Skip to main content

Privacy policy

When you visit our website, personal data is accessed (e.g. IP address) or information is stored (e.g. cookies). This may then involve further processing of data. This privacy policy explains how your personal data is used by us and what rights and options you have in this regard. It applies to all personal data that you provide to us or that is derived from such data as part of our business relationship with you or when you visit our websites.

WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

milch & zucker GmbH is generally the controller of all personal data that you provide to us in connection with your visit to our websites and/or our business relationship.

You can contact us via social media websites or via functions on our websites in which social media sites are integrated. If you contact us via social media sites, you may authorise us to access certain information from your social media profile. You can determine the scope of this information yourself in the data protection settings on the respective platform.

CATEGORIES OF PERSONAL DATA WE COLLECT

In particular, we collect and process personal data that falls into the following categories

  • Application data (see: Data protection information for the application);
  • Contact information such as surname, first name, business address, business telephone number, business mobile phone number, business fax number and business email address, the unique identifier of your mobile device and the IP address of your computer when you use our websites;
  • Payment details, such as data required to process payments and prevent fraud, including credit/debit card numbers, security codes and other billing information;
  • Business information that is necessarily processed in a business or other contractual relationship with milch & zucker or voluntarily provided by you, such as orders placed, purchases, services and other business transactions, feedback on products and other information you provide to us;
  • Information about your interests and other information obtained using the cookies described in the cookie notices, in particular your activities on our websites or when you use content available for download (e.g. registration to download software, ebooks, whitepapers) or other services we offer you online. This includes information about what content has been downloaded and how long and how often it has been clicked on or viewed;
  • Information obtained from public sources, secure databases and credit reference agencies;
  • Special categories of personal data.

PURPOSES OF USE OF YOUR PERSONAL DATA

We will only use your personal data for the following purposes (“Permitted Purposes”):

  • The planning, execution, management and administration of our contractual relationship, e.g. by executing transactions and orders for products or services, processing payment transactions, undertaking accounting, auditing, billing and debt collection activities, arranging shipments and deliveries, providing services. It is assumed that these business relationships take place on a business-to-business basis;
  • Maintaining and protecting the security of our websites and other systems that prevent and detect security risks, fraud or other criminal or malicious acts;
  • ensuring compliance with legal obligations (e.g. accounting obligations), compliance audits or retention and record-keeping obligations
  • settling disputes, enforcing our contractual agreements and the establishment, exercise or defence of legal claims
  • ensuring compliance with legal obligations, e.g. the retention of sales documents for tax purposes or the sending of legally required notifications and other announcements.

If you have expressly given us your consent, we may also use your personal data for the following purposes:

  • communicating with you through the channels you have authorised in order to keep you up to date with the latest announcements, special events and other information about milch & zucker products, technologies and services (including marketing-related newsletters);
  • administering and conducting customer surveys, marketing campaigns, market analyses, competitions or other promotional activities or events;
  • collecting information about your interests based on your activities when using our websites, products, content available for download or other services we offer you online. Based on this information (e.g. which content was downloaded and how long and how often it was clicked on or viewed), we create a user profile to make our communication and interaction with you more personal and to improve the quality (for example through newsletter tracking or website analyses). The background to our profiling activities is to recognise topics that could be useful or of interest to you and then provide you with information that is relevant to you. The algorithm used applies this pattern and automatically provides you with the appropriate content or information.

If you register for the newsletter offered on our website with regular information about our offers and services, we require your e-mail address as mandatory information. Additional data is provided in order to be able to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you our newsletter by email if you have expressly confirmed to us that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive future newsletters. We base the processing of your data on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

When you register for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address you used to register for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later date. You can unsubscribe from the newsletter at any time via the link included in every newsletter or by sending an email to our data protection officer. After cancellation, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the data collected or the continued processing is otherwise permitted by law.

We also process your data to analyse newsletter campaigns. For the analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked on. Conversion tracking can also be used to analyse whether a predefined action (e.g. ordering on our website) has taken place after clicking on the link in the newsletter. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This data is used exclusively to analyse newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

Our email newsletters are sent via our technical service provider HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild St, North Dock, Dublin, D01 R8H7 Dublin (“HubSpot”), to whom we pass on the data you provided when registering for the newsletter.
We also use HubSpot for our own marketing activities. We use this integrated software solution for our own marketing, lead generation and customer service purposes. This includes email marketing, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms. HubSpot uses cookies, small text files that are stored locally in the cache of your web browser on your end device and enable us to analyse your use of the website. HubSpot analyses the information collected (e.g. IP address, geographical location, type of browser, duration of the visit and pages accessed) on our behalf so that we can generate reports on the visit and the pages visited. Information collected by HubSpot and the content of our website is stored on the servers of HubSpot’s service providers. If you have given your consent to this in accordance with Art. 6 para. 1, sentence 1 lit. a GDPR, the processing on this website is carried out for the purpose of website analysis.
Since personal data may be transferred to the parent company HubSpot Inc. in the USA both when registering for the newsletter and as part of our own marketing activities, we will obtain your consent to the data transfer to the USA in advance via the cookie manager (Art. 49 para. 1, sentence 1 lit. a GDPR). There is currently an adequacy decision by the EU Commission for the USA. Hubspot is also certified in accordance with the EU_US Data Privacy Framework (DPF). In addition, we have agreed standard data protection clauses with HubSpot in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. The corresponding data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The data will be deleted no later than 13 months after collection. You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your browser settings. You can object to the processing of your personal data at any time with effect for the future by sending an email to datenschutz@milchundzucker.de.
In accordance with the General Data Protection Regulation (GDPR), you have the right to object to the processing of your personal data. Please refer to the subsection “Your personal rights” for a detailed explanation of your rights and how to assert them.

We only make use of marketing-related types of communication (e.g. newsletters, promotional emails and telephone calls) if you have previously consented to such use and you have the option to withdraw your consent at any time if you no longer wish to receive marketing-related types of communication from us.

We will not use your personal data to make automated decisions about you or to create profiles other than those described above.

If the data processing takes place in the EU or you are based in the EU, the legal bases for processing your personal data are set out in Article 6 of the General Data Protection Regulation (“GDPR”). Depending on which of the above purposes we use your personal data for, the processing is necessary either to fulfil a contract or other business agreement with milch & zucker or to comply with our legal obligations or to protect our legitimate interests. However, this is only the case if your interests or fundamental rights do not take precedence over our interests. Furthermore, processing may also be based on your consent if you have expressly given it to us.

USE AND COLLECTION OF YOUR PERSONAL DATA

We will usually collect your personal data directly from you, for example when you visit our website, communicate with us about our products and services, place an order, sign up for our newsletter or participate in our customer surveys. We do not receive any personal data from third parties, unless you have utilised the services of a recruitment agency. If this is the case, you will be informed of this if legally required.

WHERE WE PROCESS YOUR PERSONAL DATA

As part of our business activities, we may also transfer your personal data to recipients in other countries, including countries outside the European Economic Area (“third countries”), where data is not protected by law to the same extent as under the laws in Europe. When we do this, we comply with applicable data protection requirements and take appropriate security measures to ensure that your personal data is protected and secure. This is usually done through data transfer agreements based on the European Commission’s current standard contractual clauses. If you would like more information about these security measures, you can contact us at any time using the contact details below.

PROTECTION OF YOUR PERSONAL DATA

To protect your personal data, we maintain physical, electronic and procedural security measures in accordance with the recognised state of the art and legal data protection requirements. These security measures include the implementation of certain technologies and procedures, such as secure servers, firewalls and SSL encryption. We comply at all times with applicable laws and regulations relating to the confidentiality and security of personal data.

DISCLOSURE OF YOUR PERSONAL DATA

We assure you that we will not sell or otherwise disclose your personal data for commercial purposes.

We only pass on your personal data to third parties in the following cases:

  • We may engage service providers (so-called processors) to process personal data for the permitted purposes on our behalf and solely on our instructions. However, milch & zucker retains full control over your personal data even in these cases and remains fully responsible for its protection. milch & zucker naturally ensures that in cases where processors are engaged, the processors also observe and comply with the appropriate security measures required by applicable law to protect your personal data.
  • If this is necessary to fulfil a legal obligation or for the establishment, exercise or defence of claims, to courts, law enforcement authorities, supervisory authorities or lawyers.
  • To credit reference agencies and other companies in the context of credit decisions, solely for the prevention of fraud and for debt collection.
  • In addition, your personal data may also be shared with third parties if we sell or buy any part of our business or assets, in which case we may disclose personal data to the prospective buyer or seller of such business or assets, including their professional advisers.
  • If all or substantially all of milch & zucker’s assets are acquired by a third party, in which case personal data held by us about customers and other contacts may be one of the transferred assets.

In all other cases, we will only pass on or disclose your personal data if you request us to do so, if we are obliged to do so under applicable law or due to a court or official order, or if we suspect fraudulent acts or a criminal offence.

YOUR DATA PROTECTION RIGHTS

RETENTION PERIOD OF PERSONAL DATA

We will retain your personal data for as long as necessary to provide the services, products or information you have requested and to manage your relationship with us. If you have asked us not to contact you, we will retain this information until your request has been fulfilled. In addition, we are required by applicable law to retain certain of your personal data for a certain period of time (e.g. in connection with business transactions). Your personal data will be deleted immediately if it is no longer required for these purposes.

YOUR PERSONAL RIGHTS

If the data processing takes place in the EU or you are based in the EU, you can request access to your personal data or its rectification or erasure or restriction of its processing, subject to certain legal conditions. You can also object to processing or request the transfer of data. In particular, you are entitled to request a copy of the personal data we have stored about you. If you make this request more than once, we may charge a reasonable fee for this. Details of your data protection rights can be found in Articles 15-22 GDPR. As we want to ensure that your personal data is accurate and up to date, you can also ask us to correct or remove any information that you believe is inaccurate.
We assure you that we will respect and observe your rights to information, access, rectification, erasure or restriction, portability, objection and rights in relation to automated decision-making and profiling when using your personal data at all times. We therefore also take all possible measures to ensure that the personal data we collect is accurate and up to date. Notwithstanding this, you have the following rights:

a) Right to confirmation

You have the right to request confirmation from us as to whether your personal data is being processed. If you wish to exercise this right, you can contact our data protection officer at any time.

b) Right to information

You have the right to obtain information

  • about the purposes of processing,
  • the categories of personal data being processed
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, and the appropriate safeguards pursuant to Art. 46 GDPR to ensure an adequate level of protection
  • if possible, the planned storage period or, if this is not possible, the criteria for determining this period
  • the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing
  • the existence of a right to lodge a complaint with a supervisory authority
  • the origin of the data if it was not collected from you,
  • where applicable, the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You also have the right to receive information from us at any time free of charge about the personal data stored about you and a copy of this information.
If you would like to exercise this right, you can contact our data protection officer at any time.

c) Right to rectification

You have the right to obtain from us the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If you wish to exercise this right, you can contact our data protection officer at any time.

d) Right to cancellation

You have the right to demand that we erase the personal data concerning you without undue delay. We are also obliged to delete personal data immediately if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data was processed unlawfully.
  • The deletion of the personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
    If one of the above-mentioned reasons applies and you wish to have personal data stored by us deleted, you can contact our data protection officer at any time.

e) Right to be forgotten

If we have made the personal data public and one of the above-mentioned reasons for deletion applies, we must take appropriate measures, taking into account the circumstances, to inform all other data controllers that all links to this personal data or copies or replications of the personal data must be deleted.

f) Right to restriction of processing

You have the right to obtain from us restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
  • the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims
  • you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons asserted by us outweigh your rights.
    You can contact our data protection officer at any time to request the restriction of processing.

g) Right to data portability

If we process your personal data, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

  • the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR
  • the processing is carried out by automated means.

When exercising your right to data portability pursuant to Art. 20 (1) GDPR, you have the right to obtain that your personal data be transferred directly by us to another controller, insofar as this is technically feasible and does not adversely affect the rights and freedoms of other persons.
To assert this right to data portability, you can contact our data protection officer at any time.

h) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) and (f) GDPR or Article 89(1) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, milch & zucker will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

milch & zucker does not process personal data for direct marketing purposes. Such processing is also not intended. If milch & zucker processes personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.

i) Automated decisions in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This right does not apply if the decision

  • is necessary for the conclusion or fulfilment of a contract between us
  • is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is made with your express consent.

If the decision is necessary for the conclusion or fulfilment of a contract between us or if it is made with your express consent, we will take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to state your own position and to challenge the decision.
To exercise this right, you can contact our data protection officer at any time.

j) Right to withdraw consent under data protection law

You have the right to withdraw any consent given in the past to the processing of your personal data at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. If you withdraw your consent, we may only continue to process your personal data if there is another legal basis for doing so.

If you wish to exercise your right to withdraw your consent, you can contact our data protection officer at any time.

HOW TO ASSERT YOUR RIGHTS

If you wish to exercise any of the above rights, please send us a description of the personal data concerned, stating your name. We may ask you to provide proof of your identity in order to protect your personal data from unauthorised access. We will process your request carefully and discuss with you how best to fulfil it.

If you have any concerns about how we handle your personal data, or if you wish to complain about our handling of your personal data, please contact our Data Protection Officer.

If you are not satisfied with our response or believe that we are not processing your personal data in accordance with applicable law, you can lodge a complaint with the supervisory authority responsible for data protection.

CHANGES TO THIS STATEMENT

This Privacy Policy was drafted in July 2023. We may amend or supplement the statement from time to time to take account of legal changes. We therefore recommend that you check the statement again from time to time. In such cases, changes to the privacy policy apply from the date on which they were published on our website.

DATA PROTECTION CONTACTS / CONTACT PERSONS

You can contact our data protection officer as follows
By post to Friedrich-List-Straße 23, 35598 Gießen

by e-mail to datenschutz (at) milchundzucker.de

by telephone to +49/(0)641/30020519

via the website: https://www.milchundzucker.de/datenschutz

For complaints regarding our processing of personal data in Germany, you can contact the Hessian Commissioner for Data Protection and Freedom of Information in the following way:

By post to Gustav-Stresemann-Ring 1, 65189 Wiesbaden

by e-mail to poststelle (at) datenschutz.hessen.de

by telephone to +49/(0)611/14080

via the website: https://datenschutz.hessen.de/

If necessary, you can also lodge a complaint with another supervisory authority in the European Union.

General contact milch & zucker
info (at) milchundzucker.de