We are delighted that you are visiting our website and are interested in our company. We attach a great deal of importance to protecting your personal data. Because personal data is afforded special legal protection, we only collect it insofar as doing so is necessary to making our website available and providing our service. Below, we have provided an outline of what personal information we collect about you during your visit to our website and how we use it.
1. Basic notes and contact information
We process personal data of users only to the extent necessary to provide a functional and convenient website for the presentation of our content, products and services.
1.1 Name and contact details of the controller:
Rübezahl Schokoladen GmbH
represented by the MD Claus Cersovsky
73265 Dettingen /Teck
Phone: +49 7021 / 8088-0
1.2 Name and contact details of the data protection officer (DPO):
RA Thomas P. Costard
Tel.: +49 (0) 911-790 30 34
Fax: +49 (0) 911-790 30 35
2. Collection and storage of personal data and the nature and purpose of their use
Providing the website and creating logfiles
When user opens our website www.sunrice.de, information is automatically sent to the server of our website by the Internet browser used by the visitor. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion after 7 days at the latest:
- Information about the browser type and the version used
- The accessing device’s operating system
- Websites from which the user’s system accessed our website (referrer tracking)
- The accessing device’s hostname
- The accessing device’s IP address
- Name of the visitor´s internet provider
- Date and time of access
- Websites and resources (images, files, other page contents) which were accessed on our website
This represents a legitimate interest within the meaning of Art.6 para.1 lit.f GDPR. The aforementioned data is processed by us for the following purposes:
- quickly establish the connection to the operator’s website
- to enable a user-friendly application of the website
- to identify and ensure the safety and stability of the systems
- facilitate and improve the administration of the website
This data is not merged with other data sources. The processing is expressly not carried out for the purpose of gaining knowledge about the person of the visitor to the website..
Visitors can send us messages via an online contact form on our website. In order to receive a reply, at least the name and a valid e-mail address are required. All other information can be given voluntarily by the requesting person. By sending the message via the contact form, you consent to the processing of the transmitted personal data. The data processing is carried out exclusively for the purpose of processing and responding to requests via the contact form.
This is done on the basis of the voluntarily given consent pursuant to Art.6 para.1 lit.a GDPR.
The personal data collected for the use of the contact form are automatically deleted as soon as the request is completed and there are no reasons for further storage (e.g. due to a subsequent order by the visitor).
Visitors can submit a complaint about a purchased product via an online complaint form on our website. In order to be able to process the complaint, in addition to information about the retailer and the product, the name and address of the person making the complaint and a valid e-mail address are required. All other information can be given voluntarily by the requesting person. By sending the message via the complaint form, you consent to the processing of the transmitted personal data. The data is processed exclusively for the purpose of handling and responding to complaints inquiries. This is done on the basis of the voluntarily given consent in accordance with Art.6 para.1 lit.a GDPR. The personal data collected for the use of the complaint processing will be automatically deleted as soon as the request is completed and there are no reasons for further storage (e.g. due to legal storage obligations).
Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to the to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in a data protection compliant manner. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).
When you enter our website, the following personal data is transferred to Usercentrics:
- Your consent(s) or revocation of your consent(s)
- Your IP-address
- Informationen about your browser
- Informationen about the accessing device
- Date and time of access
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent given to you or its revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected. Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
So-called cookies are used on this website. These are data packets that are exchanged between the website server and the visitor’s browser. These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. In this respect, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. In the cookies, information is stored that arises in each case in connection with the specific end device used.
Cookies are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on the visitor’s terminal device. Session cookies are automatically deleted after the end of the visit. Permanent cookies remain stored on the end device until the visitor deletes them himself or until they are automatically deleted by the web browser. The operator can thus in no way gain direct knowledge of the identity of the visitor to the website.
Cookies are mostly accepted according to the basic settings of the browsers used. However, the browser settings can also be configured in such a way that cookies are either not accepted on the devices used or that a special notice is given in each case before a new cookie is created. It should be noted, however, that the deactivation of cookies can lead to the fact that not all functions of the website can be used in the best possible way.
Technical necessary cookies:
The use of these cookies serves to make the use of the operator’s web offer comfortable and secure. For example, session cookies can be used to track which settings the visitor has made via the cookie consent tool, or which language settings have been made. After leaving the website, these session cookies are automatically deleted.
The data processed by these cookies are justified for the above purposes to protect the legitimate interests of the operator according to Art.6 Abs.1 lit.f GDPR.
Cookies requiring consent and data forwarding to third-party providers:
On this website, functions of the service Instagram are integrated. These functions are
offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This involves the hosting of images and texts that we embed on our website. When our website is called up, this content is retrieved from Instagram. The transmission of personal information of the visitor of our website to Facebook is thus not excluded. If you are logged into your Instagram account, Facebook can link the content of this website to your Instagram profile. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Insofar as personal data is collected on our website with the help of the technology described here and forwarded to Facebook or Instagram, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art.26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum.
According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook or Instagram products. You can assert data subject rights (e.g., requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission.
You can find details here:
4. Links to other web pages
This website contains links to websites of external operators. These were carefully checked before they were activated. However, it cannot be ruled out that the respective operators may subsequently make changes to the content. This data protection declaration applies only to the Internet presence of our institution. We do not accept any liability for the content or accuracy of the data protection statements of other providers’ websites. For information on the data protection information of other providers, please check the respective website or contact the respective provider.
Social Plugins (data protection compliant)
The content on our pages can be shared on social networks such as Facebook and Instagram in a privacy-compliant manner. This site uses a data-saving service for this by establishing direct contact between the networks and the users only when the user actively clicks on one of these buttons. An automatic transfer of user data to the operators of these platforms does not take place. Visitors to our website can thus jump to our presences in social networks in a privacy-compliant manner without complete surfing profiles being created by the operators of the networks.
5. Passing on of data
Personal data is transferred to third parties when,
- the data subject has expressly consented to this according to Art.6 para.1 lit.a GDPR,
- the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art.6 para.1 lit.f GDPR and there is no reason to assume that the data subject has an overriding legitimate interest in the non-disclosure of his or her data.,
- there is a legal obligation for the data transfer according to Art.6 para.1 lit.c GDPR, and/or
- this is necessary for the fulfillment of a contractual relationship with the data subject pursuant to Art.6 para.1 lit.b GDPR.,
- and within the scope of commissioned processing pursuant to Art.28 of the GDPR and within the scope of joint responsibility pursuant to Art.26 of the GDPR to service providers in accordance with the provisions of the GDPR.
In other cases, personal data collected when visiting the website will not be disclosed to third parties.
Note on data transfer to the USA and other third countries:
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. Therefore, it cannot be ruled out that U.S. authorities (e.g. intelligence agencies) may process, evaluate and permanently store your data located on U.S. servers for monitoring purposes. We have no influence on these processing activities.
6. Your data protection rights
We have defined processes within our facility so that you can exercise your rights with us. You have a right to,
- revoke consent at any time with effect for the future (Art.7 para. 3 GDPR).
- to receive information (Art.15 GDPR) about your data stored by us.
- that inaccurate data about you will be corrected by us (Art.16 GDPR).
- that data about you that is no longer required will be deleted from us (Art.17 GDPR).
- that under certain conditions the processing of your data is restricted (Art.18 GDPR). This may be the case, for example, if deletion is not possible, but the data may not be further processed.
- that your data is transferable (Art. 20 GDPR). This right applies in particular if you have given your consent to the processing of your data or if the processing of the data is necessary to fulfill a contract. The right to data portability does not exist insofar as your data is not processed with automated procedures.
- to object to the further processing of your personal data in a special situation (Art. 21 GDPR), insofar as the processing is based on the legitimate interest (Art. 6 para. 1 lit. f GDPR) as well as in the case of profiling based thereon. You may also object at any time if the data is used for direct marketing purposes (Art. 21 (2) GDPR).
- to complain to a supervisory authority (Art. 77 GDPR) if you are of the opinion that the processing of your data violates the legal requirements. The supervisory authority responsible for us is:
Der Landesbeauftragte für den Datenschutz und
die Informationsfreiheit Baden-Württemberg (LfDI-BW)
7. Scope of your obligations to provide us with your data
You only need to provide the data that is necessary for visiting our website and for the purpose of your request. Without this data, we will generally not be able to display the website and process your request. If we request additional data from you, you will be informed separately of the voluntary nature of the information you provide.