Privacy Policy

Data pro­tec­tion

We are very de­light­ed that you have shown in­te­rest in our en­ter­pri­se. Data pro­tec­tion is of a par­ti­cu­lar­ly high prio­ri­ty for the ma­nage­ment of the HEY! Cof­fee. The use of the In­ter­net pa­ges of the HEY! Cof­fee is pos­si­ble wi­t­hout any in­di­ca­ti­on of per­so­nal data; howe­ver, if a data sub­ject wants to use spe­cial en­ter­pri­se ser­vices via our web­site, pro­ces­sing of per­so­nal data could be­co­me ne­cessa­ry. If the pro­ces­sing of per­so­nal data is ne­cessa­ry and the­re is no sta­tuto­ry ba­sis for such pro­ces­sing, we ge­ne­ral­ly ob­tain con­sent from the data sub­ject.

The pro­ces­sing of per­so­nal data, such as the name, ad­dress, e-mail ad­dress, or te­le­pho­ne num­ber of a data sub­ject shall al­ways be in line with the Ge­ne­ral Data Pro­tec­tion Re­gu­la­ti­on (GDPR), and in ac­cordance with the coun­try-spe­ci­fic data pro­tec­tion re­gu­la­ti­ons ap­p­li­ca­ble to the HEY! Cof­fee. By me­ans of this data pro­tec­tion de­cla­ra­ti­on, our en­ter­pri­se would like to in­form the ge­ne­ral pu­blic of the na­tu­re, scope, and pur­po­se of the per­so­nal data we collect, use and pro­cess. Fur­ther­mo­re, data sub­jec­ts are in­for­med, by me­ans of this data pro­tec­tion de­cla­ra­ti­on, of the rights to which they are en­t­it­led.

As the con­trol­ler, the HEY! Cof­fee has im­ple­men­ted nu­me­rous tech­ni­cal and or­ga­ni­za­tio­nal mea­su­res to en­su­re the most com­ple­te pro­tec­tion of per­so­nal data pro­ces­sed through this web­site. Howe­ver, In­ter­net-ba­sed data trans­mis­si­ons may in princip­le have se­cu­ri­ty gaps, so ab­so­lu­te pro­tec­tion may not be gua­ran­te­ed. For this rea­son, every data sub­ject is free to trans­fer per­so­nal data to us via al­ter­na­ti­ve me­ans, e.g. by te­le­pho­ne.

Con­trol­ler for the pur­po­ses of the Ge­ne­ral Data Pro­tec­tion Re­gu­la­ti­on (GDPR), other data pro­tec­tion laws ap­p­li­ca­ble in Mem­ber sta­tes of the Eu­ropean Uni­on and other pro­vi­si­ons re­la­ted to data pro­tec­tion is:

HEY! Cof­fee

Met­zer Stra­ße 21

50677 Köln

Ger­ma­ny

Web­site: www.hey-coffee.de

Coo­kies

The In­ter­net pa­ges of the HEY! Cof­fee use coo­kies. Coo­kies are text files that are stored in a com­pu­ter sys­tem via an In­ter­net brow­ser.

Many In­ter­net sites and ser­vers use coo­kies. Many coo­kies con­tain a so-cal­led coo­kie ID. A coo­kie ID is a uni­que iden­ti­fier of the coo­kie. It con­sists of a cha­rac­ter string through which In­ter­net pa­ges and ser­vers can be as­si­gned to the spe­ci­fic In­ter­net brow­ser in which the coo­kie was stored. This al­lows vi­si­ted In­ter­net sites and ser­vers to dif­fe­ren­tia­te the in­di­vi­du­al brow­ser of the dats sub­ject from other In­ter­net brow­sers that con­tain other coo­kies. A spe­ci­fic In­ter­net brow­ser can be re­co­gni­zed and iden­ti­fied using the uni­que coo­kie ID.

Through the use of coo­kies, the HEY! Cof­fee can pro­vi­de the users of this web­site with more user-fri­end­ly ser­vices that would not be pos­si­ble wi­t­hout the coo­kie set­ting.

By me­ans of a coo­kie, the in­for­ma­ti­on and of­fers on our web­site can be op­ti­mi­zed with the user in mind. Coo­kies al­low us, as pre­vious­ly men­tio­ned, to re­co­gni­ze our web­site users. The pur­po­se of this re­co­gni­ti­on is to make it ea­sier for users to uti­li­ze our web­site. The web­site user that uses coo­kies, e.g. does not have to en­ter ac­cess data each time the web­site is ac­ces­sed, be­cau­se this is ta­ken over by the web­site, and the coo­kie is thus stored on the user's com­pu­ter sys­tem. Ano­t­her examp­le is the coo­kie of a shop­ping cart in an on­line shop. The on­line store re­mem­bers the ar­ti­cles that a custo­mer has pla­ced in the vir­tu­al shop­ping cart via a coo­kie.

The data sub­ject may, at any time, pre­vent the set­ting of coo­kies through our web­site by me­ans of a cor­re­spon­ding set­ting of the In­ter­net brow­ser used, and may thus per­man­ent­ly deny the set­ting of coo­kies. Fur­ther­mo­re, al­rea­dy set coo­kies may be de­le­ted at any time via an In­ter­net brow­ser or other soft­ware pro­grams. This is pos­si­ble in all po­pu­lar In­ter­net brow­sers. If the data sub­ject de­ac­tiva­tes the set­ting of coo­kies in the In­ter­net brow­ser used, not all func­tions of our web­site may be en­t­i­re­ly us­able.

Collec­tion of ge­ne­ral data and in­for­ma­ti­on

The web­site of the HEY! Cof­fee collec­ts a se­ries of ge­ne­ral data and in­for­ma­ti­on when a data sub­ject or au­to­ma­ted sys­tem calls up the web­site. This ge­ne­ral data and in­for­ma­ti­on are stored in the ser­ver log files. Collec­ted may be

Brow­ser type /​ brow­ser ver­si­on
Ope­ra­ting sys­tem used
re­fer­rer URL
Host name of ac­ces­sing com­pu­ter
Time of ser­ver re­quest

When using the­se ge­ne­ral data and in­for­ma­ti­on, the HEY! Cof­fee does not draw any con­clu­si­ons about the data sub­ject. Ra­ther, this in­for­ma­ti­on is nee­ded to (1) de­li­ver the con­tent of our web­site cor­rec­t­ly, (2) op­ti­mi­ze the con­tent of our web­site as well as its ad­ver­ti­se­ment, (3) en­su­re the long-term via­bi­li­ty of our in­for­ma­ti­on tech­no­lo­gy sys­tems and web­site tech­no­lo­gy, and (4) pro­vi­de law en­force­ment aut­ho­ri­ties with the in­for­ma­ti­on ne­cessa­ry for cri­mi­nal pro­se­cu­ti­on in case of a cy­ber-at­tack. The­re­fo­re, the HEY! Cof­fee ana­ly­zes an­ony­mously collec­ted data and in­for­ma­ti­on sta­tis­ti­cal­ly, with the aim of in­crea­sing the data pro­tec­tion and data se­cu­ri­ty of our en­ter­pri­se, and to en­su­re an op­ti­mal le­vel of pro­tec­tion for the per­so­nal data we pro­cess. The an­ony­mous data of the ser­ver log files are stored se­pa­r­ate­ly from all per­so­nal data pro­vi­ded by a data sub­ject.

Con­tact pos­si­bi­li­ty via the web­site

The web­site of the HEY! Cof­fee con­tains in­for­ma­ti­on that en­ab­les a quick elec­tro­nic con­tact to our en­ter­pri­se, as well as di­rect com­mu­ni­ca­ti­on with us, which also in­clu­des a ge­ne­ral ad­dress of the so-cal­led elec­tro­nic mail (e-mail ad­dress). If a data sub­ject con­tac­ts the con­trol­ler by e-mail or via a con­tact form, the per­so­nal data trans­mit­ted by the data sub­ject are au­to­ma­ti­cal­ly stored. Such per­so­nal data trans­mit­ted on a vol­un­ta­ry ba­sis by a data sub­ject to the data con­trol­ler are stored for the pur­po­se of pro­ces­sing or con­tac­ting the data sub­ject. The­re is no trans­fer of this per­so­nal data to third par­ties.

Sub­scrip­ti­on to our news­let­ter

On the web­site of the HEY! Cof­fee, users are gi­ven the op­por­tu­ni­ty to sub­scri­be to our enterprise's news­let­ter. The in­put mask used for this pur­po­se de­ter­mi­nes what per­so­nal data are trans­mit­ted, as well as when the news­let­ter is or­de­red from the con­trol­ler.

HEY! Cof­fee in­forms its custo­mers and busi­ness part­ners re­gu­lar­ly by me­ans of a news­let­ter about en­ter­pri­se of­fers. The enterprise's news­let­ter may only be re­cei­ved by the data sub­ject if (1) the data sub­ject has a va­lid e-mail ad­dress and (2) the data sub­ject re­gis­ters for the news­let­ter ship­ping. A con­fir­ma­ti­on e-mail will be sent to the e-mail ad­dress re­gis­te­red by a data sub­ject for the first time for news­let­ter ship­ping, for le­gal rea­sons, in the dou­ble opt-in pro­ce­du­re. This con­fir­ma­ti­on e-mail is used to pro­ve whe­ther the ow­ner of the e-mail ad­dress as the data sub­ject is aut­ho­ri­zed to re­cei­ve the news­let­ter.

Du­ring the re­gis­tra­ti­on for the news­let­ter, we also store the IP ad­dress of the com­pu­ter sys­tem as­si­gned by the In­ter­net ser­vice pro­vi­der (ISP) and used by the data sub­ject at the time of the re­gis­tra­ti­on, as well as the date and time of the re­gis­tra­ti­on. The collec­tion of this data is ne­cessa­ry in or­der to un­der­stand the (pos­si­ble) misu­se of the e-mail ad­dress of a data sub­ject at a la­ter date, and it the­re­fo­re ser­ves the aim of the le­gal pro­tec­tion of the con­trol­ler.

The per­so­nal data collec­ted as part of a re­gis­tra­ti­on for the news­let­ter will only be used to send our news­let­ter. In ad­di­ti­on, sub­scri­bers to the news­let­ter may be in­for­med by e-mail, as long as this is ne­cessa­ry for the ope­ra­ti­on of the news­let­ter ser­vice or a re­gis­tra­ti­on in ques­ti­on, as this could be the case in the event of mo­di­fi­ca­ti­ons to the news­let­ter of­fer, or in the event of a chan­ge in tech­ni­cal cir­cum­s­tan­ces. The­re will be no trans­fer of per­so­nal data collec­ted by the news­let­ter ser­vice to third par­ties. The sub­scrip­ti­on to our news­let­ter may be ter­mi­na­ted by the data sub­ject at any time. The con­sent to the sto­rage of per­so­nal data, which the data sub­ject has gi­ven for ship­ping the news­let­ter, may be re­vo­ked at any time. For the pur­po­se of re­vo­ca­ti­on of con­sent, a cor­re­spon­ding link is found in each news­let­ter. It is also pos­si­ble to un­sub­scri­be from the news­let­ter at any time di­rec­t­ly on the web­site of the con­trol­ler, or to com­mu­ni­ca­te this to the con­trol­ler in a dif­fe­rent way.

News­let­ter-Tracking

The news­let­ter of the HEY! Cof­fee con­tains so-cal­led tracking pi­xels. A tracking pi­xel is a mi­nia­tu­re gra­phic em­bed­ded in such e-mails, which are sent in HTML for­mat to en­ab­le log file re­cord­ing and ana­ly­sis. This al­lows a sta­tis­ti­cal ana­ly­sis of the suc­cess or fail­u­re of on­line mar­ke­ting cam­pai­gns. Ba­sed on the em­bed­ded tracking pi­xel, the HEY! Cof­fee may see if and when an e-mail was ope­ned by a data sub­ject, and which links in the e-mail were cal­led up by data sub­jec­ts.

Such per­so­nal data collec­ted in the tracking pi­xels con­tai­ned in the news­let­ters are stored and ana­ly­zed by the con­trol­ler in or­der to op­ti­mi­ze the ship­ping of the news­let­ter, as well as to ad­apt the con­tent of fu­ture news­let­ters even bet­ter to the in­te­rests of the data sub­ject. The­se per­so­nal data will not be pas­sed on to third par­ties. Data sub­jec­ts are at any time en­t­it­led to re­vo­ke the re­spec­tive se­pa­ra­te de­cla­ra­ti­on of con­sent is­sued by me­ans of the dou­ble-opt-in pro­ce­du­re. Af­ter a re­vo­ca­ti­on, the­se per­so­nal data will be de­le­ted by the con­trol­ler. The HEY! Cof­fee au­to­ma­ti­cal­ly re­gards a wi­th­dra­wal from the re­ce­ipt of the news­let­ter as a re­vo­ca­ti­on.

Rou­ti­ne era­su­re and blo­cking of per­so­nal data

The data con­trol­ler shall pro­cess and store the per­so­nal data of the data sub­ject only for the pe­ri­od ne­cessa­ry to achie­ve the pur­po­se of sto­rage, or as far as this is gran­ted by the Eu­ropean le­gis­la­tor or other le­gis­la­tors in laws or re­gu­la­ti­ons to which the con­trol­ler is sub­ject to. If the sto­rage pur­po­se is not ap­p­li­ca­ble, or if a sto­rage pe­ri­od pre­scri­bed by the Eu­ropean le­gis­la­tor or ano­t­her com­pe­tent le­gis­la­tor ex­pi­res, the per­so­nal data are rou­ti­ne­ly blo­cked or era­sed in ac­cordance with le­gal re­qui­re­ments.

Rights of the data sub­ject

a) Right of con­fir­ma­ti­on

Each data sub­ject shall have the right gran­ted by the Eu­ropean le­gis­la­tor to ob­tain from the con­trol­ler the con­fir­ma­ti­on as to whe­ther or not per­so­nal data con­cer­ning him or her are being pro­ces­sed. If a data sub­ject wis­hes to avail him­s­elf of this right of con­fir­ma­ti­on, he or she may, at any time, con­tact any em­ployee of the con­trol­ler.

b) Right of ac­cess

Each data sub­ject shall have the right gran­ted by the Eu­ropean le­gis­la­tor to ob­tain from the con­trol­ler free in­for­ma­ti­on about his or her per­so­nal data stored at any time and a copy of this in­for­ma­ti­on. Fur­ther­mo­re, the Eu­ropean di­rec­tives and re­gu­la­ti­ons grant the data sub­ject ac­cess to the fol­lo­wing in­for­ma­ti­on:

the pur­po­ses of the pro­ces­sing;

the ca­te­go­ries of per­so­nal data con­cer­ned;

the re­ci­pi­ents or ca­te­go­ries of re­ci­pi­ents to whom the per­so­nal data have been or will be dis­c­lo­sed, in par­ti­cu­lar re­ci­pi­ents in third coun­tries or in­ter­na­tio­nal or­ga­ni­sa­ti­ons;

whe­re pos­si­ble, the en­vi­sa­ged pe­ri­od for which the per­so­nal data will be stored, or, if not pos­si­ble, the cri­te­ria used to de­ter­mi­ne that pe­ri­od;

the exis­tence of the right to re­quest from the con­trol­ler rec­tifi­ca­ti­on or era­su­re of per­so­nal data, or restric­tion of pro­ces­sing of per­so­nal data con­cer­ning the data sub­ject, or to ob­ject to such pro­ces­sing;

the exis­tence of the right to lodge a com­p­laint with a su­per­vi­so­ry aut­ho­ri­ty;

whe­re the per­so­nal data are not collec­ted from the data sub­ject, any avail­ab­le in­for­ma­ti­on as to their source;

the exis­tence of au­to­ma­ted de­cisi­on-ma­king, in­clu­ding pro­filing, re­fer­red to in Ar­ti­cle 22(1) and (4) of the GDPR and, at least in tho­se ca­ses, me­a­ning­ful in­for­ma­ti­on about the lo­gic in­vol­ved, as well as the si­gni­fi­can­ce and en­vi­sa­ged con­se­quen­ces of such pro­ces­sing for the data sub­ject.

Fur­ther­mo­re, the data sub­ject shall have a right to ob­tain in­for­ma­ti­on as to whe­ther per­so­nal data are trans­fer­red to a third coun­try or to an in­ter­na­tio­nal or­ga­ni­sa­ti­on. Whe­re this is the case, the data sub­ject shall have the right to be in­for­med of the ap­pro­pria­te safe­guards re­la­ting to the trans­fer.

If a data sub­ject wis­hes to avail him­s­elf of this right of ac­cess, he or she may, at any time, con­tact any em­ployee of the con­trol­ler.

c) Right to rec­tifi­ca­ti­on

Each data sub­ject shall have the right gran­ted by the Eu­ropean le­gis­la­tor to ob­tain from the con­trol­ler wi­t­hout un­due de­lay the rec­tifi­ca­ti­on of in­ac­cu­ra­te per­so­nal data con­cer­ning him or her. Ta­king into ac­count the pur­po­ses of the pro­ces­sing, the data sub­ject shall have the right to have in­com­ple­te per­so­nal data com­ple­ted, in­clu­ding by me­ans of pro­vi­ding a sup­ple­men­ta­ry state­ment.

If a data sub­ject wis­hes to ex­er­ci­se this right to rec­tifi­ca­ti­on, he or she may, at any time, con­tact any em­ployee of the con­trol­ler.

d) Right to era­su­re (Right to be for­got­ten)

Each data sub­ject shall have the right gran­ted by the Eu­ropean le­gis­la­tor to ob­tain from the con­trol­ler the era­su­re of per­so­nal data con­cer­ning him or her wi­t­hout un­due de­lay, and the con­trol­ler shall have the ob­li­ga­ti­on to era­se per­so­nal data wi­t­hout un­due de­lay whe­re one of the fol­lo­wing grounds ap­p­lies, as long as the pro­ces­sing is not ne­cessa­ry:

The per­so­nal data are no lon­ger ne­cessa­ry in re­la­ti­on to the pur­po­ses for which they were collec­ted or other­wi­se pro­ces­sed.

The data sub­ject wi­th­draws con­sent to which the pro­ces­sing is ba­sed ac­cord­ing to point (a) of Ar­ti­cle 6(1) of the GDPR, or point (a) of Ar­ti­cle 9(2) of the GDPR, and whe­re the­re is no other le­gal ground for the pro­ces­sing.

The data sub­ject ob­jec­ts to the pro­ces­sing pur­suant to Ar­ti­cle 21(1) of the GDPR and the­re are no over­ri­ding le­gi­ti­ma­te grounds for the pro­ces­sing, or the data sub­ject ob­jec­ts to the pro­ces­sing pur­suant to Ar­ti­cle 21(2) of the GDPR.

The per­so­nal data have been un­law­ful­ly pro­ces­sed.

The per­so­nal data must be era­sed for com­pli­an­ce with a le­gal ob­li­ga­ti­on in Uni­on or Mem­ber Sta­te law to which the con­trol­ler is sub­ject.

The per­so­nal data have been collec­ted in re­la­ti­on to the of­fer of in­for­ma­ti­on so­cie­ty ser­vices re­fer­red to in Ar­ti­cle 8(1) of the GDPR.

If one of the afo­re­men­tio­ned rea­sons ap­p­lies, and a data sub­ject wis­hes to re­quest the era­su­re of per­so­nal data stored by the HEY! Cof­fee, he or she may, at any time, con­tact any em­ployee of the con­trol­ler. An em­ployee of HEY! Cof­fee shall prompt­ly en­su­re that the era­su­re re­quest is com­plied with im­me­dia­te­ly.

Whe­re the con­trol­ler has made per­so­nal data pu­blic and is ob­li­ged pur­suant to Ar­ti­cle 17(1) to era­se the per­so­nal data, the con­trol­ler, ta­king ac­count of avail­ab­le tech­no­lo­gy and the cost of im­ple­men­ta­ti­on, shall take rea­son­ab­le steps, in­clu­ding tech­ni­cal mea­su­res, to in­form other con­trol­lers pro­ces­sing the per­so­nal data that the data sub­ject has re­quested era­su­re by such con­trol­lers of any links to, or copy or re­pli­ca­ti­on of, tho­se per­so­nal data, as far as pro­ces­sing is not re­qui­red. An em­ployees of the HEY! Cof­fee will ar­ran­ge the ne­cessa­ry mea­su­res in in­di­vi­du­al ca­ses.

e) Right of restric­tion of pro­ces­sing

Each data sub­ject shall have the right gran­ted by the Eu­ropean le­gis­la­tor to ob­tain from the con­trol­ler restric­tion of pro­ces­sing whe­re one of the fol­lo­wing ap­p­lies:

The ac­cu­ra­cy of the per­so­nal data is con­tested by the data sub­ject, for a pe­ri­od en­ab­ling the con­trol­ler to ve­ri­fy the ac­cu­ra­cy of the per­so­nal data.

The pro­ces­sing is un­law­ful and the data sub­ject op­po­ses the era­su­re of the per­so­nal data and re­quests in­s­tead the restric­tion of their use in­s­tead.

The con­trol­ler no lon­ger needs the per­so­nal data for the pur­po­ses of the pro­ces­sing, but they are re­qui­red by the data sub­ject for the es­tab­lish­ment, ex­er­ci­se or de­fence of le­gal claims.

The data sub­ject has ob­jec­ted to pro­ces­sing pur­suant to Ar­ti­cle 21(1) of the GDPR pen­ding the ve­ri­fi­ca­ti­on whe­ther the le­gi­ti­ma­te grounds of the con­trol­ler over­ri­de tho­se of the data sub­ject.

If one of the afo­re­men­tio­ned con­di­ti­ons is met, and a data sub­ject wis­hes to re­quest the restric­tion of the pro­ces­sing of per­so­nal data stored by the HEY! Cof­fee, he or she may at any time con­tact any em­ployee of the con­trol­ler. The em­ployee of the HEY! Cof­fee will ar­ran­ge the restric­tion of the pro­ces­sing.

f) Right to data por­ta­bi­li­ty

Each data sub­ject shall have the right gran­ted by the Eu­ropean le­gis­la­tor, to re­cei­ve the per­so­nal data con­cer­ning him or her, which was pro­vi­ded to a con­trol­ler, in a struc­tu­red, com­mon­ly used and ma­chi­ne-read­a­ble for­mat. He or she shall have the right to trans­mit tho­se data to ano­t­her con­trol­ler wi­t­hout hin­dran­ce from the con­trol­ler to which the per­so­nal data have been pro­vi­ded, as long as the pro­ces­sing is ba­sed on con­sent pur­suant to point (a) of Ar­ti­cle 6(1) of the GDPR or point (a) of Ar­ti­cle 9(2) of the GDPR, or on a con­tract pur­suant to point (b) of Ar­ti­cle 6(1) of the GDPR, and the pro­ces­sing is car­ri­ed out by au­to­ma­ted me­ans, as long as the pro­ces­sing is not ne­cessa­ry for the per­for­mance of a task car­ri­ed out in the pu­blic in­te­rest or in the ex­er­ci­se of of­fi­ci­al aut­ho­ri­ty vested in the con­trol­ler.

Fur­ther­mo­re, in ex­er­cis­ing his or her right to data por­ta­bi­li­ty pur­suant to Ar­ti­cle 20(1) of the GDPR, the data sub­ject shall have the right to have per­so­nal data trans­mit­ted di­rec­t­ly from one con­trol­ler to ano­t­her, whe­re tech­ni­cal­ly fe­a­si­ble and when do­ing so does not ad­ver­se­ly af­fect the rights and free­doms of others.

In or­der to as­sert the right to data por­ta­bi­li­ty, the data sub­ject may at any time con­tact any em­ployee of the HEY! Cof­fee.

g) Right to ob­ject

Each data sub­ject shall have the right gran­ted by the Eu­ropean le­gis­la­tor to ob­ject, on grounds re­la­ting to his or her par­ti­cu­lar si­tua­ti­on, at any time, to pro­ces­sing of per­so­nal data con­cer­ning him or her, which is ba­sed on point (e) or (f) of Ar­ti­cle 6(1) of the GDPR. This also ap­p­lies to pro­filing ba­sed on the­se pro­vi­si­ons.

The HEY! Cof­fee shall no lon­ger pro­cess the per­so­nal data in the event of the ob­jec­tion, un­less we can de­mons­tra­te com­pel­ling le­gi­ti­ma­te grounds for the pro­ces­sing which over­ri­de the in­te­rests, rights and free­doms of the data sub­ject, or for the es­tab­lish­ment, ex­er­ci­se or de­fence of le­gal claims.

If the HEY! Cof­fee pro­ces­ses per­so­nal data for di­rect mar­ke­ting pur­po­ses, the data sub­ject shall have the right to ob­ject at any time to pro­ces­sing of per­so­nal data con­cer­ning him or her for such mar­ke­ting. This ap­p­lies to pro­filing to the extent that it is re­la­ted to such di­rect mar­ke­ting. If the data sub­ject ob­jec­ts to the HEY! Cof­fee to the pro­ces­sing for di­rect mar­ke­ting pur­po­ses, the HEY! Cof­fee will no lon­ger pro­cess the per­so­nal data for the­se pur­po­ses.

In ad­di­ti­on, the data sub­ject has the right, on grounds re­la­ting to his or her par­ti­cu­lar si­tua­ti­on, to ob­ject to pro­ces­sing of per­so­nal data con­cer­ning him or her by the HEY! Cof­fee for sci­en­ti­fic or his­to­ri­cal re­se­arch pur­po­ses, or for sta­tis­ti­cal pur­po­ses pur­suant to Ar­ti­cle 89(1) of the GDPR, un­less the pro­ces­sing is ne­cessa­ry for the per­for­mance of a task car­ri­ed out for rea­sons of pu­blic in­te­rest.

In or­der to ex­er­ci­se the right to ob­ject, the data sub­ject may con­tact any em­ployee of the HEY! Cof­fee. In ad­di­ti­on, the data sub­ject is free in the con­text of the use of in­for­ma­ti­on so­cie­ty ser­vices, and not­wi­th­stan­ding Di­rec­tive 2002/​58/​EC, to use his or her right to ob­ject by au­to­ma­ted me­ans using tech­ni­cal spe­ci­fi­ca­ti­ons.

h) Au­to­ma­ted in­di­vi­du­al de­cisi­on-ma­king, in­clu­ding pro­filing

Each data sub­ject shall have the right gran­ted by the Eu­ropean le­gis­la­tor not to be sub­ject to a de­cisi­on ba­sed so­le­ly on au­to­ma­ted pro­ces­sing, in­clu­ding pro­filing, which pro­du­ces le­gal ef­fec­ts con­cer­ning him or her, or si­mi­lar­ly si­gni­fi­cant­ly af­fec­ts him or her, as long as the de­cisi­on (1) is not is ne­cessa­ry for en­t­e­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and a data con­trol­ler, or (2) is not aut­ho­ri­sed by Uni­on or Mem­ber Sta­te law to which the con­trol­ler is sub­ject and which also lays down sui­ta­ble mea­su­res to safe­guard the data subject's rights and free­doms and le­gi­ti­ma­te in­te­rests, or (3) is not ba­sed on the data subject's ex­pli­cit con­sent.

If the de­cisi­on (1) is ne­cessa­ry for en­t­e­ring into, or the per­for­mance of, a con­tract bet­ween the data sub­ject and a data con­trol­ler, or (2) it is ba­sed on the data subject's ex­pli­cit con­sent, the HEY! Cof­fee shall im­ple­ment sui­ta­ble mea­su­res to safe­guard the data subject's rights and free­doms and le­gi­ti­ma­te in­te­rests, at least the right to ob­tain hu­man in­ter­ven­ti­on on the part of the con­trol­ler, to ex­press his or her point of view and con­test the de­cisi­on.

If the data sub­ject wis­hes to ex­er­ci­se the rights con­cer­ning au­to­ma­ted in­di­vi­du­al de­cisi­on-ma­king, he or she may, at any time, con­tact any em­ployee of the HEY! Cof­fee.

i) Right to wi­th­draw data pro­tec­tion con­sent

Each data sub­ject shall have the right gran­ted by the Eu­ropean le­gis­la­tor to wi­th­draw his or her con­sent to pro­ces­sing of his or her per­so­nal data at any time.

If the data sub­ject wis­hes to ex­er­ci­se the right to wi­th­draw the con­sent, he or she may, at any time, con­tact HEY! Cof­fee.

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­ti­on and use of Goog­le Ana­ly­tics (with an­ony­mi­za­ti­on func­tion)

On this web­site, the con­trol­ler has in­te­gra­ted the com­po­nent of Goog­le Ana­ly­tics (with the an­ony­mi­zer func­tion). Goog­le Ana­ly­tics is a web ana­ly­tics ser­vice. Web ana­ly­tics is the collec­tion, gathe­ring, and ana­ly­sis of data about the be­ha­vi­or of vi­si­tors to web­sites. A web ana­ly­sis ser­vice collec­ts, in­ter alia, data about the web­site from which a per­son has come (the so-cal­led re­fer­rer), which sub-pa­ges were vi­si­ted, or how of­ten and for what du­ra­ti­on a sub-page was view­ed. Web ana­ly­tics are main­ly used for the op­ti­mi­za­ti­on of a web­site and in or­der to car­ry out a cost-be­ne­fit ana­ly­sis of In­ter­net ad­ver­ti­sing.

The ope­ra­tor of the Goog­le Ana­ly­tics com­po­nent is Goog­le Inc., 1600 Am­phi­thea­t­re Pkwy, Moun­tain View, CA 94043-1351, United Sta­tes.

For the web ana­ly­tics through Goog­le Ana­ly­tics the con­trol­ler uses the ap­p­li­ca­ti­on "_​gat. _​anonymizeIp". By me­ans of this ap­p­li­ca­ti­on the IP ad­dress of the In­ter­net con­nec­tion of the data sub­ject is ab­rid­ged by Goog­le and an­ony­mi­sed when ac­ces­sing our web­sites from a Mem­ber Sta­te of the Eu­ropean Uni­on or ano­t­her Con­trac­ting Sta­te to the Agree­ment on the Eu­ropean Eco­no­mic Area.

The pur­po­se of the Goog­le Ana­ly­tics com­po­nent is to ana­ly­ze the traf­fic on our web­site. Goog­le uses the collec­ted data and in­for­ma­ti­on, in­ter alia, to eva­lua­te the use of our web­site and to pro­vi­de on­line re­ports, which show the ac­tivi­ties on our web­sites, and to pro­vi­de other ser­vices con­cer­ning the use of our In­ter­net site for us.

Goog­le Ana­ly­tics pla­ces a coo­kie on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject. The de­fi­ni­ti­on of coo­kies is ex­p­lai­ned above. With the set­ting of the coo­kie, Goog­le is en­ab­led to ana­ly­ze the use of our web­site. With each call-up to one of the in­di­vi­du­al pa­ges of this In­ter­net site, which is ope­ra­ted by the con­trol­ler and into which a Goog­le Ana­ly­tics com­po­nent was in­te­gra­ted, the In­ter­net brow­ser on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject will au­to­ma­ti­cal­ly sub­mit data through the Goog­le Ana­ly­tics com­po­nent for the pur­po­se of on­line ad­ver­ti­sing and the sett­le­ment of com­mis­si­ons to Goog­le. Du­ring the cour­se of this tech­ni­cal pro­ce­du­re, the en­ter­pri­se Goog­le gains know­ledge of per­so­nal in­for­ma­ti­on, such as the IP ad­dress of the data sub­ject, which ser­ves Goog­le, in­ter alia, to un­der­stand the ori­gin of vi­si­tors and clicks, and sub­se­quent­ly crea­te com­mis­si­on sett­le­ments.

The coo­kie is used to store per­so­nal in­for­ma­ti­on, such as the ac­cess time, the lo­ca­ti­on from which the ac­cess was made, and the fre­quen­cy of vi­sits of our web­site by the data sub­ject. With each vi­sit to our In­ter­net site, such per­so­nal data, in­clu­ding the IP ad­dress of the In­ter­net ac­cess used by the data sub­ject, will be trans­mit­ted to Goog­le in the United Sta­tes of Ame­ri­ca. The­se per­so­nal data are stored by Goog­le in the United Sta­tes of Ame­ri­ca. Goog­le may pass the­se per­so­nal data collec­ted through the tech­ni­cal pro­ce­du­re to third par­ties.

The data sub­ject may, as sta­ted above, pre­vent the set­ting of coo­kies through our web­site at any time by me­ans of a cor­re­spon­ding ad­just­ment of the web brow­ser used and thus per­man­ent­ly deny the set­ting of coo­kies. Such an ad­just­ment to the In­ter­net brow­ser used would also pre­vent Goog­le Ana­ly­tics from set­ting a coo­kie on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject. In ad­di­ti­on, coo­kies al­rea­dy in use by Goog­le Ana­ly­tics may be de­le­ted at any time via a web brow­ser or other soft­ware pro­grams.

In ad­di­ti­on, the data sub­ject has the pos­si­bi­li­ty of ob­jec­ting to a collec­tion of data that are ge­ne­ra­ted by Goog­le Ana­ly­tics, which is re­la­ted to the use of this web­site, as well as the pro­ces­sing of this data by Goog­le and the chan­ce to pre­clu­de any such. For this pur­po­se, the data sub­ject must down­load a brow­ser add-on un­der the link https://tools.google.com/dlpage/gaoptout and in­stall it. This brow­ser add-on tells Goog­le Ana­ly­tics through a Ja­va­Script, that any data and in­for­ma­ti­on about the vi­sits of In­ter­net pa­ges may not be trans­mit­ted to Goog­le Ana­ly­tics. The in­stal­la­ti­on of the brow­ser add-ons is con­si­de­red an ob­jec­tion by Goog­le. If the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is la­ter de­le­ted, for­mat­ted, or new­ly in­stal­led, then the data sub­ject must re­install the brow­ser add-ons to dis­able Goog­le Ana­ly­tics. If the brow­ser add-on was un­in­stal­led by the data sub­ject or any other per­son who is at­tri­bu­ta­ble to their sphe­re of com­pe­tence, or is dis­ab­led, it is pos­si­ble to exe­cu­te the re­instal­la­ti­on or re­ac­tiva­ti­on of the brow­ser add-ons.

Fur­ther in­for­ma­ti­on and the ap­p­li­ca­ble data pro­tec­tion pro­vi­si­ons of Goog­le may be re­trie­ved un­der https://www.google.com/intl/en/policies/privacy/​ and un­der http://www.google.com/analytics/terms/us.html. Goog­le Ana­ly­tics is fur­ther ex­p­lai­ned un­der the fol­lo­wing Link https://www.google.com/analytics/.

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­ti­on and use of Goog­le-Ad­Words

On this web­site, the con­trol­ler has in­te­gra­ted Goog­le Ad­Words. Goog­le Ad­Words is a ser­vice for In­ter­net ad­ver­ti­sing that al­lows the ad­ver­ti­ser to place ads in Goog­le se­arch en­gi­ne re­sults and the Goog­le ad­ver­ti­sing net­work. Goog­le Ad­Words al­lows an ad­ver­ti­ser to pre-de­fi­ne spe­ci­fic key­words with the help of which an ad on Google's se­arch re­sults only then dis­play­ed, when the user uti­li­zes the se­arch en­gi­ne to re­trie­ve a key­word-re­le­vant se­arch re­sult. In the Goog­le Ad­ver­ti­sing Net­work, the ads are dis­tri­bu­t­ed on re­le­vant web pa­ges using an au­to­ma­tic al­go­rithm, ta­king into ac­count the pre­vious­ly de­fi­ned key­words.

The ope­ra­ting com­pa­ny of Goog­le Ad­Words is Goog­le Inc., 1600 Am­phi­thea­t­re Pkwy, Moun­tain View, CA 94043-1351, UNITED STATES.

The pur­po­se of Goog­le Ad­Words is the pro­mo­ti­on of our web­site by the in­clu­si­on of re­le­vant ad­ver­ti­sing on the web­sites of third par­ties and in the se­arch en­gi­ne re­sults of the se­arch en­gi­ne Goog­le and an in­ser­ti­on of third-par­ty ad­ver­ti­sing on our web­site.

If a data sub­ject reaches our web­site via a Goog­le ad, a con­ver­si­on coo­kie is fi­led on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject through Goog­le. The de­fi­ni­ti­on of coo­kies is ex­p­lai­ned above. A con­ver­si­on coo­kie lo­ses its va­li­di­ty af­ter 30 days and is not used to iden­ti­fy the data sub­ject. If the coo­kie has not ex­pi­red, the con­ver­si­on coo­kie is used to check whe­ther cer­tain sub-pa­ges, e.g, the shop­ping cart from an on­line shop sys­tem, were cal­led up on our web­site. Through the con­ver­si­on coo­kie, both Goog­le and the con­trol­ler can un­der­stand whe­ther a per­son who reached an Ad­Words ad on our web­site ge­ne­ra­ted sa­les, that is, exe­cu­t­ed or can­ce­led a sale of goods.

The data and in­for­ma­ti­on collec­ted through the use of the con­ver­si­on coo­kie is used by Goog­le to crea­te vi­sit sta­tis­tics for our web­site. The­se vi­sit sta­tis­tics are used in or­der to de­ter­mi­ne the to­tal num­ber of users who have been ser­ved through Ad­Words ads to as­cer­tain the suc­cess or fail­u­re of each Ad­Words ad and to op­ti­mi­ze our Ad­Words ads in the fu­ture. Neit­her our com­pa­ny nor other Goog­le Ad­Words ad­ver­ti­sers re­cei­ve in­for­ma­ti­on from Goog­le that could iden­ti­fy the data sub­ject.

The con­ver­si­on coo­kie stores per­so­nal in­for­ma­ti­on, e.g. the In­ter­net pa­ges vi­si­ted by the data sub­ject. Each time we vi­sit our In­ter­net pa­ges, per­so­nal data, in­clu­ding the IP ad­dress of the In­ter­net ac­cess used by the data sub­ject, is trans­mit­ted to Goog­le in the United Sta­tes of Ame­ri­ca. The­se per­so­nal data are stored by Goog­le in the United Sta­tes of Ame­ri­ca. Goog­le may pass the­se per­so­nal data collec­ted through the tech­ni­cal pro­ce­du­re to third par­ties.

The data sub­ject may, at any time, pre­vent the set­ting of coo­kies by our web­site, as sta­ted above, by me­ans of a cor­re­spon­ding set­ting of the In­ter­net brow­ser used and thus per­man­ent­ly deny the set­ting of coo­kies. Such a set­ting of the In­ter­net brow­ser used would also pre­vent Goog­le from pla­cing a con­ver­si­on coo­kie on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject. In ad­di­ti­on, a coo­kie set by Goog­le Ad­Words may be de­le­ted at any time via the In­ter­net brow­ser or other soft­ware pro­grams.

The data sub­ject has a pos­si­bi­li­ty of ob­jec­ting to the in­te­rest ba­sed ad­ver­ti­se­ment of Goog­le. The­re­fo­re, the data sub­ject must ac­cess from each of the brow­sers in use the link www.google.de/settings/ads and set the de­si­red set­tings.

Fur­ther in­for­ma­ti­on and the ap­p­li­ca­ble data pro­tec­tion pro­vi­si­ons of Goog­le may be re­trie­ved un­der https://www.google.com/intl/en/policies/privacy/.

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­ti­on and use of Ma­tomo (form­er­ly Pi­wik)

On this web­site, the con­trol­ler has in­te­gra­ted the Ma­tomo com­po­nent. Ma­tomo is an open-source soft­ware tool for web ana­ly­sis. Web ana­ly­sis is the collec­tion, gathe­ring and eva­lua­ti­on of data on the be­ha­vi­or of vi­si­tors from In­ter­net sites. A web ana­ly­sis tool collec­ts, in­ter alia, data on the web­site from which a data sub­ject came to a web­site (so-cal­led re­fer­rer), which pa­ges of the web­site were ac­ces­sed or how of­ten and for which pe­ri­od of time a sub-page was view­ed. A web ana­ly­sis is main­ly used for the op­ti­mi­za­ti­on of a web­site and the cost-be­ne­fit ana­ly­sis of In­ter­net ad­ver­ti­sing.

The soft­ware is ope­ra­ted on the ser­ver of the con­trol­ler, the data pro­tec­tion-sen­si­ti­ve log files are stored ex­clu­si­ve­ly on this ser­ver.

The pur­po­se of the Ma­tomo com­po­nent is the ana­ly­sis of the vi­si­tor flows on our web­site. The con­trol­ler uses the ob­tai­ned data and in­for­ma­ti­on, in­ter alia, to eva­lua­te the use of this web­site in or­der to com­pi­le on­line re­ports, which show the ac­tivi­ties on our In­ter­net pa­ges.

Ma­tomo sets a coo­kie on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject. The de­fi­ni­ti­on of coo­kies is ex­p­lai­ned above. With the set­ting of the coo­kie, an ana­ly­sis of the use of our web­site is en­ab­led. With each call-up to one of the in­di­vi­du­al pa­ges of this web­site, the In­ter­net brow­ser on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is au­to­ma­ti­cal­ly through the Ma­tomo com­po­nent promp­ted to sub­mit data for the pur­po­se of on­line ana­ly­sis to our ser­ver. Du­ring the cour­se of this tech­ni­cal pro­ce­du­re, we ob­tain know­ledge about per­so­nal in­for­ma­ti­on, such as the IP ad­dress of the data sub­ject, which ser­ves to un­der­stand the ori­gin of vi­si­tors and clicks.

The coo­kie is used to store per­so­nal in­for­ma­ti­on, such as the ac­cess time, the lo­ca­ti­on from which ac­cess was made, and the fre­quen­cy of vi­sits to our web­site. With each vi­sit of our In­ter­net pa­ges, the­se per­so­nal data, in­clu­ding the IP ad­dress of the In­ter­net ac­cess used by the data sub­ject, are trans­fer­red to our ser­ver. The­se per­so­nal data will be stored by us. We do not for­ward this per­so­nal data to third par­ties.

The data sub­ject may, as sta­ted above, pre­vent the set­ting of coo­kies through our web­site at any time by me­ans of a cor­re­spon­ding ad­just­ment of the web brow­ser used and thus per­man­ent­ly deny the set­ting of coo­kies. Such an ad­just­ment to the used In­ter­net brow­ser would also pre­vent Ma­tomo from set­ting a coo­kie on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject. In ad­di­ti­on, coo­kies al­rea­dy in use by Ma­tomo may be de­le­ted at any time via a web brow­ser or other soft­ware pro­grams.

In ad­di­ti­on, the data sub­ject has the pos­si­bi­li­ty of ob­jec­ting to a collec­tion of data re­la­ting to a use of this In­ter­net site that are ge­ne­ra­ted by Ma­tomo as well as the pro­ces­sing of the­se data by Ma­tomo and the chan­ce to pre­clu­de any such. For this, the data sub­ject must set a "Do Not Track" op­ti­on in the brow­ser.

With each set­ting of the opt-out coo­kie, howe­ver, the­re is the pos­si­bi­li­ty that the web­sites of the con­trol­ler are no lon­ger ful­ly us­able for the data sub­ject.

Fur­ther in­for­ma­ti­on and the ap­p­li­ca­ble data pro­tec­tion pro­vi­si­ons of Ma­tomo may be re­trie­ved un­der https://matomo.org/privacy/​.

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­ti­on and use of Face­book

On this web­site, the con­trol­ler has in­te­gra­ted com­pon­ents of the en­ter­pri­se Face­book. Face­book is a so­ci­al net­work.

A so­ci­al net­work is a place for so­ci­al mee­tings on the In­ter­net, an on­line com­mu­ni­ty, which usual­ly al­lows users to com­mu­ni­ca­te with each other and in­ter­act in a vir­tu­al space. A so­ci­al net­work may ser­ve as a plat­form for the ex­chan­ge of opi­ni­ons and ex­pe­ri­en­ces, or en­ab­le the In­ter­net com­mu­ni­ty to pro­vi­de per­so­nal or busi­ness-re­la­ted in­for­ma­ti­on. Face­book al­lows so­ci­al net­work users to in­clu­de the crea­ti­on of pri­va­te pro­files, upload pho­tos, and net­work through fri­end re­quests.

The ope­ra­ting com­pa­ny of Face­book is Face­book, Inc., 1 Ha­cker Way, Men­lo Park, CA 94025, United Sta­tes. If a per­son lives out­si­de of the United Sta­tes or Ca­na­da, the con­trol­ler is the Face­book Ire­land Ltd., 4 Grand Ca­nal Squa­re, Grand Ca­nal Har­bour, Dub­lin 2, Ire­land.

With each call-up to one of the in­di­vi­du­al pa­ges of this In­ter­net web­site, which is ope­ra­ted by the con­trol­ler and into which a Face­book com­po­nent (Face­book plug-ins) was in­te­gra­ted, the web brow­ser on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is au­to­ma­ti­cal­ly promp­ted to down­load dis­play of the cor­re­spon­ding Face­book com­po­nent from Face­book through the Face­book com­po­nent. An over­view of all the Face­book Plug-ins may be ac­ces­sed un­der https://developers.facebook.com/docs/plugins/​. Du­ring the cour­se of this tech­ni­cal pro­ce­du­re, Face­book is made awa­re of what spe­ci­fic sub-site of our web­site was vi­si­ted by the data sub­ject.

If the data sub­ject is log­ged in at the same time on Face­book, Face­book de­tec­ts with every call-up to our web­site by the data subject—and for the en­t­i­re du­ra­ti­on of their stay on our In­ter­net site—which spe­ci­fic sub-site of our In­ter­net page was vi­si­ted by the data sub­ject. This in­for­ma­ti­on is collec­ted through the Face­book com­po­nent and as­so­cia­ted with the re­spec­tive Face­book ac­count of the data sub­ject. If the data sub­ject clicks on one of the Face­book but­tons in­te­gra­ted into our web­site, e.g. the "Like" but­ton, or if the data sub­ject sub­mits a com­ment, then Face­book matches this in­for­ma­ti­on with the per­so­nal Face­book user ac­count of the data sub­ject and stores the per­so­nal data.

Face­book al­ways re­cei­ves, through the Face­book com­po­nent, in­for­ma­ti­on about a vi­sit to our web­site by the data sub­ject, whenever the data sub­ject is log­ged in at the same time on Face­book du­ring the time of the call-up to our web­site. This oc­curs re­gard­less of whe­ther the data sub­ject clicks on the Face­book com­po­nent or not. If such a trans­mis­si­on of in­for­ma­ti­on to Face­book is not de­si­ra­ble for the data sub­ject, then he or she may pre­vent this by log­ging off from their Face­book ac­count be­fo­re a call-up to our web­site is made.

The data pro­tec­tion gui­de­li­ne pu­blished by Face­book, which is avail­ab­le at https://facebook.com/about/privacy/, pro­vi­des in­for­ma­ti­on about the collec­tion, pro­ces­sing and use of per­so­nal data by Face­book. In ad­di­ti­on, it is ex­p­lai­ned the­re what set­ting op­ti­ons Face­book of­fers to pro­tect the pri­va­cy of the data sub­ject. In ad­di­ti­on, dif­fe­rent con­fi­gu­ra­ti­on op­ti­ons are made avail­ab­le to al­low the eli­mi­na­ti­on of data trans­mis­si­on to Face­book. The­se ap­p­li­ca­ti­ons may be used by the data sub­ject to eli­mi­na­te a data trans­mis­si­on to Face­book.

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­ti­on and use of In­sta­gram

On this web­site, the con­trol­ler has in­te­gra­ted com­pon­ents of the ser­vice In­sta­gram. In­sta­gram is a ser­vice that may be qua­li­fied as an au­dio­vi­su­al plat­form, which al­lows users to sha­re pho­tos and vi­de­os, as well as dis­se­mi­na­te such data in other so­ci­al net­works.

The ope­ra­ting com­pa­ny of the ser­vices of­fe­red by In­sta­gram is In­sta­gram LLC, 1 Ha­cker Way, Buil­ding 14 First Floor, Men­lo Park, CA, UNITED STATES.

With each call-up to one of the in­di­vi­du­al pa­ges of this In­ter­net site, which is ope­ra­ted by the con­trol­ler and on which an In­sta­gram com­po­nent (Ins­ta but­ton) was in­te­gra­ted, the In­ter­net brow­ser on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject is au­to­ma­ti­cal­ly promp­ted to the down­load of a dis­play of the cor­re­spon­ding In­sta­gram com­po­nent of In­sta­gram. Du­ring the cour­se of this tech­ni­cal pro­ce­du­re, In­sta­gram be­co­mes awa­re of what spe­ci­fic sub-page of our web­site was vi­si­ted by the data sub­ject.

If the data sub­ject is log­ged in at the same time on In­sta­gram, In­sta­gram de­tec­ts with every call-up to our web­site by the data subject—and for the en­t­i­re du­ra­ti­on of their stay on our In­ter­net site—which spe­ci­fic sub-page of our In­ter­net page was vi­si­ted by the data sub­ject. This in­for­ma­ti­on is collec­ted through the In­sta­gram com­po­nent and is as­so­cia­ted with the re­spec­tive In­sta­gram ac­count of the data sub­ject. If the data sub­ject clicks on one of the In­sta­gram but­tons in­te­gra­ted on our web­site, then In­sta­gram matches this in­for­ma­ti­on with the per­so­nal In­sta­gram user ac­count of the data sub­ject and stores the per­so­nal data.

In­sta­gram re­cei­ves in­for­ma­ti­on via the In­sta­gram com­po­nent that the data sub­ject has vi­si­ted our web­site pro­vi­ded that the data sub­ject is log­ged in at In­sta­gram at the time of the call to our web­site. This oc­curs re­gard­less of whe­ther the per­son clicks on the In­sta­gram but­ton or not. If such a trans­mis­si­on of in­for­ma­ti­on to In­sta­gram is not de­si­ra­ble for the data sub­ject, then he or she can pre­vent this by log­ging off from their In­sta­gram ac­count be­fo­re a call-up to our web­site is made.

Fur­ther in­for­ma­ti­on and the ap­p­li­ca­ble data pro­tec­tion pro­vi­si­ons of In­sta­gram may be re­trie­ved un­der https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

 

Data pro­tec­tion pro­vi­si­ons about the ap­p­li­ca­ti­on and use of Pin­te­rest

On this web­site, the con­trol­ler has in­te­gra­ted com­pon­ents of Pin­te­rest Inc. Pin­te­rest is a so-cal­led so­ci­al net­work. A so­ci­al net­work is an In­ter­net so­ci­al mee­ting place, an on­line com­mu­ni­ty that al­lows users to com­mu­ni­ca­te and in­ter­act with each other in a vir­tu­al space. A so­ci­al net­work may ser­ve as a plat­form for the ex­chan­ge of opi­ni­ons and ex­pe­ri­en­ces, or al­low the In­ter­net com­mu­ni­ty to pro­vi­de per­so­nal or com­pa­ny-re­la­ted in­for­ma­ti­on. Pin­te­rest en­ab­les the users of the so­ci­al net­work to pu­blish, in­ter alia, pic­tu­re collec­tions and in­di­vi­du­al pic­tures as well as de­scrip­ti­ons on vir­tu­al pin­boards (so-cal­led pins), which can then be sha­red by other user's (so-cal­led re-pins) or com­men­ted on.

The ope­ra­ting com­pa­ny of Pin­te­rest is Pin­te­rest Inc., 808 Brann­an Street, San Fran­cis­co, CA 94103, UNITED STATES.

With each call-up to one of the in­di­vi­du­al pa­ges of this In­ter­net site, which is ope­ra­ted by the con­trol­ler and on which a Pin­te­rest com­po­nent (Pin­te­rest plug-in) was in­te­gra­ted, the In­ter­net brow­ser on the in­for­ma­ti­on tech­no­lo­gy sys­tem of the data sub­ject au­to­ma­ti­cal­ly promp­ted to down­load through the re­spec­tive Pin­te­rest com­po­nent a dis­play of the cor­re­spon­ding Pin­te­rest com­po­nent. Fur­ther in­for­ma­ti­on on Pin­te­rest is avail­ab­le un­der https://pinterest.com/​. Du­ring the cour­se of this tech­ni­cal pro­ce­du­re, Pin­te­rest gains know­ledge of what spe­ci­fic sub-page of our web­site is vi­si­ted by the data sub­ject.

If the data sub­ject is log­ged in at the same time on Pin­te­rest, Pin­te­rest de­tec­ts with every call-up to our web­site by the data subject—and for the en­t­i­re du­ra­ti­on of their stay on our In­ter­net site—which spe­ci­fic sub-page of our In­ter­net page was vi­si­ted by the data sub­ject. This in­for­ma­ti­on is collec­ted through the Pin­te­rest com­po­nent and as­so­cia­ted with the re­spec­tive Pin­te­rest ac­count of the data sub­ject. If the data sub­ject clicks on one of the Pin­te­rest but­tons, in­te­gra­ted on our web­site, then Pin­te­rest as­signs this in­for­ma­ti­on to the per­so­nal Pin­te­rest user ac­count of the data sub­ject and stores the per­so­nal data.

Pin­te­rest re­cei­ves in­for­ma­ti­on via the Pin­te­rest com­po­nent that the data sub­ject has vi­si­ted our web­site, pro­vi­ded that the data sub­ject is log­ged in at Pin­te­rest at the time of the call-up to our web­site. This oc­curs re­gard­less of whe­ther the per­son clicks on the Pin­te­rest com­po­nent or not. If such a trans­mis­si­on of in­for­ma­ti­on to Pin­te­rest is not de­si­ra­ble for the data sub­ject, then he or she may pre­vent this by log­ging off from their Pin­te­rest ac­count be­fo­re a call-up to our web­site is made.

The data pro­tec­tion gui­de­li­ne pu­blished by Pin­te­rest, which is avail­ab­le un­der https://about.pinterest.com/privacy-policy, pro­vi­des in­for­ma­ti­on on the collec­tion, pro­ces­sing and use of per­so­nal data by Pin­te­rest.

Le­gal ba­sis for the pro­ces­sing

Art. 6(1) lit. a GDPR ser­ves as the le­gal ba­sis for pro­ces­sing ope­ra­ti­ons for which we ob­tain con­sent for a spe­ci­fic pro­ces­sing pur­po­se. If the pro­ces­sing of per­so­nal data is ne­cessa­ry for the per­for­mance of a con­tract to which the data sub­ject is par­ty, as is the case, for examp­le, when pro­ces­sing ope­ra­ti­ons are ne­cessa­ry for the sup­ply of goods or to pro­vi­de any other ser­vice, the pro­ces­sing is ba­sed on Ar­ti­cle 6(1) lit. b GDPR. The same ap­p­lies to such pro­ces­sing ope­ra­ti­ons which are ne­cessa­ry for car­ry­ing out pre-con­trac­tu­al mea­su­res, for examp­le in the case of in­qui­ries con­cer­ning our pro­duc­ts or ser­vices. Is our com­pa­ny sub­ject to a le­gal ob­li­ga­ti­on by which pro­ces­sing of per­so­nal data is re­qui­red, such as for the ful­fill­ment of tax ob­li­ga­ti­ons, the pro­ces­sing is ba­sed on Art. 6(1) lit. c GDPR. In rare ca­ses, the pro­ces­sing of per­so­nal data may be ne­cessa­ry to pro­tect the vi­tal in­te­rests of the data sub­ject or of ano­t­her na­tu­ral per­son. This would be the case, for examp­le, if a vi­si­tor were in­ju­red in our com­pa­ny and his name, age, health insuran­ce data or other vi­tal in­for­ma­ti­on would have to be pas­sed on to a doc­tor, hos­pi­tal or other third par­ty. Then the pro­ces­sing would be ba­sed on Art. 6(1) lit. d GDPR. Fi­nal­ly, pro­ces­sing ope­ra­ti­ons could be ba­sed on Ar­ti­cle 6(1) lit. f GDPR. This le­gal ba­sis is used for pro­ces­sing ope­ra­ti­ons which are not co­ve­r­ed by any of the above­men­tio­ned le­gal grounds, if pro­ces­sing is ne­cessa­ry for the pur­po­ses of the le­gi­ti­ma­te in­te­rests pur­sued by our com­pa­ny or by a third par­ty, ex­cept whe­re such in­te­rests are over­rid­den by the in­te­rests or fun­da­men­tal rights and free­doms of the data sub­ject which re­qui­re pro­tec­tion of per­so­nal data. Such pro­ces­sing ope­ra­ti­ons are par­ti­cu­lar­ly per­mis­si­ble be­cau­se they have been spe­ci­fi­cal­ly men­tio­ned by the Eu­ropean le­gis­la­tor. He con­si­de­red that a le­gi­ti­ma­te in­te­rest could be as­su­med if the data sub­ject is a cli­ent of the con­trol­ler (Re­ci­tal 47 Sen­tence 2 GDPR).

Pe­ri­od for which the per­so­nal data will be stored

The cri­te­ria used to de­ter­mi­ne the pe­ri­od of sto­rage of per­so­nal data is the re­spec­tive sta­tuto­ry re­ten­ti­on pe­ri­od. Af­ter ex­pi­ra­ti­on of that pe­ri­od, the cor­re­spon­ding data is rou­ti­ne­ly de­le­ted, as long as it is no lon­ger ne­cessa­ry for the ful­fill­ment of the con­tract or the in­itia­ti­on of a con­tract.

We cla­ri­fy that the pro­vi­si­on of per­so­nal data is part­ly re­qui­red by law (e.g. tax re­gu­la­ti­ons) or can also re­sult from con­trac­tu­al pro­vi­si­ons (e.g. in­for­ma­ti­on on the con­trac­tu­al part­ner). So­me­ti­mes it may be ne­cessa­ry to con­clu­de a con­tract that the data sub­ject pro­vi­des us with per­so­nal data, which must sub­se­quent­ly be pro­ces­sed by us. The data sub­ject is, for examp­le, ob­li­ged to pro­vi­de us with per­so­nal data when our com­pa­ny si­gns a con­tract with him or her. The non-pro­vi­si­on of the per­so­nal data would have the con­se­quence that the con­tract with the data sub­ject could not be con­clu­ded. Be­fo­re per­so­nal data is pro­vi­ded by the data sub­ject, the data sub­ject must con­tact any em­ployee. The em­ployee cla­ri­fies to the data sub­ject whe­ther the pro­vi­si­on of the per­so­nal data is re­qui­red by law or con­tract or is ne­cessa­ry for the con­clu­si­on of the con­tract, whe­ther the­re is an ob­li­ga­ti­on to pro­vi­de the per­so­nal data and the con­se­quen­ces of non-pro­vi­si­on of the per­so­nal data.