Skip to main content granini logo featuring white lowercase letters on a red background.

Data Privacy Statement

of Eckes-Granini Deutschland GmbH

Status April 2024

Eckes-Granini Group GmbH (hereinafter referred to as "Eckes-Granini") operates the website (hereinafter referred to as the "website") available under the domain "www.granini.com" as well as mobile applications within external online presences, such as social media profiles (hereinafter collectively referred to as "online offer"). In the following, we inform you about the collection of personal data when using this website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

The responsible body according to Art. 4 No. 7 GDPR is:

Eckes-Granini Group GmbH

Ludwig-Eckes-Platz 1 55268 Nieder-Olm

info@granini.com

All requests for information, correction and deletion, objections or revocations of consent, the assertion of the right to restriction of processing or the right to data portability, as well as comments or questions from the user regarding data protection, should be sent to this address.

Your data will be collected, processed and used in accordance with the provisions of data protection law, in particular the General Data Protection Regulation (GDPR) and  if applicable, in accordance with national laws.

The processing of personal data is carried out on the basis of the following legal bases of the GDPR.  Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the data privacy statement.

•              If the data subject has given consent to the processing of personal data concerning a specific purpose or purposes - consent (Art. 6 para. 1 p. 1 lit. a) GDPR).

•              If the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures - performance of the contract and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) DSGVO).

•              If the processing is necessary for compliance with a legal obligation to which we are subject- legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR) -.

•              If the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party and is not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data - legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR). 

1.    Collection of personal data for informational use

(1) If you use the website for information purposes only, i.e. if you do not log in to use the website, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. These are:

·         IP address

·         Date and time of the request

·         Timezone difference zur Greenwich Mean Time (GMT)

·         Content of the request (specific page)

·         Acess Status /HTTP-Statuscode

·         Amount of data transferred in each case

·         Website from which the request originates

·         Browser

·         Operating system and its interface

·         Language and version of the browser software.

(2) Furthermore, cookies may be stored on your computer when using the website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which certain information flows to the site that sets the cookie (in this case, us). A cookie typically contains the name of the domain from which the cookie originates, the "lifetime" of the cookie, and a value, usually a randomly generated unique number. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall. Cookies are only used by us in accordance with the statutory provisions. This means that we always obtain revocable consent, unless it is not required by law. This applies in particular if the storage and reading of information, including cookies, is absolutely necessary in order to be able to make our online offer available.

We process personal data with the help of cookies onvarious legal bases. If consent has been obtained, the legal basis of the processing is the declared consent. If no consent has been given and the cookies are necessary, the data processed with the help of these cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and improvement of its usability) or, if this is done in the context of the fulfilment of our contractual obligations, to fulfill our contractual obligations. We will explain the purposes for which the cookies are processed by us in the course of this privacy policy or in the context of our consent and processing processes.

To manage the cookies and your consent to this, we use a solution from Papoo Software & Media GmbH. As part of order processing, we therefore transmit personal data (consent data) to Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany as a processor. By consent data we mean the following data: date and time of the visit or consent / refusal, device information. The processing of the data is carried out for the purpose of complying with legal obligations (obligation to provide evidence pursuant to Art. 7 para. 1 GDPR) and the associated documentation of consents and thus on the basis of Art. 6 para. 1 lit. c) GDPR. Local storage is used to store the data. The consent data will be stored for 3 years. The data is stored in the European Union. Further information on the collected data and contact details can be found under https://www.ccm19.de/en/datenschutzerklaerung.html. Details of the cookies  used and the possibility to consent to the use of cookies can be found in the consent settings. There you can also revoke your consent.

2.    Collection of personal data for personalized use

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you will usually have to provide further personal data, which we will use to provide the respective service. If additional voluntary information is possible, it will be marked accordingly. We only collect, process and use the personal data that is necessary for your use of the website and/or the fulfilment of a contract concluded with us or that you provide yourself. In particular this involves the following inventory data and usage data, which may be transmitted via forms on our website:

·         Company

·         Name (consisting of salutation, title, first name, last name and gender)

·         Address

·         Telephone number

·         Fax number

·         E-mail address

·         Date of birth

·         Registration and login data of the user

·         Bank details of the user

·         Sales tax identification number (optional)

(2) Inventory data and usage data will be used by us to establish, design, change or terminate a contractual relationship with you, if necessary, in order to fulfill our contractual obligations, to log the user to the website, and to contact you if requested by you or necessary within the scope of the contractual relationship or permitted by law.

The personal data is stored and processed within the European Union, with the exception of the data collected by the third-party providers mentioned below.

3.    Deletion of the Data

Unless otherwise described in this data privacy statement or in the case of data processing via the contact form provided on the website, we will only store your data for as long as we need your data, e.g. to process a request you have submitted to us. Your personal data will therefore be deleted after your request has been processed, unless otherwise agreed. Inventory data will be deleted two years after termination of the contractual relationship at the end of the calendar year unless longer storage is necessary and legally permissible.

4.    Anonymous statistical analysis of the user data

We are entitled to create user profiles using pseudonyms for the purposes of advertising, market research or for the needs-based design of the website, unless you object to this. In particular we analyse the usage data anonymously for statistical purposes in order to design the website according to requirements. You can object to this use of your personal data by notifying us.

5.    Use of Google Analytics

(1) We use Google Analytics to measure and analyze the use of our website on the basis of a pseudonymous user identification number. The user identification number is used to assign analysis information to a terminal device in order to identify which content the users of the terminal have accessed within one or more usage processes, which search terms they have used, accessed them again or have interacted with our website online offer when and for how long, without unique data, such as names or e-mail addresses. Pseudonymous profiles of users are created with information from the use of different devices, whereby cookies can be used. Google Analytics does not log or store individual IP addresses for users from the EU. However, Google Analytics provides rough geographical location data derived from the structure of the IP address. In the case of users from the EU, the IP address data will be used exclusively for this derivation of geolocation data before it is deleted. When Google Analytics collects metrics, all IP queries are performed on EU-based servers before traffic is routed to Analytics servers outside the EU for processing.

(2) The service provider of Google Analytics is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://marketingplatform.google.com/intl/de/about/analytics/). The data privacy statement can be found under https://policies.google.com/privacy. We concluded an data processing agreement with Google Ireland Limited, the content of which you can view here: https://business.safety.google/adsprocessorterms. The basis for the transfer to third countries is the EU-US Data Privacy Framework (DPF) and standard contractual clauses (https://business.safety.google/adsprocessorterms). You can object to this use of your personal data as follows: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de;  Settings for the display of advertisements: https://adssettings.google.com/authenticated. For more information about Google Analytics, the types of processing and the data processed, please see https://privacy.google.com/businesses/adsservices https://privacy.google.com/businesses/adsservices

6.    Google Consent Mode

We use Google Consent Mode on our website, a function provided by Google that enables us to ensure compliance with data protection regulations and cookie consent regulations. Google Consent Mode enables us to take your consent settings into account, particularly in connection with the use of Google products such as Google Analytics and Google Ads.

Google Consent Mode works by collecting information about whether you have consented to the use of cookies and other tracking technologies on our website. Based on this information, Google Analytics will collect and send data from your current session or not.

If you have not consented to the use of cookies, no information about your online activities will be passed on to Google Analytics or Google Ads.

7.    Friendly-Captcha

 We use the "Friendly Captcha" service on our website (www.friendlycaptcha.com). This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.

Friendly Captcha is a new type of privacy-friendly security solution to make it increasingly difficult for automated programs and scripts (so-called "bots") to use our website. For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's end device can establish a connection to Friendly Captcha's servers in order to receive a computational task from Friendly Captcha. The visitor's end device solves the computational task, which requires certain system resources, and sends the computational results to our web server. Our server contacts the Friendly Captcha server via an API and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, further process or reject them. The data is used exclusively for the protection against spam and bots as described above.

Friendly Captcha does not set or read cookies on the visitor's end device. IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person.

If personal data is stored, this data will be deleted after 30 days.

The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in protecting our website against abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests).

Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.

 

8.    Integration of third-party services

(1) We have integrated YouTube videos into our online offering, which are stored on www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transfer. We have also integrated content from the following third-party providers on this website: Google Maps.

(2) By visiting the website, the third-party provider receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under 1.(1) of this declaration will be transmitted. This takes place regardless of whether this third-party provider provides a user account through which you are logged in or whether no user account exists. If you are logged in to the plug-in provider, this data will be assigned directly to your account. If you do not wish to be associated with your profile with the third-party provider, you must log out before activating the button.

(3) The third-party provider stores this data as user profiles and uses it for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to provide needs-based advertising. You have the right to object to the creation of these user profiles, whereby you must contact the respective third-party provider to exercise this right.

(4) Further information on the purpose and scope of the data collection and its processing by the third-party provider can be found in the data privacy statements of these third-party providers provided below. There you will also find further information about your rights in this regard and setting options to protect your privacy.

(5) Addresses of the respective providers and URL with their data privacy statements:

Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.

9.    Subcontractors

We use subcontractors as part of the processing of personal data and conclude a contract with these processors in accordance with the requirements of Art. 28 GDPR.

The following is used as subcontractor for hosting the website:

Deutsche Telekom MMS GmbH

Riesaer Straße 5

01129 Dresden

GERMANY

https://www.telekom-mms.com/

10. Presence in social networks (social media)

As part of our online presence within social networks, we process data of the users active there. Personal data may also be processed outside the European Union. This can result in risks for the users because it could, for example, make it more difficult to enforce the rights of the users. Furthermore, user data is usually processed within social networks for market research and advertising purposes. For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data privacy statements and information provided by the operators of the respective networks.

Requests for information and the assertion of data subject rights can most effectively be asserted with the providers themselves. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.

11. Protection of personal data

We take technical and organizational measures in accordance with the data protection requirements to protecthe user's personal data. All our employees who are involved in the processing of personal data are obliged to maintain data secrecy and are trained accordingly. The user's personal data is encrypted using HTTPS when transmitted to the website.

12. Rights of data subjects

The user and other data subjects may demand from us the following rights in respect of their personal data under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right of access to the personal data concerned (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure ('right to be forgotten') (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to object to processing if data processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR (Art. 21 GDPR): see also the following reference to the right of objection pursuant to Art. 21 GDPR

  • Right to data portability (Art. 20 GDPR)

  • Right to revoke a given consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation, if the data processing is based on consent pursuant to Art. 6 (1) (a) or Article 9 (2) (a) GDPR

  • You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Art. 77 GDPR).

Reference to the right of objection according to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is related to such direct marketing.

13. Data protection supervisory authority and right of appeal

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the provisions of the GDPR.  The data protection supervisory authority responsible for us is:

Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz

Telephone: +49 (0) 6131 208-2449
Fax: +49 (0) 6131 208-2497
Website: https://www.datenschutz.rlp.de/   
E-mail: poststelle@datenschutz.rlp.de  

14. Data Protection Officer

You can contact our data protection officer at privacy@eckes-granini.com or our postal address with the addition "The data protection officer".

15. Updates to this Privacy Policy

From time to time, it is necessary to adapt the content of this privacy policy. We therefore reserve the right to change them at any time. We will post it in the same place as this Privacy Notice.

 

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and that the information should be checked before contacting us.

Data Privacy Statement

of Eckes-Granini Group GmbH

As of November 2025

Eckes-Granini Group GmbH (hereinafter referred to as "Eckes-Granini") operates the website accessible at the domain " www.granini.com " (hereinafter referred to as the "website") as well as mobile applications and external online presences such as social media profiles (hereinafter collectively referred to as the "online offering"). Below, we provide information about the collection of personal data when using this website and our social media profiles. Personal data is any data that can be related to you personally, e.g. name, address, email addresses, user behavior.

The controller pursuant to Art. 4 No. 7 GDPR is:

Eckes-Granini Group GmbH
Ludwig-Eckes-Platz 1
55268 Nieder-Olm
info@granini.com

All requests for information, correction, and deletion, objections or revocations of consent, assertions of the right to restrict processing or the right to data portability, as well as comments or questions from users regarding data protection, should be directed to this address.

Your data will be collected, processed, and used in accordance with the provisions of data protection law, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as, where applicable, the Telecommunications Digital Services Data Protection Act (TDDDG), as described in more detail below.

The processing of personal data is based on the legal principles of the GDPR listed below. If more specific legal principles apply in individual cases, we will inform you of this in the privacy policy.

•              If the data subject has given consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes - consent (Art. 6 (1) (a) GDPR).

•              If processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract - performance of a contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR) -.

•              If processing is necessary for compliance with a legal obligation to which we are subject - Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) -.

•              If processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party and does not outweigh the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data - Legitimate interests (Art. 6 (1) (f) GDPR).

1.    Collection of personal data for informational use

(1) When using the website for informational purposes only, i.e. if you do not log in, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. These are:

·         IP address

·         Date and time of the request

·         Time zone difference to Greenwich Mean Time (GMT)

·         Request content (specific page)

·         Access status/HTTP status code

·         Amount of data transferred in each case

·         Website from which the request originates

·         Browser

·         Operating system and its interface

·         Language and version of the browser software.

(2) Furthermore, cookies may be stored on your computer when you use the website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). A cookie typically contains the name of the domain from which the cookie originates, the "lifetime" of the cookie, and a value, usually a randomly generated unique number. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall. We only use cookies in accordance with legal requirements. This means that we always obtain revocable consent, unless such consent is not required by law. This applies in particular if the storage and retrieval of information, including cookies, is absolutely necessary in order to provide our online services.

We process personal data with the help of cookies on the basis of various legal grounds. If consent has been given, the legal basis for processing is the declared consent. If consent has not been given and the cookies are necessary, the data processed using these cookies is processed on the basis of our legitimate interests (e.g., in the economic operation of our online offering and improvement of its usability) or, if this is done in the context of fulfilling our contractual obligations, in order to fulfill our contractual obligations. We explain the purposes for which we process cookies in this privacy policy or as part of our consent and processing procedures.

 We use a solution from Papoo Software & Media GmbH to manage cookies and your consent in this regard. Within the scope of order processing, we therefore transfer personal data (consent data) to Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany, as the order processor. By consent data, we mean the following data: date and time of visit or consent/rejection, device information. The data is processed for the purpose of complying with legal obligations (duty of proof pursuant to Art. 7 (1) GDPR) and the associated documentation of consent, and thus on the basis of Art. 6 (1) lit. c) GDPR. Local storage is used to store the data. The consent data is stored for 3 years. The data is stored in the European Union. Further information on the data collected and contact details can be found at https://www.ccm19.de/datenschutzerklaerung. Details on the cookies used and the option to consent to the use of cookies can be found in the consent settings. There you can also revoke your consent.

2.    Collection of personal data for personalized use

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you will usually need to provide additional personal data, which we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly. We only collect, process, and use personal data that is necessary for your use of the website and/or the fulfillment of a contract concluded with us, or that you provide yourself. This includes, in particular, the following inventory data and usage data, which may be transmitted via forms on our website:

·         Company

·         Name (consisting of salutation, title, first name, last name, and gender)

·         Address

·         Telephone

·         Fax

·         Email

·         Date of birth

·         User registration and login details

·         Sales tax identification number (optional)

(2) We use inventory data and usage data to establish, develop, modify, or terminate a contractual relationship with you, to fulfill our contractual obligations, to enable the user to log in to the website, and to contact you if you request this or if it is necessary within the scope of the contractual relationship or permitted by law.

With the exception of data collected by the third-party providers listed below, personal data is stored and processed within the European Union.

3.    Deletion periods

Unless otherwise described in this privacy policy or when processing data via the contact form provided on the website, we only store your data for as long as we need it, e.g., to process a request you have submitted to us. Your personal data will therefore be deleted after your request has been processed, unless otherwise agreed. Inventory data will be deleted two years after the end of the contractual relationship at the end of the calendar year, unless longer storage is necessary and legally permissible.

4.    Statistical anonymous evaluation of usage data

We are entitled to create usage profiles using pseudonyms for the purposes of advertising, market research, or the needs-based design of the website, provided you do not object to this. In particular, we evaluate the usage data anonymously for statistical purposes in order to design the website in line with requirements. You can object to this use of your personal data by notifying us.

5.    Use of Google Analytics

(1) We use Google Analytics to measure and analyze the use of our website based on a pseudonymous user identification number. The user identification number is used to assign analysis information to a device in order to identify which content the users of the device have accessed within one or more usage processes, which search terms they have used, which they have accessed again, or when and for how long they have interacted with our website online offering, without containing any unique data such as names or email addresses. Pseudonymous user profiles are created using information from the use of various devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for users from the EU. However, Google Analytics provides rough geographical location data derived from the structure of the IP address. For users from the EU, IP address data is used exclusively for this derivation of geolocation data before it is deleted. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before traffic is forwarded to Analytics servers outside the EU for processing.

(2) The service provider for Google Analytics is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://marketingplatform.google.com/intl/de/about/analytics/). The privacy policy can be found at https://policies.google.com/privacy. We have concluded a data processing agreement with Google Ireland Limited, the content of which can be viewed here: https://business.safety.google/adsprocessorterms. The basis for the transfer to third countries is the EU-US Data Privacy Framework (DPF) and standard contractual clauses (https://business.safety.google/adsprocessorterms). You can object to this use of your personal data as follows: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de; settings for the display of https://myadcenter.google.com/personalizationoff?hl=de. Further information on Google Analytics, the types of processing, and the data processed can be found at https://business.safety.google/intl/de/adsservices/

 

6.    Use of Google Consent Mode

We use Google Consent Mode on our website, a feature provided by Google that allows us to ensure compliance with data protection regulations and cookie consent regulations. Google Consent Mode enables us to take your consent settings into account, particularly in connection with the use of Google products such as Google Analytics and Google Ads.

Google Consent Mode works by collecting information about whether you have consented to the use of cookies and other tracking technologies on our website. Based on this information, Google Analytics will or will not collect and send data from your current session.

If you have not consented to the use of cookies, no information about your online activities will be shared with Google Analytics or Google Ads.

7.    Use of Friendly Captcha

We use the "Friendly Captcha" service (http://www.friendlycaptcha.com) on our website. This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha is a new, privacy-friendly protection solution that makes it more difficult for automated programs and scripts (known as "bots") to use our website.
To this end, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's device solves the calculation task, which uses certain system resources, and sends the calculation result to our web server. The web server contacts the Friendly Captcha server via an interface and receives a response indicating whether the puzzle has been solved correctly by the device. Depending on the result, we can apply security rules to requests via our website and, for example, process or reject them. The data is used exclusively for the protection against spam and bots described above.
Friendly Captcha does not set or read any cookies on the visitor's device.

IP addresses are only stored in hashed (one-way encrypted) form and do not allow us or Friendly Captcha to identify an individual.

If personal data is stored, this data is deleted within 30 days. The legal basis for processing is our legitimate interest in protecting our website from misuse by bots, including spam protection and protection against attacks (e.g., mass requests), Art. 6 (1) lit. f GDPR.

Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.

8.    Email newsletter

(1) If you give your separate consent, we may send you information about the use of the website and general customer information (email newsletter) by email. Your consent will be logged and you can access the content of the consent and this notice at any time. You can revoke your consent at any time with effect for the future. In particular, you can object to processing for direct marketing purposes. The registration process is logged on the basis of our legitimate interests for the purpose of verifying that it has been carried out properly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

(2) Before we delete them, we store unsubscribed email addresses for up to three years based on our legitimate interests, solely for the purpose of defending against possible claims, in order to be able to prove that consent was previously given. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address in a block list for this purpose only.

9.    Integration of third-party services

(1) We have integrated YouTube videos into our online offering, which are stored on www.YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode," which means that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transferred. We have no influence on this data transfer. We have also integrated content from the following third-party providers on this website: Google Maps.

(2) When you visit the website, the third-party provider receives information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section 1.(1) of this statement is transmitted. This occurs regardless of whether this third-party provider provides a user account through which you are logged in or whether no user account exists. If you are logged in to the plug-in provider, this data is directly assigned to your account. If you do not want this assignment to your profile with the third-party provider, you must log out before activating the button.

(3) The third-party provider stores this data as usage profiles and uses it for the purposes of advertising, market research, and/or the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising. You have the right to object to the creation of these user profiles, whereby you must contact the respective third-party provider to exercise this right.

(4) Further information on the purpose and scope of data collection and its processing by the third-party provider can be found in the privacy policies of these third-party providers, which are provided below. There you will also find further information on your rights in this regard and settings options for protecting your privacy.

(5) Addresses of the respective providers and URLs with their privacy policies:

Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.

10. Hosting and deployment (Netlify Enterprise)

Type of data processing
When you visit our website, technical information such as your IP address, browser type, operating system, referrer URL, and access time is automatically processed. This data is necessary to deliver the website correctly and to ensure system security.

Purpose and legal basis of processing
Our website is hosted and provided via the Netlify Enterprise service. Processing is carried out in accordance with Art. 6 (1) (f) GDPR (legitimate interest) to ensure the secure and high-performance delivery of our content.

Recipients of the data
The recipient of the data is exclusively the aforementioned service provider (Netlify Enterprise), which acts as a processor in accordance with Art. 28 GDPR. The data is not passed on to third parties.

Hosting and data transfer
The service is provided via Netlify Enterprise servers located within the European Union or for which an adequate level of data protection is ensured in accordance with Art. 45 ff. GDPR. On July 10, 2023, the European Commission issued an adequacy decision for the US under the EU-US Data Privacy Framework (DPF). This certifies that personal data transferred to the US – specifically to DPF-certified companies such as Netlify – receives a level of data protection that complies with the EU General Data Protection Regulation. Netlify is contractually obliged to comply with the GDPR. Appropriate technical and organizational measures are taken in accordance with Art. 32 GDPR to ensure the security of your data.

Privacy Shield certification: Netlify is certified under the EU-U.S. Data Privacy Framework (successor to the Privacy Shield). This certification confirms that the provider is committed to complying with EU data protection standards. Further information on the certification can be found here: https://www.dataprivacyframework.gov/.

Storage period
Server log data is only stored for as long as is necessary to ensure operation and for error analysis, or as long as there are legal retention obligations.

11. Contact forms (SendGrid & DigitalOcean)

Type of data processing
The personal data you enter in the contact form (e.g., name, email address, message) is transmitted to the SendGrid service via an API-based solution and stored and processed there in compliance with the GDPR on servers within the European Union. SendGrid acts as a processor in accordance with Art. 28 GDPR.

Purpose and legal basis of processing
Your data is processed via our contact forms for the purpose of handling your request in accordance with Art. 6 (1) (a) GDPR (consent) and, where applicable, Art. 6 (1) (f) GDPR (legitimate interest in efficient communication with consumers, customers, or other third parties).

The technical transmission of the data is carried out via servers from DigitalOcean, which are also contractually obliged to comply with the GDPR. Appropriate technical and organizational measures are taken in accordance with Art. 32 GDPR to ensure the security of your data.

Recipients of the data
The recipients of your data are exclusively the aforementioned service providers (SendGrid and DigitalOcean), who act as processors and are contractually obliged to comply with the provisions of the GDPR. The data will not be passed on to third parties.

Storage period
Your data will only be stored for as long as is necessary to process your request or as long as there are legal retention obligations.

12. Job advertisements (Cornerstone & DigitalOcean)

Type of data processing
The job vacancies listed on our careers page originate from our Cornerstone applicant tracking system. Two exports from Cornerstone are used for this purpose, which are temporarily stored on DigitalOcean servers and technically processed in order to display the job advertisements correctly.

No personal applicant data is processed or stored. The data only includes job information such as job title, location, and description.

Purpose and legal basis of processing
The processing of data in connection with the display of job vacancies on our website is carried out in accordance with Art. 6 (1) (f) GDPR (legitimate interest) in order to provide you with current job vacancies.

Applicant data
All personal data that you provide in the context of an application will be processed exclusively in Cornerstone. Cornerstone acts as a processor in accordance with Art. 28 GDPR. For more information on the processing of your applicant data via Cornerstone, please refer to Cornerstone's privacy policy: [https://www.cornerstoneondemand.com/de/client-privacy-policy/].

Hosting and security
Job advertisements are temporarily stored on DigitalOcean servers within the European Union. DigitalOcean is contractually obliged to comply with the GDPR. Appropriate technical and organizational measures are taken in accordance with Art. 32 GDPR to ensure the security of the data.

Recipients of the data
The recipients of the data are exclusively the aforementioned service providers (Cornerstone and DigitalOcean), who act as processors and are therefore contractually obliged to comply with the provisions of the GDPR. The data will not be passed on to third parties.

 

13. Presence on social networks (social media)

As part of our online presence on social networks, we process data from users who are active there. This may also involve the processing of personal data outside the European Union. This may pose risks for users, as it could make it more difficult for them to enforce their rights, for example. Furthermore, user data within social networks is generally processed for market research and advertising purposes. For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Requests for information and the assertion of data subject rights can be most effectively asserted with the providers themselves. Only the providers have access to the user data and can take appropriate measures and provide information directly. However, if you still need help, you can contact us.

14. Protection of personal data

We take technical and organizational measures in accordance with data protection requirements to protect the user's personal data. All our employees who are involved in the processing of personal data are bound to data secrecy and have been trained accordingly. The user's personal data is encrypted using HTTPS when transmitted to the website.

15. Rights of data subjects

Users and other data subjects have various rights in relation to their personal data under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

  • Right of access to the personal data concerned (Article 15 GDPR)

  • Right to rectification (Article 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Article 18 GDPR)

  • Right to object to processing if the data processing is based on Art. 6 para. 1 lit. e or lit. f GDPR (Art. 21 GDPR): see also the following note on the right to object under Art. 21 GDPR

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal, if data processing is based on consent pursuant to Art. 6 (1) (a) or Article 9 (2) (a) GDPR

  • You also have the right to complain to a data protection supervisory authority about our processing of your personal data (Article 77 GDPR).

 

 

Reference to the right to object pursuant to Article 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

 

16. Data protection supervisory authority and right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR. The data protection supervisory authority responsible for us is:


The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, P.O. Box 30 40, 55020 Mainz
Phone: +49 (0) 6131 8920-0
Fax: +49 (0) 6131 8920-299
Email: poststelle@datenschutz.rlp.de  

17. Data protection officer

You can contact our data protection officer at privacy@eckes-granini.com or at our postal address with the addition "The Data Protection Officer."

18. Updates to this privacy policy

From time to time, it is necessary to adapt the content of this privacy policy. We therefore reserve the right to change it at any time. We will publish the amended version of the privacy policy in the same place as this privacy policy.

 

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that the addresses may change over time and the information should be checked before contacting them.