DATA PROTECTION DECLARATION
Protection of your personal data in the collection, processing and use on the occasion of your visit to our homepage is an important matter for us.
Below, we would like to inform you about the fact that and how personal data from you are inquired, electronically stored and processed by us.
Responsible for processing
The legal entity responsible for processing your data is:
Hälssen & Lyon GmbH
represented by its Managing Directors Andrew Bergmann and Dietmar Scheffler,
and reachable at +49 40-36 14 3-0 or firstname.lastname@example.org.
Data Protection Officer
To ensure professional data protection, we have outsourced the protection of our operational data. We are supported by Mauß Datenschutz GmbH.
For inquiries about data protection, please use the following communication channels:
Phone: 040 / 9999952-0
Mauß Datenschutz GmbH
Datenschutz Hälssen & Lyon
Neuer Wall 10
Personal data is information that is specific to your person. This includes your name, address, telephone number and email address, but also other data such as your location, your IP address, or bank details. To use our internet site, it is not necessary for you to disclose your personal details. However, in certain cases, we need your name and your address as well as further information, so that we can provide the requested information.
All the data you enter on our sites is transmitted to us in encrypted form. The same applies for the delivery of our web pages. It applies even when you access the site without specifying encryption (using http protocol instead of https); the site’s response to such unencrypted access is automatically encrypted.
When do we use your personal information?
We process any personal data that you actively enter for transmission to us. We also automatically process personal data based on the use of our website. So your personal data may be processed in the following cases in particular:
For details, please refer to the following remarks.
When you visit our website
When you access our website, the company we have commissioned to operate the website processes and stores technical information about the device you are using (operating system, screen resolution and other non-personal characteristics) and the browser (version, language settings), in particular the public IP address of the computer you are using to visit our website, and the date and time of access. The IP address is a unique numerical address under which your device sends or retrieves data on the Internet. As a rule, we/our service provider do not know who is behind an IP address unless, while using our website, you provide us with information that enable us to identify you.
Our service provider uses the processed data in a non-personally identifiable manner for statistical purposes, so that we can trace what kind of devices, with which settings, are used to access our website, and optimise them accordingly. These statistics contain no personally identifiable data. The legal basis for the compilation of statistics is Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR).
The IP address is also used so that you can technically access and use our website, and to detect and repel attacks against our service provider or our website. Such attacks would impair the proper functioning of the data centre of the company we have commissioned, the use of our website or its features, and the security of visitors to our website. The IP address and the time of access are processed to ward off such attacks. In processing them, we are pursuing the legitimate interest of our service provider to ensure the functionality of our website and to ward off illegal attacks against us and the visitors of our website. The legal basis for processing is Article 6(1)(f) GDPR.
The stored IP data is deleted by anonymization when it is no longer needed for detecting or warding off an attack.
When you send us a message using one of the contact options, we use the data you provide to process your request. The legal basis for this is our legitimate interest in responding to your request, in accordance with Art. 6 para. 1 lit. f GDPR. If your request serves to conclude a contract with us to which you as a person are a contracting party, further legal basis for the processing is provided by Art. 6 para. 1 lit. b GDPR. The data will be deleted after your request has been processed. If we are obliged by law to store data for a longer period of time, the data will be deleted after expiry of such period.
The use of our online catalogue is open only to commercial customers and resellers and requires a one-time registration on our website. To verify your eligibility, please provide your full contact details. The data will be used to contact you by email and to provide you with a personalized login. Your name, email, customer number and login are stored in the system so that we can manage you as a user.
With this processing, we pursue our legitimate interest in protecting our tea catalogue from unauthorised access. The legal basis for this is Art. 6 para. 1 lit. f GDPR, and for contacting you by email it is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
The data will be stored as long as your access to the Tea catalogue is not revoked. In the event that we refuse or withdraw your registration for access to the Tea catalogue, your data will be deleted immediately.
Google Analytics allows us to compile usage statistics for our website, as well as demographic data on visitors and their user behaviour, in non-personally identifiable form. Statistics are also compiled to help us better understand how visitors find our site, so that we can improve our search engine optimisation and advertising efforts. With this processing, we pursue the legitimate interest to be able to improve our website as well as our advertising measures. The legal basis for this processing is Article 6(1)(f) GDPR.
Information on how you can object to the use of Google Analytics can be found at https://tools.google.com/dlpage/gaoptout?hl=en.
Google is a member of the PrivacyShield Agreement and has entered into an order processing contract with us for Google Analytics.
The pseudonymous data is deleted after 24 months.
A cookie is a small text file that is stored on your device by your browser when you access our website. If you access our website again at a later time, we can read these cookies again. Cookies are stored for differing periods of time. In your browser settings you have the option of specifying, at any time, which cookies it should accept, but this can result in our website no longer functioning properly. You can also delete cookies yourself at any time. If you do not do this, we can specify how long a cookie is to be stored on your computer once it is saved. A distinction is made here between ‘session cookies’ and ‘persistent cookies’. Session cookies are deleted from your browser as soon as you leave our website or close the browser. Persistent cookies are stored for the duration that we specify when we store them.
Most browsers used by our users allow you to set which cookies are to be stored, and allow you to delete (certain) cookies. If you restrict the storage of cookies on certain websites or do not allow cookies from third-party websites, it may lead to your no longer being able to use our website in full. For information on how you can adjust the cookie settings for some common browsers, please go to the following sites:
Transmission of personal data to third countries outside the EU, location of server
With the exception of the above-mentioned transmissions to Google in connection with the use of Google Maps and Google Analytics, we do not transmit any kind of personal data to countries outside the EU. The servers we use are located in the EU.
We do not use plugins or widgets from social media on our website. Accordingly, we do not transmit any personal data to the relevant providers.
If you wish to exercise any of the rights to which you are entitled, please contact us – the responsible party – using the above contact details or any of the other methods we provide for sending us this message.
Right to information
In accordance with Art. 15 GDPR, you have the right to request confirmation from us as to whether we are processing any personal data relating to you. If this is the case, you have a right of access to this personal data and to further information mentioned in Art. 15 GDPR.
Right to correction
In accordance with Art. 16 GDPR, you have the right to request us to promptly correct any incorrect personal data relating to you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Right to cancellation
You have the right to demand that we promptly delete any personal data relating to you. We are obliged to delete personal data immediately if the corresponding requirements of Art. 17 GDPR are met. For details, please refer to Art. 17 GDPR.
Right to limitation of processing
In accordance with Art. 18 GDPR, you have the right, under certain conditions, to request us to restrict the processing of your personal data.
Right to data transferability
In accordance with Art. 20 GDPR, you have the right to receive the personal data relating to you that you have provided to us, in a structured, current, and machine-readable format, and you have the right to transmit this data to another responsible party without our interference, provided that the processing is based on a consent pursuant to Article 6 para. 1 a) GDPR or Article 9 para. 2 a) GDPR or which is based on a contract pursuant to Article 6 para. 1 b) GDPR, and that the processing is carried out using automated procedures.
Right of objection
In accordance with Art. 21 GDPR, you have the right to object to the processing of personal data relating to you that is based on Article 6 para 1 e) or f) GDPR; this also applies to profiling based on these provisions.
If we process your personal data for purposes of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling to the extent that it is associated with such direct marketing.
Right of appeal to the supervisory authority
In accordance with Art. 77 GDPR, and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority. This right exists in particular in the Member State of your place of residence, of work, or of the place of suspected infringement, if you are of the opinion that the processing of personal data relating to you is contrary to the GDPR.