1. Scope of application
The protection of personal data is an important concern for us. With the following information on data protection, we would like to explain to you which personal data we process for which purposes while you are using our website, our Internet and, after concluding a membership agreement, our services. The following information applies to all content on foodtechcampus.com (or foodtechcampus.de) (hereinafter “Offer” / “Website”). This includes, for example, newsletters for which you register.
The provider responsible for this content is EDEKA DIGITAL GmbH, New-York-Ring 6, 22297 Hamburg, telephone: 40-63770, firstname.lastname@example.org (hereinafter referred to as the “responsible party”). The legal basis for data protection can be found in the EU General Data Protection Regulation (hereinafter GDPR) and the Federal Data Protection Act (BDSG).
2. Definitions of terms
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
3. Types of personal data
“Access Data” is data about each access to the server on which our website is located. Access data includes the date and time of access, URL (address) of the referring website, file accessed, amount of data sent, HTTP response code, browser type and version, any browser extensions, width, and height of the browser window, colour depth, operating system, and IP address.
We and third-party providers set cookies on the access device, which are small files in which the web browser you use stores information about visited web pages sent by the web server. This can be information about the page visit such as duration, login data, user input or similar information. We distinguish between essential and non-essential cookies. While the former is mandatory for the operation of the site, the latter can greatly simplify and improve your browsing experience on our sites, but they are not necessary. Therefore, for non-essential cookies, we will seek your consent before we or any third-party service providers we use set such cookies on your access device. You have the possibility to adjust your cookie settings under the following link: https://foodtechcampus.de/#gdpr_cookie_modal.
On our website we have several input forms available: Contact Form, Newsletter Registration and Membership Application Form. We process the personal data that you enter in the respective form (e.g., surname, first name, e-mail address, telephone number, password, address).
4. Purpose of Processing
We collect the access data for security reasons to combat fraud and abuse, as well as for statistical recording of website use and to optimise our website. The legal basis for this processing is Art. 6 para. 1 sentence 1 f GDPR. For the processing of the IP address by third-party providers, see section 6.
Integration of third-party services
Personal data that you enter in forms or provide to us
If you enter personal data via the forms on our website and transmit it to us, the purpose of the data processing results from the respective form, e.g., contact form, newsletter registration and the application form for membership. If you provide us with data via our contact form or by other means, the purpose of the data processing also depends on your request. Depending on the nature of your request, it may be necessary for us to pass on your data (name, address, contact details) to other companies in the EDEKA Group so that we can process your request effectively.
In the case of a speculative application, we will only pass on your application data to other companies in the EDEKA Group if you have consented to this. The legal basis for the data collection is Art. 6 (1) a and f GDPR. Our legitimate interest in the collection of data within the meaning of Art. 6 (1) f GDPR arises from the fact that we cannot process your request without your data.
Regarding direct advertising, we refer to section 5 (legal basis Art. 6 para. 1 sentence 1 a and f GDPR).
5. Advertising, newsletter
If you agree, the provider will inform you at regular intervals about everything worth knowing about our services, but also about news from the EDEKA world, pictures, downloads (hereinafter “information”). You can sign up for the provider’s newsletter on the website. If you wish to receive information, we require a valid e-mail address from you. Further data will not be collected. Please note that our newsletter service is only intended for persons who have reached the age of 16.
The registration for our newsletter takes place in a so-called double opt-in process. This means that you will receive an e-mail after registration in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. The newsletter is sent based on consent pursuant to Art. 6 (1) sentence 1 a GDPR. The storage of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f GDPR. You can revoke your consent to the storage of the data, the e-mail address, and their use for sending information at any time with effect for the future. The revocation can be made via a link in the newsletters or promotional emails sent to you or by sending a message to the contact options below.
6. Integration of third-party services
If we disclose data to other persons and companies within the scope of our data processing, transfer it to them or grant them access in any other way, this will only be done based on legal permission. In some cases, we use other companies as processors. For this purpose, we conclude corresponding agreements based on Art. 28 GDPR. We also reserve the right to disclose your personal data to the competent authorities in cases of abuse.
We use anonymised tracking via AT Internet to evaluate user behaviour on the website anonymously and without using cookies. This allows us to generate data on the entirety of users even without their consent to the use of the relevant cookies, to optimise the website in line with the target group. A legal basis is not required, as this is a completely anonymised tracking, and no cookie is set. The recipient of the anonymised data is: AT Internet, 85 avenue Président JF Kennedy 33700 MERIGNAC France.
We use Typeform by TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain (Typeform) for our contact forms. This allows us to provide you with an easy way to contact us. To do this, we pass on your email address to Typeform. Typeform is a recipient of your personal data and acts as a processor for us. The processing of the data provided under this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot provide you with a contact form. However, you can contact us at the e-mail address given above. The data will be stored exclusively for the purpose of transmitting enquiries and responding to them. The obligatory data serve the allocation and the answer of your request. The deposited data will be stored on the servers of TYPEFORM SL until the purpose for the processing ceases to apply or the consent to the processing has been revoked. You can request information about the personal data concerned. You also have the right to rectification, erasure, restriction of processing, objection, and data portability. Your given consent to processing can be revoked at any time with effect for the future. To do so, please send us an e-mail to email@example.com
In addition, Typeform collects the following personal data with the help of cookies: Information about your terminal device (IP address, device information, operating system, browser settings). Also, usage data is collected such as the date and time when you used the contact form. Typeform requires this data to ensure the presentation of the contact form and its functionality. This corresponds to Typeform’s legitimate interest (according to Art. 6 Para. 1 lit. f GDPR) and serves the execution of the contract (according to Art. 6 Para. 1 lit. b GDPR). You can find further information at: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data
You can find further information on objection and removal options of Typeform at: https://admin.typeform.com/to/dwk6gt. The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. The revocation can be made via the specified contact options. Your data will be processed as long as a corresponding consent exists. By declaring the revocation, the legality of the processing carried out so far is not affected.
Eventbrite as an order processor provides us as the organizer with all relevant data about the participants of an event. We use the data for the preparation and follow-up of the event. For a better future planning of the event offer, we use data about the participation in events to investigate the use and utilization of the events. In addition, users receive post-event information via email and are contacted by us to advise of similar events in the future. You have the option at any time to object to the use of your data for advertising purposes in the future by sending an email with your request to firstname.lastname@example.org.
To maintain contact, we use the customer relationship management system of Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia (“Pipedrive”). Through the contact form, we collect contact information from potential members such as name, company, email address and phone number. The servers of Pipedrive that we use are located within the European Union. The legal basis is Art. 6 para. 1 lit. a GDPR. Further information on Pipedrive’s data processing and data protection can be found here: https://www.pipedrive.com/en/privacy
If you neither register nor log in as a visitor, we collect the following data in so-called log files that your browser transmits: IP address, date and time of the request, time zone difference to Greenwich Mean Time, Content of the request, HTTP status code, amount of data transferred, website from which the request came and information about the browser and operating system. This is necessary to display our website and to ensure stability and security. This corresponds to our legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR.
We use the following hoster for the provision of our website: Host Europe GmbH, Hansestrasse 111, 51149 Cologne. This is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f GDPR, not to have to maintain a server on our premises ourselves. You can find further information on objection and removal options vis-à-vis Host Europe at: https://www.hosteurope.de/AGB/Datenschutzerklaerung/
You have the right to object to the processing. Whether the objection is successful is to be determined in the context of a balancing of interests. The aforementioned data will be deleted as soon as they are no longer required to display the website. The processing of the data indicated in this section is not required by law or by contract. The functionality of the website is not guaranteed without the processing.
We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This allows us to contact subscribers directly. In addition, we analyse your usage behaviour to optimise our offer. For this purpose, we pass on the following personal data to Mailchimp:
Type of membership
Mailchimp is a recipient of your personal data and acts as a processor for us as far as the dispatch of our newsletter is concerned. The processing of the data provided in this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot send you a newsletter.
Mailchimp additionally collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no influence on this process. For more information on how to object to and remove Mailchimp, please visit: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts.
Where a membership agreement is entered, we use the services of OfficeRnD Limited, 84 Eccleston Square, London, SW1V 1PX, UK. OfficeRnD is a digital coworking management platform and enables us the automation of administrative tasks, management of our workstations and meeting rooms, and a platform for communication with our members. For this purpose, all information listed in the contract is entered into OfficeRnD. OfficeRnD also acts as a member portal for networking and communication among our members. For this purpose, sensitive data such as name, address, e-mail address and mobile phone number are visible to all members. This can be changed at any time by sending a written request to email@example.com. The legal basis is Art. 6 para. 1 lit. b GDPR. For more information on how OfficeRnD protects your data, please visit their website: https://www.officernd.com/security/
You can also find us on social networks of other companies, such as Facebook or Twitter. We have integrated individual functions of these networks into our online offer. However, you can only use both if you are registered and logged in to the respective social network. Please note that the use of the respective social network is subject to the usage and data protection provisions of that company, over which we have no influence. However, we will be happy to explain to you how these networks process your personal data in this context:
We have integrated components of the company Facebook on this website. Facebook is a social network. The operating company of Facebook is Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. The controller of personal data is Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, if a data subject lives outside the USA or Canada. Each time one of the individual pages of this website operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_DE. Within the scope of this technical procedure, Facebook receives knowledge of which specific sub-page of our website is visited by the data subject. If the data subject is logged into Facebook at the same time, Facebook recognises which specific sub-page of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook components integrated on our website, this Facebook buttons, for example the “Like” button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged into Facebook at the same time as calling up our website, regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, he or she can prevent the transmission by logging out of his or her Facebook account before accessing our website. The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress the transmission of data to Facebook. Such applications can be used by the data subject to suppress the transmission of data to Facebook.
7. Duration of the processing
For security reasons (e.g., to clarify misuse or fraud), the access data is stored on the servers of our hosting provider for a maximum period of 90 days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been conclusively clarified.
Cookies and IP addresses processed by third parties
Cookies used by us are stored for 12 months after your last visit. As far as cookies and IP addresses are processed by third parties, we have no influence on the duration of the processing. You can find the links to the data protection declarations of the third-party providers under point 7, where you can find out about the duration of the processing.
If you unsubscribe from our newsletter, we will not send you any more newsletters, you will be entered in a so-called blacklist. However, we will continue to process your first and last name as well as your e-mail address in order to be able to prove that you have once subscribed to our newsletter.
Other input data
We store the other data entered via the web forms for as long as we need them to process your enquiry, provided that this data is not subject to the retention periods under tax and commercial law, or consent has been given which justifies further storage. We store the data provided via the EDEKA customer service for 24 months. We use the data you enter (name, address, e-mail if applicable) for postal advertising until you object to the advertising. If we pass on your data to other companies in the EDEKA Group or suppliers to process your request, we have no influence on how long the data is stored there. In this regard, we can then refer you to the recipients of the data.
8. Internet use
FTC processes the following personal data in the case of Internet use:
· First and last name, date of birth and contact details of the members,
· Access data (username, password)
· Date and time of access,
· Internet pages accessed,
· IP address of the access device
The aforementioned data is processed for security reasons for fraud and abuse control as well as for statistical recording of internet usage. The legal basis for the processing is Art. 6 para. 1 sentence 1 f GDPR. Personal data will be deleted after five years if the member has not used FTC’s Internet connection within that time.
9. Voluntary provision of data
10. Right of objection
You have the right to object at any time to the processing of personal data based on Art. 6 (1) p. 1 f GDPR, if there are grounds for the objection that arise from your particular situation. However, your personal data will be further processed if there are compelling legitimate grounds for further processing which override the interests, rights, and freedoms of your person, or if the processing serves the assertion, exercise, or defence of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to the processing of your personal data for the purpose of such marketing at any time without stating reasons (Art. 21 GDPR). For the options to object to the collection of analysis and transaction data, see point 7. and the links there to the data protection declarations of the third-party providers.
11. Other rights of the data subjects
You have the right to revoke your consent if you have given your consent. We would like to point out that a revocation does not change the lawfulness of the processing carried out until the revocation (no retroactive effect of the revocation). Within the scope of the GDPR, you have the right to request information free of charge about the personal data we have stored about you (Art. 15 GDPR). Under the GDPR, you also have the right to rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR) and transfer (Article 20 GDPR) of your personal data. You also have the right to complain to the data protection supervisory authority responsible for us in justified cases (Art. 77 GDPR). You can exercise your rights under the GDPR by email or in writing. The contact details of the provider and the EU controller can be found below.
12. Contact details
Provider as responsible entity:
EDEKA DIGITAL GmbH
Data Protection Officer
Telephone: +49 40 6377-0
Fax: +49 40 6377-4010
Supervisory authority for data protection:
Free and Hanseatic City of Hamburg
The Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6 (Block C)
Tel.: 040 / 428 54 – 4040
Fax: 040 / 428 54 – 4000
Status: September 2021