Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
"Personal data" is any information relating to an identified or identifiable natural person.
Information about the responsible party (referred to as the "controller" in the GDPR)
The data processing controller on this website is:
Heinerle - Berggold Schokoladen GmbH
Raniser Str. 11
Phone: 03647 530
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g. names, e-mail addresses, etc.).
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from "http://" to "https://" and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Server log files
You can use our websites without submitting personal data. Every time you access our website, user data is transmitted by your internet browser and stored in protocol files (server log files). This stored data includes e.g. name of the site called up, date and time of the request, amount of data transferred and the provider making the request. This data serves exclusively to ensure smooth operation of our website and to improve our offering. It is not possible to assign this data to a particular person.
Collection and processing when using the contact form
When you use the contact form we will only collect your personal data (name, email address, message text) in the scope provided by you. The data processing is for the purpose of making contact. By submitting your message you agree to the processing of your transmitted data. Processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent.You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. We will only use your email address to process your request. Finally your data will be deleted, unless you have agreed to further processing and use.
When you open a customer account, we will collect your personal data in the scope given there. The data processing is for the purpose of improving your shopping experience and simplifying order processing. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your customer account will then be deleted.
Collection, processing, and use of personal data in orders
When you submit an order, we only collect and use your personal data where this is necessary for the fulfilment and handling of your requests. The provision of data is necessary for conclusion of a contract. Failure to provide it will prevent the conclusion of any contract. The processing will occur on the basis of art. 6 (1) lit. b GDPR and is required for the fulfilment of a contract with you. We will not forward your data to third parties without your explicit consent. This only excludes our service partners which we require in order to handle the contractual relationship or service providers we use to process an order. Along with the recipients named in the clauses of this data protection declaration, these may be recipients in the following categories: Shipping providers, payment service providers, merchandise management service providers, service providers for order processing, web hosts, IT service providers and dropshipping dealers. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum.
Encrypted payment transactions on this website
If you are under an obligation to share your payment information (e.g. account number if you give us the authority to debit your bank account) with us after you have entered into a fee-based contract with us, this information is required to process payments.
Payment transactions using common modes of paying (Visa/MasterCard, debit to your bank account) are processed exclusively via encrypted SSL or TLS connections. You can recognise an encrypted connection by checking whether the address line of the browser switches from "http://" to "https://" and also by the appearance of the lock icon in the browser line.
If the communication with us is encrypted, third parties will not be able to read the payment information you share with us.
Among other options, we offer payment via PayPal on our website. The provider of this payment processing service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
If you choose payment via PayPal, we will share the payment information you enter with PayPal.
The legal basis for the sharing of your data with PayPal is Art. 6 Sect. 1 lit. a GDPR (consent) as well as Art. 6 Sect. 1 lit. b GDPR (processing for the fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
Instant transfer Sofort
Among other options, we offer the payment service called "instant transfer Sofort" on our website. The provider of this payment option is the Sofort GmbH, Theresienhöhe 12, 80339 München, Germany (hereinafter referred to as "Sofort GmbH").
With the assistance of the "instant transfer Sofort" tool, we receive a payment confirmation from the Sofort GmbH in real time, which allows us to instantly start to fulfil our obligations to you.
When you choose the "instant transfer Sofort" payment option, you must send a PIN and a valid TAN to the Sofort GmbH, which allows the company to log into your online banking account. Upon logging in, the Sofort GmbH will verify your account balance and will execute the bank transfer to us with the assistance of the TAN you provided. Subsequently, the company sends us an immediate transaction confirmation. After Sofort GmbH has logged in, the system will also automatically verify your revenues and check the credit limit of your pre-approved overdraft credit line and the existence of other accounts along with their balances.
Along with the PIN and TAN numbers, the system also transfers the payment information you entered along with personal data to the Sofort GmbH. Your personal data comprise your first and last name, address, phone number(s), e-mail address, IP address as well as any other data required for the processing of the payment transaction. This data must be transferred in order to be able to determine your identity with absolute certainty and to prevent attempts to commit fraud.
The legal basis for the sharing of your information with the Sofort GmbH is Art. 6 Sect. 1 lit. a GDPR (consent) as well as Art. 6 Sect. 1 lit. b GDPR (processing for fulfilment of a contract). You have the option to at any time revoke your consent to the processing of your data. Such a revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
For details on payments made with the instant transfer option, please follow these links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.
The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the "Unsubscribe" link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.
The data you archive with us for the purpose of the newsletter subscription shall be archived by us until you unsubscribe from the newsletter. Once you cancel your subscription to the newsletter, the data shall be deleted. This shall not affect data we have been archiving for other purposes.
This website uses CleverReach for the sending of newsletters. The provider is the CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that can be used to organize and analyse the sending of newsletters. The data you have entered for the purpose of subscribing to our newsletter (e.g. e-mail address) are stored on servers of CleverReach in Germany or in Ireland.
Newsletters we send out via CleverReach allow us to analyse the user patterns of our newsletter recipients. Among other things, in conjunction with this, it is possible how many recipients actually opened the newsletter e-mail and how often which link inside the newsletter has been clicked. With the assistance of a tool called Conversion Tracking, we can also determine whether an action that has been predefined in the newsletter actually occurred after the link was clicked (e.g. purchase of a product on our website). For more information on the data analysis services by CleverReach newsletters, please go to: https://www.cleverreach.com/en/features/reporting-tracking/.
The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.
If you do not want to permit an analysis by CleverReach, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.
The data you archive with us for the purpose of the newsletter subscription shall be archived by us until you unsubscribe from the newsletter. Once you cancel your subscription to the newsletter, the data shall be deleted from our servers as well as those of CleverReach. This shall not affect data we have been archiving for other purposes.
For more details, please consult the Data Protection Provisions of CleverReach at: https://www.cleverreach.com/en/privacy-policy/.
Execution of a contract data processing agreement
We have entered into a contract data processing agreement with CleverReach and implement the strict provisions of the German data protection agencies to the fullest when using CleverReach.
Processing is carried out on the basis of § 15 (3) TMG (Telemedia Act) as well as art. 6 (1) lit. f GDPR due to our justified interest in the purposes above.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Use of Google Analytics
You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/analytics/terms/ and at https://policies.google.com/?hl=en.
Use of Google Adwords conversion tracking
Our website uses the online marketing programme "Google AdWords", including conversion tracking. Google conversion tracking is a service operated by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and were forwarded to this page. Every Google AdWords customer receives a separate cookie. Therefore, it is not possible to track cookies relating to the websites of AdWords customers. The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, they do not receive any information with which could be used to personally identify users. Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our justified interest in targeted marketing and analysis of the effectiveness and efficiency of this marketing.
You will find more information as well as Google's data protection declaration at: https://www.google.de/policies/privacy/
Use of social plug-ins via "Shariff"
Our website uses social network plug-ins. We use data protection-compliant "Shariff" buttons to ensure that you retain control over your data.No connection is made to the social network servers and no data submitted without your explicit consent. "Shariff" was developed by specialists at the computer magazine c't. It enables more personal privacy in the network and replaces the usual social network "share" buttons. You can find more information on the Shariff project here https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
Google+ by Google Inc. (1600 Amphitheatre Parkway, Mountain View, California, 94043 USA)
Facebook by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA)
Twitter by Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
Facebook plug-ins (Like & Share button)
We have integrated plug-ins of the social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, on our website. You will be able to recognise Facebook plug-ins by the Facebook logo or the "Like" button on our website. An overview of the Facebook plug-ins is available under the following link: https://developers.facebook.com/docs/plugins/.
Whenever you visit our website and its pages, the plug-in will establish a direct connection between your browser and the Facebook server. As a result, Facebook will receive the information that you have visited our website with your plug-in. However, if you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our website and its pages with your Facebook profile. As a result, Facebook will be able to allocate the visit to our website and its pages to your Facebook user account. We have to point out, that we as the provider of the website do not have any knowledge of the transferred data and its use by Facebook.
For more detailed information, please consult the Data Privacy Declaration of Facebook at: https://www.facebook.com/privacy/explanation.
If you do not want Facebook to be able to allocate your visit to our website and its pages to your Facebook user account, please log out of your Facebook account while you are on our website.
The use of the Facebook plug-in is based on Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in being as visible as possible on social media.
Use of GoogleMaps
Our website uses Google Inc.'s feature for the embedding of Google Maps (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").This feature visually represents geographical information and interactive maps. Google also collects, processes and uses data on visitors to the website when they call up pages with embedded Google maps.
Duration of storage
After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.
Rights of the affected person
If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.
Contact us at any time. Our contact details can be found in our imprint.
Data protection officer
Designation of a data protection officer as mandated by law
We have appointed a data protection officer for our company.
Phone: 0365 8336 9905
Right to complain to the regulatory authority
You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.
last update: 03.09.2018