With this privacy policy, we would like to inform you about the processing of your data. With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR). Our websites are not aimed at children and young people under the age of 16.
Responsible for processing
Hälssen & Lyon GmbH
Pickhuben 9
20457 Hamburg
Germany
represented by its Managing Directors Christian Meckel (Chairman) and Dietmar Scheffler
Phone +49 40-36 14 3-0
info@haelssen-lyon.com
How to contact our data protection officer?
The contact details of our external company data protection officer (DPO) are as follows: Mauß Datenschutz GmbH, Neuer Wall 10, 20354 Hamburg, Germany. You can reach our DPO by mail (see above) or by phone: +49 40 999 99 52-0 and via e-mail: datenschutz@datenschutzbeauftragter-hamburg.de.
YOU WILL NOT RECEIVE CUSTOMER SUPPORT UNDER THESE CONTACT DETAILS - PLEASE CONTACT THE TEA CATALOGUE TEAM UNDER katalog@haelssen-lyon.com.
How do we process your data?
In the following, you will learn which data is collected when, how it is used (type, scope and purpose of the processing of personal data) as well as the legal basis and the duration of storage.
Operation of the web server, delivery of the web pages
All the data you enter on our sites is transmitted to us in encrypted form. The same applies for the delivery of our web pages. It applies even when you access the site without specifying encryption (using http protocol instead of https); the site’s response to such unencrypted access is automatically encrypted.
When do we use your personal information?
When you visit our websites, we automatically process the following data from you in order to be able to provide our websites and the services provided via them:
For security reasons, we store this information in log files and automatically delete it after 60 days. The data in the log files is stored separately from other data about you.
Longer storage only takes place in justified individual cases (e.g. in the event of suspected abuse or fraud or in the event of attacks on our web server). In these cases, the respective log files are stored until the facts of the case have been clarified and the resulting measures have been completed.
In order to be able to provide you with our website and the services provided via them, we use a ser-vice provider (web hoster) who processes your data on our behalf and exclusively in accordance with our instructions.
Mittwald CM Service GmbH & Co.KG
Königsberger Straße 4-6
32339 Espelkamp
Germany
The legal basis for the processing of your data is Art. 6 Par. 1 lit. f GDPR. We have a legitimate inter-est in processing your data so that we can offer you our websites and the services provided via them in a technically flawless, secure manner and optimized for your needs. In addition, our other legitimate interest is to detect and prevent fraud attempts or attacks on our websites.
Storage and retrieval of data in your device
In order to provide the functionalities you have requested, including the provision of the website, we store data in your browser in accordance with § 25 TDDDG and also access it afterwards. For this purpose, we use so-called cookies as well as the session memory and the local memory of the browser. Without this storage and retrieval of data, our website will not function correctly.
The legal basis for the storage and retrieval of data from your browser is our legitimate interest pursuant to Art. 6 Par. 1 lit. f GDPR in conjunction with § 25 TDDDG to implement our websites in an appealing and secure manner and to comply with your wishes regarding the usability and functionality of the pages.
Below you will find a tabular list of cookies and similar technologies used on this website. The expiration time indicates the time after which your browser automatically deletes the relevant data. Session means that the data is only stored until the end of the current page visit.
Contact requests
When you send us a message, we use the data you provide to process your request. The legal basis for this is our legitimate interest in responding to your request, in accordance with Art. 6 para. 1 lit. f GDPR. If your request serves to conclude a contract with us to which you as a person are a contracting party, further legal basis for the processing is provided by Art. 6 para. 1 lit. b GDPR. The data will be deleted after your request has been processed. If we are obliged by law to store data for a longer period of time, the data will be deleted after expiry of such period.
User account
The use of our online catalogue is open only to commercial customers and resellers and requires a one-time registration on our website. To verify your eligibility, please provide your full contact details. The data will be used to contact you by e-mail and to provide you with a personalized login. Your name, e-mail, customer number and login are stored in the system so that we can manage you as a user.
With this processing, we pursue our legitimate interest in protecting our tea catalogue from unauthorized access. The legal basis for this is Art. 6 para. 1 lit. f GDPR, and for contacting you by e-mail it is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
The data will be stored as long as your access to the tea catalogue is not revoked. In the event that we refuse or withdraw your registration for access to the tea catalogue, your data will be deleted immediately.
Automated decision making
We refrain from any automated decision-making.
Transfer of personal data to non-EU countries, server location
We do not transfer any personal data to non-European countries within the scope of our website. The web servers we use are located in Germany.
Obligation to provide data
You are under no legal or contractual obligation to provide us with personal data when using our web-site. However, our pages cannot be accessed without providing your IP address. You will only receive login credentials if you provide us with the above-mentioned (see "User account") personal data.
Your rights
If you wish to exercise any of your rights, please contact us as the controller at the contact details provided above or use one of the other methods we offer to send us this notice.
Right of access
According to Art. 15 GDPR, you have the right to request confirmation from us whether personal data concerning you is being processed by us. If this is the case, you have a right to information about this personal data and to further information mentioned in Art. 15 GDPR.
Right to rectification
According to Art. 16 GDPR, you have the right to demand that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
Right to erasure
You have the right to demand that we delete personal data relating to you without delay. We are obliged to delete personal data without delay, provided that the relevant requirements of Art. 17 GDPR are met. For details, please refer to Art. 17 GDPR.
Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right under certain conditions to demand that we re-strict the processing of your personal data.
Right to data portability
According to Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machinereadable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 Par. 1 lit. a GDPR or Art. 9 Par. 2 lit. a GDPR or on a contract pursuant to Art. 6 Par. 1 lit. b GDPR or the processing is carried out with the help of automated processes.
Right to revoke consent
According to Art. 7 GDPR, you have the right to revoke your consent at any time and without giving reasons. Please note that a revocation applies exclusively to the future and does not affect the lawfulness of processings carried out in the past.
Right to object
If we name our legitimate interest according to Art. 6 Par. 1 lit. f GDPR as the legal basis, you have the following right of objection according to Art. 21 GDPR.
According to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you that is based on Article 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 of the GDPR, without prejudice to any other administrative or judicial remedy. This right exists in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you violates the GDPR.
Subject to change
We reserve the right to change the security and data protection measures at any time. Please therefore note the current version of this data protection notice.