Last updated on: 23 July 2019
Thank you very much for visiting our website and for your interest in our company. We take the protection of your privacy, when you use our website, very seriously. Therefore, please note the following information about how your personal data is handled:
1. Responsible data controller and contact details
The responsible data controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
Alois Dallmayr KG
Switchboard: +49 (0)89/ 2135-0
Customer service: +49 (0)89/ 2135-130
In order to exercise your rights, report data protection incidents, to make any suggestions and complaints regarding the processing of your personal data, or to withdraw consent to the processing of your personal data, we recommend that you contact our data protection officer:
SBU Sicherheitstechnische Betreuung von Unternehmen GmbH & Co.KG
Mr Karsten Greibel
Friemarer Strasse 38
This data privacy statement applies to our website, which can be accessed at the domain https://www.dallmayr.com (“website”). It does not apply to internet sites or services (from ourselves or from third party providers) to which our website merely links.
3. Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, online identifier or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes information such as your first name and surname, your address and email address, your telephone number or your date of birth.
4. Data processing and legal basis
In principle, you can visit our website without having to submit personal data. We collect, process and use your personal data on our website as follows:
4.1 Data when visiting our website
When you visit our website, the data mentioned in Section 5 of this document will be processed for technical reasons. This processing is based on our legitimate interests in handling the communication (point (f) of Article 6 (1) GDPR). Since this communication is required in order to display the website, we assume that this is also in your interests. You can object at any time to the processing of your data for this purpose with future effect, without having to give any reasons. However, we would like to point out that even after you have made an objection, your personal data may continue to be processed when you visit our website. This is because opening our website requires certain data to be processed for technical reasons, and it is not possible to prevent this processing for individual users who visit the website, or in general. This constitutes compelling legitimate grounds for processing data that override your interests, rights and freedoms. If you wish to prevent your data being processed as described above, we would ask you not to visit our website.
4.2 Erasure of data and data storage period
We shall delete or block your personal data as soon as the purpose for storing this data ceases to apply. Please note that due to statutory retention periods, we may be obliged to store certain data for a legally specified period of time. This data shall also be blocked or deleted as soon as a legally required retention period as mentioned above expires, unless it is necessary for the data to be retained for the conclusion or performance of a contract.
4.3 Contacting us using a contact form or by email
If you contact us (e.g. via a contact form or by email), then Alois Dallmayr KG shall save and process the personal data that you provide on the contact form or in the email. This data shall be stored and used only for replying to your query and/or establishing contact, as well as for any related technical administration. Processing this data is necessary for the performance of a contract or pre-contractual measures (point (b) of Article 6 (1) GDPR) and/or is in our legitimate interests. Your interests are not overriding in this case because processing your query is in the interests of both parties (point (f) of Article 6 (1) GDPR). After the processing of this query ends, we shall retain the correspondence for three years from the end of the calendar year in which processing ended. We shall then delete your data, or retain it only if legal, statutory or contractual retention periods apply or if further retention is necessary for the establishment, exercise or defence of legal claims.
4.4 Data for subscription to the newsletter
If you subscribe to our newsletter service, Dallmayr will save and process your personal data (e.g. name, address and email address) for the purpose of sending the newsletter. Processing of this data is based on your consent (point (c) of Article 6 (1) GDPR) and/or is necessary for the performance of a contract (point (b) of Article 6 (1) GDPR). In this case, we shall send you regular promotional information about goods and services associated with our products. You can unsubscribe from the newsletter at any time by contacting the address provided in Section 1 of this document, or by using the unsubscribe link at the bottom of each newsletter. After unsubscribing, your email address shall be deleted without delay from our newsletter distribution list.
4.5 Use of data for advertising purposes
We reserve the right to save your first name, surname, postal address and – as long as we have received these additional details from you within the context of the contractual relationship – your title, academic degree, year of birth, job title, the sector you work in and your trade name in summarised lists for our own promotional purposes and to use this data to send you interesting offers and information in the post about our products. The processing of your data for this purpose is based on the legitimate interests of Dallmayr (point (f) of Article 6 (1) GDPR) to promote Dallmayr’s products and services. We assume that you are interested in receiving such advertising by post; if not, you can withdraw consent to the future storage and use of your data for these purposes at any time and without having to give reasons by contacting the address provided in Section 1 of this document. In the event of withdrawing consent, we shall delete your data for postal advertising without delay unless there is another legal basis for processing this data, or if legal, statutory or contractual retention periods apply, or if further retention is necessary for the establishment, exercise or defence of legal claims.
4.6 Data processing for participation in competitions
If you take part in a competition, we shall process your personal data solely for the purpose of running and managing the competition for which you have actively registered. Processing this data is required in order to run the competition and is therefore necessary for the performance of a contract (point (b) of Article 6 (1) GDPR). After the competition has ended, the winners have been announced and the prizes have been sent, your personal data shall be blocked from any further use and deleted after a period of one year, provided that when you took part in the competition, you did not expressly consent to your data being used further.
5. Usage data
Each time you visit our website, your IP address and further usage data (such as the time and date of your visit, name of the page accessed, data volume transmitted and the requesting provider) shall, where necessary, be collected and processed on our server for technical reasons. This is necessary in order to carry out the communication process, requested by you, between you and our website.
Log data (server log files)
The webpage provider automatically collects and stores information in server log files, which your browser automatically transmits to us. This information is as follows:
- The IP address and, if applicable, host name of the accessing computer
- Date and time of access
- Name and URL of the requested file
- Website from which access is made (referrer URL)
- Browser used and, where required, your computer’s operating system and the name of your access provider.
A pooling of this data with other data sources, in particular with the user’s other personal data, does not take place.
6. Transfer of personal data
We do not pass on any personal data to third parties unless this is necessary for the performance of a contract (for example transferring address data to a delivery company as part of an order), is otherwise permissible under relevant legal provisions, or you have given us consent to do so.
6.1 Some of our business processes are supported by service providers (e.g. for the provision of the website or other IT services, or for maintenance) that may come into contact with your personal data. These service providers process the personal data purely on our instructions and only for our business purposes. These service providers are bound to us under the provisions of order processing contracts in order to ensure processing in accordance with our instructions. The service providers receive access to such personal data only if this is required for them to complete the respective activity. In particular, it is not permitted for these service providers to process or use your personal data for any other purpose.
6.2 If other categories of recipients of personal data arise during future data collection, we will inform you of this at the time this information is collected for this purpose.
8. Use of analytics tools
8.1 Google Analytics
Google will use this information for the purpose of evaluating your use of the website and compiling reports on website activity on behalf of the website operator, as well as providing the operator with other services relating to website activity and internet usage. Google will not associate the IP address transferred by your browser through Google Analytics with any other data held by Google.
As an alternative to the browser add-on, or if you are browsing from a mobile device, please click this link to prevent data being collected in future by Google Analytics on this website (this opt-out works only for the browser in which you click the link and only for this domain). This will lead to an opt-out cookie being saved on your device. If you delete the cookies in this browser, then you will have to click on the link again.
For further information, please visit https://www.google.com/analytics/terms/us.html or https://support.google.com/analytics/answer/6004245?hl=en.
For further information, please visit https://www.google.com/analytics/terms/us.html or https://support.google.com/analytics/answer/6004245?hl=en.
Our website contains a tracking code from matelso, a service provided by the company matelso GmbH, Heilbronner Strasse 150, 70191 Stuttgart, Germany (hereinafter referred to as matelso).
If you call us on a number provided by matelso, information about the telephone call (call duration, call status, time of the call) is transferred to a web analysis service used by us (e.g. Google Analytics).
8.3 Tracking pixels from Monotype GmbH
The provider Monotype GmbH uses a tracking pixel to count page views for the purpose of calculating font licences. The company Monotype GmbH is responsible for this processing.
8.4 Google remarketing
Our website uses the remarketing feature provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This feature is used to present interest-based advertisements to visitors of the website as part of the Google advertising network. The website visitor’s browser stores cookies – text files that are placed on their device to allow the visitor to be recognised when they visit websites that belong to Google’s advertising network. These pages can then display advertisements to the visitor that are related to content that the visitor previously viewed on websites that use Google’s remarketing feature. Google says that it does not process any personal data during this process. In particular, Google says that it uses pseudonymisation for remarketing.
Google is certified as complying with the US-EU “Privacy Shield” data protection agreement and is therefore obliged to adhere to European data protection regulations.
If, however, you do not want Google’s remarketing feature to be used, you can disable it by changing the settings at http://www.google.com/settings/ads.
8.5 Bing Universal Event Tracking (UET)
Our website uses Bing Ads technology. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
This service enables us to track the activities of users on our website that reach our website via adverts from Bing Ads. If you reach our website via such an advert, a cookie is placed on your computer. A Bing UET tag is integrated on our website. This is a code that is used in conjunction with the cookie to save some non-personal data about your use of the website. This includes, among other things, the time spent on the website, which sections of the website were opened and which advert the user clicked to access the website. Whenever you visit a specific page of our website and the cookie is still valid, both we and Microsoft can recognise that you have been forwarded to that page by clicking on an advertisement. Microsoft collects, processes and uses information via the cookie to create user profiles using pseudonyms. These profiles are used to analyse visitor behaviour and to decide how advertisements are delivered. No personal information about the identity of the user is processed.
Processing is based on a legitimate interest (point (f) of Article 6 (1) of the EU General Data Protection Regulation (GDPR)) in targeted advertising and in analysing the impact and effectiveness of this advertising. You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data based on point (f) of Article 6 (1) GDPR.
The information collected is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by disabling cookies on your device. This may limit the functionality of the website.
In addition, Microsoft may use cross-device tracking to track your usage patterns across multiple electronic devices, enabling it to display personalised ads on Microsoft websites and apps. You can disable this tracking at http://choice.microsoft.com/opt-out . In general, you can use the browser’s settings to control whether it will accept cookies and if so, which ones.
Bing is certified as complying with the US-EU “Privacy Shield” data protection agreement and is therefore obliged to adhere to European data protection regulations.
More information on Bing’s analysis services can be found on the Bing Ads website: https://help.bingads.microsoft.com/#apex/3/en/53056/2.
9. Other applications
9.1 Google Maps
Our website links to functions from Google Maps, provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).
Google sets a cookie each time you visit Google Maps to process user settings and data when the page on which Google Maps is integrated is displayed. As a rule, this cookie is not deleted when you close your browser, but expires after a certain period of time, unless it is manually deleted beforehand.
9.2 Google ReCaptcha
Our website uses ReCaptcha, a service provided by the company Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).This plug-in checks whether an enquiry on our contact form has been made by an automated bot.
9.3 IFrame UTZ Certified
IFrame from UTZ Certified allows you to trace the origin of your coffee.
10. Online social media presence (Facebook, Instagram)
We are present on the online social media networks mentioned above. The purpose of this is to be able to communicate with those customers, interested parties and users who are also active on these social networks and to inform them about our services.
We would like to point out that when using these networks, user data may be processed outside the European Union. This may give rise to certain risks for users, for example it may be more difficult for users to enforce their rights.
For information on the purpose and extent of the data collection, the further processing and use of data by the social networks mentioned above, as well as your rights and the settings available for the protection of your privacy, please refer to the privacy policies of the individual websites.
Further settings on the use of data for advertising purposes, including objecting to the use of data in this way, can be found in the profile settings of the respective social network. The settings are platform-independent, i.e. they are adopted on all devices, e.g. desktop computers or mobile phones.
11. Your rights to withdraw consent, rights to access, rectification, erasure and data portability
11.1 Right to object
If the processing of your personal data is based on point (f) of Article 6 (1) GDPR (processing necessary for the purposes of the legitimate interests pursued by the controller), you have the right to object at any time to this processing under the conditions specified by the law, e.g. on grounds relating to your particular situation or in the case of processing for direct marketing purposes.
11.2 Your right to withdraw consent
If you have given us consent to process your data, you have the right to withdraw this consent at any time with future effect. This shall not affect the lawfulness of processing before withdrawal of this consent.
11.3 Right of access
You have the right to request information about what personal data (name, address, etc.) we store about you. Please submit your request in writing using the contact details provided on this website or to our data protection officer.
11.4 Right to lodge a complaint
You may exercise your right to lodge a complaint through the responsible supervisory authority:
Commission de la protection de la vie privée
Rue de la Presse 35
Tel. +32 2 274 48 00
Fax +32 2 274 48 10
11.5 Right to rectification
If the data concerning you is inaccurate or incomplete, you may request at any time to have the inaccurate data rectified or the incomplete data completed.
11.6 Right to erasure
Please note that due to statutory retention periods, we may be obliged to store certain data for a legally specified period of time. Should this not be the case, your data shall be erased if this data is no longer necessary for the purposes for which it was collected or processed, or you withdraw consent for the processing of this data and statutory retention periods no longer apply. If data is collected to provide access to the website, this shall be deleted at the end of the respective session, and in cases where data is stored in log files after no later than 30 days.
11.7 Right to restriction of processing
As the data subject, you have the right to obtain from the data controller restriction of processing where one of the following applies:
a. You are contesting the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
b. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
c. The controller no longer needs the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims;
d. You have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
11.8 Right to data portability
You have the right to receive the personal data that you have provided to us (based on you giving us consent or for the performance of a contract) in a structured, commonly used and machine-readable format. You also have the right to have the data transmitted to another party provided this is technically possible.
12. SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as the website operator. You can recognise that the connection is encrypted from the address line in your browser, as this changes from “http://” to “https://”, and also from the padlock symbol in the browser bar.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Neither this website nor its services are directed at persons under 18 years of age. Those under the age of 18 should only transmit personal data with the consent of their parents or legal guardians.
© SBU Sicherheitstechnische Betreuung von Unternehmen GmbH & Co.KG