Data privacy is taken seriously at EDEKA DIGITAL.
EDEKA DIGITAL GmbH appreciates your visit to foodtechcampus.com (or foodtechcampus.de) and your interest in our company and our services. We want you to feel comfortable and safe while surfing on our pages. Therefore the protection of your personal data is of the utmost importance to us.
The protection of personal data is a priority for us. With the following information on data protection, we would like to give you an understanding of which personal data we process for which purposes while you are using our website.
The following information applies to all content under foodtechcampus.com (or foodtechcampus.de) (hereinafter “offer” / “website”). This includes, for example, newsletters or competitions for which you register.
The provider responsible for these contents is EDEKA DIGITAL GmbH, New-York-Ring 6, 22297 Hamburg, Germany, telephone: 040-63770, email@example.com (hereinafter referred to as “responsible party”).
The legal basis for data protection can be found under the EU Basic Data Protection Regulation (hereinafter DSGVO) and under the Federal Data Protection Act (BDSG).
2. Definitions of terms
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics which are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is carried out with or without the aid of automated means relating to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
3. Types of personal data
“Access data” means data about each access to the server on which our website is located. Access data includes the date and time of access, URL (address) of the referring website, file accessed, amount of data sent, HTTP response code, browser type and version, any browser extensions, width and height of the browser window, color depth, operating system and IP address.
We and third parties set cookies on the access device, which are small files in which the web browser you use stores information about visited Internet pages sent by the web server. This can be information about the page visit such as duration, login data, user input or similar information.
On our website we have various entry forms available: Contact form, a new registration for the premium area, form for the premium area, form for an unsolicited application, EDEKA food portal newsletter, form for requesting the annual report of the EDEKA association. We process the personal data that you enter in the respective form (e.g. surname, first name, e-mail address, telephone number, password, address, in the case of unsolicited applications details and application files).
4. Purpose of processing
We collect the access data for security reasons for fraud and abuse control as well as for statistical recording of website use and optimization of our website. The legal basis for this processing is Art. 6 para. 1 sentence 1 f DSGVO. For the processing of the IP address by third-party providers, see Section 6.
Integration of third-party services
We incorporate various third-party services and content on our website, whereby IP addresses and cookies are processed. Details can be found under Section 7.
Personal data that you enter in forms or communicate to us
If you enter personal data via the forms on our website and send them to us, the purpose of the data processing results from the respective form i.e.Contact form, new registration for the premium area, form in the premium area, form for an unsolicited application, EDEKA food portal newsletter, form for requesting the annual report of the EDEKA group. If you provide us with data via our EDEKA customer service or by other means, the purpose of the data processing also depends on your request. Depending on the nature of your request (e.g. in the case of complaints) it may be necessary for us to transfer your data (name, address, contact data) to other companies in the EDEKA Group or to affected suppliers of our products so that we can process your request effectively and the market or supplier can contact you directly if necessary. In the case of an unsolicited application, we will only forward your application data to other companies in the EDEKA group if you have consented to this. You can give your consent in the relevant form. The text of your consent reads as follows:
“Yes, I confirm that I have attained the age of 16 years and expressly consent to my personal application data being passed on to other companies in the EDEKA Group solely for the purpose of enabling these companies to consider my application in the case of open job offers. Any further use or disclosure of my application data to third parties will not take place. I can revoke my consent at any time by e-mail to firstname.lastname@example.org or by post with effect for the future. I have taken note of the data protection declaration”.
The legal basis for data collection is Art. 6 Para. 1 a and f DSGVO. Our legitimate interest in data collection within the meaning of Art. 6 para. 1 f DSGVO follows from the fact that we cannot process your request without your data.
With regard to direct advertising, we refer to item 5 (legal basis Art. 6 para. 1 sentence 1 a and f DSGVO).
5. Advertising, newsletter
If you agree, the provider will inform you at regular intervals about everything worth knowing about our services, but also news from the EDEKA world, images, downloads (hereinafter “information”).
You can register for the provider’s newsletter on the website. If you would like to receive information, we require a valid e-mail address from you. Further data will not be collected. Please note that our newsletter service is only intended for persons who have attained the age of 16 years.
The registration to our newsletter takes place in a so-called Double-Opt-In procedure. I.e., you will receive an e-mail after registration in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address.
The newsletter is sent on the basis of a consent pursuant to Art. 6 para. 1 sentence 1 a DSGVO. The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 Para. 1 Sentence 1 f DSGVO.
You can revoke your consent to the storage of data, e-mail address and their use to send information at any time with effect for the future. The revocation can be made via a link in the newsletters or the advertising e-mails sent to you or by sending a message to the contact options below.
If necessary, you may give us the following consent, which we reproduce here for your information only:
Yes, I have attained the age of 16 years and agree that EDEKA DIGITAL GmbH may use the data I entered above to inform me by e-mail about contents from the Food Tech Campus environment. I may revoke my consent at any time with effect for the future, e.g. by letter to the company address on the right or by e-mail to: email@example.com
We may also send you postal advertising, which you can object to at any time. The legal basis is Art. 6 para. 1 sentence 1 f DSGVO.
6. Categories of recipients of personal data
7. Integration of third-party services
Use of the web analysis tool AT Internet
We use a solution from AT Internet to analyse the usage of our website. Our goal is to design our website in such a way that it is optimally adapted to your needs. We would like to improve both the user-friendliness and the quality of our web offer and present you the products and information interesting for you promptly and customer-friendly. The legal basis for this is Art. 6 Para. 1 Sentence 1 f DSGVO. Our legitimate interest lies in expanding and improving our website and in carrying out a cost-benefit analysis of our Internet advertising.
In order to achieve the above-mentioned goal, it is necessary to statistically record and analyse the user behaviour on our website, for which purpose we evaluate the collected data for the following purposes:
- To compare the performance or profitability of our websites,
- Counting of visitors,
- Tracking the awareness of, for example, online advertising placed on the website, partner and affiliate programs, rich media content or special campaigns,
- Measuring the areas of the website that are particularly attractive to you,
- Evaluation of the origin of online users for local optimisation of our services.
We distinguish between raw data (1) and processed data (2):
(1) The following data is collected:
- Either a cookie that contains several pieces of information:
- The name of the server that stored the cookie,
- A nameless identification in the form of a unique number,
- An expiration date.
- Or a mobile identifier (this is a unique number that allows the device to be uniquely identified).
- And the IP address used for geolocalisation. The IP address is made anonymous by shortening the last three digits.
- All navigation data collected in relation to these identifiers.
(2) After processing the raw data, we speak of processed data that provide the following information:
- Unique Visitor ID
- All digital analytics data associated with this identifier that is calculated by the order processor.
The following storage durations are valid:
- The raw data are deleted six months after collection.
- The processed data are stored for the duration of the contract between us and our provider for six months.
Transmission of personal data:
This page uses the Google Maps map service via an API. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps takes place in the interest of an appealing presentation of our online offers and an easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
You can find more information on the handling of user data in Google’s data protection declaration: https://www.google.de/intl/de/policies/privacy/.
Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Our website uses plugins from the YouTube site operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plug-in, a connection is established to YouTube’s servers. This will tell the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you can allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
Further information on the handling of user data can be found in YouTube’s data protection declaration at: https://www.google.de/intl/de/policies/privacy. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
For contact forms we use the service of the provider www.pipedrive.com on our website. Pipedrive is a service of Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia Kompanii 2, Tartu 51004, Estonia, Reg. No. 11958539, VAT No. EE101382096. Each time you access or use a contact form on our website to submit a request for a quote,
Pipedrive collects the following data from you:
- Name, first name
- Company and
- email address
- telephone number
For contact forms we use the service of the provider www.typeform.com on our site. Typeform is a service of TYPEFOMR S.L., Carrer Bac de Roda 163, 08018 Barcelona, Spain. Each time you access or use a contact form on our website,
- to make a request for an offer,
- to arrange a callback by telephone or
Typeform collects the following data from you:
- Name, first name
- Company and
- email address
- telephone number
This data is processed on servers located in the USA.
If you wish to avoid this type of data use, you should refrain from using the above contact forms. Further information on the collection and use of data by Typeform can be found in Typeform’s data protection information under the above link.
On this website we have integrated components of the company Facebook. Facebook is a social network.
A social network is a social meeting place operated on the Internet, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. Facebook enables users of the social network to create private profiles, upload photos and network via friend requests.
The operating company of Facebook is Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. The person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, if a data subject lives outside the USA or Canada.
Each time one of the individual pages of this website is accessed, which is operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_DE. As part of this technical process, Facebook obtains information about which specific subpage of our website is visited by the person concerned.
If the person concerned is logged into Facebook at the same time, Facebook recognizes which specific subpage of our website the person concerned is visiting each time the person visits our website and for the entire duration of that person’s visit to our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the person concerned. If the data subject clicks one of the Facebook buttons integrated into our website, for example the “Like” button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook receives information through the Facebook component that the individual concerned has visited our website whenever the individual concerned is logged into Facebook at the same time as accessing our website, whether or not the individual clicks on the Facebook component. If the data subject does not choose to submit such information to Facebook, he or she may prevent the submission by logging out of his or her Facebook account before visiting our website.
Facebook’s published data policy, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which settings Facebook offers to protect the privacy of the person concerned. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
We use components of the Instagram service. Instagram is a service that qualifies as an audiovisual platform that allows users to share photos and videos and also share such data on other social networks. Instagram is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. Each time you access one of the individual pages of this site that has an Instagram component (Insta button) integrated into it, Instagram will know which specific subpage of our site is visited by the person concerned. If you are logged in to Instagram at the same time, Instagram will know which specific subpage was visited each time you visit our site and for the duration of your visit. This information is collected by the Instagram component and assigned to your Instagram account by Instagram. If you click on one of the Instagram buttons integrated on our website, the data and information transmitted will be assigned to your personal Instagram user account and stored and processed by Instagram. Instagram receives information from the Instagram component that you have visited our site whenever you are logged into Instagram at the same time as you visit our site, whether or not you click on the Instagram component, via the Instagram component. If you choose not to provide Instagram with this information, Instagram may prevent you from doing so by logging out of your Instagram account before you visit our site. For more information and to review Instagram’s current privacy policies, please visit https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/
On the website, we also offer users the opportunity to book participation in events. For this, we use the tool “Eventbrite”, which is operated by Eventbrite, Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, USA. If you register for an event, you will be directed to the Eventbrite website. We have no influence on the data processing by Eventbrite. Eventbrite Inc. participates in the U.S. Department of Commerce and European Commission’s EU-US Privacy Shield Framework Program for the collection, use, and retention of personal data from member states of the European Economic Area. Here you will find information on what data Eventbrite Inc. collects, processes and uses under the EU-US Data Shield Framework Program and for what purposes: https://www.eventbrite.de/support/articles/de/Troubleshooting/Informationen-zum-EU-US-Datenschutzschild?lg=en.
To register with Eventbrite for an event, you must provide the following information to Eventbrite Inc:
- Name, first name
- email address
- date of birth
- ticket type
- Event ID (which webinar was booked)
- redeemed vouchers
As an event organizer, Eventbrite provides us with access to the above information about participants in an event. We use the data for the purposes of preparing and following up the event. For a better future planning of the event offer we use data about the participation in events in order to examine the use and utilization of the events. In addition, users will receive information by e-mail after the event and will be contacted by us for purposes of referring to similar events in the future. You have the possibility at any time to object to the use of your data for advertising purposes in the future without incurring any costs other than the transmission costs according to the basic rates by either sending an e-mail with your request to firstname.lastname@example.org or simply selecting the corresponding link at the end of the e-mail.
The newsletter is sent via “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The e-mail addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. MailChimp may also use this information to optimize or improve its own services, e.g. for technical optimization of the dispatch and display of the newsletter or for economic purposes, to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them or pass them on to third parties.
Statistical survey and analyses
The newsletters contain a so-called “web-beacon”, i.e. a file the size of a pixel, which is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times.
Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. It is however neither our endeavor, nor that of MailChimp, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
8. Retargeting / Remarketing
These technologies make it possible to target those Internet users with advertising on the websites of our partners who are already interested in our website and our products.
We use the services of Google Adwords to draw attention to our attractive offers with the help of advertising media (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. In doing so, we pursue the interest of displaying advertising to you that is of interest to you, of making our website more interesting to you and of achieving a fair calculation of advertising costs.
These advertising media are delivered by Google via so-called “Ad Servers”. We use ad server cookies for this purpose, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google advertisement, Google Adwords stores a cookie in your PC. These cookies generally lose their validity after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values.
These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Adwords customer’s website and the cookie stored on their computer has not yet expired, Google and the customer may recognize that the user clicked on the ad and was directed to that page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media, in particular we cannot identify the users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating AdWords Conversion, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may find out and store your IP address.
You can prevent participation in this tracking procedure in various ways:
- a) By setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any advertisements from third parties;
- b) by disabling conversion tracking cookies by setting your browser to block cookies from the “www.googleadservices.com” domain, https://www.google.de/settings/ads , which will be deleted if you delete your cookies;
- c) by disabling the interest-based ads of the Providers that are part of the “About Ads” self-regulatory campaign through the link http://www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies;
- d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to make full use of all the functions of this offer.
You can find further information on data protection at Google here:
http://www.google.com/intl/de/policies/privacy/ https://services.google.com/sitestats/de.html Alternatively you can
Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org
9. Duration of processing
For security reasons (e.g. to clarify misuse or fraud), the access data is stored on the servers of our hosting provider for a maximum period of 90 days and then deleted. Data, the further storage of which is necessary for evidence purposes, is excluded from deletion until the respective incident has been finally clarified.
Cookies and IP addresses processed by third parties
Cookies used by us are stored for 12 months after your last visit. If cookies and IP addresses are processed by third parties, we have no influence on the duration of the processing. You will find the links to the data protection declarations of the third party providers under item 7. There you can inform yourself about the duration of the processing.
If you unsubscribe from our newsletter, we will not send you any more newsletters, you will be entered on a so-called blocking list. However, we will continue to process your first and last name as well as your e-mail address in order to be able to prove that you have registered for our newsletter once.
Other input data
We will store the other data entered via the web forms for as long as we need them to process your request, provided that these data are not subject to the tax and commercial retention periods or there is a consent that justifies continued storage. We store the data communicated via the EDEKA customer service for 24 months. We use your input data (name, address, possibly e-mail) for postal advertising until you object to the advertising. If we transfer your data to other companies of the EDEKA group or suppliers in order to process your request, we have no influence on how long the data is stored there. In this regard, we may then refer you to the recipients of the data.
10. Voluntary provision of data
11. Objection rights
You have the right at any time to object to personal data processed on the basis of Art. 6 para. 1 sentence 1 f DSGVO if there are reasons for the objection which result from your particular situation. However, your personal data will be further processed if there are compelling reasons worthy of protection to further process the data which outweigh the interests, rights and freedoms of your person, or if the processing serves the assertion, exercise or defence of legal claims. If we process your personal data for the purpose of direct advertising, you have the right to object to the processing of your personal data for the purpose of such advertising at any time without giving any reason (Art. 21 DSGVO).
For the possibilities of objecting to the collection of analysis and transaction data, see Item 7. and the links to the data protection declarations of the third-party providers there.
12. Other rights of data subjects
You have the right to revoke your consent if you have given your consent. We draw your attention to the fact that a revocation does not alter the lawfulness of the processing granted until the revocation (no retroactive effect of the revocation).
You have the right, within the framework of the DSGVO, to request information free of charge on the personal data we hold concerning you (Art. 15 DSGVO).
In accordance with the DSGVO, you are also entitled to correction (Art. 16 DSGVO), deletion (Art. 17 DSGVO), restriction (Art. 18 DSGVO) and transfer (Art. 20 DSGVO) of your personal data.
You also have the right to complain to the data protection supervisory authority responsible for us in justified cases (Art. 77 DSGVO).
You can assert your rights under the DSGVO by e-mail or in writing. The contact details of the provider and the person responsible in the EU can be found below.
13. Contact details
Provider as responsible body: EDEKA DIGITAL GmbH, New-York-Ring 6, D-22297 Hamburg, telephone: (040) 63 77 – 0, fax: (040) 6377 – 4010, e-mail: email@example.com
You can reach our data protection officer at firstname.lastname@example.org or our postal address with the addition “the data protection officer”.
Data protection supervisory authority: Freie und Hansestadt Hamburg, Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Klosterwall 6 (Block C), 20095 Hamburg, Tel.: 040 / 428 54 – 4040, Fax: 040 / 428 54 – 4000, E-Mail: email@example.com
Date: September 2018