Data privacy statement
Data privacy notice
This data protection notice describes how FG Kaffee GmbH processes the data that you provide to us when using our websites and protects it in accordance with the General Data Protection Regulation (GDPR) and the relevant German data protection laws, in particular the BDSG.
The security of personal data such as name, address, telephone number or e-mail is a serious and important business concern for us. We therefore operate our web activities in accordance with the relevant laws on data protection and data security. Below you can find out what information we process.
Controller, contact person for questions or exercising your data subject rights, contact
The controller within the meaning of the data protection regulations for all data processing carried out via the FG Kaffee GmbH websites is
FG Kaffee GmbH, Gandershofen 2, 82390 Eberfing, Germany
You can contact the FG Kaffee GmbH data protection officer directly by email (info@fgkaffee.de) if you have any questions, comments or complaints, or if you wish to exercise your rights as a data subject in connection with this data protection notice and the processing of your personal data via the FG Kaffee GnbH websites. He will be happy to deal with your data protection concerns.
Personal data/types of use
FG Kaffee GmbH attaches the utmost importance to the protection of your personal data. You decide whether or not you wish to disclose this data to us, for example as part of a registration, survey or similar. This information on your part is relevant to your inquiry, but you provide it to us on a voluntary basis. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the fulfillment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which FG Kaffee GmbH is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
If we access your end device and information stored there or store information on your end device ourselves through our processing (e.g. by using cookies), the primary legal basis is Section 25 (1) sentence 1 TTDSG, if we have to obtain your consent for this access, or Section 25 (2) no. 2 TTDSG, if the access concerns processing that is technically absolutely necessary.
Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Exchange of data / contractual relationships with partners/third parties
In addition to the types of use just described, FG Kaffee GmbH will share your data with third parties who are involved in processing your order or orders. For example, if you have sent an order via our website, we will pass on your order information to partner companies and contractors of FG Kaffee GmbH who process your order and deliver it to you. Data will only be passed on if it is required to fulfil or deliver your order or to process an inquiry. The legal basis for this is the fulfillment of the contract concluded with you (e.g. in the case of orders) or the initiation of a contract, Art. 6 para. 1 lit. b GDPR).
In addition, when shipping such goods whose value exceeds the insured liability limit of the shipping company commissioned by us, we forward the type and value of the goods as well as the name and address of the recipient of the goods to the insurance company of our supplementary transport insurance. This is done in our legitimate interest, in particular to protect our goods against accidental loss or damage during transport. Without such supplementary transport insurance, we would not be able to offer you the dispatch of higher-priced goods in particular. We have contractually bound the insurance company to purpose limitation and confidentiality, to process the transmitted data exclusively for the purpose of processing an insurance claim. The legal basis is Art. 6 para. 1 lit. f GDPR.
We will also pass on personal data to third parties if we are legally obliged to do so. The legal basis in this case is Art. 6 para. 1 lit. c GDPR.
Data that is automatically collected on our website / usage data
We welcome everyone to visit and use our site free of charge and to view the products offered there. When you visit our website, we log the following general usage data to assess which parts of our website you visit and how long you stay there:
1. Information about the browser type and version used
2. The user’s operating system
3. The IP address of the user
4. Date and time of access
5. Websites from which the user’s system accesses our website
6.The services and functions used on our websites
This data is merged with the usage data of all visitors to our website in order to measure the number of visitors, the average time spent on our website, the pages viewed, etc. This data is only used for internal purposes. The data we collect is aggregated and used for internal purposes only.
The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.
We use this aggregated data to evaluate our products and services, including the news we make available through our website, and to measure the use of our website and improve its overall content.
The temporary storage of the IP address by the system is necessary to enable the websites to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the websites. We also use the data to optimise the websites and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
Third-party adverts or links to other websites that are displayed on our website may collect user data if you ‘click’ on them or otherwise follow their instructions. We have no control over the data that is collected voluntarily or involuntarily via third-party adverts or websites. We recommend that you consult the privacy policies of the advertised websites if you have any concerns about the collection and use of your data.
Cookies
Like many other commercial websites, FG Kaffee GmbH may use the common technology known as ‘cookies’ to collect information about how you use the website and to ensure that your visit runs smoothly.
Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
Cookies cannot read any information from your computer or interact with other cookies on your hard drive. However, cookies enable us to recognize you when you visit our website at a later date.
The data stored in cookies can be found in the cookie settings.
Transient cookies, persistent cookies, tracking/web bugs and local storage are used on our websites.
Transient and persistent cookies
Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our websites. The session cookies are deleted when you close the browser.
We use transient cookies to make our websites more user-friendly. Some elements of our websites require that the accessing browser can be identified even after a page change.
We also use persistent cookies on our websites, which enable us to analyse the surfing behavior of our users. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. In this way, for example, IP addresses, search terms entered or the utilization of certain website functions can be transmitted.
Most cookies do not store any personal user data. However, the user’s e-mail address and customer ID may be stored on the server side in addition to the cookie ID.
Tracking-/Web-Bugs
Some of our services also use so-called tracking or web bugs or tracking pixels. These are code snippets, usually measuring only 1×1 pixels, which are able to identify and recognise your browser type via the browser ID – the individual fingerprint of your browser. This allows the service provider to see when and how many users have accessed the pixel, or whether and when an email was opened or a website visited.
To prevent web bugs on our websites, you can use tools such as webwasher, bugnosys or AdBlock. Without your express consent, we will not use web bugs to collect personal data about you unnoticed or to transmit such data to third-party providers and marketing platforms.
Purposes and legal basis for the use of cookies and other identifiers
The legal basis for the processing of personal data using technically necessary cookies is § 25 para. 2 no. 2 TTDSG for the setting of such cookies on your end device, as well as Art. 6 para. 1 sentence 1 lit. f GDPR, e.g. for any subsequent processing required on our systems.
The purpose of using technically essential cookies is to simplify the use of websites for users. Some functions of our websites cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change.
The right to object is excluded for technically essential cookies, as these are absolutely necessary in order to display our website and its content to you and to provide you with the functionalities of the website.
The user data collected by technically necessary cookies are not used to create user profiles.
Analysis and marketing cookies are used for the purpose of improving the quality of our websites and their content. Through the analysis cookies, we learn how the website is used and can thus constantly optimism our offer. Processing, in particular on your end device, which is based on cookies or other identifiers (e.g. browser fingerprints, pixels) and is not technically necessary for the function of our websites, is only carried out with your consent, which you can give via the cookie layer that is displayed when you access our websites. The legal basis for this cookie-based processing is Section 25 (1) sentence 1 TTDSG for the setting of cookies on your end device and Art. 6 (1) lit. a GDPR for any subsequent processing outside your end device on our systems or the systems of our technology partners. Cookies that are not required for the function of our websites will not be set before you have given your consent.
Revocation of consent given for the use of cookies and other identifiers/tags
You can revoke your consent to the collection of data by cookies at any time by deactivating cookies here.
You can also deactivate cookies as a whole or individually using the slide switch in the cookie settings. You can reject technically unnecessary cookies directly via our cookie layer the first time you visit our website.
If you do not want your browser to accept cookies, you also have the option of deactivating or restricting cookies. Cookies that have already been saved can be deleted or deactivated at any time via your Internet browser. Disabling the cookie function may prevent this website from working properly. You may not be able to access all the features and information on this website. Please also bear in mind that deactivation must be carried out for each of the browsers you use.
For more information on how you can delete or manage cookies via your browser settings, please visit the help pages of the respective browser.
Registration, other web forms (e.g. for registration for events or theme days)
On our website, we offer users the opportunity to register by providing personal data or to register for certain events or theme days organised by us or our partners using a separate web form. The data is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected as part of the registration process:
1. first name and surname
2. address
3. e-mail address
4. Firma/Institution/Band (fakultativ)
The following data is regularly collected as part of our web forms:
1. inventory data: First name, surname, postal address, e-mail address
2. further data relating to the respective event and evident from the respective form, in particular Interests (e.g. with regard to products, training opportunities, jobs), information on school or professional qualifications
Additional data may be requested, the collection of which is necessary for the specific purpose for which the web form has been set up. The type of relevant personal data can then be taken directly from the web form.
The registration or login serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, e.g. in the form of contract initiation; the legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.
User registration is required for the provision of certain content and services on our website.
User registration or login is required to fulfil a contract with the user or to carry out pre-contractual measures.
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.
This is the case for the data collected during the registration process if the registration on our website is cancelled or amended or the data is no longer required for the performance of the contract or the initiation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.
As a user, you have the option of canceling your registration at any time. You can change the data stored about you at any time via customer support or the customer centre.
The data processed via web forms will also be deleted if the purpose for which the data was collected no longer applies or the data is otherwise no longer required for the original purpose of collection. In the case of events or theme days, this is the case at the latest when the event has ended and the processing of the data is no longer required for other purposes, e.g. to initiate a training or employment relationship more specifically.
If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
Contact form and e-mail contact
On our website there is the possibility to give feedback, to make use of live support and to provide information/comments on the order. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are
1. ‘Give feedback’: Your message (if this contains voluntary information from you with personal data), e-mail address (optional)
2. live support and notes/comments on the order: only data that is necessary for your individual support enquiry or that you voluntarily provide in your note/comment
Alternatively, it is possible to contact us via the e-mail addresses provided on our website. In this case, the user’s personal data transmitted with the e-mail will be stored.
No data will be passed on to third parties in this context.The data is used exclusively for processing the conversation.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR.If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of the personal data from the input mask serves us solely to process the contact.If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Right of cancellation
You can revoke your consent to receive the e-mail newsletter at any time. For this purpose, you will find a corresponding link in every e-mail with which you can subscribe from the newsletter.
This also makes it possible to withdraw consent to the storage of personal data collected during the registration process
Success and reach measurement via the newsletter
The advertising emails sent contain a pixel that transmits information to us as soon as you open the newsletter. This information is then retrieved by us in order to generate statistical analyses and measure the success of our email campaigns. This involves the following information:
– Your IP address
– Information on the browser used
– Information on the operating system used
– Time of the call
This information allows us to determine whether newsletters are opened, at what time they are opened and which links within these emails are clicked. Technically, it is possible to allocate this information to the individual email recipients; however, this is not used to track or monitor individual users. We only use the evaluations to tailor the email content to the wishes and interests of our newsletter subscribers based on their reading habits and to personalise it within the legal limits.
We use both Sendgrid and Google Analytics for the aforementioned evaluation and analysis (see Google Analytics section).
The legal basis for data processing for the above analysis purposes is also consent in accordance with Section 25 (1) sentence 1 TTDSG for access to your end device and in accordance with Art. 6 (1) sentence 1 lit. a, Art. 7 GDPR for any subsequent processing outside your end device on our systems or the systems of our technology partners Twilio and Google.
Right of cancellation
By revoking your consent to receive the e-mail newsletter, you can also revoke your consent to the processing of your data for the purposes of measuring success and reach.
Contact and customer support via WhatsApp
You can contact us at any time via WhatsApp, e.g. if you have questions about order processing or our products or other customer support questions. This is done by including a click-to-chat link to WhatsApp in the chat environment of our website and by mentioning our WhatsApp contact number in the appropriate place in customer communication or on our websites. We will only ever contact you via WhatsApp at your express request, i.e. only if you contact us via WhatsApp yourself and initiate communication with us via WhatsApp.
By opening the WhatsApp communication channel and sending us a WhatsApp message with your enquiry to our WhatsApp contact number, you agree to these data protection provisions and at the same time consent to your personal data (surname and first name, telephone number, messenger ID, profile picture if applicable and message history) being processed as part of the use of WhatsApp in order to send messages to you in accordance with Art. 6 para. 1 lit. a GDPR. Messages sent via WhatsApp are end-to-end encrypted. This means that the content of the sent message can only be viewed by the sender and the recipient. WhatsApp has no access to the messages sent. An active WhatsApp account is required to use WhatsApp.
Communication takes place via the WhatsApp messenger service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. WhatsApp cannot view the content of the messages sent, but can determine at any time that and when you have communicated with us and retrieve technical information about the device you are using. For more information on how WhatsApp handles your data and what security requirements WhatsApp has implemented to protect communication, please refer to the detailed information provided by our WhatsApp contact at https://faq.whatsapp.com/general/security-and-privacy/end-to-end-encryption-for-business-messages.
Our WhatsApp for Business account is provided by 360dialog GmbH, Torstraße 61, 10119 Berlin, and is connected to our chat environment and the communication dashboard used internally by our customer support team via a technical interface. As our technology partner, we have contractually obliged 360dialog GmbH to comply with data protection regulations when processing personal data on our behalf by means of a corresponding data protection agreement. Even if the processing of personal data on our behalf is not the subject of the contract, it is not technically impossible for 360dialog GmbH to access personal data when providing our WhatsApp for Business account.
Your consent to the processing of personal data can be freely revoked at any time; all you need to do is notify us accordingly, e.g. by sending an email to privacy@thomann.de. In principle, we delete the data received from you via WhatsApp as soon as we have answered the questions asked via WhatsApp and no further queries or messages from you are to be expected. Longer storage periods may arise if the content of the messages transmitted results in an obligation to store the data due to statutory retention obligations. Further information can be found in the respective privacy policies of WhatsApp and Userlike.
You can also see from WhatsApp’s privacy policy that WhatsApp can also process your data outside the EU. However, this does not affect the communication content, but rather technical metadata that is generated during communication. This data includes your telephone number, device, type and time of use, location and IP address. Please be aware that you have already consented to this processing by accepting WhatsApp’s privacy policy when setting up your WhatsApp account and using WhatsApp for the first time.
Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. information, rectification, restriction and erasure
You have the right to obtain information free of charge at any time about your personal data stored by FG Kaffee GmbH, its origin and recipients and the purpose of data processing via the FG Kaffee GmbH websites. In addition, you have the right to rectification, erasure and restriction of the processing of your personal data, provided that the legal requirements for this are met.
Details can be found in the relevant legal provisions Art. 15 to 19 GDPR.
2. right to data portability
You have the right to receive the personal data concerning you, which you have provided to FG Kaffee GmbH as the controller, in a structured, commonly used and machine-readable format. FG Kaffee GmbH can fulfil this right by providing a csv export of the customer data processed about you.
3. right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
IYou have the right vis-à-vis the controller to be informed about these recipients.
4. right of objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.
5. revocability of declarations of consent under data protection law
In addition, you can revoke your consent at any time with effect for the future by contacting FG Kaffee GmbH using the contact details below.
6. right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Updating the data protection notice
FG Kaffee GmbH may update this data protection notice from time to time. Such changes will be displayed on the website. If you have any comments or questions about this data protection notice or other guidelines on this website, please contact us in writing.