sub­ject, and which links in the e-mail were cal­led up by data sub­jects.

Such per­so­nal data collec­ted in the tracking pi­xels con­tai­ned in the news­let­ters are stored and ana­ly­zed by the con­trol­ler in or­der to op­ti­mize the ship­ping of the news­let­ter, as well as to ad­apt the con­tent of fu­ture news­let­ters even bet­ter to the in­te­rests of the data sub­ject. These per­so­nal data will not be pas­sed on to third par­ties. Data sub­jects are at any time en­t­it­led to re­voke the re­spec­tive se­pa­rate de­cla­ra­tion of con­sent is­sued by me­ans of the dou­ble-​opt-​in pro­ce­dure. Af­ter a re­vo­ca­tion, these per­so­nal data will be de­le­ted by the con­trol­ler. The HEY! Cof­fee au­to­ma­ti­cally re­gards a wi­th­dra­wal from the re­ce­ipt of the news­let­ter as a re­vo­ca­tion.

 

Rou­tine era­sure and blo­cking of per­so­nal data

 

The data con­trol­ler shall pro­cess and store the per­so­nal data of the data sub­ject only for the pe­riod ne­cessary to achieve the pur­pose of sto­rage, or as far as this is gran­ted by the Eu­ro­pean le­gis­la­tor or other le­gis­la­tors in laws or re­gu­la­ti­ons to which the con­trol­ler is sub­ject to. If the sto­rage pur­pose is not ap­p­lica­ble, or if a sto­rage pe­riod pre­scri­bed by the Eu­ro­pean le­gis­la­tor or ano­ther com­pe­tent le­gis­la­tor ex­pi­res, the per­so­nal data are rou­ti­nely blo­cked or era­sed in ac­cor­dance with le­gal re­qui­re­ments.

 
Rights of the data sub­ject

 

a) Right of con­fir­ma­tion

Each data sub­ject shall have the right gran­ted by the Eu­ro­pean le­gis­la­tor to ob­tain from the con­trol­ler the con­fir­ma­tion as to whe­ther or not per­so­nal data con­cerning him or her are being pro­ces­sed. If a data sub­ject wis­hes to avail him­s­elf of this right of con­fir­ma­tion, he or she may, at any time, con­tact any em­ployee of the con­trol­ler.

 

b) Right of ac­cess

Each data sub­ject shall have the right gran­ted by the Eu­ro­pean le­gis­la­tor to ob­tain from the con­trol­ler free in­for­ma­tion about his or her per­so­nal data stored at any time and a copy of this in­for­ma­tion. Fur­ther­more, the Eu­ro­pean di­rec­tives and re­gu­la­ti­ons grant the data sub­ject ac­cess to the fol­lo­wing in­for­ma­tion:

the pur­po­ses of the pro­ces­sing;

the ca­te­go­ries of per­so­nal data con­cer­ned;

the re­ci­pi­ents or ca­te­go­ries of re­ci­pi­ents to whom the per­so­nal data have been or will be dis­clo­sed, in par­ti­cu­lar re­ci­pi­ents in third coun­tries or in­ter­na­tio­nal or­ga­ni­sa­ti­ons;

where pos­si­ble, the en­vi­sa­ged pe­riod for which the per­so­nal data will be stored, or, if not pos­si­ble, the cri­te­ria used to de­ter­mine that pe­riod;

the exis­tence of the right to re­quest from the con­trol­ler rec­tifi­ca­tion or era­sure of per­so­nal data, or re­stric­tion of pro­ces­sing of per­so­nal data con­cerning the data sub­ject, or to ob­ject to such pro­ces­sing;

the exis­tence of the right to lodge a com­plaint with a su­per­vi­sory aut­ho­rity;

where the per­so­nal data are not collec­ted from the data sub­ject, any avail­able in­for­ma­tion as to their source;

the exis­tence of au­to­ma­ted de­ci­sion-​ma­king, in­clu­ding pro­filing, re­fer­red to in Ar­ti­cle 22(1) and (4) of the GDPR and, at least in those ca­ses, mea­ningful in­for­ma­tion about the lo­gic in­vol­ved, as well as the si­gni­fi­cance and en­vi­sa­ged con­se­quen­ces of such pro­ces­sing for the data sub­ject.

Fur­ther­more, the data sub­ject shall have a right to ob­tain in­for­ma­tion as to whe­ther per­so­nal data are trans­fer­red to a third coun­try or to an in­ter­na­tio­nal or­ga­ni­sa­tion. Where this is the case, the data sub­ject shall have the right to be in­for­med of the ap­pro­priate safe­guards re­la­ting to the trans­fer.

If a data sub­ject wis­hes to avail him­s­elf of this right of ac­cess, he or she may, at any time, con­tact any em­ployee of the con­trol­ler.

 

c) Right to rec­tifi­ca­tion

Each data sub­ject shall have the right gran­ted by the Eu­ro­pean le­gis­la­tor to ob­tain from the con­trol­ler wi­thout un­due de­lay the rec­tifi­ca­tion of inac­cu­rate per­so­nal data con­cerning him or her. Ta­king into ac­count the pur­po­ses of the pro­ces­sing, the data sub­ject shall have the right to have in­com­plete per­so­nal data com­ple­ted, in­clu­ding by me­ans of pro­vi­ding a sup­ple­men­tary state­ment.

If a data sub­ject wis­hes to ex­er­cise this right to rec­tifi­ca­tion, he or she may, at any time, con­tact any em­ployee of the con­trol­ler.

 

d) Right to era­sure (Right to be for­got­ten)

Each data sub­ject shall have the right gran­ted by the Eu­ro­pean le­gis­la­tor to ob­tain from the con­trol­ler the era­sure of per­so­nal data con­cerning him or her wi­thout un­due de­lay, and the con­trol­ler shall have the ob­li­ga­tion to erase per­so­nal data wi­thout un­due de­lay where one of the fol­lo­wing grounds ap­p­lies, as long as the pro­ces­sing is not ne­cessary:

The per­so­nal data are no lon­ger ne­cessary in re­la­tion to the pur­po­ses for which they were collec­ted or other­wise pro­ces­sed.

The data sub­ject wi­th­draws con­sent to which the pro­ces­sing is ba­sed ac­cord­ing to point (a) of Ar­ti­cle 6(1) of the GDPR, or point (a) of Ar­ti­cle 9(2) of the GDPR, and where there is no other le­gal ground for the pro­ces­sing.

The data sub­ject ob­jects to the pro­ces­sing pur­suant to Ar­ti­cle 21(1) of the GDPR and there are no over­ri­ding le­gi­ti­mate grounds for the pro­ces­sing, or the data sub­ject ob­jects to the pro­ces­sing pur­suant to Ar­ti­cle 21(2) of the GDPR.

The per­so­nal data have been un­la­w­fully pro­ces­sed.

The per­so­nal data must be era­sed for com­p­li­ance with a le­gal ob­li­ga­tion in Union or Mem­ber State law to which the con­trol­ler is sub­ject.

The per­so­nal data have been collec­ted in re­la­tion to the of­fer of in­for­ma­tion so­ciety ser­vices re­fer­red to in Ar­ti­cle 8(1) of the GDPR.

If one of the afo­re­men­tio­ned re­a­sons ap­p­lies, and a data sub­ject wis­hes to re­quest the era­sure of per­so­nal data stored by the HEY! Cof­fee, he or she may, at any time, con­tact any em­ployee of the con­trol­ler. An em­ployee of HEY! Cof­fee shall promptly en­sure that the era­sure re­quest is com­plied with im­me­dia­tely.

Where the con­trol­ler has made per­so­nal data pu­blic and is ob­li­ged pur­suant to Ar­ti­cle 17(1) to erase the per­so­nal data, the con­trol­ler, ta­king ac­count of avail­able tech­no­logy and the cost of im­ple­men­ta­tion, shall take re­a­sonable steps, in­clu­ding tech­ni­cal me­a­su­res, to in­form other con­trol­lers pro­ces­sing the per­so­nal data that the data sub­ject has re­quested era­sure by such con­trol­lers of any links to, or copy or re­pli­ca­tion of, those per­so­nal data, as far as pro­ces­sing is not re­qui­red. An em­ployees of the HEY! Cof­fee will ar­range the ne­cessary me­a­su­res in in­di­vi­dual ca­ses.

 

e) Right of re­stric­tion of pro­ces­sing

Each data sub­ject shall have the right gran­ted by the Eu­ro­pean le­gis­la­tor to ob­tain from the con­trol­ler re­stric­tion of pro­ces­sing where one of the fol­lo­wing ap­p­lies:

The ac­cu­racy of the per­so­nal data is con­tested by the data sub­ject, for a pe­riod en­ab­ling the con­trol­ler to ve­rify the ac­cu­racy of the per­so­nal data.

The pro­ces­sing is un­la­w­ful and the data sub­ject op­po­ses the era­sure of the per­so­nal data and re­quests in­s­tead the re­stric­tion of their use in­s­tead.

The con­trol­ler no lon­ger needs the per­so­nal data for the pur­po­ses of the pro­ces­sing, but they are re­qui­red by the data sub­ject for the es­ta­blish­ment, ex­er­cise or de­fence of le­gal claims.

The data sub­ject has ob­jec­ted to pro­ces­sing pur­suant to Ar­ti­cle 21(1) of the GDPR pen­ding the ve­ri­fi­ca­tion whe­ther the le­gi­ti­mate grounds of the con­trol­ler over­ride those of the data sub­ject.

If one of the afo­re­men­tio­ned con­di­ti­ons is met, and a data sub­ject wis­hes to re­quest the re­stric­tion of the pro­ces­sing of per­so­nal data stored by the HEY! Cof­fee, he or she may at any time con­tact any em­ployee of the con­trol­ler. The em­ployee of the HEY! Cof­fee will ar­range the re­stric­tion of the pro­ces­sing.

 

f) Right to data por­ta­bi­lity

Each data sub­ject shall have the right gran­ted by the Eu­ro­pean le­gis­la­tor, to re­ceive the per­so­nal data con­cerning him or her, which was pro­vi­ded to a con­trol­ler, in a struc­tu­red, com­monly used and ma­chine-​re­a­da­ble for­mat. He or she shall have the right to trans­mit those data to ano­ther con­trol­ler wi­thout hin­drance from the con­trol­ler to which the per­so­nal data have been pro­vi­ded, as long as the pro­ces­sing is ba­sed on con­sent pur­suant to point (a) of Ar­ti­cle 6(1) of the GDPR or point (a) of Ar­ti­cle 9(2) of the GDPR, or on a con­tract pur­suant to point (b) of Ar­ti­cle 6(1) of the GDPR, and the pro­ces­sing is car­ried out by au­to­ma­ted me­ans, as long as the pro­ces­sing is not ne­cessary for the per­for­mance of a task car­ried out in the pu­blic in­te­rest or in the ex­er­cise of of­fi­cial aut­ho­rity vested in the con­trol­ler.

Fur­ther­more, in ex­er­cising his or her right to data por­ta­bi­lity pur­suant to Ar­ti­cle 20(1) of the GDPR, the data sub­ject shall have the right to have per­so­nal data trans­mit­ted di­rectly from one con­trol­ler to ano­ther, where tech­ni­cally fe­a­si­ble and when do­ing so does not ad­ver­sely af­fect the rights and free­doms of others.

In or­der to as­sert the right to data por­ta­bi­lity, the data sub­ject may at any time con­tact any em­ployee of the HEY! Cof­fee.

 

g) Right to ob­ject

Each data sub­ject shall have the right gran­ted by the Eu­ro­pean le­gis­la­tor to ob­ject, on grounds re­la­ting to his or her par­ti­cu­lar si­tua­tion, at any time, to pro­ces­sing of per­so­nal data con­cerning him or her, which is ba­sed on point (e) or (f) of Ar­ti­cle 6(1) of the GDPR. This also ap­p­lies to pro­filing ba­sed on these pro­vi­si­ons.

The HEY! Cof­fee shall no lon­ger pro­cess the per­so­nal data in the event of the ob­jec­tion, un­less we can de­mons­trate com­pel­ling le­gi­ti­mate grounds for the pro­ces­sing which over­ride the in­te­rests, rights and free­doms of the data sub­ject, or for the es­ta­blish­ment, ex­er­cise or de­fence of le­gal claims.

If the HEY! Cof­fee pro­ces­ses per­so­nal data for di­rect mar­ke­ting pur­po­ses, the data sub­ject shall have the right to ob­ject at any time to pro­ces­sing of per­so­nal data con­cerning him or her for such mar­ke­ting. This ap­p­lies to pro­filing to the extent that it is re­la­ted to such di­rect mar­ke­ting. If the data sub­ject ob­jects to the HEY! Cof­fee to the pro­ces­sing for di­rect mar­ke­ting pur­po­ses, the HEY! Cof­fee will no lon­ger pro­cess the per­so­nal data for these pur­po­ses.

In ad­di­tion, the data sub­ject has the right, on grounds re­la­ting to his or her par­ti­cu­lar si­tua­tion, to ob­ject to pro­ces­sing of per­so­nal data con­cerning him or her by the HEY! Cof­fee for sci­en­ti­fic or his­to­ri­cal re­se­arch pur­po­ses, or for sta­ti­s­ti­cal pur­po­ses pur­suant to Ar­ti­cle 89(1) of the GDPR, un­less the pro­ces­sing is ne­cessary for the per­for­mance of a task car­ried out for re­a­sons of pu­blic in­te­rest.

In or­der to ex­er­cise the right to ob­ject, the data sub­ject may con­tact any em­ployee of the HEY! Cof­fee. In ad­di­tion, the data sub­ject is free in the con­text of the use of in­for­ma­tion so­ciety ser­vices, and not­wi­th­stan­ding Di­rec­tive 2002/​​58/​​EC, to use his or her right to ob­ject by au­to­ma­ted me­ans using tech­ni­cal spe­ci­fi­ca­ti­ons.

 

h) Au­to­ma­ted in­di­vi­dual de­ci­sion-​ma­king, in­clu­ding pro­filing

Each data sub­ject shall have the right gran­ted by the Eu­ro­pean le­gis­la­tor not to be sub­ject to a de­ci­sion ba­sed so­lely on au­to­ma­ted pro­ces­sing, in­clu­ding pro­filing, which pro­du­ces le­gal ef­fects con­cerning him or her, or si­mi­larly si­gni­fi­cantly af­fects him or her, as long as the de­ci­sion (1) is not is ne­cessary for en­te­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and a data con­trol­ler, or (2) is not aut­ho­ri­sed by Union or Mem­ber State law to which the con­trol­ler is sub­ject and which also lays down sui­ta­ble me­a­su­res to safe­guard the data subject's rights and free­doms and le­gi­ti­mate in­te­rests, or (3) is not ba­sed on the data subject's ex­pli­cit con­sent.

If the de­ci­sion (1) is ne­cessary for en­te­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and a data con­trol­ler, or (2) it is ba­sed on the data subject's ex­pli­cit con­sent, the HEY! Cof­fee shall im­ple­ment sui­ta­ble me­a­su­res to safe­guard the data subject's rights and free­doms and le­gi­ti­mate in­te­rests, at least the right to ob­tain hu­man in­ter­ven­tion on the part of the con­trol­ler, to ex­press his or her point of view and con­test the de­ci­sion.

If the data sub­ject wis­hes to ex­er­cise the rights con­cerning au­to­ma­ted in­di­vi­dual de­ci­sion-​ma­king, he or she may, at any time, con­tact any em­ployee of the HEY! Cof­fee.

 

i) Right to wi­th­draw data pro­tec­tion con­sent

Each data sub­ject shall have the right gran­ted by the Eu­ro­pean le­gis­la­tor to wi­th­draw his or her con­sent to pro­ces­sing of his or her per­so­nal data at any time.

If the data sub­ject wis­hes to ex­er­cise the right to wi­th­draw the con­sent, he or she may, at any time, con­tact HEY! Cof­fee.

 

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­tion and use of Google Ana­lytics (with an­ony­miza­t­ion func­tion)

 

On this web­site, the con­trol­ler has in­te­gra­ted the com­po­nent of Google Ana­lytics (with the an­ony­mi­zer func­tion). Google Ana­lytics is a web ana­lytics ser­vice. Web ana­lytics is the collec­tion, gathe­ring, and ana­ly­sis of data about the be­ha­vior of vi­si­tors to web­sites. A web ana­ly­sis ser­vice collects, in­ter alia, data about the web­site from which a per­son has come (the so-​cal­led re­fer­rer), which sub-​pa­ges were vi­si­ted, or how of­ten and for what du­ra­tion a sub-page was viewed. Web ana­lytics are mainly used for the op­ti­miza­t­ion of a web­site and in or­der to carry out a cost-​be­ne­fit ana­ly­sis of In­ter­net ad­ver­ti­sing.

The ope­ra­tor of the Google Ana­lytics com­po­nent is Google Inc., 1600 Am­phi­thea­tre Pkwy, Moun­tain View, CA 94043-1351, United Sta­tes.

For the web ana­lytics through Google Ana­lytics the con­trol­ler uses the ap­p­li­ca­tion "_gat. _​a­n­ony­mi­zeIp". By me­ans of this ap­p­li­ca­tion the IP ad­dress of the In­ter­net con­nec­tion of the data sub­ject is ab­ridged by Google and an­ony­mi­sed when ac­ces­sing our web­sites from a Mem­ber State of the Eu­ro­pean Union or ano­ther Con­trac­ting State to the Agree­ment on the Eu­ro­pean Eco­no­mic Area.

The pur­pose of the Google Ana­lytics com­po­nent is to ana­lyze the traf­fic on our web­site. Google uses the collec­ted data and in­for­ma­tion, in­ter alia, to eva­luate the use of our web­site and to pro­vide on­line re­ports, which show the ac­tivi­ties on our web­sites, and to pro­vide other ser­vices con­cerning the use of our In­ter­net site for us.

Google Ana­lytics pla­ces a coo­kie on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject. The de­fi­ni­tion of coo­kies is ex­plai­ned above. With the set­ting of the coo­kie, Google is enab­led to ana­lyze the use of our web­site. With each call-up to one of the in­di­vi­dual pa­ges of this In­ter­net site, which is ope­ra­ted by the con­trol­ler and into which a Google Ana­lytics com­po­nent was in­te­gra­ted, the In­ter­net brow­ser on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject will au­to­ma­ti­cally sub­mit data through the Google Ana­lytics com­po­nent for the pur­pose of on­line ad­ver­ti­sing and the set­t­le­ment of com­mis­si­ons to Google. Du­ring the course of this tech­ni­cal pro­ce­dure, the en­t­er­prise Google gains know­ledge of per­so­nal in­for­ma­tion, such as the IP ad­dress of the data sub­ject, which ser­ves Google, in­ter alia, to un­der­stand the ori­gin of vi­si­tors and clicks, and sub­se­quently create com­mis­sion set­t­le­ments.

The coo­kie is used to store per­so­nal in­for­ma­tion, such as the ac­cess time, the lo­ca­tion from which the ac­cess was made, and the fre­quency of vi­sits of our web­site by the data sub­ject. With each vi­sit to our In­ter­net site, such per­so­nal data, in­clu­ding the IP ad­dress of the In­ter­net ac­cess used by the data sub­ject, will be trans­mit­ted to Google in the United Sta­tes of Ame­rica. These per­so­nal data are stored by Google in the United Sta­tes of Ame­rica. Google may pass these per­so­nal data collec­ted through the tech­ni­cal pro­ce­dure to third par­ties.

The data sub­ject may, as sta­ted above, prevent the set­ting of coo­kies through our web­site at any time by me­ans of a cor­re­spon­ding ad­just­ment of the web brow­ser used and thus per­man­ently deny the set­ting of coo­kies. Such an ad­just­ment to the In­ter­net brow­ser used would also prevent Google Ana­lytics from set­ting a coo­kie on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject. In ad­di­tion, coo­kies al­re­ady in use by Google Ana­lytics may be de­le­ted at any time via a web brow­ser or other soft­ware pro­grams.

In ad­di­tion, the data sub­ject has the pos­si­bi­lity of ob­jec­ting to a collec­tion of data that are ge­ne­ra­ted by Google Ana­lytics, which is re­la­ted to the use of this web­site, as well as the pro­ces­sing of this data by Google and the chance to pre­clude any such. For this pur­pose, the data sub­ject must down­load a brow­ser add-on un­der the link https://tools.google.com/dlpage/gaoptout and in­stall it. This brow­ser add-on tells Google Ana­lytics through a Ja­va­Script, that any data and in­for­ma­tion about the vi­sits of In­ter­net pa­ges may not be trans­mit­ted to Google Ana­lytics. The in­stal­la­tion of the brow­ser add-ons is con­side­red an ob­jec­tion by Google. If the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject is la­ter de­le­ted, for­mat­ted, or newly in­stal­led, then the data sub­ject must re­install the brow­ser add-ons to disa­ble Google Ana­lytics. If the brow­ser add-on was un­in­stal­led by the data sub­ject or any other per­son who is at­tri­bu­ta­ble to their sphere of com­pe­tence, or is disa­b­led, it is pos­si­ble to exe­cute the re­instal­la­tion or re­ac­tiva­tion of the brow­ser add-ons.

Fur­ther in­for­ma­tion and the ap­p­lica­ble data pro­tec­tion pro­vi­si­ons of Google may be re­trie­ved un­der https://www.google.com/intl/en/policies/privacy/​​ and un­der http://www.google.com/analytics/terms/us.html. Google Ana­lytics is fur­ther ex­plai­ned un­der the fol­lo­wing Link https://www.google.com/analytics/.

 

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­tion and use of Google-​Ad­Words

 

On this web­site, the con­trol­ler has in­te­gra­ted Google Ad­Words. Google Ad­Words is a ser­vice for In­ter­net ad­ver­ti­sing that al­lows the ad­ver­ti­ser to place ads in Google se­arch en­gine re­sults and the Google ad­ver­ti­sing net­work. Google Ad­Words al­lows an ad­ver­ti­ser to pre-​de­fine spe­ci­fic key­words with the help of which an ad on Google's se­arch re­sults only then dis­played, when the user uti­li­zes the se­arch en­gine to re­trieve a key­word-​re­le­vant se­arch re­sult. In the Google Ad­ver­ti­sing Net­work, the ads are dis­tri­buted on re­le­vant web pa­ges using an au­to­ma­tic al­go­rithm, ta­king into ac­count the pre­viously de­fi­ned key­words.

The ope­ra­ting com­pany of Google Ad­Words is Google Inc., 1600 Am­phi­thea­tre Pkwy, Moun­tain View, CA 94043-1351, UNITED STATES.

The pur­pose of Google Ad­Words is the pro­mo­tion of our web­site by the in­clu­sion of re­le­vant ad­ver­ti­sing on the web­sites of third par­ties and in the se­arch en­gine re­sults of the se­arch en­gine Google and an in­ser­tion of third-party ad­ver­ti­sing on our web­site.

If a data sub­ject reaches our web­site via a Google ad, a con­ver­sion coo­kie is filed on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject through Google. The de­fi­ni­tion of coo­kies is ex­plai­ned above. A con­ver­sion coo­kie lo­ses its va­li­dity af­ter 30 days and is not used to iden­tify the data sub­ject. If the coo­kie has not ex­pi­red, the con­ver­sion coo­kie is used to check whe­ther cer­tain sub-​pa­ges, e.g, the shop­ping cart from an on­line shop sys­tem, were cal­led up on our web­site. Through the con­ver­sion coo­kie, both Google and the con­trol­ler can un­der­stand whe­ther a per­son who reached an Ad­Words ad on our web­site ge­ne­ra­ted sa­les, that is, exe­cuted or can­ce­led a sale of goods.

The data and in­for­ma­tion collec­ted through the use of the con­ver­sion coo­kie is used by Google to create vi­sit sta­ti­s­tics for our web­site. These vi­sit sta­ti­s­tics are used in or­der to de­ter­mine the to­tal num­ber of users who have been ser­ved through Ad­Words ads to as­cer­tain the suc­cess or failure of each Ad­Words ad and to op­ti­mize our Ad­Words ads in the fu­ture. Neit­her our com­pany nor other Google Ad­Words ad­ver­ti­sers re­ceive in­for­ma­tion from Google that could iden­tify the data sub­ject.

The con­ver­sion coo­kie stores per­so­nal in­for­ma­tion, e.g. the In­ter­net pa­ges vi­si­ted by the data sub­ject. Each time we vi­sit our In­ter­net pa­ges, per­so­nal data, in­clu­ding the IP ad­dress of the In­ter­net ac­cess used by the data sub­ject, is trans­mit­ted to Google in the United Sta­tes of Ame­rica. These per­so­nal data are stored by Google in the United Sta­tes of Ame­rica. Google may pass these per­so­nal data collec­ted through the tech­ni­cal pro­ce­dure to third par­ties.

The data sub­ject may, at any time, prevent the set­ting of coo­kies by our web­site, as sta­ted above, by me­ans of a cor­re­spon­ding set­ting of the In­ter­net brow­ser used and thus per­man­ently deny the set­ting of coo­kies. Such a set­ting of the In­ter­net brow­ser used would also prevent Google from pla­c­ing a con­ver­sion coo­kie on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject. In ad­di­tion, a coo­kie set by Google Ad­Words may be de­le­ted at any time via the In­ter­net brow­ser or other soft­ware pro­grams.

The data sub­ject has a pos­si­bi­lity of ob­jec­ting to the in­te­rest ba­sed ad­ver­ti­se­ment of Google. The­re­fore, the data sub­ject must ac­cess from each of the brow­sers in use the link www.google.de/settings/ads and set the de­si­red set­tings.

Fur­ther in­for­ma­tion and the ap­p­lica­ble data pro­tec­tion pro­vi­si­ons of Google may be re­trie­ved un­der https://www.google.com/intl/en/policies/privacy/.

 

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­tion and use of Ma­tomo (for­merly Pi­wik)

 

On this web­site, the con­trol­ler has in­te­gra­ted the Ma­tomo com­po­nent. Ma­tomo is an open-source soft­ware tool for web ana­ly­sis. Web ana­ly­sis is the collec­tion, gathe­ring and eva­lua­tion of data on the be­ha­vior of vi­si­tors from In­ter­net sites. A web ana­ly­sis tool collects, in­ter alia, data on the web­site from which a data sub­ject came to a web­site (so-​cal­led re­fer­rer), which pa­ges of the web­site were ac­ces­sed or how of­ten and for which pe­riod of time a sub-page was viewed. A web ana­ly­sis is mainly used for the op­ti­miza­t­ion of a web­site and the cost-​be­ne­fit ana­ly­sis of In­ter­net ad­ver­ti­sing.

The soft­ware is ope­ra­ted on the ser­ver of the con­trol­ler, the data pro­tec­tion-​sen­si­tive log files are stored ex­clu­si­vely on this ser­ver.

The pur­pose of the Ma­tomo com­po­nent is the ana­ly­sis of the vi­si­tor flows on our web­site. The con­trol­ler uses the ob­tai­ned data and in­for­ma­tion, in­ter alia, to eva­luate the use of this web­site in or­der to com­pile on­line re­ports, which show the ac­tivi­ties on our In­ter­net pa­ges.

Ma­tomo sets a coo­kie on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject. The de­fi­ni­tion of coo­kies is ex­plai­ned above. With the set­ting of the coo­kie, an ana­ly­sis of the use of our web­site is enab­led. With each call-up to one of the in­di­vi­dual pa­ges of this web­site, the In­ter­net brow­ser on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject is au­to­ma­ti­cally through the Ma­tomo com­po­nent promp­ted to sub­mit data for the pur­pose of on­line ana­ly­sis to our ser­ver. Du­ring the course of this tech­ni­cal pro­ce­dure, we ob­tain know­ledge about per­so­nal in­for­ma­tion, such as the IP ad­dress of the data sub­ject, which ser­ves to un­der­stand the ori­gin of vi­si­tors and clicks.

The coo­kie is used to store per­so­nal in­for­ma­tion, such as the ac­cess time, the lo­ca­tion from which ac­cess was made, and the fre­quency of vi­sits to our web­site. With each vi­sit of our In­ter­net pa­ges, these per­so­nal data, in­clu­ding the IP ad­dress of the In­ter­net ac­cess used by the data sub­ject, are trans­fer­red to our ser­ver. These per­so­nal data will be stored by us. We do not for­ward this per­so­nal data to third par­ties.

The data sub­ject may, as sta­ted above, prevent the set­ting of coo­kies through our web­site at any time by me­ans of a cor­re­spon­ding ad­just­ment of the web brow­ser used and thus per­man­ently deny the set­ting of coo­kies. Such an ad­just­ment to the used In­ter­net brow­ser would also prevent Ma­tomo from set­ting a coo­kie on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject. In ad­di­tion, coo­kies al­re­ady in use by Ma­tomo may be de­le­ted at any time via a web brow­ser or other soft­ware pro­grams.

In ad­di­tion, the data sub­ject has the pos­si­bi­lity of ob­jec­ting to a collec­tion of data re­la­ting to a use of this In­ter­net site that are ge­ne­ra­ted by Ma­tomo as well as the pro­ces­sing of these data by Ma­tomo and the chance to pre­clude any such. For this, the data sub­ject must set a "Do Not Track" op­tion in the brow­ser.

With each set­ting of the opt-out coo­kie, howe­ver, there is the pos­si­bi­lity that the web­sites of the con­trol­ler are no lon­ger fully usa­ble for the data sub­ject.

Fur­ther in­for­ma­tion and the ap­p­lica­ble data pro­tec­tion pro­vi­si­ons of Ma­tomo may be re­trie­ved un­der https://matomo.org/privacy/​​.

 

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­tion and use of Face­book

 

On this web­site, the con­trol­ler has in­te­gra­ted com­po­n­ents of the en­t­er­prise Face­book. Face­book is a so­cial net­work.

A so­cial net­work is a place for so­cial mee­tings on the In­ter­net, an on­line com­mu­nity, which usually al­lows users to com­mu­ni­cate with each other and in­ter­act in a vir­tual space. A so­cial net­work may serve as a plat­form for the ex­ch­ange of opi­ni­ons and ex­pe­ri­en­ces, or enable the In­ter­net com­mu­nity to pro­vide per­so­nal or busi­ness-​re­la­ted in­for­ma­tion. Face­book al­lows so­cial net­work users to in­clude the crea­tion of pri­vate pro­files, upload pho­tos, and net­work through fri­end re­quests.

The ope­ra­ting com­pany of Face­book is Face­book, Inc., 1 Ha­cker Way, Menlo Park, CA 94025, United Sta­tes. If a per­son lives out­s­ide of the United Sta­tes or Ca­nada, the con­trol­ler is the Face­book Ire­land Ltd., 4 Grand Ca­nal Square, Grand Ca­nal Har­bour, Dub­lin 2, Ire­land.

With each call-up to one of the in­di­vi­dual pa­ges of this In­ter­net web­site, which is ope­ra­ted by the con­trol­ler and into which a Face­book com­po­nent (Face­book plug-ins) was in­te­gra­ted, the web brow­ser on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject is au­to­ma­ti­cally promp­ted to down­load dis­play of the cor­re­spon­ding Face­book com­po­nent from Face­book through the Face­book com­po­nent. An over­view of all the Face­book Plug-ins may be ac­ces­sed un­der https://developers.facebook.com/docs/plugins/​​. Du­ring the course of this tech­ni­cal pro­ce­dure, Face­book is made aware of what spe­ci­fic sub-site of our web­site was vi­si­ted by the data sub­ject.

If the data sub­ject is log­ged in at the same time on Face­book, Face­book de­tects with every call-up to our web­site by the data subject—and for the ent­ire du­ra­tion of their stay on our In­ter­net site—which spe­ci­fic sub-site of our In­ter­net page was vi­si­ted by the data sub­ject. This in­for­ma­tion is collec­ted through the Face­book com­po­nent and as­so­cia­ted with the re­spec­tive Face­book ac­count of the data sub­ject. If the data sub­ject clicks on one of the Face­book but­tons in­te­gra­ted into our web­site, e.g. the "Like" but­ton, or if the data sub­ject sub­mits a com­ment, then Face­book matches this in­for­ma­tion with the per­so­nal Face­book user ac­count of the data sub­ject and stores the per­so­nal data.

Face­book al­ways re­cei­ves, through the Face­book com­po­nent, in­for­ma­tion about a vi­sit to our web­site by the data sub­ject, whe­ne­ver the data sub­ject is log­ged in at the same time on Face­book du­ring the time of the call-up to our web­site. This oc­curs re­gard­less of whe­ther the data sub­ject clicks on the Face­book com­po­nent or not. If such a trans­mis­sion of in­for­ma­tion to Face­book is not de­si­ra­ble for the data sub­ject, then he or she may prevent this by log­ging off from their Face­book ac­count be­fore a call-up to our web­site is made.

The data pro­tec­tion gui­de­line pu­blis­hed by Face­book, which is avail­able at https://facebook.com/about/privacy/, pro­vi­des in­for­ma­tion about the collec­tion, pro­ces­sing and use of per­so­nal data by Face­book. In ad­di­tion, it is ex­plai­ned there what set­ting op­ti­ons Face­book of­fers to pro­tect the pri­vacy of the data sub­ject. In ad­di­tion, dif­fe­rent con­fi­gu­ra­tion op­ti­ons are made avail­able to al­low the eli­mi­na­tion of data trans­mis­sion to Face­book. These ap­p­li­ca­ti­ons may be used by the data sub­ject to eli­mi­nate a data trans­mis­sion to Face­book.

 

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­tion and use of Ins­ta­gram

 

On this web­site, the con­trol­ler has in­te­gra­ted com­po­n­ents of the ser­vice Ins­ta­gram. Ins­ta­gram is a ser­vice that may be qua­li­fied as an au­dio­vi­sual plat­form, which al­lows users to share pho­tos and vi­deos, as well as dis­se­mi­nate such data in other so­cial net­works.

The ope­ra­ting com­pany of the ser­vices of­fe­red by Ins­ta­gram is Ins­ta­gram LLC, 1 Ha­cker Way, Buil­ding 14 First Floor, Menlo Park, CA, UNITED STATES.

With each call-up to one of the in­di­vi­dual pa­ges of this In­ter­net site, which is ope­ra­ted by the con­trol­ler and on which an Ins­ta­gram com­po­nent (Insta but­ton) was in­te­gra­ted, the In­ter­net brow­ser on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject is au­to­ma­ti­cally promp­ted to the down­load of a dis­play of the cor­re­spon­ding Ins­ta­gram com­po­nent of Ins­ta­gram. Du­ring the course of this tech­ni­cal pro­ce­dure, Ins­ta­gram be­co­mes aware of what spe­ci­fic sub-page of our web­site was vi­si­ted by the data sub­ject.

If the data sub­ject is log­ged in at the same time on Ins­ta­gram, Ins­ta­gram de­tects with every call-up to our web­site by the data subject—and for the ent­ire du­ra­tion of their stay on our In­ter­net site—which spe­ci­fic sub-page of our In­ter­net page was vi­si­ted by the data sub­ject. This in­for­ma­tion is collec­ted through the Ins­ta­gram com­po­nent and is as­so­cia­ted with the re­spec­tive Ins­ta­gram ac­count of the data sub­ject. If the data sub­ject clicks on one of the Ins­ta­gram but­tons in­te­gra­ted on our web­site, then Ins­ta­gram matches this in­for­ma­tion with the per­so­nal Ins­ta­gram user ac­count of the data sub­ject and stores the per­so­nal data.

Ins­ta­gram re­cei­ves in­for­ma­tion via the Ins­ta­gram com­po­nent that the data sub­ject has vi­si­ted our web­site pro­vi­ded that the data sub­ject is log­ged in at Ins­ta­gram at the time of the call to our web­site. This oc­curs re­gard­less of whe­ther the per­son clicks on the Ins­ta­gram but­ton or not. If such a trans­mis­sion of in­for­ma­tion to Ins­ta­gram is not de­si­ra­ble for the data sub­ject, then he or she can prevent this by log­ging off from their Ins­ta­gram ac­count be­fore a call-up to our web­site is made.

Fur­ther in­for­ma­tion and the ap­p­lica­ble data pro­tec­tion pro­vi­si­ons of Ins­ta­gram may be re­trie­ved un­der https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

 

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­tion and use of Pin­te­rest

 

On this web­site, the con­trol­ler has in­te­gra­ted com­po­n­ents of Pin­te­rest Inc. Pin­te­rest is a so-​cal­led so­cial net­work. A so­cial net­work is an In­ter­net so­cial mee­ting place, an on­line com­mu­nity that al­lows users to com­mu­ni­cate and in­ter­act with each other in a vir­tual space. A so­cial net­work may serve as a plat­form for the ex­ch­ange of opi­ni­ons and ex­pe­ri­en­ces, or al­low the In­ter­net com­mu­nity to pro­vide per­so­nal or com­pany-​re­la­ted in­for­ma­tion. Pin­te­rest enables the users of the so­cial net­work to pu­blish, in­ter alia, pic­ture collec­tions and in­di­vi­dual pic­tu­res as well as de­scrip­ti­ons on vir­tual pin­boards (so-​cal­led pins), which can then be sha­red by other user's (so-​cal­led re-pins) or com­men­ted on.

The ope­ra­ting com­pany of Pin­te­rest is Pin­te­rest Inc., 808 Bran­nan Street, San Fran­cisco, CA 94103, UNITED STATES.

With each call-up to one of the in­di­vi­dual pa­ges of this In­ter­net site, which is ope­ra­ted by the con­trol­ler and on which a Pin­te­rest com­po­nent (Pin­te­rest plug-in) was in­te­gra­ted, the In­ter­net brow­ser on the in­for­ma­tion tech­no­logy sys­tem of the data sub­ject au­to­ma­ti­cally promp­ted to down­load through the re­spec­tive Pin­te­rest com­po­nent a dis­play of the cor­re­spon­ding Pin­te­rest com­po­nent. Fur­ther in­for­ma­tion on Pin­te­rest is avail­able un­der https://pinterest.com/​​. Du­ring the course of this tech­ni­cal pro­ce­dure, Pin­te­rest gains know­ledge of what spe­ci­fic sub-page of our web­site is vi­si­ted by the data sub­ject.

If the data sub­ject is log­ged in at the same time on Pin­te­rest, Pin­te­rest de­tects with every call-up to our web­site by the data subject—and for the ent­ire du­ra­tion of their stay on our In­ter­net site—which spe­ci­fic sub-page of our In­ter­net page was vi­si­ted by the data sub­ject. This in­for­ma­tion is collec­ted through the Pin­te­rest com­po­nent and as­so­cia­ted with the re­spec­tive Pin­te­rest ac­count of the data sub­ject. If the data sub­ject clicks on one of the Pin­te­rest but­tons, in­te­gra­ted on our web­site, then Pin­te­rest as­signs this in­for­ma­tion to the per­so­nal Pin­te­rest user ac­count of the data sub­ject and stores the per­so­nal data.

Pin­te­rest re­cei­ves in­for­ma­tion via the Pin­te­rest com­po­nent that the data sub­ject has vi­si­ted our web­site, pro­vi­ded that the data sub­ject is log­ged in at Pin­te­rest at the time of the call-up to our web­site. This oc­curs re­gard­less of whe­ther the per­son clicks on the Pin­te­rest com­po­nent or not. If such a trans­mis­sion of in­for­ma­tion to Pin­te­rest is not de­si­ra­ble for the data sub­ject, then he or she may prevent this by log­ging off from their Pin­te­rest ac­count be­fore a call-up to our web­site is made.

The data pro­tec­tion gui­de­line pu­blis­hed by Pin­te­rest, which is avail­able un­der https://about.pinterest.com/privacy-policy, pro­vi­des in­for­ma­tion on the collec­tion, pro­ces­sing and use of per­so­nal data by Pin­te­rest.

 

Le­gal ba­sis for the pro­ces­sing

 

Art. 6(1) lit. a GDPR ser­ves as the le­gal ba­sis for pro­ces­sing ope­ra­ti­ons for which we ob­tain con­sent for a spe­ci­fic pro­ces­sing pur­pose. If the pro­ces­sing of per­so­nal data is ne­cessary for the per­for­mance of a con­tract to which the data sub­ject is party, as is the case, for ex­ample, when pro­ces­sing ope­ra­ti­ons are ne­cessary for the sup­ply of goods or to pro­vide any other ser­vice, the pro­ces­sing is ba­sed on Ar­ti­cle 6(1) lit. b GDPR. The same ap­p­lies to such pro­ces­sing ope­ra­ti­ons which are ne­cessary for car­ry­ing out pre-​con­trac­tual me­a­su­res, for ex­ample in the case of in­qui­ries con­cerning our pro­ducts or ser­vices. Is our com­pany sub­ject to a le­gal ob­li­ga­tion by which pro­ces­sing of per­so­nal data is re­qui­red, such as for the ful­fill­ment of tax ob­li­ga­ti­ons, the pro­ces­sing is ba­sed on Art. 6(1) lit. c GDPR. In rare ca­ses, the pro­ces­sing of per­so­nal data may be ne­cessary to pro­tect the vi­tal in­te­rests of the data sub­ject or of ano­ther na­tu­ral per­son. This would be the case, for ex­ample, if a vi­si­tor were in­ju­red in our com­pany and his name, age, health in­surance data or other vi­tal in­for­ma­tion would have to be pas­sed on to a doc­tor, hos­pi­tal or other third party. Then the pro­ces­sing would be ba­sed on Art. 6(1) lit. d GDPR. Fi­nally, pro­ces­sing ope­ra­ti­ons could be ba­sed on Ar­ti­cle 6(1) lit. f GDPR. This le­gal ba­sis is used for pro­ces­sing ope­ra­ti­ons which are not co­ve­red by any of the above­men­tio­ned le­gal grounds, if pro­ces­sing is ne­cessary for the pur­po­ses of the le­gi­ti­mate in­te­rests pur­sued by our com­pany or by a third party, ex­cept where such in­te­rests are over­rid­den by the in­te­rests or fun­da­men­tal rights and free­doms of the data sub­ject which re­quire pro­tec­tion of per­so­nal data. Such pro­ces­sing ope­ra­ti­ons are par­ti­cu­larly per­mis­si­ble be­cause they have been spe­ci­fi­cally men­tio­ned by the Eu­ro­pean le­gis­la­tor. He con­side­red that a le­gi­ti­mate in­te­rest could be as­su­med if the data sub­ject is a cli­ent of the con­trol­ler (Re­ci­tal 47 Sen­tence 2 GDPR).

 

Pe­riod for which the per­so­nal data will be stored

 

The cri­te­ria used to de­ter­mine the pe­riod of sto­rage of per­so­nal data is the re­spec­tive sta­tu­tory re­ten­tion pe­riod. Af­ter ex­pi­ra­tion of that pe­riod, the cor­re­spon­ding data is rou­ti­nely de­le­ted, as long as it is no lon­ger ne­cessary for the ful­fill­ment of the con­tract or the in­itia­tion of a con­tract.

 

We cla­rify that the pro­vi­sion of per­so­nal data is partly re­qui­red by law (e.g. tax re­gu­la­ti­ons) or can also re­sult from con­trac­tual pro­vi­si­ons (e.g. in­for­ma­tion on the con­trac­tual part­ner). So­me­ti­mes it may be ne­cessary to con­clude a con­tract that the data sub­ject pro­vi­des us with per­so­nal data, which must sub­se­quently be pro­ces­sed by us. The data sub­ject is, for ex­ample, ob­li­ged to pro­vide us with per­so­nal data when our com­pany signs a con­tract with him or her. The non-​pro­vi­sion of the per­so­nal data would have the con­se­quence that the con­tract with the data sub­ject could not be con­clu­ded. Be­fore per­so­nal data is pro­vi­ded by the data sub­ject, the data sub­ject must con­tact any em­ployee. The em­ployee cla­ri­fies to the data sub­ject whe­ther the pro­vi­sion of the per­so­nal data is re­qui­red by law or con­tract or is ne­cessary for the con­clu­sion of the con­tract, whe­ther there is an ob­li­ga­tion to pro­vide the per­so­nal data and the con­se­quen­ces of non-​pro­vi­sion of the per­so­nal data.