Data privacy

We are delighted that you have visited our website. Below, we would like to inform you about how we handle your data in accordance with Article 13 of the General Data Protection Regulation (GDPR).

Responsible party

The entity named in the legal notice is responsible for the data processing described below.

Usage data

When you visit our websites, so-called usage data is temporarily evaluated as a log on our web server for statistical purposes in order to improve the quality of our websites. This data set consists of

  • the name and address of the requested content,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (content transferred, content not found),
  • the description of the web browser and operating system used,
  • the referral link, which indicates from which page you came to ours,
  • the IP address of the requesting computer, which is abbreviated so that a personal reference can no longer be established.

The log data mentioned above is only evaluated anonymously.

The legal basis for processing usage data is Art. 6 (1) (f) GDPR. The processing is carried out in the legitimate interest of providing the content of the website and ensuring that the content of the website is displayed in a device and browser optimized manner.

Storing the IP address for security purposes

In addition, we store the full IP address transmitted by your web browser strictly for 24 hours, in the legitimate interest of being able to identify, restrict and eliminate attacks on our websites. After this period of time, we delete or anonymize the IP address. The legal basis for processing is Art. 6 (1) (f) GDPR.

data security

We take technical and organizational measures to protect your data from unwanted access as comprehensively as possible. We use an encryption method on our websites. Your information is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the fact that the lock icon in the status bar of your browser is closed and the address line starts with https://.

Required cookies

We use cookies on our websites, which are necessary to use our websites.

Cookies are small text files that can be stored and read on your device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

We do not use these necessary cookies for analytics, tracking, or advertising purposes.

In some cases, these cookies only contain information about certain settings and are not personally identifiable. They may also be necessary to enable user navigation, security and implementation of the site.

We use these cookies on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR.

You can set your browser so that it informs you when cookies are placed. You can also delete them at any time using the appropriate browser settings and prevent new cookies from being set. Please note that our web pages may then not be fully displayed and that some functions may no longer be technically available.

Consent banner

On our websites, we use a consent management platform (consent bwz.cookie banner). Processing in connection with the use of the consent management platform and the logging of the settings you have made is based on Article 6 (1) (f) GDPR, in our legitimate interest to display our content in accordance with your preferences and to be able to prove your consent (s). The settings you have made, the consents you have given and parts of your usage data are stored in a cookie. This means that this is retained for subsequent page requests and your consents can still be traced. You can find more information about this under the “Required Cookies” section.

The provider Usercentrics of the consent management platform works for us as a strictly instruction-bound service provider (contract processor). A contract for order processing in accordance with Art. 28 GDPR has been agreed.

contact

You can contact us via e-mail or telephone. Your data will only be processed to answer your request. We delete your data if it is no longer required and there are no legal storage requirements. This is usually the case 6 months after the request has been processed. In addition, you can withdraw your consent to the processing of voluntary information at any time. To do so, please contact the e-mail address given in the legal notice.

Integration of other third-party technical content and functions

We use the technical functions and content from third parties mentioned below to display our websites.

When you visit our pages, content from the third-party provider that provides these functions and content is reloaded. As a result, the third-party provider receives information that you have accessed our site and the usage data that is technically required in this context.

We have no influence on further data processing by the third party provider.

Please note that the use of third-party content and functions may result in your data being processed outside the EU or the EEA (in particular in the USA). For transfers to the USA, an appropriate level of data protection is guaranteed based on the adequacy decision (EU-U.S. Data Privacy Framework).

Amazon Web Services

In connection with our web hosting via Webflow, AWS processes personal data on our behalf that is generated when using the website. This may include IP addresses, contact requests, meta and communication data, website accesses and other data generated via a website. We collect the listed data to ensure a smooth connection to the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to make the website available to you. The legal basis for processing the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Article 6 (1) (f) GDPR.

We have concluded an order processing agreement with Webflow. Amazon Web Services is listed as an official sub-processor.

Through this contract, the service provider assures that it processes the data in accordance with the General Data Protection Regulation and ensures the protection of the rights of the data subject.

For transfers to the USA, an appropriate level of data protection is guaranteed due to the certification of AWS under the adequacy decision (EU-U.S. Data Privacy Framework).

Storage period

Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer necessary for the above-mentioned processing purposes and no legitimate interests or other (legal) storage reasons prevent deletion.

User rights

When processing your personal data, the GDPR grants you, as a data subject, certain rights:

Right to information (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to information about this personal data and to the information detailed in Article 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to immediately request the correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.

Right to deletion (Art. 17 GDPR)

You have the right to request that personal data concerning you be deleted immediately, provided that one of the reasons set out in detail in Article 17 GDPR applies.

Right to restrict processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Article 18 GDPR is met, e.g. if you have filed an objection to processing, for the duration of the audit by the person responsible.

Right to data portability (Art. 20 GDPR)

In certain cases, which are detailed in Article 20 GDPR, you have the right to receive personal data concerning you in a structured, common and machine-readable format or to request that this data be transmitted to a third party.

Right of withdrawal (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled under Article 7 (3) GDPR to withdraw your consent to the use of your personal data at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Article 6 (1) (f) GDPR (data processing to protect legitimate interests) or on the basis of Article 6 (1) (e) GDPR (data processing to protect public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In accordance with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. In particular, the right of appeal can be exercised with a supervisory authority in the Member State of your habitual place of residence, place of work or place of the alleged infringement.

Asserting your rights

Unless otherwise described above, please contact the person named in the legal notice to assert your rights as a data subject.

Evolution 4 Food GmbH
Legal noticeData privacy