Privacy Statement

Scope of validity

We are delighted about your interest in our website and our company. Despite careful content checks, we assume no liability for third-party content found via external links.

The protection of your personal data in terms of its collection, processing and use during the course of your visit to our website is an important concern for us.

The data controller within the meaning of the General Data Protection Regulation, other data protection laws enacted in the member states of the European Union and other regulations of this nature is Franz Tress GmbH & Co. KG | Dottinger Straße 69 | 72525 Münsingen, Germany | info@tress.de | +49 (0)7381 92920 | www.tress.de

Furthermore, the data protection officer responsible for processing is:

Dirk Janthur | Datenschutzberatung Janthur GmbH | Hedelfinger Straße 12 | 73734 Esslingen, Germany | Tel. no: +49 (0)711 715 30104 | dirk.janthur@janthur.net

Access data / server logfiles

The provider collects data every time the content is accessed (so-called server logfiles). The access data includes:

the name of the website accessed, file, date and time of the access, transferred data quantity, reports of successful access, the browser type including the version, the operating system of the user, the referrer URL (the site visited beforehand), IP address and the querying provider.

The provider uses the log data only for statistical evaluations for the purpose of operation, security and optimising the content. The provider reserves the right to check the log data retrospectively, however, if there are specific indications justifying suspicion of illegal use.

Further personal data is only collected if you voluntarily provide such details; i.e. in the course of a query, registration or order.

The legal basis for processing this data is §15, Para (1) of the German Teleservices Act (Telemediengesetz, or TMG for short) / Art. 7, lit. f of the directive 95/46/EC, or from 25/05/2018 onwards: Art. 6, Para. (1), p. 1, lit. f of the European General Data Protection Regulation 2016/679.

Handling personal data

Personal data is information which can be used to determine a person's identity; meaning details which can be traced back to an individual. This includes a name, email address or telephone number. Data about preferences, hobbies, memberships or which websites one has looked at also count as personal data.

Personal data is only collected, used and passed on by the provider if this is legally permitted or the user has consented to data collection.

Inclusion of services and the content of third parties

It may be that the content of third parties – such as videos on YouTube, maps from Google Maps, RSS feeds or graphics from other websites – are included in this website. This always requires that the providers of this content (henceforth referred to as 'third-party providers') detect the user's IP address. This is because without an IP address, they cannot send the content to the user's browser. An IP address is therefore required to display this content. We try to use only content whose providers merely use the IP address to deliver that content. However, we do not have any influence over whether a third-party provider saves IP addresses, such as for statistical purposes. If we are aware of this, we will notify the user accordingly.

The following applies to all links to third-party content: Franz Tress GmbH & Co. KG expressly declares that Franz Tress GmbH & Co. KG has no influence on the structure or content of the linked pages. For this reason, Franz Tress GmbH & Co. KG hereby explicitly distances itself from all the content of all the linked pages on the website and takes no ownership of the content. This declaration applies to all the links displayed on the website and to all the content of the pages to which the banners, buttons and links visible via Franz Tress GmbH & Co. KG lead.

Cookies

Cookies are small files that allow the saving of specific information relating to the user's accessing device (PC, smartphone, etc.) on that device. A cookie usually contains the name of the domain from which the cookie data was sent and information regarding the age of the cookie and an alphanumeric identifier. They are used to make websites user-friendly (e.g. saving login data for user convenience) on the one hand. On the other, they are used to collect statistical data regarding website use, so as to be able to analyse this for the improvement of the content.

The information saved in cookies is not used by Franz Tress GmbH & Co. KG to identify users. Nor is it combined with other personal data which Franz Tress GmbH & Co. KG may have saved about the user.

The legal basis for processing this data is §15, Para (3) of the German Teleservices Act (Telemediengesetz, or TMG for short) or from 25/05/2018 onwards: Art. 6, Para. (1), p. 1, lit. f of the European General Data Protection Regulation 2016/679.

Users can control the use of cookies. Most browsers possess an option with which the saving of cookies can be restricted or completely prevented. It should be pointed out, however, that use – and, in particular, ease of use – is limited without cookies.

You can manage many online advertisement cookies from companies via the US website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/.

Registration on our website

If someone uses the option to register themselves on the website of the processing data controller by providing personal data, then that data in the input screen will be transmitted to the processing data controller. This data will be saved exclusively for the purpose of internal use with the processing data controller.

During registration, the IP address of the user and the date and time of registration are saved. This helps to prevent the misuse of services. Data is not passed on to third parties. An exception would be when there is a legal obligation to pass data on.

The registration of the data is required for providing content or services. Registered persons have the option to have the saved data deleted or changed at any time. The data subject may obtain information about the personal data saved about them at any time.

Contact options

There is a contact form on the website of Franz Tress GmbH & Co. KG which can be used for getting in touch electronically. Alternatively, you can get in touch using the email address provided. If the data subject gets in touch with the processing data controller via one of these routes, then the personal data transmitted by the data subject will be saved automatically. The saving of this data is purely for the purpose of processing or getting in touch with the data subject. Data is not passed on to third parties.

This represents voluntary provision of personal data. Franz Tress GmbH & Co. KG has categorically taken all technical and organisational measures to ensure this data is secure.

Nevertheless, please be very careful with the information and do not send us any sensitive data – such as bank details – via the contact form.

Newsletter

With the newsletter, we tell you about us and our offers.

If you would like to receive the newsletter, we require a valid email address from you and information that allows us to check that you are the owner of the specified email address or that its owner agrees to receiving the newsletter. Additional data is collected on a voluntary basis. This data is only used to send the newsletter and is not passed on to third parties.

You can subscribe via this form to receive the newsletter offered on our website. In this process, we use a so-called 'double opt-in' procedure. Firstly, a confirmation email is sent to your specified email address with a prompt for confirmation. Registration only becomes effective once you have clicked on the activation link contained within the confirmation email. We use your data sent to us exclusively for sending the newsletter, which may contain information or offers.

We use rapidmail to send our newsletter. Your data is therefore sent to rapidmail GmbH. rapidmail GmbH is forbidden from using your data for any other purpose than sending the newsletter. rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a certified, German newsletter software provider which has been chosen carefully in accordance with the requirements of the GDPR and the German Federal Data Protection Act (BDSG).

You can revoke your consent regarding the saving of data and its use for sending the newsletter at any time; e.g. via the unsubscribe link in the newsletter.

Online shop

If someone uses the online shop, purchases can be performed with or without registration.

In the event of registration, we refer to the section 'Registration on our website' of this privacy statement. In addition, data necessary for processing payment is processed and also passed on to the payment service provider. This is performed exclusively for processing payments.

You can obtain further information about which data is collected here from the payment provider.

Google Analytics

This website uses the Web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ('Google'). Google Analytics uses so-called "cookies" – text files that are stored on the user's computer and enable an analysis of the use of the website. The information generated by the cookie of the use of this website by the user is usually transmitted to a Google server in the USA and saved there.

On this website, IP anonymisation is activated. This means the IP address of users is shortened by Google within member states of the European Union and in other treaty states of the Agreement on the European Economic Area prior to transmission to the USA. Only in exceptional cases will the entire IP address be transferred to a Google server in the USA and truncated there.

On behalf of the operator of this website, Google will use this information to evaluate the use of the website by the user, to compile reports on website activities and to provide the website operator with additional services associated with website use and Internet usage.

The IP address communicated by your browser for the purpose of Google Analytics is not combined with other Google data. Users may disable the saving of cookies by configuring the appropriate settings in their browser software. However, this website would like to point out to users that if you do this, you may not be able to use the full functionality of this website. Users can also opt out from having the data generated by the cookie and associated with their use of the website (including their IP address) being collected and processed by Google by downloading and installing the browser plug-in available from the link below: http://tools.google.com/dlpage/gaoptout?hl=de.

You can find further information about data use for advertising purposes by Google and setting and revocation options on Google's Web pages: https://policies.google.com/privacy/google-partners?hl=en&gl=ZZ. ('Data use by Google during your use of the websites or apps of our partners'), http://www.google.com/policies/technologies/ads ('Data use for advertising purposes'), https://adssettings.google.com ('Manage information which Google uses to show you adverts') and http://www.google.com/ads/preferences ('Determine which adverts Google shows you').

Alternatively to configuring browser add-ons or the browsers on mobile devices, please click on this link to prevent future collection by Google Analytics within this website. Doing so will store an opt-out cookie on your device. If you delete your cookies, you must click this link again.

Use of Facebook social plugins.

This website uses social plugins from the social network facebook.com which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ('Facebook'). The plugins can be identified from the Facebook logos (a white 'f' on a blue tile, the term 'Like', or a 'thumbs-up' sign) or are indicated by the clarifying text 'Facebook social plugin'. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins.

When a user opens a Web page of this website containing such a plugin, their browser establishes a direct connection to the servers of Facebook. The content of the plugin is sent directly to their browser from Facebook and integrated into the website by it. The provider therefore has no influence over the scope of the data which Facebook collects using this plugin and therefore notifies the user of its state of knowledge:

Through the integration of the plugin, Facebook receives information that a user has accessed a particular page of the website. If the user is logged into Facebook, Facebook can attribute the visit to their Facebook account. If a user interacts with the plugins – for example, pressing the like button or leaving a comment – the corresponding information is sent from their browser directly to Facebook and saved there. If a user does not have a Facebook account, it is still possible that Facebook finds out their IP address and saves it. According to Facebook, only an anonymised IP address is saved in Germany.

The purpose and scope of data collection, the further processing and use of the data by Facebook and the rights and setting options to protect the privacy of users can be found in the privacy notice of Facebook: https://www.facebook.com/about/privacy.

If a user has a Facebook account and does not want Facebook to collect data about them through this content or to link this data with their account data saved with Facebook, then the user must log out of Facebook before visiting the website. Additional settings and objections to the use of data for the purpose of advertising are possible inside Facebook's profile settings: https://www.facebook.com/settings?tab=ads.

Twitter plugin

This website uses Web page elements (https://dev.twitter.com/web/overview) – such as buttons or embedded content – from the service provider Twitter, provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. With the help of the Web page elements, it is possible to share a contribution or page of this website on Twitter, for example, or to follow the provider on Twitter. As an example of further content, individual tweets in particular can be embedded in the Web page.

When a user opens a Web page of this website containing such a Web page element, their browser establishes a direct connection to the servers of Twitter. The content of the Web page element is sent by Twitter directly to the user's browser. The provider therefore has no influence over the scope of the data which Twitter collects using the Web page elements and therefore notifies the user of its state of knowledge. According to this knowledge, solely the IP address of the user and the URL of the Web page in question is transmitted when actuating the button, but this is not used for purposes other than displaying the Web page elements.

Further information on this can be found in the privacy statement of Twitter: http://de-de.facebook.com/policy.php

YouTube plugin

We have inserted a plugin from YouTube on our website – YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit our Web pages, a direct connection is established through the plugin between your browser and the YouTube server. As a result, YouTube receives information that you have visited our website with your IP address. If you press the YouTube button while you are logged into your YouTube account, you can link the content of our Web pages to your YouTube profile. This means YouTube can attribute the visit of our site to your user account.

Please note that we, as the provider of the Web pages, do not receive information about the content of the data transmitted or how it is used by YouTube. You can find additional information on this in YouTube's privacy statement at: policies.google.com/privacy.

If you do not want YouTube to be able to attribute the visiting of our Web pages to your YouTube user account, please log yourself out of your YouTube user account.

Sharing recipes via email

If a user accesses this function, their browser establishes a direct connection to the preset email application. The email address entered there is saved by the provider for seven days in order to be able to deal with queries and trace back fraudulently entered email addresses.

Passing data on to third parties

For particular technical processes of data analysis, processing or saving, Franz Tress GmbH & Co. KG draws on the support of external service providers. These service providers are carefully chosen and meet the highest data protection and data security standards. They are obligated to strict secrecy and process data only on behalf and upon the instruction of Franz Tress GmbH & Co. KG.

Except in the cases explained in this privacy statement, Franz Tress GmbH & Co. KG will only pass data on to third parties without the express consent of the user if it is obligated to do so by law or by order of an authority or court. This forwarding is not performed for commercial purposes (address trading).

Data storage location

Unless otherwise described in this privacy notice, the processing of personal data takes place exclusively in computer centres located in the jurisdiction of the European Data Protection Directive 95/46/EC or (from 25/05/2018 onwards) the EU General Data Protection Regulation 2016/679.

Personal data retention period

Personal data is stored for the duration of the statutory retention period in each case. Once this period is over, routine deletion of the data occurs, unless a requirement exists for contract initiation or contract fulfilment.

Routine deletion and blocking of personal data

The data controller processes and stores the personal data of the data subject only for as long as this is required for achieving the storage purpose. Storage beyond this remit only occurs if this is provided for by European or national legislators in harmonised regulations, laws or other provisions to which the data controller is bound.

Once the purpose of storage ceases to exist or a retention period prescribed by the regulations mentioned expires, personal data is routinely blocked or deleted.

Rights of the user

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights with respect to the data controller:

1. Right to information

You can demand from the data controller a confirmation as to whether your personal data is being processed by us.

If such processing exists, you can demand the following information from the data controller:

a.         The purposes for which the personal data is being processed.

b.         The categories of personal data which are being processed.

c.         The recipients / categories of recipients to whom your personal data has been disclosed or will be disclosed.

d.         The planned retention period for your personal data or, if specific details are not possible in this respect, criteria for determining the retention period.

e.         The existence of the right to the rectification or erasure of your personal data, a right to the restriction of processing by the data controller or a right to object to this processing.

f.          The existence of a right to lodge a complaint with a supervisory authority.

g.         All available information on the origin of the data if the personal data was not collected from the data subject.

h.         The existence of automated decision-making, including profiling pursuant to Art. 22, Para. 1 and 4 of the GDPR and, at least in these cases, detailed information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You are entitled to demand information as to whether your personal data is sent to a third country or an international organisation. In this regard, you can demand to be informed of the appropriate guarantees as per Art. 46 of the GDPR in relation to the transmission.

In the event of data processing for scientific or historical research or statistical research purposes:

this right to information can be restricted to the extent that it would foreseeably render impossible the realisation of the research or statistical aims or seriously impair them and the restriction is necessary for the fulfilment of the research or statistical purposes.

2. Right to correction

You have the right to correction and/or completion with respect to the data controller if your processed personal data is incorrect or incomplete. The data controller must make the correction immediately.

In the event of data processing for scientific or historical research or statistical research purposes:

Your right to correction can be restricted to the extent that it would foreseeably render impossible the realisation of the research or statistical aims or seriously impair them and the restriction is necessary for the fulfilment of the research or statistical purposes.

3. Right to the restriction of processing

You may demand the restriction of the processing of your personal data under the following conditions:

a.         If you dispute the accuracy of your personal data for a period of time which enables the data controller to check the accuracy of the personal data.

b.         The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead.

c.         The data controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims.

d.         Or if you have submitted an objection against processing as per Art. 21, Para. 1 of the GDPR and it is not yet clear whether the justified grounds of the data controller outweigh your grounds.

If the processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or on grounds of important public interest of the Union or of a member state.

If the restriction of processing has been performed according to the aforementioned requirements, you will be informed by the data controller before the restriction is lifted.

In the event of data processing for scientific or historical research or statistical research purposes:

Your right to the restriction of processing can be restricted to the extent that it would foreseeably render impossible the realisation of the research or statistical aims or seriously impair them and the restriction is necessary for the fulfilment of the research or statistical purposes.

4. Right to erasure

You can demand from the data controller that your personal data is erased without delay, and the data controller has the obligation to erase this data without delay where one of the following grounds applies:

a.          Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

b.         You withdraw your consent on which the processing is based as per Art. 6, Para. 1, lit. a or Art. 9, Para. 2, lit. a of the GDPR, and where there is no other legal ground for the processing.

c.         You object to the processing pursuant to Art. 21, Para. 1 of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21, Para. 2 of the GDPR.

d. Your personal data has been unlawfully processed.

e.         The erasure of your personal data is required for compliance with a legal obligation in Union or member state law to which the data controller is subject.

f.          Your personal data has been collected in relation to the offer of information society services pursuant to Art. 8, Para. 1 of the GDPR.

If the data controller has made your personal data public and is obliged pursuant to Art. 17, Para. 1 of the GDPR to its erasure, then the data controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that you as the data subject have requested the erasure by them of any links to, or copies or replications of, that personal data.

The right to erasure shall not apply where processing is necessary

a.         for exercising the right to freedom of expression and information.

b.         for compliance with a legal obligation which requires processing by Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

c.         for reasons of public interest in the area of public health in accordance with Art. 9, Para. 2 lit. h and i as well as Art. 9, Para. 3 of the GDPR.

d.         for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89, Para. 1 of the GDPR in so far as the right referred to in Para. 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

e.         for the establishment, exercise or defence of legal claims.

5. Right to notification

If you have asserted the right to correction, erasure or restriction of processing to the data controller, then the data controller is obligated to notify all recipients to whom your personal data was disclosed of this correction or erasure of data or restriction of processing,

unless this proves to be impossible or involves disproportionate effort.

You are entitled to be notified by the data controller about these recipients.

6. Right to data portability

You have the right to receive your personal data which you have provided the data controller in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another data controller without hindrance from the controller to which the personal data was provided, where

a.         the processing is based on consent pursuant to Art. 6, Para. 1, 1 lit. a of the GDPR or Art. 9, Para. 2, lit. a of the GDPR or is on a contract pursuant to Art. 6, Para. 1, lit. b of the GDPR, and

b.         the processing is carried out by automated means.

In exercising this right, you shall also have the right to have your personal data transmitted directly from one data controller to another, where technically feasible. The freedoms and rights of other persons shall not be adversely affected.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

7. Right to object

You have the right to raise an objection to the processing of your personal data at any time on grounds relating to your particular situation provided by Art. 6, Para 1, lit. e or f of the GDPR; this also applies to any profiling supported by this provision.

The data controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for processing which outweigh your rights, interests and freedoms or processing is used for the assertion, exercising or defending of legal claims.

If your personal data is processed for direct marketing purposes, then you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this includes profiling to the extent that it is related to such direct marketing.

If you object to processing for the purpose of direct marketing, then your personal data will no longer be processed for these purposes.

You have the right to exercise your right to objection in conjunction with use of information society services – irrespective of directive 2002/58/EC – by means of automated processes in which technical specifications are used.

In the event of data processing for scientific or historical research or statistical research purposes:

Where your personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89, Para. 1 of the GDPR, you have the right, on grounds relating to your particular situation, to object to this.

Your right to objection can be restricted to the extent that it would foreseeably render impossible the realisation of the research or statistical aims or seriously impair them and the restriction is necessary for the fulfilment of the research or statistical purposes.

8. Right to withdraw declarations of consent in relation to data protection law

You have the right to withdraw your declaration of consent in relation to data protection law at any time. The withdrawal of consent shall not affect the lawfulness of any processing for which consent was given and which was carried out prior to the withdrawal thereof.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

a.         is necessary for entering into, or performance of, a contract between you and a data controller;

b.         is authorised by Union or member state law to which the data controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or

c.         is based on your explicit consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9, Para. 1 of the GDPR, unless Art. 9, Para. 2 lit. a or g applies and appropriate measures for the protection of rights and freedoms and your legitimate interests have been taken.

Regarding the cases mentioned in a. and c., the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, for the expression of a personal point of view and to contest the decision.

10. Right to lodge a complaint to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art 78 of the GDPR.

Legal framework and processing

If we seek the consent of a data subject for the processing operations of personal data, Art. 6, Para. 1, lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

If the processing of personal data is required for the fulfilment of a contract in which the data subject is a contractual party, Art. 6, Para. 1, lit. b of the GDPR serves as the legal basis. This also applies to processing operations which are required for the performance of pre contractual measures.

If the processing of personal data is required for the fulfilment of a statutory obligation to which our company is bound, then Art. 6, Para. 1, lit. c of the GDPR serves as the legal basis.

In cases where the vital interests of the data subject or another natural person require the processing of personal data, Art. 6, Para. 1, lit. d of the GDPR serves as the legal basis.

If processing is required for protecting the justified interests of our company or a third party, and the interests, basic rights and basic freedoms of the data subject do not outweigh the former's interests, then Art. 6, Para. 1, lit. f of the GDPR serves as the legal basis for processing. The legitimate interest of our company is the performance of our commercial activities.

Questions and suggestions

In the event of questions and suggestions, please send us an email to info@tress.de

In the event of complaints concerning the data usage of Franz Tress GmbH & Co. KG, users and, where necessary, other data subjects can also refer to the competent supervisory authority.