Data privacy statement
PRIVACY POLICY
At Zeit für Brot, we take the protection of your personal data very seriously. We process your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
1. Information for users of this website
a) Technical provision of the website
In order to make the website technically available to you, our web server automatically collects information from your browser each time you access it. This includes the following information in particular:
Browser type and browser version
Operating system used
Referrer URL (address of origin)
Date and time of the server request
IP address
We need to store your IP address at least temporarily so that our website content can be delivered to your browser.
This data is stored separately from other data that you may transmit to us and is not merged with data from other sources.
The basis for data processing is Article 6(1)(f) GDPR, which authorises the processing of data on the basis of legitimate interests. In this case, there is a legitimate interest in the secure and trouble-free operation of the web server. To ensure this, the administration must be able to recognise and understand attacks and malfunctions of the system via server log files. In order to recognise attack patterns, access to the server is stored. As soon as this data is no longer required, it is deleted. For technical reasons, the data is available to the hosting service provider, who is, however, bound by instructions and contractually obliged to us.
b) Cookies and third-party services
Internet pages sometimes use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called ‘session cookies’. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
c) CookieByte Consent
We use a service from Statamic LLC (260 Williamson Blvd, Ormond Beach, FL 32174, USA).
This enables us to obtain and manage your consent to the use of non-essential third-party services and cookies on our websites.
The processing is necessary to fulfil legal obligations to which we are subject.
The data collected is stored in the browser for 12 months.
d) Google Web Fonts
Our website uses so-called web fonts provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for the standardised display of certain fonts. When a page is called up, the browser loads the required fonts directly from Google in order to be able to display them correctly on the end device. In doing so, the browser establishes a connection to Google's servers. As a result, Google becomes aware that our web pages are being accessed via the IP address.
Google web fonts are only used after consent has been given.
The data may also be transferred to Google in the USA. Google has submitted to the EU-U.S. Transatlantic Data Privacy Framework.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy.
e) Google Maps
The website uses the map service Google Maps to display interactive maps. The provider is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). By using websites in which Google Maps is integrated, information about the use of this website is transmitted to Google (e.g. IP address, website accessed, date and time, location data if applicable).
The legal basis for this data processing is your consent, which you can give or revoke here at any time.
According to Google, the data collected is also transferred to Google in the USA. According to Google, the data collected will also be transferred to Google LLC in the USA. Google LLC is certified under the Transatlantic Data Privacy Framework, which is recognised by the EU Commission. This decision constitutes a permissible legal basis for the data transfer.
We have no influence on the processing and use of data by Google.
If you are logged in to Google, Google can assign your data directly to your Google account. If you do not want this assignment, you must log out of Google before using our website. To the best of our knowledge, Google uses the data (even from users who are not logged in) for the purposes of advertising, market research and/or the customised design of its websites. You can exercise your right to object directly against Google.
You can also set your browser to prevent the storage of cookies and deactivate JavaScript; in this case, however, the map display may not be fully usable.
The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options to protect your privacy can be found in Google's data protection information: https://policies.google.com/privacy
f) Plausible Analytics
We use the web analytics service Plausible Analytics to better understand how visitors use our websites. We can draw conclusions from this in order to further improve our offering in the future.
Processing takes place under a pseudonym. The data is completely anonymised after one day. Affected in particular are Date and time of your visit, title and URL of the pages visited, incoming links, the country in which you are located and the user agent of your browser software.
The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interests lie in being able to analyse the use of our website and to optimise it accordingly.
Data is not transferred to Plausible Insights OÜ (Estonia). This does not include the IP address, which must be transmitted for technical reasons so that files can be loaded by Plausible, but is not used for other purposes.
Further information on data processing by Plausible can be found here: https://plausible.io/data-policy
g) Contact forms
If you send us enquiries via the contact form, your details from the form will be processed by us to process the enquiry and in the event of follow-up questions.
Mandatory fields are labelled accordingly. It is necessary to fill in mandatory fields so that we can answer and process your enquiry. Otherwise, the information you provide is voluntary.
The data entered in the contact form is processed on the basis of your consent. You can revoke this consent at any time. A cancellation is only valid for the future. If your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures, the data processing is carried out on the basis of Art. 6 para. 1 letter b GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 letter f GDPR).
The recipient of your data is our service provider Swat.io (Schönbrunner Straße 213-215 3. Stock, 1120 Wien, Österreich), which we use to bundle and analyse communications. It cannot be ruled out that our technical service providers may gain insight; however, they are obliged to maintain confidentiality.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.
2. Information for users of our social media presence
a) Facebook
We maintain an online presence on Facebook and process data from users active there in order to communicate with them and to provide information about us. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it may be more difficult to enforce their rights.
We are jointly responsible with the operator of Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) for the collection (but not the further processing) of data from visitors to our Facebook page (“Fan Page”). This data includes information about the types of content users view or interact with or the actions they take (see under “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy) and information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device information” in the Facebook Data Policy). As explained in the Facebook Data Policy, Facebook also collects and uses information to provide analytics services for site operators. We have concluded a special agreement with Facebook for this purpose. You can view the essence of this agreement here: https://www.facebook.com/legal/controller_addendum.
As a rule, user data is processed for market research and advertising purposes. User profiles can be created from the usage behavior and the resulting interests. These can be used, for example, to place advertisements inside and outside Facebook that presumably correspond to the interests of the users. For this purpose, cookies are usually stored on the user's computer, which are used to store the user's usage behavior and interests. In addition, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of Facebook and are logged in there). For a detailed description of the respective processing and the opt-out options, please refer to Facebook's privacy policy and information. Requests for information and the assertion of user rights can also be most effectively asserted there.
The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users in accordance with Article 6(1)(f) GDPR. If users are asked by the respective providers to consent to data processing (i.e. to give their consent, e.g. by ticking a box or confirming a button), the legal basis for processing is Section 25 TDDDG. For a detailed description of the respective processing and the opt-out options, please refer to Facebook's general privacy policy at: https://www.facebook.com/policy.
b) Instagram
We maintain an online presence on Instagram and process data of the users active there in order to communicate with them and to provide information about us. We would like to point out that user data may be processed outside the European Union. This may result in risks for users, e.g. because it may be more difficult to enforce their rights.
We are jointly responsible with the operator (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) for the collection (but not the further processing) of data from visitors to our site. This data includes information about the types of content users view or interact with or the actions they take (see under “Things you and others do and provide” in the Instagram Privacy Policy, https://help.instagram.com/519522125107875), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device information” in the Privacy Policy).
As a rule, user data is processed for market research and advertising purposes. User profiles can be created from the usage behavior and the resulting interests. These can be used, for example, to place advertisements inside and outside Instagram that presumably correspond to the interests of the users. For this purpose, cookies are usually stored on the user's computer, which are used to store the user's usage behavior and interests. In addition, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of Instagram and are logged in there). For a detailed description of the respective processing and the opt-out options, please refer to Instagram's privacy policy and information. Requests for information and the assertion of user rights can also be most effectively asserted there.
The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 (1) (f) GDPR. If users are asked by the respective providers to consent to data processing (i.e. to give their consent, e.g. by ticking a box or confirming a button), the legal basis for processing is Art. 6 (1) (a) GDPR. For a detailed description of the respective processing and the opt-out options, please refer to Instagram's general privacy policy at https://help.instagram.com/519522125107875.
c) LinkedIn
We also maintain an online presence on LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) to communicate with the users active there and to provide information about us. We would like to point out that user data may be processed outside the European Union. This may result in risks for users, e.g. because it may be more difficult to enforce their rights.
As a rule, user data is also processed for market research and advertising purposes. For example, usage profiles can be created from the usage behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place adverts inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the user's computer, which are used to store the user's usage behaviour and interests. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 (1) (f) GDPR. If users are asked by the respective providers to consent to data processing (i.e. to give their consent, e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Section 25 (1) TDDDG. For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the information provided by LinkedIn: Privacy Policy: https://de.linkedin.com/legal/privacy-policy, Possibility of objection (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
In the event of requests for information and the assertion of user rights, we would like to point out that these can be asserted most effectively with the provider LinkedIn. Only the provider has access to the user's data and can take appropriate measures and provide information directly.
3. Data protection information about video surveillance in our bakeries
We monitor our bakeries in part by video in order to exercise our domiciliary rights and to prevent and investigate possible criminal offenses.
The purposes and legal basis lie in the exercise of domiciliary rights and the prevention and investigation of possible criminal offenses. The legal basis is the protection of our legitimate interests. We store the data for a maximum of 72 hours and then delete it automatically.
4. Your rights as a data subject
As a data subject, you have the following rights, provided that the legal requirements are met:
The data subject has the right to request confirmation from the controller as to whether personal data concerning them is being processed. If this is the case, they have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data are no longer necessary in relation to the purposes for which they were collected (right to erasure).
The data subject has the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. if the data subject has objected to processing, for the duration of the verification by the controller.
The data subject has the right to receive the personal data that they have provided in a structured, commonly used and machine-readable format or to request that it be transferred to another controller (portability; Art. 20 GDPR).
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, provided that the processing is based on the legal basis of the balancing of interests (Article 6(1)(f) GDPR). The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims (Art. 21 GDPR).
If the processing is based on your consent, you have the right to revoke this consent to the processing of the data in whole or in part at any time with effect for the future. An informal notification by e-mail to us is sufficient for revocation.
You also have the right to complain to the data protection supervisory authority about data processing. A list of data protection authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
5. Controller and data protection officer
Responsible for data processing is
AF ZFB GmbH
Rückerstraße 4
10119 Berlin
Amtsgericht Berlin-Charlottenburg; HRB 201848 B
Managing directors authorized to represent: Stephan K. Heinrich, Dr. Christopher Heinemann
UST-ID: DE405999528
You can find contact details for our data protection officers at datenschutz@zeitfuerbrot.com.