EDEKA DIGITAL GmbH appreciates your visit to foodtechcampus.com (or foodtechcampus.de) and your interest in our company and our services. We want you to feel comfortable and secure when surfing our pages and as a member of our Food Tech Campus Community. Therefore, the protection of your personal data is very important to us. Please not that only the German version of our Privacy Policy is binding, this translation serves information purposes only.

1. Scope of application

The protection of personal data is an important concern for us. With the following information on data protection, we would like to explain to you which personal data we process for which purposes while you are using our website, our Internet and, after concluding a membership agreement, our services. The following information applies to all content on foodtechcampus.com (or foodtechcampus.de) (hereinafter “Offer” / “Website”). This includes, for example, newsletters for which you register.

The provider responsible for this content is EDEKA DIGITAL GmbH, New-York-Ring 6, 22297 Hamburg, telephone: 40-63770, info.eddi@edeka.de (hereinafter referred to as the “responsible party”). The legal basis for data protection can be found in the EU General Data Protection Regulation (hereinafter GDPR) and the Federal Data Protection Act (BDSG).

2. Definitions of terms

Personal data

“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

“Processing” means any operation or set of operations which is performed upon personal data, whether by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

3. Types of personal data

Access data

“Access Data” is data about each access to the server on which our website is located. Access data includes the date and time of access, URL (address) of the referring website, file accessed, amount of data sent, HTTP response code, browser type and version, any browser extensions, width, and height of the browser window, colour depth, operating system, and IP address.

Cookies

We and third-party providers set cookies on the access device, which are small files in which the web browser you use stores information about visited web pages sent by the web server. This can be information about the page visit such as duration, login data, user input or similar information. We distinguish between essential and non-essential cookies. While the former is mandatory for the operation of the site, the latter can greatly simplify and improve your browsing experience on our sites, but they are not necessary. Therefore, for non-essential cookies, we will seek your consent before we or any third-party service providers we use set such cookies on your access device. You have the possibility to adjust your cookie settings under the following link: https://foodtechcampus.de/#gdpr_cookie_modal.

Input data

On our website we have several input forms available: Contact Form, Newsletter Registration and Membership Application Form. We process the personal data that you enter in the respective form (e.g., surname, first name, e-mail address, telephone number, password, address).

4. Purpose of Processing

Access data

We collect the access data for security reasons to combat fraud and abuse, as well as for statistical recording of website use and to optimise our website. The legal basis for this processing is Art. 6 para. 1 sentence 1 f GDPR. For the processing of the IP address by third-party providers, see section 6.

Cookies

First, Cookies serve the user-friendliness of websites and also the users (e.g. storage of login data). Second, they can be used to collect statistical data on website usage and enable the evaluation of this information for the purpose of improving our offers. Users can influence the use of cookies. Most browsers have an option that restricts or completely prevents the storage of cookies. However, we would like to point out that the use and in particular the user comfort of our website is limited without cookies. The legal basis for the use of cookies is Art. 6 para. 1 a, f GDPR.

Integration of third-party services

We integrate various services and content from third-party providers on our website, whereby IP addresses and cookies are processed. Details can be found under point 7. The legal basis for the processing of IP addresses and the use of cookies is Art. 6 (1) a, f GDPR. The aforementioned data is used to analyse the use of our website and to regularly improve our website, furthermore, to increase the attractiveness of the offered content for you and to optimise our offers and to be able to place advertisements on third-party sites as well as to carry out a cost-benefit analysis of our internet advertising.

Personal data that you enter in forms or provide to us

If you enter personal data via the forms on our website and transmit it to us, the purpose of the data processing results from the respective form, e.g., contact form, newsletter registration and the application form for membership. If you provide us with data via our contact form or by other means, the purpose of the data processing also depends on your request. Depending on the nature of your request, it may be necessary for us to pass on your data (name, address, contact details) to other companies in the EDEKA Group so that we can process your request effectively.

In the case of a speculative application, we will only pass on your application data to other companies in the EDEKA Group if you have consented to this. The legal basis for the data collection is Art. 6 (1) a and f GDPR. Our legitimate interest in the collection of data within the meaning of Art. 6 (1) f GDPR arises from the fact that we cannot process your request without your data.

Direct mail

Regarding direct advertising, we refer to section 5 (legal basis Art. 6 para. 1 sentence 1 a and f GDPR).

5. Advertising, newsletter

Newsletter

If you agree, the provider will inform you at regular intervals about everything worth knowing about our services, but also about news from the EDEKA world, pictures, downloads (hereinafter “information”). You can sign up for the provider’s newsletter on the website. If you wish to receive information, we require a valid e-mail address from you. Further data will not be collected. Please note that our newsletter service is only intended for persons who have reached the age of 16.

The registration for our newsletter takes place in a so-called double opt-in process. This means that you will receive an e-mail after registration in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. The newsletter is sent based on consent pursuant to Art. 6 (1) sentence 1 a GDPR. The storage of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f GDPR. You can revoke your consent to the storage of the data, the e-mail address, and their use for sending information at any time with effect for the future. The revocation can be made via a link in the newsletters or promotional emails sent to you or by sending a message to the contact options below.

6. Integration of third-party services

If we disclose data to other persons and companies within the scope of our data processing, transfer it to them or grant them access in any other way, this will only be done based on legal permission. In some cases, we use other companies as processors. For this purpose, we conclude corresponding agreements based on Art. 28 GDPR. We also reserve the right to disclose your personal data to the competent authorities in cases of abuse.

AT Internet

We use anonymised tracking via AT Internet to evaluate user behaviour on the website anonymously and without using cookies. This allows us to generate data on the entirety of users even without their consent to the use of the relevant cookies, to optimise the website in line with the target group. A legal basis is not required, as this is a completely anonymised tracking, and no cookie is set. The recipient of the anonymised data is: AT Internet, 85 avenue Président JF Kennedy 33700 MERIGNAC France.

Typeform

We use Typeform by TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain (Typeform) for our contact forms. This allows us to provide you with an easy way to contact us. To do this, we pass on your email address to Typeform. Typeform is a recipient of your personal data and acts as a processor for us. The processing of the data provided under this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot provide you with a contact form. However, you can contact us at the e-mail address given above. The data will be stored exclusively for the purpose of transmitting enquiries and responding to them. The obligatory data serve the allocation and the answer of your request. The deposited data will be stored on the servers of TYPEFORM SL until the purpose for the processing ceases to apply or the consent to the processing has been revoked. You can request information about the personal data concerned. You also have the right to rectification, erasure, restriction of processing, objection, and data portability. Your given consent to processing can be revoked at any time with effect for the future. To do so, please send us an e-mail to info@foodtechcampus.com

In addition, Typeform collects the following personal data with the help of cookies: Information about your terminal device (IP address, device information, operating system, browser settings). Also, usage data is collected such as the date and time when you used the contact form. Typeform requires this data to ensure the presentation of the contact form and its functionality. This corresponds to Typeform’s legitimate interest (according to Art. 6 Para. 1 lit. f GDPR) and serves the execution of the contract (according to Art. 6 Para. 1 lit. b GDPR). You can find further information at: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data

You can find further information on objection and removal options of Typeform at: https://admin.typeform.com/to/dwk6gt. The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. The revocation can be made via the specified contact options. Your data will be processed as long as a corresponding consent exists. By declaring the revocation, the legality of the processing carried out so far is not affected.

Eventbrite

On the website, we also offer users the opportunity to book participation in events. For this purpose, we use the tool “Eventbrite”, which is operated by Eventbrite, Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, USA and has its servers located in the USA. When you register for an event, you will be redirected to Eventbrite’s website. Eventbrite agrees to be bound by the Controller-to-Processor Standard Contractual Clauses to ensure the protection of your data in accordance with Directive 95/46/EC of the European Parliament and of the Council. For more information about how Eventbrite Inc. uses personal information, please see Eventbrite’s Privacy Policy: https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinie-von-eventbrite?lg=de

Eventbrite as an order processor provides us as the organizer with all relevant data about the participants of an event. We use the data for the preparation and follow-up of the event. For a better future planning of the event offer, we use data about the participation in events to investigate the use and utilization of the events. In addition, users receive post-event information via email and are contacted by us to advise of similar events in the future. You have the option at any time to object to the use of your data for advertising purposes in the future by sending an email with your request to info@foodtechcampus.com.

Pipedrive

To maintain contact, we use the customer relationship management system of Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia (“Pipedrive”). Through the contact form, we collect contact information from potential members such as name, company, email address and phone number. The servers of Pipedrive that we use are located within the European Union. The legal basis is Art. 6 para. 1 lit. a GDPR. Further information on Pipedrive’s data processing and data protection can be found here: https://www.pipedrive.com/en/privacy

Hosting

If you neither register nor log in as a visitor, we collect the following data in so-called log files that your browser transmits: IP address, date and time of the request, time zone difference to Greenwich Mean Time, Content of the request, HTTP status code, amount of data transferred, website from which the request came and information about the browser and operating system. This is necessary to display our website and to ensure stability and security. This corresponds to our legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR.

We use the following hoster for the provision of our website: Host Europe GmbH, Hansestrasse 111, 51149 Cologne. This is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f GDPR, not to have to maintain a server on our premises ourselves. You can find further information on objection and removal options vis-à-vis Host Europe at: https://www.hosteurope.de/AGB/Datenschutzerklaerung/

You have the right to object to the processing. Whether the objection is successful is to be determined in the context of a balancing of interests. The aforementioned data will be deleted as soon as they are no longer required to display the website. The processing of the data indicated in this section is not required by law or by contract. The functionality of the website is not guaranteed without the processing.

Mailchimp

We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This allows us to contact subscribers directly. In addition, we analyse your usage behaviour to optimise our offer. For this purpose, we pass on the following personal data to Mailchimp:

E-mail Address

First name

Last name

Type of membership

Mailchimp is a recipient of your personal data and acts as a processor for us as far as the dispatch of our newsletter is concerned. The processing of the data provided in this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot send you a newsletter.

In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application with which you read your emails and other information about hardware and internet connection. In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g., which emails / web pages were opened). Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of abuse. Furthermore, Mailchimp evaluates performance data, such as the delivery statistics of emails and other communication data. This information is used to create usage and performance statistics of the services. The legal basis for this processing is your consent in accordance with Art. 6 (1) a GDPR. You can revoke your consent to the processing of your personal data at any time. You will find a corresponding link in all mailings. In addition, the revocation can be made via the specified contact options. By declaring the revocation, the legality of the processing carried out so far is not affected. Your data will be processed as long as a corresponding consent is available. Apart from that, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary. Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Mailchimp processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://mailchimp.com/legal/data-processing-addendum/

Mailchimp additionally collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no influence on this process. For more information on how to object to and remove Mailchimp, please visit: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts.

Office RnD

Where a membership agreement is entered, we use the services of OfficeRnD Limited, 84 Eccleston Square, London, SW1V 1PX, UK. OfficeRnD is a digital coworking management platform and enables us the automation of administrative tasks, management of our workstations and meeting rooms, and a platform for communication with our members. For this purpose, all information listed in the contract is entered into OfficeRnD. OfficeRnD also acts as a member portal for networking and communication among our members. For this purpose, sensitive data such as name, address, e-mail address and mobile phone number are visible to all members. This can be changed at any time by sending a written request to info@foodtechcampus.com.  The legal basis is Art. 6 para. 1 lit. b GDPR. For more information on how OfficeRnD protects your data, please visit their website: https://www.officernd.com/security/

Social networks

You can also find us on social networks of other companies, such as Facebook or Twitter. We have integrated individual functions of these networks into our online offer. However, you can only use both if you are registered and logged in to the respective social network. Please note that the use of the respective social network is subject to the usage and data protection provisions of that company, over which we have no influence. However, we will be happy to explain to you how these networks process your personal data in this context:

Facebook

We have integrated components of the company Facebook on this website. Facebook is a social network. The operating company of Facebook is Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. The controller of personal data is Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, if a data subject lives outside the USA or Canada. Each time one of the individual pages of this website operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_DE. Within the scope of this technical procedure, Facebook receives knowledge of which specific sub-page of our website is visited by the data subject. If the data subject is logged into Facebook at the same time, Facebook recognises which specific sub-page of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook components integrated on our website, this Facebook buttons, for example the “Like” button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged into Facebook at the same time as calling up our website, regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, he or she can prevent the transmission by logging out of his or her Facebook account before accessing our website. The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress the transmission of data to Facebook. Such applications can be used by the data subject to suppress the transmission of data to Facebook.

Instagram

We use components of the service Instagram. Instagram is a service that qualifies as an audio-visual platform that allows users to share photos and videos and share such data on other social networks. Instagram is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. By each call of one of the individual pages of this website on which an Instagram component (Insta button) is integrated, Instagram receives knowledge of which specific sub-page of our website is visited by the person concerned. If you are logged in to Instagram at the same time, Instagram learns which specific sub-page has been visited with each individual call-up of our website and for the entire duration of the respective visit. This information is collected by the Instagram component and assigned to your Instagram account by Instagram. If you click on one of the Instagram buttons integrated on our website, the data and information transmitted in the process will be assigned to your personal Instagram user account and stored and processed by Instagram. Instagram always receives information via the Instagram component that you have visited our site if you are simultaneously logged into Instagram at the time of visiting our site, regardless of whether you click on the Instagram component or not. If such a transmission of this information to Instagram is not wanted by you, Instagram can prevent the transmission by logging out of your Instagram account before visiting our website. Further information and the current privacy policy of Instagram can be found at https://help.instagram.com/519522125107875.

7. Duration of the processing

Access data

For security reasons (e.g., to clarify misuse or fraud), the access data is stored on the servers of our hosting provider for a maximum period of 90 days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been conclusively clarified.

Cookies and IP addresses processed by third parties

Cookies used by us are stored for 12 months after your last visit. As far as cookies and IP addresses are processed by third parties, we have no influence on the duration of the processing. You can find the links to the data protection declarations of the third-party providers under point 7, where you can find out about the duration of the processing.

Newsletter

If you unsubscribe from our newsletter, we will not send you any more newsletters, you will be entered in a so-called blacklist. However, we will continue to process your first and last name as well as your e-mail address in order to be able to prove that you have once subscribed to our newsletter.

Other input data

We store the other data entered via the web forms for as long as we need them to process your enquiry, provided that this data is not subject to the retention periods under tax and commercial law, or consent has been given which justifies further storage. We store the data provided via the EDEKA customer service for 24 months. We use the data you enter (name, address, e-mail if applicable) for postal advertising until you object to the advertising. If we pass on your data to other companies in the EDEKA Group or suppliers to process your request, we have no influence on how long the data is stored there. In this regard, we can then refer you to the recipients of the data.

8. Internet use

FTC processes the following personal data in the case of Internet use:

·       First and last name, date of birth and contact details of the members,

·       Access data (username, password)

·       Date and time of access,

·       Internet pages accessed,

·       IP address of the access device

The aforementioned data is processed for security reasons for fraud and abuse control as well as for statistical recording of internet usage. The legal basis for the processing is Art. 6 para. 1 sentence 1 f GDPR. Personal data will be deleted after five years if the member has not used FTC’s Internet connection within that time.

9. Voluntary provision of data

The provision of personal data when visiting our website is neither legally or contractually required nor necessary for the conclusion of a contract. You are also not obliged to provide personal data when visiting our website, but the IP address of your computer is automatically recorded when you visit our website. Regarding the use of cookies, please refer to section 4 of our privacy policy. Furthermore, we can only process your requests (contact, registration, unsolicited application, newsletter) if you provide us with the relevant data.

10. Right of objection

You have the right to object at any time to the processing of personal data based on Art. 6 (1) p. 1 f GDPR, if there are grounds for the objection that arise from your particular situation. However, your personal data will be further processed if there are compelling legitimate grounds for further processing which override the interests, rights, and freedoms of your person, or if the processing serves the assertion, exercise, or defence of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to the processing of your personal data for the purpose of such marketing at any time without stating reasons (Art. 21 GDPR). For the options to object to the collection of analysis and transaction data, see point 7. and the links there to the data protection declarations of the third-party providers.

11. Other rights of the data subjects

You have the right to revoke your consent if you have given your consent. We would like to point out that a revocation does not change the lawfulness of the processing carried out until the revocation (no retroactive effect of the revocation). Within the scope of the GDPR, you have the right to request information free of charge about the personal data we have stored about you (Art. 15 GDPR). Under the GDPR, you also have the right to rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction (Article 18 GDPR) and transfer (Article 20 GDPR) of your personal data. You also have the right to complain to the data protection supervisory authority responsible for us in justified cases (Art. 77 GDPR). You can exercise your rights under the GDPR by email or in writing. The contact details of the provider and the EU controller can be found below.

12. Contact details

Provider as responsible entity:

EDEKA DIGITAL GmbH
Data Protection Officer
New-York-Ring 6
22297 Hamburg

Telephone: +49 40 6377-0
Fax: +49 40 6377-4010
datenschutz.eddi@edeka.de

Supervisory authority for data protection:

Free and Hanseatic City of Hamburg
The Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6 (Block C)
20095 Hamburg

Tel.: 040 / 428 54 – 4040
Fax: 040 / 428 54 – 4000
mailbox@datenschutz.hamburg.de

Status: September 2021

 

 

Any Questions? Drop us a line!