Privacy statement (information obligations in accordance with Art 13 GDPR)

We believe that data protection should be transparent, intelligible and, most importantly, fair to all parties. The aim of this privacy statement is therefore on the one hand to inform you which of your personal data we collect and use, whether these data may be disclosed to third parties and, if so, to which, how long we store your data and what rights you have if you have any objection to our reasonable use of your data. If you still have any questions after you have read this comprehensive privacy statement, please do not hesitate to contact us using the contact details below.

Definitions

In order to start from the same premises, we would like to clarify some definitions at this point. This will ensure that everyone involved knows what we mean in the following statement.

Personal data:

This is any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing:

Processing is any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing:

This means the marking of stored personal data with the aim of limiting their processing in the future.

Profiling:

Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements is called profiling.

Pseudonymisation:

Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller:

This is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Recipient:

Any natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party:

This is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent:

This means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifiesx agreement to the processing of personal data relating to him or her.

1. Name and contact details of the controller

The controller for the data processing is

fruit.select GmbH
Mühlstr. 10
88085 Langenargen
Germany

You can contact us by post, by email at info@fruit-select.de or by telephone on +49 (0) 7543/912926.

2. Collection of personal data during use for information purposes

If you use our website purely for information purposes, i.e. you do not register or send any further information to us, we shall only collect the personal data that your browser transfers to our server. If you wish to access our website, we collect the following data that is technically necessary for us in order to present our website to you and to guarantee stability and security (the legal basis for this is sentence 1 of Art. 6 (1) (f) GDPR):
  • IP address
  • Date and time of access
  • Content of the request (specific site)
  • Access status / HTTP status code
  • Amount of transferred data>
  • Website the request has come from
  • Browsertyp and -version
  • Operating system and interface

3. Use of cookies

(1) On our website we use cookies. Cookies are small text files that are stored and assigned to the browser by a characteristic string you have used on your hard drive and via which information is provided to the entity that places the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore not do any harm. They serve to make the website generally more user- friendly and effective, thus more pleasant for you.

(2) Cookies may contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user.

(3) A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between following cookies:

  • Technical cookies: these are compulsory to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they store which web pages you have visited;
  • Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you – all information collected is anonymous and is only used to improve our website and find out what our users are interested in;
  • Advertising cookies, targeting cookies: these are used to provide the website user with tailored advertising on the website or third party offers and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
  • Sharing cookies: these are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months
(4) Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 para.1 p.1 lit.a GDPR. This applies in particular to the use of advertising, targeting or sharing cookies. Furthermore, we will only pass on your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Art. 6 para.1 p.1 lit. a GDPR.

(5) We use following cookies on our website:

name purpose categorie storage time
Pll_language this cookie helps us to remember the language you have selected technical cookie end of session
(6) You can determine for yourself whether cookies can be set and accessed through the settings in your browser. You can, for example, completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser to automatically inform you as soon as a cookie is to be set and asks you for feedback. You can block or delete individual cookies. However, for technical reasons, this may result in some functions of our website being impaired and no longer fully functioning.

(7) If cookies are only used on our website with your consent, you can also make the settings mentioned in paragraph 6 in our Cookie Consent Tool.

4. Use of our website’s functions

(1) In addition to using our website for purely informative purposes, we also offer various services that you can use if you are interested. You will usually need to provide additional personal data for this, which we use in order to provide the respective service. If other details are optional, these are identified accordingly.

(2) When contacting us by email or using the contact form, we will store your email address and, if y

5. Transfer of data to third parties

(1) We will only disclose your data to third parties if we offer special offers, competitions or the joint conclusion of contracts with a third party provider. In this case, you will be informed specifically about the transfer to third parties before the disclosure of your data.

(2) In some cases, we use external service providers to process your data. These have been carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly monitored by us. The service providers will not pass on this data to third parties. Insofar as these service providers are located in the USA, we will inform you of this in connection with the respective functions. This data processing also occurs in accordance with the applicable legal situation.We would like to point out that there is currently no adequate level of data protection in the USA and there is also no adequacy decision on the part of the EU Commission.

Please also note that due to the CLOUD Act and other regulations (e.g. intelligence collection powers under Section 702 FISA and Executive Order 12 333), US authorities may access this data and you will not have the data subject rights in the US as you do within the EU.

5.1.Use of Google Web Fonts

(1) This site uses so-called web fonts provided by Google for a uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If your browser doesn’t support web fonts, a standard font is used by your computer.

(2) Further information on Google web fonts can be found at https://developers.google.com and in Google’s privacy policy: http://www.google.com/intl/de/policies/privacy. Google also processes your personal data in the USA. We would like to point out that there is currently no adequate level of data protection in the USA and there is also no adequacy decision on the part of the EU Commission. Please also note that due to the CLOUD Act and other regulations (e.g. intelligence collection powers under Section 702 FISA and Executive Order 12 333), US authorities may access this data and you will not have the data subject rights in the US as you do within the EU.

6. Recipients or categories of recipients

If we disclose your personal data to third parties, you will be explicitly informed of this in the description of the respective data processing (e.g. when using our contact form). Of course, we also use external service providers for the technical and organisational processing with whom we have concluded corresponding order processing contracts within the meaning of Art. 28 GDPR. These are e.g. service providers for web hosting, sending email, the maintenance and servicing of our IT systems, etc.

7. Storage period

Your data will be stored for as long as it is absolutely necessary to achieve the respective purpose, but for no longer than is required by any legal regulations (e.g. under commercial law we are obliged to store business letters, which may also include emails, for 10 years).

As soon as the purpose of storage no longer applies or a storage period prescribed by the aforementioned regulations expires, the personal data will be routinely blocked or deleted.

8. Your rights

This section provides you with detailed information about the rights to which you are entitled.

8.1. Right to Information

You have the right to obtain information from us at any time as to whether personal data relating to you is being processed by us. In this case, you have the right to be informed of the information specified in the second half of Art. 15 para.1 2 GDPR.

You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.

8.2. Right to rectification

Furthermore, in accordance with Art. 16 GDPR, you have the right to demand us to correct any inaccurate personal data relating to you without delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

8.3. Right to erasure (‘right to be forgotten’)

You also have the right to request that we erase personal data concerning you without undue delay. We are obliged to comply with this request and to erase personal data unless we are obliged or entitled to continue to process your data. Please refer to Art. 17 GDPR for more details on this.

8.4. Right to restriction of processing

You have the right to request from us restriction of processing if the statutory prerequisites in accordance with Art. 18 GDPR are met.

8.5. Right to information

You have the right to request from us restriction of processing if the statutory prerequisites in accordance with Art. 18 GDPR are met.

8.6. Right to Data Portability

You have the right to request from us restriction of processing if the statutory prerequisites in accordance with Art. 18 GDPR are met.

8.7. Right to object

Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on lit. e or f of Art. 6 para.1 GDPR, including profiling based on those provisions.

We will no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to object to processing of data for direct marketing purposes

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

8.8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8.9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is authorised on the basis of legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests or
  3. is done with your explicit consent.
However, these decisions may not be based on special categories of personal data referred to Art. 9 para.1 GDPR, unless Art. 9 para.2 lit a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in a) and c), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

8.10. Right of complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Our responsible supervisory authority is:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit

(State Commissioner for Data Protection and Freedom of Information)

Königstrasse 10a
70173 Stuttgart
Ph: +49 (0)711/615541-0
Fax: +49 (0)711/615541-15
Email: poststelle@lfdi.bwl.de
Internet: https://www.baden-wuerttemberg.datenschutz.de

9. Legal bases for processing

Unless already mentioned in the individual processing operations under the previous sections, the legal bases according to which we process data are shown below.

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para.1 lit. a of the EU General Data Protection Regulation (GDPR) serves as legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para.1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.

Art. 6 para.1 lit c GDPR is the legal basis if the processing of personal data is necessary for compliance with a legal obligation to which our company is subject. Art. 6 para.1 lit. d GDPR serves as legal basis if processing personal data is necessary due to the vital interests of the data subject or of another natural person.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para.1 lit. d GDPR serves as legal basis for the processing.

10. No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data.