Privacy Statement

1. General Information

In this section of the Privacy Statement you will find information on its scope of validity, the entity responsible for processing data, that entity's Data Protection Officer, and on data security. We also explain some important terms that are used in the Privacy Statement.

1.1. Important Terms

Analytics: A statistical procedure for measuring the reach of an online service. The data used include, for instance, length of time spent on the site, device used, operating system, language settings, origin, region, location and user activity.

Browser: A computer program for displaying websites (e.g. Chrome, Firefox, Safari)

Cookies: Text files that the accessed webserver stores on the user's computer through the selected browser. The cookie information stored can include a cookie ID, which enables the user's computer to be recognized when returning to the website, and data such as the registration status or information about websites visited. When next visiting the site, the browser sends the cookie information back to the webserver. Most browsers accept cookies automatically. You can manage the cookie settings in the browser (usually to be found in "Options" or "Settings"), deactivating the storing of cookies on your computer, making the storing subject to your consent each time or restricting them in other ways. You can also delete cookies on your computer here at any time.

GDPR: Regulation (EU) 2016/679 of the European Parliament and Council dated 27 April 2016 on the protection of natural persons when processing personal data, free data traffic and the annulment of Directive 95/46/EC (General Data Protection Regulation), to be found at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679

Personal data: All information relating to an identified or identifiable natural person. A natural person is considered to be identifiable if they can be directly or indirectly identified, in particular by being assigned to a means of identification such as a name, ID number, locational data, an online identity or one or more special characteristics that are an expression of the person's physical, physiological, genetic, psychic, economic, cultural or social identity.

Profiling: Any kind of automatic processing of personal data that entails using the personal data in question to evaluate certain personal aspects relating to the natural person, in particular to analyse or predict aspects relating to their work performance, financial circumstances, health, personal preferences, interests, reliability, conduct, place of residence or a change of location.

Services: Our services to which this Privacy Statement applies (see Scope).

Tracking: The gathering and evaluation of data with regard to the behaviour of visitors over a longer period, to then match personal features and interests to them.

Tracking technologies: Tracking can be performed using the activity protocols saved on webservers (logfiles) or by means of collecting data from your device through pixels, cookies or other similar tracking technologies.

Processing: Is any procedure effected with or without the aid of automatic processes, or any such sequence of procedures, conducted in the context of personal data, such as the collecting, recording, organizing, structuring, storing, adapting or modifying, reading-out, requesting, use, disclosure by means of transmission, dissemination or other form of delivery, comparison or linking, restriction, deletion or destruction thereof.

Pixel: Pixels are also known as tracking pixels, web beacons or web bugs. They are small, invisible graphics in HTML e-mails or on websites. When the e-mail is opened or the website visited, an internet server downloads this little image to it, and registers the downloading. This enables the operator of the server to see whether and when an e-mail is opened or a website visited. As a rule, this function is executed by invoking a small program (Javascript). It enables certain forms of information in your computer system to be recognized and forwarded, for instance the content of cookies, the time and date of the access to the website and a description of the page where the tracking pixel is. 

1.2. Scope of Validity

This Privacy Statement applies for the following offerings:

• Our online offering "www.magna-sweets.de" (website), which can be accessed in particular at "https://www.magna-sweets.de",
• Whenever one of our offerings (e.g. websites, subdomains, mobile applications, webservices or integration into third-party websites) refers to this Privacy Statement, irrespective of how you access or use it.

All of these offerings are also collectively referred to as the "Services".

1.3. Responsible Entity

The entity responsible for the data processing in the context of the Services – i.e. who decides on the purposes and means of processing personal data – is:

MAGNA sweets GmbH

Gewerbering 5/6

82272 Moorenweis

Tel.: 08146 99 66 0

E-Mail: info@magna-sweets.de

1.4. Data Protection Officer

Our company's Data Protection Officer is:

Lotze privacy consulting

Steffen Lotze

St.-Georg-Str. 6

82284 Grafrath

Tel.: 08144 939034

E-mail: info[at]datenschutz-5-seen-land.de

2. The Data Processing in Detail

In this section of the Privacy Statement, we inform you in detail about the processing of personal data within the context of our Services. For ease of understanding, we categorise these data according to certain functionalities of our Services. In the normal use of the Services, various different functionalities, and therefore also different types of processing, can take place successively or simultaneously.

2.1.1. Description and Scope of the Data Processing

Every time someone visits our website, our system, i.e. the webserver, automatically gathers information from the computer or other device of that user.

We also collect the following data:

• Information about the browser type and version used
• The operating system of the user's device
• The resolution of the screen used
• The user's internet service provider
• The user's IP address
• The date and time of the visit
• The previous website from which the user came to our website

2.1.2 Legal Basis for the Data Processing

The legal basis for the temporary storage of these data and the log files is Art. 6 Art 1 lit. f) GDPR (our justified interest as the responsible website operator).

2.1.3 Purpose of the Data Processing

In order to enable the website to be delivered to the user's computer, it is necessary for our system to store the user's IP address for the duration of the visit.

The above data are stored in the log files to ensure that the functions of our website can be executed. The data also help us improve the website and guarantee the security of our information systems (e.g. attack detection). The data are not evaluated for marketing purposes in this context.

2.1.4 Duration of the Data Storage

The data specified above are deleted as soon as they are no longer required to achieve their purpose. For data required to display the website, this is the case when the session ends.

2.2.1 Description and Scope of the Data Processing

You can contact us using the contact form and e-mail address provided. If you do, the personal data of the sender transmitted with the inquiry will be stored as those of the user.

2.2.2 Legal Basis for the Data Processing

The legal basis for the processing of these data sent when making an inquiry is Art 6 para. 1 lit. f) GDPR (our justified interest as responsible party).

If the inquiry pertains to entering a contractual agreement, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR (fulfilment of contract).

2.2.3 Purpose of the Data Processing

Processing these personal data serves us only to process the inquiry.

2.2.4 Duration of the Storage

The above data are deleted as soon as they are not required to achieve the purpose for which they are collected. For the personal data sent by e-mail or in the contact form, this is the case when the conversation with the user is finished. The conversation is finished when it can be assumed from the circumstances that the matter in question has been sufficiently clarified.

2.2.5 Right to Object

Users can object to the processing of their data at any time, by e-mail to:

datenschutz@magna-sweets.de

In such case we will delete all personal data stored during the course of the contact with the user.

2.3.1 Description and Scope of the Data Processing

On our website we offer users the opportunity to register themselves, providing personal data. The user enters these data into a registration screen, which is sent to us and stored. We do not pass this data on to anyone else.

The following data are gathered in the course of the registration process:

• E-mail address
• Password
• Company name
• Address
• First and last name

The following data are gathered in the course of the log-in process:

• E-mail address
• Password

The following data are also stored when logging in:

• IP address of the user
• Date and time of the log-in

2.3.2 Legal Basis for the Data Processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. b) GDPR (fulfilment of contract), as the registration and log-in area are required to fulfil the agreement or complete pre-contractual activities.

2.3.3 Purpose of the Data Processing

The registration and log-in serve to provide an online shop function for completing a sample order with an order form.

2.3.4 Duration of the Storage

The above data are deleted as soon as they are not required to achieve the purpose for which they are collected. For the data gathered during the registration procedure for fulfilling a contract or carrying out pre-contractual measures, this is the case when the data are no longer required to execute the contract. It may also be necessary to store personal data of the contractual partner after the contract has been concluded, in order to meet contractual or statutory obligations (e.g. retention obligation for tax purposes).

2.3.5 Right to Revoke Registration

A registered user can cancel the registration at any time, or alter their personal data stored in the registration. To do so, please contact datenschutz@magna-sweets.de .

2.4.1 Description and Scope of the Data Processing

After registering, we offer the user the opportunity on our website to request and order sample deliveries of our products in our restricted-access online shop.

2.4.2 Legal Basis for the Data Processing

The legal basis for this is Art. 6 para. 1 lit. b) GDPR (fulfilment of contract), i.e. the user provides us with the data on the basis of the contractual relationship in question (e.g. managing the customer account, processing a contract).

2.4.3 Purpose of the Data Processing

The order form serves to conclude a contract with us or send a request for manufacture. The data processing in the order form thus serves the user for concluding, executing or terminating the contract.

2.4.4 Duration of the Storage

We store the data gathered for processing the contract for the duration of the contract and until the end of the statutory or any contractual guarantee periods. After this period, we keep the information on the contractual relationship required under commercial and fiscal law for the periods required by law. As a rule this period is 10 years. During this time, the data are only processed again if the fiscal authorities conduct an audit.

2.5 Analysis

In the following we describe how your personal data are processed with the aid of analysis technologies for evaluating and improving our Services.

The description of the analysis procedure also contains information on how you can prevent or object to the data processing. Please note that this "opt-out", i.e. the rejection of processing, is stored, as a rule, in cookies. So if you the use our Services with a new device or in another browser, or if you delete the cookies from your browser, you will have to repeat the objection and perform the "opt-out" manually again.

The analysis procedure we use only processes personal data in pseudonymized form. No connection is made to an actual, identified natural person, i.e. the data are not brought together with information about the bearer of the pseudonym.

With the aid of the analysis procedure and the directly transmitted information such as the cookie ID or shortened IP address, further information is assigned to the pseudonym. Typically this information is technical data from the device being used, used to learn about the user's behaviour on the internet, interests and location.

2.5.1 Description and Scope of the Data Processing

On our website we use the analysis tool form the company Matomo. In the Matomo product, interactions of the user with our website are recorded, primarily through cookies, and systematically evaluated. If the user visits certain pages of our website, the following data are saved:

• Three bytes of the IP address of the user's system (anonymized IP address)
• The website page accessed
• The website from which the user has come to the page of our website
• The resolution of the screen used
• The sub-sites accessed from the website
• How long the user remains at the website
• How often the user accesses the website

The software is set up in such a way that the IP addresses are not stored in full, but rather the final octet of the IP address is masked (e.g. 251.4.71.xxx). This makes it impossible to assign the IP address to the user's device.

2.5.2 Legal Basis for the Data Processing

The legal basis for the processing of the user's personal data is Art. 6 para. 1 lit a) GDPR (consent).

2.5.3 Purpose of the Data Processing

The processing of the user's personal data using Matomo enables us to statistically analyse the surfing behaviour of our users. Analysing the data gained enables us to compile information on how the individual components of our website are used. This helps us constantly improve our website, its user friendliness and our product range.

2.5.4 Duration of the Storage

The stored data are deleted as soon as they are not required for our recording purposes. In our case this is after 14 months.

2.5.5 Opting Out

We offer an "opt-out" for all users to deactivate the statistical recording of their visiting behaviour. As soon as the "opt-out" is activated and the cookie has been installed, Matomo no longer records your user behaviour.

Matomo Opt Out

2.6.1 Description and Scope of the Data Processing

We use the maps provided by the service "Google Maps" offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 9404, USA. Google processes technically required data in order to be able to provide the maps.

2.6.2 Legal Basis for the Data Processing

Google Maps is required for our website to meet the needs of our users. This is also the basis of our interest in the data processing pursuant to Art. 6 para. 1 lit. f) GDPR (our justified interest as responsible party)

2.6.3 More about Data Processing

Google LLC is responsible for the data processing. Visit https://policies.google.com/privacy for more information about how Google handles your data.

2.7.1 Description and Scope of the Data Processing

We use fonts from the service "Adobe Fonts" provided by Adobe Systems Software Ireland Limited. Adobe processes technically required data in order to be able to provide the fonts.

2.7.2 Legal Basis for the Data Processing

Adobe Fonts is required for our website to meet the needs of our users. This is also the basis of our interest in the data processing pursuant to Art. 6 para. 1 lit. f) GDPR (our justified interest as responsible party)

2.7.3 More About Data Processing

Adobe Systems Software Ireland Limited is responsible for the data processing. Visit https://www.adobe.com/de/privacy/policies/adobe-fonts.html to find out more information about how Adobe handles your data.

2.8.1 Description and scope of data processing

Our website uses plugins from the website YouTube.com. The website operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, IRELAND.

We use YouTube in enhanced data-protection mode, which means that YouTube does not store any information about the visitors to the website before they have watched the video. Whenever you start a YouTube video on our website, a connection is made to the YouTube servers. If you are logged into your Google or YouTube account, you enable YouTube to match your surfing behaviour to your personal profile. You can stop them doing this by logging out of your YouTube account. In this way, no data on user activity are collected to personalise the playing of the video. Instead, the video recommendations are based on the current video.

If you now play an embedded YouTube video, YouTube may analyse your user behaviour in accordance with its guidelines and conditions for use. This means that after a YouTube video starts playing, further data-processing procedures can be triggered, on which MAGNA sweets GmbH has no influence.

2.8.2 Legal grounds for data processing

The implementation of the video function and thus the possible use of search-engine relevant searches by Google and the technically required processing of the IP address is based on justified interest. By playing the video after previously clicking on the Note button, you are deemed to have given your consent. Art. 6, subsection 1, lit. a) in conjunction with Art. 6, subs. 1, lit f) GDPO applies.

2.9.1 Description of the Data Protection Risks when Using Social Networks

We are present in social networks with our own pages, in order to be able to communicate with you and inform you about what we are doing.

We are not the provider (responsible party) of these sites. We only use them to the extent provided by the respective provider. We therefore point out that your data may also be processed outside the European Union or European Economic Area. Using social networks can therefore entail data protection risks for you, as it can be more difficult to protect your rights, e.g. to information, deletion, objection, etc., and social networks often process personal data for advertising purposes or to analyse user behaviour, without our having any influence on this. If the provider makes usage profiles, it often uses cookies or the user behaviour is directly matched to your member profile in the social networks (if you are logged in here).

2.9.2 Legal Basis for the Data Processing

The personal data are processed as described in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our justified interest and that of the respective provider, in order to communicate with you in a modern way and keep you informed about our performances. If as a user you have to submit your consent to data processing to the respective providers, the legal basis is Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR.

As we do not have access to the data stored by the providers, we point out that you can best assert your rights (e.g. to information, correction, deletion, etc.) with the provider in question. Below we provide further information on how the social networks we use process your data, and how you can make use of your right to object or revoke your consent ("opt-out").

2.9.2.1 Facebook and Instagram

Responsible for the data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Statement (data policy):
https://www.facebook.com/about/privacy

https://help.instagram.com/519522125107875

Opt-out and advertising settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Facebook has joined the EU-U.S. Privacy Shield agreement:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

https://de-de.facebook.com/about/privacy/

2.10.1 Legal Basis for the Data Processing

Newsletters are only sent and the data required for this purpose are only stored with the voluntary consent of the person involved pursuant to Art. 6 para. 1 lit a) GDPR. You can revoke this consent at any time.

2.10.2 Purpose of the Data Processing

Sending and personalization of the newsletter

2.10.3 Duration of the Storage

We only process data in this context as long as we have consent to do so. After that we delete the data.

3.1 Right to Object

If we process your personal data for the purposes of direct advertising, you have the right to object to the processing for this purpose at any time, with effect for the future. This also applies to profiling, in as much as this is in connection direct advertising. 

You also have the right, for reasons of your particular situation, to object to the processing of your personal data as conducted pursuant to Art. 6 para. 1 lit. e) or f) GDPR at any time, with effect for the future. This also applies to profiling based on these provisions. 

The right to object is free of charge for you.

You can reach our Data Protection Officer using the contact data provided in section 1.4 of this Privacy Statement, or as follows:

By mail to: info[at]datenschutz-5-seen-land.de
By phone: +49 (8144) 939034

3.2 Right to Information

You have the right to demand confirmation from us as to whether personal data relating to you are being processed, and, where applicable, to information about these personal data and the other data specified in Art. 15 GDPR.

3.3 Right to Correction

You have the right to demand that we correct without delay any incorrect personal data pertaining to you (Art. 16 GDPR). Under consideration of the purpose of the processing, you have the right to demand that incomplete personal data be completed – also by means of an additional explanation.

3.4 Right to Deletion ("right to be forgotten")

You have the right to demand that we immediately delete the personal data relating to you if one of the reasons provided for by Art. 17 para. 1 GDPR applies and the processing is not required for one of the purposes specified in Art. 17 para. 3 GDPR.

3.5 Right to Limit the Processing of Your Data

You have the right to demand the restriction of the processing of your personal data if one of the prerequisites provided for in Art. 18 para. 1 lit. a) to d) GDPR applies. 

3.6 Right to Data Portability

Under the conditions specified in Art. 20 para. 1 GDPR, you have the right to receive the personal data that you have provided us with, in a structured, common and machine-readable format, and to forward these data to another responsible person without our obstruction. When exercising this right to data portability, you have the right to have us forward the personal data directly to another responsible party, to the extent that this is technically possible.

3.7 Right to Revoke Consent

In so far as the processing is based on your consent, you have the right to revoke that consent at any time. This does not affect the legality of the processing that has taken place prior to your revocation.