Impressum
Dina Kohl Falkenauer Str. 3c 92421 Schwandorf
Kontakt
Telefon: 09431/759723
E-Mail: dina@dinas-kitchen.com
Quelle:
Privacy Policy
1. Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can be used to personally identify you. Detailed information on data protection can be found in our Privacy Policy below.
Data Collection on This Website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. The operator’s contact details can be found in the section “Notice Regarding the Responsible Party” in this Privacy Policy.
How do we collect your data?
Your data is collected, on the one hand, by you providing it to us. This may include data that you enter into a contact form, for example.
Other data is automatically collected, or after obtaining your consent, when you visit the website by our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or the time the page was accessed). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. If contracts are concluded or initiated via the website, the transmitted data will also be used for contract offers, orders, or other requests.
What Are Your Rights Regarding Your Data?
You have the right to request information about the origin, recipient, and purpose of your stored personal data at any time, free of charge. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time with effect for the future. Additionally, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.
If you have any questions about data protection or wish to exercise your rights, you can contact us at any time.
Analytics Tools and Third-Party Tools
When you visit this website, your browsing behavior may be statistically analyzed. This is primarily done using so-called analysis programs.
Detailed information about these analysis programs can be found in the Privacy Policy below.
2. Hosting
We host the content of our website with the following provider:
Alfahosting
The provider is Alfahosting GmbH, Ankerstraße 3b, 06108 Halle (Saale), Germany (hereinafter referred to as “Alfahosting”). When you visit our website, Alfahosting collects various log files, including your IP address.
For details, please refer to Alfahosting’s Privacy Policy: https://alfahosting.de/datenschutz/.
The use of Alfahosting is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, data processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., for device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.
Data Processing Agreement
We have entered into a Data Processing Agreement (DPA) with the aforementioned provider. This is a legally required contract that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
3. General Notes and Mandatory Information
Data Protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.
When you use this website, various personal data will be collected. Personal data includes data that can be used to personally identify you. This Privacy Policy explains what data we collect, how we use it, and for what purpose.
We would like to point out that data transmission on the internet (e.g., when communicating via email) can have security vulnerabilities. A complete protection of data against access by third parties is not possible.
When You Use This Website
When you use this website, various personal data are collected. Personal data refers to data that can be used to personally identify you. This Privacy Policy explains what data we collect, how we use it, and for what purposes.
We point out that data transmission over the internet (e.g., during email communication) can have security vulnerabilities. Complete protection of data from third-party access is not possible.
Notice Regarding the Responsible Party
The responsible party for data processing on this website is:
Dina Kohl
Falkenauerstr. 3c
92421 Schwandorf
Phone: 09431 759723
Email: dina@dinas-kitchen.com
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Retention Period
Unless a specific retention period is mentioned within this Privacy Policy, your personal data will remain with us until the purpose for data processing no longer applies. If you request deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in such cases, the data will be deleted after these reasons no longer apply.
General Information on Legal Grounds for Data Processing on This Website
If you have given your consent to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed as per Art. 9(1) GDPR. If there is explicit consent for the transfer of personal data to third countries, the data processing is additionally based on Art. 49(1)(a) GDPR. If the storage of cookies or access to information on your device (e.g., via device fingerprinting) is required, the processing is also based on § 25(1) TTDSG. Consent can be revoked at any time.
If your data is necessary for fulfilling a contract or pre-contractual measures, the processing is based on Art. 6(1)(b) GDPR. Additionally, we process your data if necessary to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also occur based on our legitimate interest under Art. 6(1)(f) GDPR. Detailed legal grounds for specific cases are outlined in the relevant sections of this Privacy Policy.
Notice on Data Transfer to Countries Without Adequate Data Protection Standards and to U.S. Companies Not DPF-Certified
We use tools from companies located in countries with inadequate data protection levels and from U.S. companies not certified under the EU-U.S. Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to and processed in these countries.
Please note that U.S. companies with DPF certification are deemed to meet EU data protection standards. Data transfer to the U.S. is allowed if the recipient has DPF certification or other appropriate safeguards in place. Details regarding transfers to third countries, including data recipients, can be found in this Privacy Policy.
Third Countries and US Tools Not Certified Under the EU-US Data Privacy Framework (DPF)
If tools from providers in countries without adequate data protection standards, including US-based tools not certified under the EU-US Data Privacy Framework (DPF), are active, your personal data may be transferred to and processed in these countries.
We emphasize that in countries lacking adequate data protection laws, such as some third countries, a level of data protection comparable to the EU cannot be guaranteed.
For the USA, a comparable level of data protection is generally guaranteed if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has other appropriate safeguards in place. Information on data transfers to third countries, including the recipients of such data, can be found in this Privacy Policy.
Recipients of Personal Data
As part of our business activities, we work with various external entities, which may require the transfer of personal data. We only share personal data with external parties if:
- It is necessary for contract fulfillment;
- We are legally obligated (e.g., data transfer to tax authorities);
- We have a legitimate interest in the transfer under Art. 6(1)(f) GDPR;
- Another legal basis permits the transfer.
When working with data processors, we ensure that personal data is processed only under a valid Data Processing Agreement (DPA). In the case of joint processing, a joint processing agreement is established.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke consent at any time with future effect. The legality of data processing carried out prior to the revocation remains unaffected.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
The specific legal basis for processing can be found in this Privacy Policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (objection under Art. 21(1) GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing; this also applies to profiling related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21(2) GDPR).
Right to Lodge a Complaint with the Supervisory Authority
In the event of GDPR violations, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, workplace, or place of the alleged violation. This right exists in addition to other administrative or judicial remedies.
Right to Lodge a Complaint with a Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, workplace, or the location of the alleged infringement. This right exists without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to receive data that we process based on your consent or in fulfillment of a contract in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only occur if technically feasible.
Access, Correction, and Deletion
You have the right, within the scope of applicable legal provisions, to request free information at any time about your stored personal data, its origin, recipients, and the purpose of data processing. You also have the right to request the correction or deletion of this data. For questions or to exercise your rights regarding personal data, you can contact us at any time.
Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing applies in the following cases:
- Disputed Accuracy: If you dispute the accuracy of the personal data we store, we generally need time to verify this. During the verification period, you have the right to request the restriction of processing.
- Unlawful Processing: If your personal data was processed unlawfully, you may request restriction of data processing instead of deletion.
- No Longer Needed but Required for Claims: If we no longer need your personal data, but you require it to exercise, defend, or assert legal claims, you have the right to request restriction instead of deletion.
- Pending Objection: If you have filed an objection under Art. 21(1) GDPR, a balance must be struck between your interests and ours. Until it is determined whose interests prevail, you have the right to request a restriction of data processing.
If processing is restricted, your personal data – aside from storage – may only be processed with your consent or for asserting, exercising, or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
4. Data Collection on This Website
Cookies
Our websites use “cookies.” Cookies are small data packets that do no harm to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently on your device (permanent cookies). Session cookies are automatically deleted after your visit ends. Permanent cookies remain stored on your device until you delete them or until your web browser deletes them automatically.
Cookies
Cookies may originate from us (first-party cookies) or from third-party providers (third-party cookies). Third-party cookies allow the integration of specific services from third-party companies into websites (e.g., cookies for processing payment services).
Cookies serve various purposes. Many cookies are technically necessary because certain website functions cannot work without them (e.g., the shopping cart function or video display). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies required for electronic communication, for providing certain features you request (e.g., the shopping cart function), or for optimizing the website (e.g., audience measurement cookies) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of services. If consent is requested for the storage of cookies or similar recognition technologies, the processing occurs solely on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG). Consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies, allow cookies only in specific cases, exclude cookies for certain cases or in general, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may restrict the functionality of this website.
Details about the cookies and services used on this website can be found in this Privacy Policy.
Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively handling the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested. Consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for storing the data no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions—particularly retention periods—remain unaffected.
Inquiry by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively handling the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested. Consent can be revoked at any time.
The data you send to us via inquiries will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions—especially legal retention periods—remain unaffected.
Effective Handling of Inquiries
The processing of data related to inquiries sent to us is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if obtained. Consent can be revoked at any time.
The data sent to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions, particularly legal retention periods, remain unaffected.
Comment Function on This Website
When you use the comment function on this website, in addition to your comment, information about the time the comment was created, your email address, and, if you do not post anonymously, the username you provide will be saved.
Storage Duration of Comments
Comments and associated data are stored and remain on this website until the commented content is fully deleted or the comments need to be removed for legal reasons (e.g., offensive comments).
Legal Basis
The storage of comments is based on your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time. A simple email to us is sufficient. The legality of data processing already carried out remains unaffected by the revocation.
Social Media: Facebook
This website integrates elements of the social network Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
A list of Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook receives information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account.
Please note that as the website operator, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook’s privacy policy: https://de-de.facebook.com/privacy/explanation.
The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.
If personal data is collected on our website with the help of the tool described and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transmission to Facebook. The subsequent processing by Facebook is not part of the joint responsibility.
For the terms of joint processing, refer to the following agreement: https://www.facebook.com/legal/controller_addendum.
The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details are available here:
- https://www.facebook.com/legal/EU_data_transfer_addendum
- https://de-de.facebook.com/help/566994660333381
- https://www.facebook.com/policy.php
Joint Responsibility for Data Processing (Art. 26 GDPR)
Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and we share joint responsibility for data processing when using Facebook and Instagram services on this website. This joint responsibility is limited solely to the collection of data and its transmission to Facebook or Instagram. Any processing that occurs after the data is forwarded to Facebook or Instagram is not part of this joint responsibility.
A joint processing agreement outlines the respective responsibilities of each party. The full text of this agreement is available at:
https://www.facebook.com/legal/controller_addendum.
Under this agreement:
- We are responsible for providing the required data protection information when using Facebook or Instagram tools and for ensuring the tools are implemented in a GDPR-compliant manner on our website.
- Facebook and Instagram are responsible for the data security of their products.
If you wish to exercise your rights as a data subject (e.g., access requests) regarding data processed by Facebook or Instagram, you can contact Facebook or Instagram directly. If such rights are asserted with us, we are required to forward the request to Facebook or Instagram.
Data Transfer to the USA
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. You can find further details here:
- https://www.facebook.com/legal/EU_data_transfer_addendum
- https://de-de.facebook.com/help/566994660333381
- https://www.facebook.com/policy.php
Additionally, Meta Platforms has certification under the EU-US Data Privacy Framework (DPF), an agreement between the EU and the USA ensuring compliance with EU data protection standards. Companies certified under the DPF are committed to adhering to these standards. You can find more information and check certifications at:
https://www.dataprivacyframework.gov/participant/4452.
Instagram Integration
This website integrates features of the Instagram service, provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
When the Instagram social media element is active, a direct connection is established between your device and Instagram’s server, allowing Instagram to collect information about your visit to this website.
If you are logged into your Instagram account, clicking the Instagram button links the content of this website to your Instagram profile, enabling Instagram to associate your visit to your user account.
We emphasize that as the website operator, we do not have access to the content of the transmitted data or its use by Instagram. For more information, refer to Instagram’s Privacy Policy:
https://privacycenter.instagram.com/policy/.
The use of Instagram on this website is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.
Joint Processing with Instagram
When personal data is collected via Instagram tools on this website, we and Meta Platforms Ireland Limited are jointly responsible for data processing (Art. 26 GDPR). This responsibility is limited to data collection and transmission to Instagram. Processing by Instagram after this point is outside the scope of joint responsibility.
The agreement outlining the terms of joint processing is available here:
https://www.facebook.com/legal/controller_addendum.
Under this agreement:
- We are responsible for providing data protection information and ensuring GDPR-compliant implementation of Instagram tools.
- Instagram is responsible for the security of its products.
If you assert your rights regarding data processed by Instagram, you can contact Instagram directly. If you contact us, we are obliged to forward your request to Instagram.
Data Subject Rights Regarding Facebook and Instagram
Requests regarding data processed by Facebook or Instagram (e.g., access requests) can be made directly to Facebook or Instagram. If you exercise your data subject rights with us, we are required to forward your request to Facebook or Instagram.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. More details can be found here:
Meta Platforms, the parent company of Facebook and Instagram, is certified under the EU-US Data Privacy Framework (DPF). This agreement ensures compliance with European data protection standards for processing data in the USA. Certified companies are committed to adhering to these standards. For more information and to view certifications, visit:
https://www.dataprivacyframework.gov/participant/4452.
This website integrates elements of the social network Pinterest, operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
When you access a page containing such an element, your browser establishes a direct connection to Pinterest’s servers. This social media element transmits protocol data to Pinterest’s servers in the USA. This protocol data may include your IP address, the address of visited websites containing Pinterest features, browser type and settings, date and time of the request, your use of Pinterest, and cookies.
The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.
For more information on the purpose, scope, and further processing and use of data by Pinterest, as well as your rights and options for protecting your privacy, refer to Pinterest’s Privacy Policy:
https://policy.pinterest.com/de/privacy-policy.
6. Newsletter
Newsletter Data Collection
If you subscribe to the newsletter offered on this website, we need your email address and information that allows us to verify that you are the owner of the provided email address and consent to receive the newsletter. Additional data is either not collected or only collected on a voluntary basis. These data are used exclusively for sending the requested information and are not shared with third parties.
The processing of the data entered into the newsletter subscription form is based solely on your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of your data, email address, and its use for sending the newsletter at any time, such as by clicking the “unsubscribe” link in the newsletter. The legality of data processing carried out prior to revocation remains unaffected.
Retention and Deletion of Newsletter Data
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter or until the purpose for data storage no longer applies. After unsubscribing or if the purpose for data storage ceases, your data will be deleted from the newsletter distribution list.
We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion in accordance with our legitimate interest as defined by Art. 6(1)(f) GDPR.
Data stored for other purposes (e.g., email addresses used for other communications) remain unaffected.
After unsubscribing from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and ours in complying with legal requirements for sending newsletters (legitimate interest under Art. 6(1)(f) GDPR).
The storage of the blacklist is indefinite. You may object to this storage if your interests outweigh our legitimate interest.
Source:
https://www.e-recht24.de
