Data privacy statement
General advice and required informations
Responsible person/instution for the data processing
Responsible for the data processing of this website is:
FRUCHTWERK e.K.
Owner: Peter Eppinger
Hanauer Strasse 68
80993 München
E-mail: info@fruchtwerk.de
Phone: 089-14904560
Fax: 089-14904562
The responsible person/institution decides alone, depending on the situation at hand sometimes together with third parties, about the specifics of the provessing of personal informations (e.g. Adress-/Contact-data, names etc.). Part of the specifics are especially purpose and instruments as well as scope of the data processing.
Rescission of data processing consent
Some data processing requires your consent and will be illegal without it. This consent can be rescinded everytime without formal requirements, e.g. vocal. An email is also sufficient and easier. The data processing been executed until the rescission stays valid even in case of a rescission and remains untouched by the rescission. You have the right to always ask, which consent for which data processing has been given by you.
Complaint / competent authority
If you are affected by a data breach or data privacy law violation, you can file a complaint with the competent data protection authority. For us as a munich-based company, the data protection commissioner (Datenschutzbeauftragter) of Bayern is the competent authority. Its contact specifics can be found here: https://www.datenschutz-bayern.de/
Right to data portability
If data processed by us are related to you and are processed because of an contract or because of your permission, you can demand us to transfer these data to your or to third parties named by you. We transfer these data in a machine readable format. Transfers will only take place if technical possible.
SSL- resp. TLS-encryption
The websites traffic is encrypted according to the modern SSL- resp. TLS-encryption standarts. The date/contenc send from you to the website or from the website to you is therefore encrypted and unreadable for third parties. The encryption can be recognized with the string "https://" in the adress-line of your browser and, depending on your browser, with the padlock-symbol of your browser.
Server-log-files
The company running the server raises and saves automatically these data send by your browser automatically:
- Type of browser and version of the browser
- Operating system
- Refferer-url
- Hostname of the requesting computer
- Time of the server-request
- IP-Adress
These data will not be merged with other data sources. The IP-adress will only be saved for the duration of the visit to the website, in case of cyber-attacks until the final analysis and, if happening, until the criminal investigation and enforcement of civil law claims. Legal basis for the data processing is Art 6 para 1 letter b GDPR, which allows the processing of data for the execution of a contract oder per-contact measures.
Data transfer in case of contract closure for the following contract execution
Personal data will only be transferred to third parties, if the contract execution requires it. Third parties can be payment solution provides or server companies (e.g. for the defense against cyber-attacks). Legal basis for the data processing is Art 6 para 1 letter b GDPR, which allows the processing of data for the execution of a contract oder per-contact measures.
For processing and executing the order, your name, the ordered goods as well as the name and adress of your employer and your specific place of work (office number) are recorded, together with your email adress. Name, specifics of ordered goods are required for the billing, name, adress of the employer and the specific place of your working place for the execution of the order/delivery of goods. The email-adress is required for the order confirmation. The client can renounce to give the email adress, but then takes the risk of misunderstandings, which can not be cleared due to lack of confirmation.
The order processing happens with a web form of the company Typeform. The data typed in the webform are sent to us,Typeform will not disclose the data to third parties unless required by law. Typeform means TYPEFORM S.L., Bac de Roda 163, 08018 Barcelona, Spain, their data privace statement can be found here https://admin.typeform.com/to/dwk6gt.
You can always ask for a list of third parties which received data related by you.
External payment service providers
We use external payment service providers whose platforms allow users and us to make payment transactions. These payment service providers may include, in each case with a link to the privacy policy: Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html), JCB (http://www.jcbeurope.eu/en/privacy/index.html), Diners Club (https://www.dinersclub.de/ueber-uns/datenschutz.html).
Stripe is the software platform for online payment processing (https://stripe.com/privacy).
As part of the fulfillment of contracts, we set the payment service providers on the basis of Art. 6 para. 1 lit. b. DSGVO. Incidentally, we use external payment service providers on the basis of our legitimate interests. Art. 6 Abs. 1 lit. f. DSGVO in order to offer our users effective and secure payment options.
Amongst the data processed by the payment service providers are inventory data, e.g. the name and the address, bank data, e.g. Account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, summary and recipient-related information. The information is required to complete the transactions. However, the data entered will only be processed and stored by the payment service providers. So we do not receive any account or credit card information, but only information with confirmation or negative disclosure of the payment. The data may be transmitted by the payment service providers to credit reporting agencies. This transmission aims at the identity and credit check. For this we refer to the terms and conditions and privacy policy of payment service providers.
For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are available within the respective websites, or transactional applications apply. We also refer to these for further information and assertion of rights of revocation, information and other data subjects.
Contact / email
We don't use any contact form, only a clickable email-adress. If you want to send us an email, we will save your email-adress und the content fo your email in order to be able to answer your request und to be able to better understand follow-up requests in the context of your prior emails. These date will not be transferred to third parties without your consent.
The processing of the data send by mail happen only with your consent (Art 6 para 1 letter a GDPR). That consent can be rescinded without formal requirements, e.g. vocal or by email. The data processing happened until the time of rescission will stay untouched by this and still legal.
We will storage data sent by Email until your deleting request, your rescission of your consent or until no requirement for strage exists anymore. Untouched by this data can stay storaged if and when legal requirements, especially safekeeping periods demand it.
Automated decisions / profiling / Right for informations about this
We do not use automated decision-making systems based on your data, and we do not create profiles based on your data. You can always request information about whether this has changed. If this will change, this clause will be changed, too, and you qould have the right to further informations about the used automated decision making systems/profiling systems etc.
You have additonal rights:
Right for confirmation and disclosure:
You can alsways demand a confirmation about whether or not personal data related to you are processed. If this is true, you can demand disclosure of all storaged data related to you included a copy of these data free of charge. Additionally, you can demand disclosure of the purpose of the data processing, the categories of the data, the recipients or categories of recipients getting disclosures of the data, especially recipients in non-EU-countries or international organisations, as well as the period of the storaging (or, if the period is not decided about, the criterias of said decision making process), the existence of a right of deletion/correction/processing limitation resp. the possibility of an objection against the processing, the complaint with a competent authority and about all available informations about the provenience of the data and the existence of an automated decision making process inkluding profiling and the logic used as well as the reach/targeted consequences.
If data are being transferred to non-EU-countries or an international organisation, you have the right to demand an explanation of possible garanties as regulated in Art 46 GDPR.
Furthermore, you can demand the correction of incorrect data related to you, including the completion of incomplete data.
Additionally you can demand to be "forgotten", meaning the immediate deletion of all data related to you, if a) the personal data are not necessary anymore, b) you have rescinded the consent to the data processing and not further legal reason for the data processing still exists, c) you objected and no higher-ranking reasons for the data processing exists, d) the data have been processed illegally, e) the law (incl. EU-law) demands the deletion, f) the data have been raised in connection with data-companies according to Art 8 para 1 GDPR.
If we made the data open to the public and are required to delete them, we will take all approbriate measures to inform the persons/institutions responsible for the data processing about your deletion demand.
Right for processing limitation
You can demand us to limit the data processing, if and when a) the correctness of the data is challenged by you (but only for the time we need to check this), b) the processing is unlawful and you refused the deletion, but demanded the use-limitation, c) we do not need the data anymore, but you still need them for legal actions, d) you filed a complaint, but we have not yet decided about the complaint.
Right for objection
Furthermore, you have the right to object to the processing of data related to you. In that case, we will not process your data anymore, if and when we can not prove reasons for the processing being compulsively worthy of protection which weigh more that your interests, rights or freedoms, or the data processing is not necessary for legal actions.
If and when the data protection serves the direct advertising, you always have the right to object to this data processing.