Privacy Policy

On this page, you will find the data protection information for the koelln.de website. Data protection information for interested parties, customers and suppliers can be accessed here (PDF).

We take the protection of your personal data very seriously when using the websites of our domain "koelln.de" as well as all subdomains. In the following, we will inform you about the collection, processing and use of your personal data when you visit these websites and use the services offered. Personal data is any data that can be used to identify you personally.

 

1. Responsible body

The responsible body in accordance with the General Data Protection Regulation (GDPR) is:
Peter Kölln GmbH & Co. KGaA
Westerstrasse 22-24
25336 Elmshorn
Germany
Tel.: +49 (0) 4121 6480
Fax: +49 (0) 4121 6639
e-mail: kontakt@peterkoelln.de

 

2. Data subject rights

Insofar as we store and process your personal data, you are entitled to the following rights:

(1) Right to information pursuant to Art. 15 GDPR about the processing of your personal data by us for processing purposes, categories of processed data, recipients or recipient categories, duration of storage or criteria for determining the duration, right to correction, deletion, restriction to processing or objection to the processing, the right to lodge a complaint with the supervisory authority, information about the origin of the data and the existence of automated decision-making and, if applicable, information about guarantees pursuant to Art. 46 GDPR when transmitted to a third country or international organisations;

(2) Right to immediate rectification of incorrect or incomplete personal data pursuant to Art. 16 GDPR;

(3) Right to deletion of the stored personal data pursuant to Art. 17 GDPR if the data are no longer required in relation to the purposes for which they were collected or otherwise processed, if a given consent has been revoked and where there is no other legal ground, if there is an objection to the processing, and the data may no longer be processed pursuant to Art. 21(1) or (2) GDPR, if the data have been unlawfully processed, if the data have to be deleted for compliance with a legal obligation or if the data have been collected in relation to the offer of information society services pursuant to Art. 8 (1). This shall not apply to the extent that processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

(4) Right to restriction of processing pursuant to Art. 18 GDPR if you dispute the accuracy of the data (for the period required enabling to verify the accuracy), if the processing is unlawful, but you oppose to deletion and request the restriction of their use instead, if we no longer need the data for the purposes of processing, but you need the data to establish, exercise or defend legal claims, or if you have objected to the processing pursuant to Art. 21 (1) GDPR and pending the verification whether our legitimate reasons prevail.

(5) Right to object to the processing of your personal data pursuant to Art. 21(2) GDPR (if the data are processed for direct marketing purposes or pursuant to Art. 21(1e) or (f) GDPR) takes place on grounds relating to your particular situation unless we demonstrate compelling legitimate grounds for the processing which override your interests, or the processing serves to establish, exercise or defend legal claims).

(6) Right to data portability pursuant to Art. 20 GDPR, i.e., to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller;

(7) Right to withdraw consent at any time pursuant to Art. 7(3) GDPR. As a result of the revocation of consent, we are no longer allowed to carry out data processing in future from the date of the revocation.

(8) Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. The supervisory authority responsible for us can be found under clause 4.

(9) All requests for information, information inquiry or objections to data processing should be directed to the address mentioned under clause 1.

 

3. Automated decision-making

An automated decision-making is not used here.

 

4. Supervisory authority

The address of the supervisory authority responsible for us is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstraße 98
24103 Kiel
E-Mail: mail@datenschutzzentrum.de
Telefon: 0431 988-1200
Fax: 0431 988-1223

 

5. Hosting/storage of access data

Shopify

The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as ‘Shopify’).

Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify also analyses visitor numbers, visitor sources and customer behaviour, and compiles user statistics. When you make a purchase on our website, Shopify also collects your name, email address, delivery and billing addresses, payment details and other data related to the purchase (e.g. telephone number, amount of sales made, etc.). Shopify stores cookies in your browser for analysis purposes.

For details, please refer to Shopify's privacy policy: https://www.shopify.de/legal/datenschutz.

The use of Shopify is based on Art. 6 (1 lit. f) GDPR. We have a legitimate interest in ensuring that our website is as reliable as possible. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1 lit. a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

We have concluded a processing contract for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

 

6. CookieFirst Consent Manager 

We use the consent manager CookieFirst to provide legally compliant information and to query your preferences. 
This serves to comply with the legal obligations to provide evidence, such as the storage of consent or, if you do not consent, non-consent. 

With the "CookieFirst" function, we inform you about the use of cookies on our website and enable you to make a decision about their use.
Processing by CookieFirst Consent Manager:

• The anonymized IP number of the user;
• The date and time of consent;
• User agent of the end-user's browser;
• The URL of the provider; 
• An anonymous, random and encrypted key.
• The approved cookies of the user (cookie status), which serves as proof of consent.

The encrypted key and the cookie status are stored on the user's device using a cookie in order to establish the corresponding cookie status when the page is accessed in the future. This cookie is automatically deleted after 12 months. 
The legal basis for using the Consent Manager is Art. 6 (1 f) GDPR (weighing of interests) in conjunction with Art. 6 (1 c) GDPR (obligation to provide evidence).

We have concluded a processing contract with CookieFirst. This is a contract required by data protection law, which ensures that CookieFirst processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

 

7. Collection of personal data for informational use

(1) If you use the website for informational purposes only, i.e. if you do not log in, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data mentioned under 5.2, which your browser transmits to technically enable the visit to the website.

(2) When using the website, so-called cookies are stored on your computer. Cookies are text files which are stored on your hard drive (assigned to the browser you are using) and through which certain information flows to the person who sets the cookie (in this case, to us). Cookies cannot run programmes or transmit viruses / malware to your computer.
E.g. we use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.

This website uses cookies to the following extent:

• Session cookies (temporary use)
• Persistent cookies
• Third-party cookies (from third-party providers)

Session cookies are automatically deleted when you close the browser.

The legal basis for the use of session cookies is Art. 6 (s 1. 1 f) GDPR. It is our legitimate interest to be able to use cookies to optimise our website for users.

Persistent cookies are deleted after a specified period, which may differ depending on the cookie.

Other cookies remain stored on your device until you delete them. This allows your device to be recognised when you return to the website.

You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your wishes and, e.g. refuse acceptance of cookies. However, we would like to point out that you may then not be able to use all functions of this website.

The legal basis for persistent cookies and third-party cookies is Art. 6 (1 S. 1 a) GDPR. You may give us your consent by consent on the CookieFirst Consent Manager.

 

8. Use of functions of our website

(1) In addition to the purely informational use of our website, we can offer other services on the website to you which you can use if you are interested in. To do so, you usually have to provide personal data that we need and use to provide the respective service. If additional voluntary information are possible and requested by us, they are marked accordingly.

(2) When you contact us by e-mail, your e-mail address and, if you indicate this, your name and further contact details are stored with us in order to answer your questions and to enable us to remedy defects in the event of justified notices of defects.

(3) If you send us inquiries via the contact form, your details from the request form including the contact details you provided there for the purpose of processing the request are stored. We will not pass this data on to external third parties without your consent.

If your request is related to the fulfilment of a contract or is required to carry out pre-contractual measures these data are processed on the basis of Art. 6 (1 lit. b) GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1 lit. f) GDPR) or on your consent (Art. 6 (1 lit. a) GDPR) if this was queried.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - especially retention periods - remain unaffected.

Use of UseBasin

We use UseBasin for form processing. The service provides a secure platform for managing and storing personal data when processing contact forms. The service is provided by Moonshot Ventures Inc., 30060 Harris Rd, Abbotsford BC V4X 1V6, Canada. Canada is recognised by the European Commission as a country with adequate data protection. We have concluded a "Data Processing Agreement" (DPA) with Moonshot Ventures Inc. The purpose of data processing is to process your enquiry. The legal basis is your consent to the processing of your data, which you give in accordance with Art. 6 (1 lit. a) GDPR by sending the form. Our legitimate interest in the effective processing of enquiries addressed to us in accordance with Art. 6 (1 lit. f) GDPR, as well as Art. 6 (1 lit. b) GDPR, if the enquiry leads to a subsequent conclusion of a contract or concerns an existing contract.
Further information on the processing of your data can be found in Usebasin's privacy policy, which is available at this link: https://usebasin.com/privacy

 

Data collection for comments and reviews Comment function on this website for product and recipe reviews

For the comment function on this page, in addition to your comment, information about the time the comment was created, your email address and the username you have chosen will also be stored.

Storage of IP addresses

Our comment function stores the IP addresses of users who post comments. We need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.

Storage period for comments

The comments and the associated data are stored and remain on this website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).

Legal basis

Comments are stored on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. To do so, simply send us an informal email. The legality of data processing operations that have already taken place remains unaffected by the revocation.

 

9. Integration of services

We use the third-party services listed below on our website.
 
It is possible that user data are also processed outside of the European Union. This could result in risks for users, because it can make it more difficult to enforce their own rights, for example.

The data of the users may possibly be processed for analysis purposes. This way, profiles can be created from the usage behaviour and the interests of the users derive thereof. These profiles can be used to, e.g. for placing of advertisements inside and outside the platforms that are likely to serve the interests of the users. For these purposes, cookies may be stored on the users' computers, through which the usage behaviour, the interests of the users and / or the length of stay are saved.

In the event of requests for information and the assertion of user rights, we would like to point out that these can be most effectively asserted with the respective providers. The providers only have access to the relevant data of the users and can directly take appropriate measures and provide concrete information.

For a detailed description of the respective processing, we refer to the following information on the respective providers.

Facebook

Our pages contain links to the Facebook social network provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

Further information can be found in Facebook’s privacy policy at en-gb.facebook.com/policy.php 

The regulations governing internal INSIGHTS processing at Facebook can be found at www.facebook.com/legal/terms/page_controller_addendum.

These are summarised briefly below:
Data subjects’ rights can be asserted with Meta Platforms Ireland and with us, but the primary responsibility for the processing of Insights data under the GDPR lies with Meta Platforms Ireland. We do not make any decisions regarding the processing of Insights data and of all other information arising from Article 13 of the GDPR, including the legal basis, the identity of the controller and the storage period of cookies on user devices. Meta Platforms Ireland fulfils all obligations under the GDPR with regard to the processing of Insights data. Meta Platforms Ireland makes the essential elements of the Page Insights supplement available to the data subjects.

Data processing when visiting our Facebook page directly

In this section, we provide you with more detailed information on the processing of personal data when using our Facebook and Instagram services.
Meta Platforms Ireland Ltd. processes personal data when visitors use Facebook products, including Instagram pages. This also applies to the personal data of individuals who are not registered with any of the Facebook services. In its data policy, Meta Platforms Ireland describes in detail what (personal) data this includes, how, for what purposes and on what legal basis it is processed:
en-gb.facebook.com/policy.php. This policy applies to all Facebook products. There you will also find information about how to contact Facebook and about the settings for advertisements, cookies, etc.
We process personal data ourselves via our Facebook account (see Section 2 below), while Meta Platforms Ireland also processes data (see Section 1 below). Meta Platforms Ireland and our company are ‘joint controllers’ within the meaning of Art. 26 of the GDPR.

1. Data processed by Meta Platforms Ireland

The regulations governing internal INSIGHTS processing at Meta Platforms Ireland can be found at www.facebook.com/legal/terms/page_controller_addendum.

Data subjects’ rights can be asserted with Meta Platforms Ireland and with us, but the primary responsibility for the processing of Insights data under the GDPR lies with Meta Platforms Ireland.
We do not make any decisions regarding the processing of Insights data and all other information arising from Article 13 of the GDPR, including the legal basis, the identity of the controller and the storage period of cookies on user devices.

2. Data processed by us
Using Page Insights, we are able to perform an anonymous evaluation of the reach, page views, time spent watching videos and actions (likes, comments, sharing of posts), as well as age, gender and location (as specified by users in their respective Facebook or Instagram profiles). Settings can be made for the evaluation of reach, and corresponding filters can be set with regard to the selection of a time period, the viewing of a specific post, and demographic groupings (e.g. female, 20–30 years old). This data is anonymised, aggregated, and abstracted. These settings therefore do not allow us to draw any conclusions about individuals. The evaluation serves to optimise the content on the Facebook and Instagram pages for public relations purposes.

You can also interact with us via our account. For example, by liking, sharing or commenting on posts, or by writing to us directly.
In these cases, data processing by us is unavoidable, as you make your account visible to us and your personal data becomes accessible to us. This includes your user name, profile picture and the date and time of the interaction. The legal basis for processing in this case is Article 6.1(b) of the GDPR. We use your data to fulfil the interaction you have requested.

Instagram

Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland)
We use Instagram to provide information about our company and related events.
Privacy policy: help.instagram.com/519522125107875/

Pinterest

We have a profile on Pinterest. The operator is Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA (‘Pinterest’). For details on how they handle your personal data, please refer to Pinterest’s privacy policy: policy.pinterest.com/en/privacy-policy

YouTube

We have a profile on YouTube. The operator is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube’s and/or Google’s privacy policy: https://policies.google.com/privacy.

When a YouTube video is launched, the provider sets cookies that collect information about user behaviour.

If you have disabled the storage of cookies for the Google Ad programme, you will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.

YouTube videos embedded on the koelln.de/koelln.com website

On our YouTube channel linked to our website, we present various content, including our own videos. If you click on links to YouTube embedded on our website (beginning with ‘youtu.be’), you will be redirected to the YouTube website. For details on how YouTube handles your personal data, please refer to the privacy policy of YouTube and/or Google: https://policies.google.com/privacy 
Opt-out: https://adssettings.google.com/authenticated

TikTok

We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
For details on how they handle your personal data and how you can manage this information, please refer to TikTok’s privacy policy and terms of use.

TikTok Terms of Use:
https://www.tiktok.com/legal/terms-of-use?lang=en

Privacy policy:
https://www.tiktok.com/legal/privacy-policy?lang=en

Competitions / Chatbot

To improve our offering and carry out marketing campaigns such as competitions, we use the chatbot service provided by LoyJoy GmbH, Kapuzinerstr. 20, 48149 Muenster,

The following data, to which the service provider itself has no access, is processed by the chatbot:

e‑mail address and password/PIN at the time of registration

interaction of the logged-in user, such as messages posted, change of e‑mail address, change of password, login/logout, opt-in/opt-out, etc.

For some competitions, age and gender are requested for statistical purposes. In this case, it is explicitly pointed out in the chat that the data will be anonymised.

The aforementioned data is aggregated and anonymised for statistical evaluation in order to gauge success and, provided that consent for advertising has been given, to enable the optimised display of ads.

The legal basis for processing is your consent in accordance with Art. 6 (1 lit. a) of the GDPR.

Order processing
We, Peter Kölln GmbH & Co. KG, as the website operator, have concluded an order processing agreement with Loyjoy GmbH, under which Loyjoy has undertaken to strictly comply with the provisions of German data protection law and, where applicable, other applicable data protection standards. We ourselves comply with the legal requirements of all applicable data protection standards, in particular the requirements of the GDPR.

LoyJoy uses services provided by Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA).
Cloudflare operates a content delivery network (CDN) and provides protective functions for the LoyJoy web application (web application firewall). Data transfer between a user’s browser and the LoyJoy servers flows through Cloudflare’s infrastructure and is analysed there to ward off attacks. Cloudflare uses technically necessary cookies for this purpose to enable access to LoyJoy. Cloudflare is deployed in the interest of secure use of LoyJoy and to ward off harmful attacks from outside. This constitutes a legitimate interest within the meaning of Article 6.1(f) of the GDPR.

Further information can be found in Cloudflare’s privacy policy: https://www.cloudflare.com/de-de/privacypolicy/

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. These data are summarised in a user ID and assigned to the respective end device of the website visitor.

Furthermore, and among other things, Google Analytics allows us to record your mouse and scroll movements and clicks. Moreover, Google Analytics uses various modelling approaches to supplement the data records collected and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there.

The use of this service is based on your consent according to Art. 6 (1 lit. a) GDPR and § 25 (1) TTDSG (German Telekommunikations-Telemedien-Datenschutzgesetz = German Telecommunications-Telemedia Data Protection Act). The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. 

More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. These data come from interest-based advertising from Google as well as visitor data from third-party providers. These data cannot be assigned to a specific person.

You can deactivate this function at any time via the ad settings in your Google account or deactivate the collection of your data by Google Analytics on this website by deactivating the "Performance" and "Advertising" tabs in the cookie banner (call up by clicking on the blue round fingerprint symbol).

Order processing

We have concluded an order processing contract with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Maps

This site uses the Google Maps map service via an API (Application Programming Interface). The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. If you use the functions of Google Maps, it is necessary for the provider to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

For more information on the handling of user data, please refer to Google’s privacy policy: 

policies.google.com/privacy.

Google Tag Manager

Google Tag Manager is a programme with which we can manage so-called website tags via a surface (and thus integrate e.g. Google Analytics and other Google marketing services into our online offer). The tool 'Google Tag Manager' itself is a cookie-free domain and does not collect any personal data. When you visit our website, however, provided you have given us your consent on the cookie notice banner, your IP address will be transmitted to Google as a prerequisite for the technical process.

With regard to the processing of users' personal data, reference is made to the following information about Google services. Google Tag Manager usage guidelines: www.google.com/intl/de/tagmanager/use-policy.html 

 

Google Ads and Google Conversion Tracking

This website uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

We use conversion tracking as part of Google Ads. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the internet browser stores on the user’s computer. These cookies expire after 30 days and do not serve to personally identify users.

If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page.

Each Google Ads customer is assigned a different cookie. Cookies cannot be tracked across the websites of Google Ads customers. The data collected by means of the conversion cookie is used to generate conversion statistics for Google Ads customers who have signed up for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.

The storage of ‘conversion cookies’ and the use of this tracking tool are based on the consent you give to us by a mouse click on the relevant button (e.g. Consent to the Storage of Cookies); processing is carried out exclusively on the basis of Article 6.1(a) of the GDPR. As a user, you can revoke your consent to tracking at any time by deactivating the ‘Performance’ and ‘Advertising’ tabs in the cookie banner (accessed by clicking on the fingerprint symbol). Alternatively, you can deactivate Google Analytics tracking by installing the relevant browser add-on (see section ‘Browser plugin’).

For more information about Google Ads and Google Conversion Tracking, please refer to Google’s privacy policy:

https://policies.google.com/privacy?hl=en.

Note on data transfers to Google

All data transfers to Google in the USA take place on the basis of EU standard contractual clauses. For further information, please refer to: https://policies.google.com/privacy/frameworks?hl=en

CleverReach

This website uses the CleverReach programme to send newsletters. This programme is provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service that can be used to organise and analyse newsletter distribution. The data you enter when you subscribe to the newsletter (e.g. e‑mail address) is stored on the servers of CleverReach GmbH in Germany or Ireland.

Our newsletters sent via CleverReach enable us to analyse the behaviour of newsletter recipients. Among other things, we can analyse how many recipients opened the newsletter and how often each link in the newsletter was clicked. By means of conversion tracking, we are also able to analyse whether a predefined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. For more information on data analysis by CleverReach newsletters, please visit:

https://www.cleverreach.com/en-de/newsletter-tool/newsletter-reporting/

Data processing is carried out exclusively on the basis of your consent (Art. 6 (1 lit. a) of the GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of any data processing operations already carried out remains unaffected by the revocation.   

If you do not want CleverReach GmbH to analyse your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected.

After you unsubscribe from the newsletter distribution list, your e‑mail address will be stored by us or the newsletter service provider in a ‘blacklist’ to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data.

This serves both your interests and our interests in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1 lit. f) of the GDPR). There is no time limit for storage in the blacklist. You can object to the storage if your interests outweigh our legitimate interest.

For more details, please refer to the data protection provisions of CleverReach GmbH at https://www.cleverreach.com/en-de/privacy-policy/.

Conclusion of a contract for order processing

We, Peter Kölln GmbH & Co. KGaA, as the website operator, have concluded a contract for order processing with CleverReach GmbH, under the terms of which CleverReach GmbH has undertaken to strictly comply with the provisions of German data protection law and other applicable data protection standards. We ourselves comply with the legal requirements of all applicable data protection standards, in particular the requirements of the GDPR, when using CleverReach and the data that is collected and stored in the context of our use of CleverReach GmbH.

 

Advertising with Meta (Pixel and Conversion Tracking)

(1) Furthermore, the website employs advertising services provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Meta Platforms Inc., Menlo Park, California, USA. Facebook data policy: en-gb.facebook.com/policy.php and https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

In addition to presenting information and news about our group of companies, we also use Instagram and Facebook to evaluate the Insights service. This is done on the basis of joint responsibility. The regulations governing the internal processing of INSIGHTS by Meta services can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data and are summarised briefly here:

Data subjects’ rights can be asserted with Meta Ireland and with us, but Meta has primary responsibility for the processing of Insights data in accordance with the GDPR.

We do not make any decisions regarding the processing of Insights data and all other information arising from Art. 13 of the GDPR, including the legal basis, identity of the controller and storage period of cookies on user devices.

Meta fulfils all obligations under the GDPR with regard to the processing of Insights data. Facebook Ireland is responsible for making the essential elements of the Page Insights supplement available to the relevant data subjects.

Further information can be found in the Meta Privacy Policy.

Privacy Policy: https://www.facebook.com/about/privacy

Meta Contract Addendum for the Transfer of European Data (with standard contractual clauses): https://www.facebook.com/legal/EU_data_transfer_addendum

By integrating the so-called ‘Meta Pixel’ on our website, we can display our advertising material (‘Meta Ads’ on Facebook and Instagram) to users of our website and the Facebook social network. It also enables us to measure and evaluate their success (‘Conversion Tracking’). This connection between Meta platforms and our website is made technically possible via the ‘Meta Pixel’. The legal basis for the processing of your data is Art. 6 (1 lit. a) of the GDPR, i.e. the integration only takes place with your consent.

(2) Because of the marketing tools used, your browser automatically establishes a direct connection to Meta’s server when you visit our website. We have no influence on the scope and further use of the data collected by Meta through the use of this tool and therefore make you aware of the processes known to us: Through the integration of the Meta Pixel, Meta receives the information that you have accessed the corresponding page of our website or clicked on one of our advertisements. To the extent that you are registered with a Meta service, Meta can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain your IP address and other identifying features and use them to create a profile.

(3) The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. In such cases, the provider has, according to its own declarations, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has undertaken to comply with applicable data protection laws when transferring data internationally. A so-called ‘adequacy decision’ is in force between the EU and the USA, confirming the admissibility of data transfers.

Meta Platforms Inc., Menlo Park, California, USA (‘Meta’) has certified itself for the EU-USA Data Privacy Framework with regard to the processing of personal data in the European Union. According to its own declarations, Meta maintains an adequate level of data protection.

(4) You may withdraw your consent at any time without affecting the lawfulness of processing that took place with your consent before it was withdrawn. The easiest way to withdraw your consent is via our Consent Manager or by clicking on the fingerprint icon. In addition, logged-in users can prevent the use of their data for advertising purposes via the provider’s function at the following link: https://www.facebook.com/adpreferences/ad_settings/ and https://accountscenter.instagram.com/ad_preferences/

(5) We also employ the ‘Custom Audiences’ remarketing function, which likewise uses the Meta Pixel, to display interest-based advertisements when you visit our website or other websites that also have the Facebook Pixel integrated. This allows us to show you advertisements that are relevant to you in order to make our website more interesting for you and to market our offerings.

Social media buttons
The c’t project ‘Shariff’ replaces the usual share buttons of social networks and allows you to keep your surfing behaviour private.
The usual social media buttons transfer user data to Facebook and the like every time a page is viewed and provide social networks with detailed information about your surfing behaviour (User Tracking). You do not need to be logged in or a member of the network for this to occur. In contrast, a Shariff button only establishes direct contact between the social network and the visitor when the latter actively clicks on the Share button.
Further information: https://www.heise.de/hintergrund/Ein-Shariff-fuer-mehr-Datenschutz-2467514.html

Clarity

This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/  (hereinafter ‘Clarity’).

Clarity is a tool for analysing user behaviour on this website. Specifically, Clarity records mouse movements and creates a graphical representation of the parts of the website that users scroll through most frequently (Heat Maps). Clarity can also record sessions, allowing us to view page usage in video format. We also receive information about general user behaviour within our website. Clarity employs technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies, device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.

If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 (1 lit. a) of the GDPR and Section 25 of the German Telecommunications and Telemedia Data Protection Act (TTDSG). Consent can be revoked at any time. In the event that consent has not been obtained, the use of this service is based on Art. 6 (1 lit. f) of the GDPR; the website operator has a legitimate interest in effective user analysis.

Further details on Clarity’s data protection policy can be found here: https://docs.microsoft.com/en-us/clarity/faq.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards.

Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6474.

Order processing

We have concluded an order processing agreement for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

10. Job applications

The controller collects and processes the personal data of applicants for the purpose of handling the application process. This data is processed on the basis of Section 26.1 of the German Federal Data Protection Act (BDSG) concerning ‘Decision on the Establishment of an Employment Relationship’.

If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after receipt of the application, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interests pursuant to Article 6.1(f) could, for example, be a burden of proof in proceedings under the German General Equal Treatment Act (AGG).

11. Liability for contents

The contents of our pages were created with great care. However, we cannot guarantee that the content is correct, complete and up to date. As a service provider, we are responsible for our own content on these pages in accordance with general laws pursuant to § 7 (1) TMG. Pursuant to §§ 8 to 10 TMG, we as a service provider are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information according to general laws remain unaffected. However, liability in this regard is only possible from the time we become aware of a specific legal violation. As soon as we become aware of such violations, we will remove such contents immediately.

 

12. Liability for links

Our pages may contain links to external third party websites, on whose content we have no influence. For this reason, we cannot accept any liability for this external content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time the link was created. No illegal content was discernible at the time the link was created. A permanent control of the content of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of legal violations, we will remove such links immediately.

 

13. Data security

We secure our website and other systems with suitable technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. Despite regular checks, complete protection against all risks is not possible.

Our website uses the industry standard TLS / SSL (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal data on the Internet. You can see whether an encrypted transmission is taking place by the closed key or lock symbol in the display of your browser.

We would like to point out that data transmission on the Internet (e.g. when communicating by email) can have security gaps. It is not possible to completely protect data from third-party access.

 

14. Disclosure of data

Your personal data will only be disclosed to third parties

• if you have given your express consent pursuant to Art. 6 (1 clause 1 a) GDPR;
• if the disclosure is required to fulfil contractual obligations pursuant to Art. 6 (1 clause 1 b) GDPR
• if we are legally obliged to disclose the data for the purpose of Art. 6 (1 clause 1 c) GDPR;
• if disclosure of the data is in the public interest for the purpose of Art. 6 (1 e) GDPR or;
• if disclosure of the data is required pursuant to Art. 6 (1 clause 1 f) GDPR in order to protect our legitimate interest or the legitimate interests of a third party, unless your interests in the protection of your data outweigh them.

 

15. Third party recipients

To deal with complaints and customer support and to enable us to process your concerns satisfactorily, we may have to pass on your personal data to third-party recipients. Third parties can be our suppliers, transport and logistics partners and our trading partners.

 

16. Duration of storage of personal data

Your data will be stored by us for as long as required for the respective purposes the processing is based on. In addition, we only store data if we are legally obliged to do so, e.g.  due to statutory retention requirements.

 

17. Information on the right to object

An objection to the processing of your personal data, based on Art. 6 (1 e) (data processing in the public interest) or (f) (data processing to protect legitimate interests based on balancing of interests) is possible at any time pursuant to Art. 21 GDPR. In the event of an objection, the personal data shall no longer be processed, unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

Please direct your objection to the contact named under point 1 of this privacy policy ("Data Controller responsible").

 

18. Information on the right of revocation

If you have given us your consent to the processing of personal data, you can revoke this at any time. Of course, this also applies to declarations of consent given to us before May 25, 2018 (before the GDPR was in effect). The revocation of consent can only apply for the future. The lawfulness of the processing is not retrospectively removed by revocation. Please direct your revocation to the address mentioned under point 1.

 

19. Timeliness

This data protection declaration was last updated on November 15th, 2022. It is the current and valid version of our privacy policy.

However, we would like to point out that from time to time it may be necessary to revise this privacy policy due to actual or legal changes.

20. Data Protection Officer

If you have specific questions about the protection of your data, please contact the data protection officer of Peter Kölln GmbH & Co. KGaA:

Mrs Kerstin Lange
c / o Vater Solution GmbH
Boschstrasse 5
24118 Kiel
Email: dataprotection@peterkoelln.de

Certain sections of the privacy policy (data collection for comments and reviews, Microsoft Clarity, Shopify) were created using the data protection templates provided by e-Recht24 and partially adapted for Kölln.