Südzucker AG attaches great importance to the protection of your privacy and your personal data as well as the necessary data security and therefore collects, processes and uses your personal data exclusively in accordance with the principles described below as well as the requirements of the EU Data Protection Regulation (DSGVO) and the national data protection laws applicable to Südzucker AG (Federal Data Protection Act (BDSG), Telecommunications Telemedia Data Protection Act (TTDSG).
The responsible party within the meaning of the DSGVO and other national data protection laws of the EU member states as well as other applicable data protection provisions for the operation of the website www.suedzuckermomente.de (hereinafter referred to as "website") is:
Südzucker AG
Maximilianstraße 10
68165 Mannheim
Phone: +49 621 421-0
Fax: +49 621 421-425
E-mail: info@suedzuckergroup.com
Website: www.suedzuckergroup.com
Chairman of the Supervisory Board: Dr. Stefan Streng
Executive Board: Dr Niels Pörksen (CEO), Stephan Büttner, Hans-Peter Gai, Dr Stephan Meeder
Registration Court: Mannheim Local Court, No. HRB 0042
(hereinafter referred to as "Südzucker")
If you wish to object to the collection, processing or use of your data by us in accordance with this data protection declaration, either as a whole or for individual measures, you can send your objection by e-mail, fax or letter to the aforementioned contact details or to our data protection officer. You can also obtain information about your personal data at any time and free of charge using the above
contact details.
The data protection officer of the responsible body can be contacted at:
Südzucker AG
Data Protection Officer
Maximilianstraße 10
68165 Mannheim
E-mail: datenschutz@suedzucker.de
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). Südzucker only processes your personal data to enable us to provide you with the website. We will only collect personal data, such as your name and e-mail address, if you provide it to us voluntarily or if you have consented to its collection. For the technically required data, we refer to the execution under "Provision of the website and creation of log files / log files" and "Use of cookies".
We process personal data (hereinafter also referred to as "data") of data subjects, i.e. visitors to the website, via our website insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users is regularly only carried out after the user has consented to the processing. An exception applies in cases where the processing of data is permitted by legal regulations, required for the fulfilment of a contract or technically necessary.
(2) Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) a) DSGVO serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Article 6(1)(d) DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f) DSGVO serves as the legal basis for the processing.
The storage of information in the terminal equipment of a data subject or the access to information already stored in the terminal equipment shall only take place on the basis of the consent of the data subject pursuant to Section 25 (1) TTDSG, unless the storage of information in the terminal equipment of the data subject or the access to information already stored in the terminal equipment by us is absolutely necessary (Section 25 (2) TTDSG) in order to provide the desired telemedia service to the data subject.
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. Blocking of further data processing or deletion of data also takes place when a legally prescribed storage period expires, unless there is a need for further storage of the data for the fulfilment of a contract.
1. Description and scope of data processing
During the mere informative use of the website, we only collect the personal data that your browser transmits to our server or provider and that are technically necessary for the purpose of displaying our website to you and ensuring its stability and security.
We have commissioned the company Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland(hereinafter referred to as "Microsoft" or "Microsoft Azure") for the hosting and technical provision of our website and press portal. We have concluded the required data protection agreement with Microsoft for commissioned processing in accordance with Article 28 of the Data Protection Regulation with EU standard contractual clauses. According to this agreement, Microsoft undertakes to ensure the necessary protection of your data and to process it in accordance with the applicable data protection regulations exclusively on our behalf and in accordance with our instructions. You can find more information about Microsoft Azure Cloud on the website: https://www.microsoft.com/de-de/trust-center.
Our website is hosted on servers hosted in the European Union (Amsterdam) by Microsoft Azure on our behalf. To provide the website, Microsoft Azure processes the IP address of the calling client during the respective session. No further information is stored in log files or log files.
2. The legal basis for the temporary processing of data is Art. 6 para. 1 lit. f) DSGVO in conjunction with § 25 para. 2 (2) TTDSG.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website or content to the end device used by the user. For this purpose, the user's IP address must remain stored for the duration of the session.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website,
this is the case when the respective session has ended.
5. Possibility of objection and/or deletion
The collection of data for the provision of the website is mandatory for the operation of the website. There is therefore no possibility of objection on the part of the user.
1. Description and scope of data processing
We use cookies to make your visit to our website more attractive. Cookies are small text files that are stored on your terminal device and enable us, among other things, to recognise your browser. Cookies enable us to improve the comfort and quality of the services provided on the website. Cookies are also used to analyse the use of the website in anonymised form.
Some of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser (so-called "session cookies"). Other cookies remain on your terminal device during their respective validity period (see below) and enable us to recognise your browser on your next visit.
Technically necessary cookies (essential):
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. Technically necessary, so-called essential cookies serve to ensure that your visit to our website runs smoothly. This includes, for example, the security of our website and in the defence against unwanted, automated access in the form of spam, viruses as well as malware or the storage of your individual cookie settings for our website. These cookies are necessary for a secure visit to our website and cannot be switched off.
The following technically necessary cookies are set when visiting our
website:
|
Cookie description |
Purpose |
|
laravel_session |
A unique ID, which serves to identify the user i.e. for security reasons (Validity period: session) |
|
XSRF-TOKEN |
Security token for submitting form on site (validity period: session) |
These cookies are transmitted to us each time a page is accessed, do not contain any personal data and are therefore not used for personal identification.
2. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 p. 1 lit. f) DSGVO in conjunction with § 25 para. 2 (2) TTDSG.
3. Purpose of data processing
The purpose of using technically necessary cookies is to enable users to use websites. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.
The user data collected through technically necessary cookies are not used to create user profiles.
Cookies are stored on the end device used by the user and transmitted to our website by this device. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. It is also possible to use our website without cookies. However, this may lead to certain restrictions in the functions and user-friendliness of our services on the website.
1. Description and scope of data processing
On our website, we collect your first and last name as well as an e-mail address via the upload form, which can be used for electronic contact in the later stages of the campaign.
Your data or the resulting correspondence will be processed exclusively by us. Beyond that, the data will not be passed on to third parties. The data will be used exclusively for the conversation started by e-mail.
2. Legal basis for data processing
The legal basis for the processing of data transmitted in the context of sending an e-mail or an upload form
is Art. 6 para. 1 lit. a DSGVO in conjunction with § 25 para. 1 TTDSG.
3. Purpose of data processing
The processing of the voluntarily provided personal data is solely for the purpose of processing the contact or other necessary measures resulting from this.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of personal data transmitted by e-mail or by contact form, this is the case when the conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
5. Possibility of objection and/or deletion
The user has the possibility to revoke his/her consent to the processing of personal data at any time. In such a case, the conversation cannot be continued. The revocation can be made at any time via the contact details under I. and II. as well as at the following e-mail address
internal.communicationds@suedzuckergroup.com
. See also point VIII.
All personal data stored in the course of contacting you will be deleted in this case.
1. Description and scope of data processing
On our website - in particular here also within our upload form integrated on the website - we use a service of Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany (hereinafter "Friendly Captcha") to check and avoid interactions on our website by automated accesses.
Friendly Captcha is used to check whether the data entered on the website was entered by a human or by an automated program (hereinafter also "bot"). For this purpose, a puzzle request is loaded via a widget embedded on our website via a server of Friendly Captcha and displayed to you. Based on your interaction with the puzzle, the provider can identify whether it is a malicious user.
Friendly Captcha stores the following log data as part of the process:
(1) The request headers User-Agent, Origin and Referrer,
(2) The puzzle itself, which contains information about our Südzucker account and the website key of our website to which the puzzle relates,
(3) The version of the widget,
(4) A time stamp.
Friendly Captcha also stores an anonymised counter per IP address for evaluation. Friendly Captcha stores the anonymised counter separately from the rest of the information collected, so that no cross-site comparison can take place. For the display of the puzzle within the widget, the processing of your IP address is necessary. For this purpose, however, the provider uses a set-up anonymisation of the IP address by means of one-way hashing.
We have concluded the data protection agreement on commissioned processing (as defined in Article 28 DSGVO) with Friendly Captcha, in which Friendly Captcha undertakes to protect our users' data and to process it exclusively on our behalf.
For more information on data processing by Friendly Captcha, please visit https://friendlycaptcha.com. Friendly Captcha provides all information on data processing transparently for end users under the link.
2. purpose and legal basis for data processing
The legal basis for the use of Friendly Captcha is Art. 6 para. 1 lit. f) DSGVO in conjunction with. § 25 para. 2 (2) TTDSG. Our legitimate interest lies in the security of our website and our newsletter form and in the defence against unwanted, automated access in the form of spam or similar by bots and thus also serves the security of a visitor to our website.
3. possibility of objection and removal
The collection of the information is absolutely necessary for the provision of the functions of Friendly Captcha and for the purposes described. Consequently, there is no possibility for the user to object.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller or the person responsible:
1. right to information
You may request confirmation from the controller as to whether personal data relating to you is being processed by us.
If there is such processing, you can request information from the controller about the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage duration;
(5) the existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.
To exercise your right to free information, please contact us directly using the contact details in our imprint or contact our data protection officer (see sections I and II).
2. right of rectification
You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
3. right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing but you need them for the establishment, exercise or defence of legal claims; or
(4) if you have objected to the processing pursuant to Art. 21 (1) DSGVO and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
Where the processing of personal data relating to you has been restricted, those data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. right to erasure
a, Obligation to delete
You may request the controller to erase the personal data concerning you without delay and the controller is obliged to erase this data without delay if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing is based pursuant to Art. 6(1)(a) and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) DSGVO.
b, Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.
c, Exceptions
The right to erasure does not exist insofar as the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
(4) to assert, exercise or defend legal claims.
5. right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.
6. right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO and
(2) the processing is carried out with the aid of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO. This also applies to profiling based on these provisions.
In addition, you have the right to object at any time to the processing of your personal data concerning you for the purpose of direct marketing; this also applies to profiling insofar as it is associated with such direct marketing.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
8. right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
9. right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority to which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
The data protection authority responsible for us is
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, office address:
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
Postal address:
P.O. Box 10 29 32, 70025 Stuttgart, Germany.
For further information, please visit www.baden-wuerttemberg.datenschutz.de.
As a responsible company, we do not carry out profiling or use automated decision-making.
This declaration on data protection applies exclusively to the Südzucker AG website. The webpages on this website may contain links to third-party websites and social media platforms. Our data protection declaration does not extend to these websites or providers. When you leave the website, we recommend that you carefully read the privacy policy of any website that collects personal data.
We take the necessary security precautions to protect your personal data from unlawful or accidental access or deletion, alteration or loss, and from unauthorised disclosure. We encrypt your data during transmission via our website and use so-called SSL (Secure Socket Layer) connections. We secure our website and our other systems and personal data using appropriate technical and organisational measures, in particular against loss, destruction, unauthorised access, modification or disclosure to third parties.
You can access this privacy statement at https://suedzuckerflowerpower.com/privacy-policy. You can also save or print this privacy statement by using the corresponding functions of your browser.
We reserve the right to change this data protection declaration from time to time or to adapt it to the legal requirements and therefore ask you to inform yourself about the current data protection regulations each time you visit our website.
Version: 2 [August 2023]