Data Privacy Statement

At Lorenz Bahlsen Snack-World GmbH & Co KG Germany (hereinafter also referred to as “Controller”), we take the protection of your personal data very seriously. We also adhere to the pertinent data protection regulations, in particular the provisions set forth in the European Union’s General Data Protection Regulation (GDPR). In the following, we would like to inform you in particular about when we collect which data when you use our website (https://lorenz-snacks.com) and how we use it.

I. Controller

The Controller, as defined within the scope of GDPR and other national data protection regulations valid in the individual EU member states along with other data protection-relevant provisions, is:

Lorenz Bahlsen Snack-World GmbH & Co KG Germany

Rathenaustr. 54

63263 Neu-Isenburg

Phone: +49 6102 - 2930

E-mail: snacks.info-line@lbsnacks.com

Website: www.lorenz-snacks.com

Our full masthead can be found here.

II. Contact information for the Data Protection Officer

The contact information of the Controller’s Data Protection Officer is:

E-mail: Datenschutz@lbsnacks.com

III. Contact information of the regulatory authority

The contact information for the regulatory authority responsible for our site is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (Commissioner for Data Protection and Freedom of Information)

PO Box 3163

65021 Wiesbaden

Phone: +49 611 1408 - 0

Fax: +49 611 1408 - 900

E-mail: poststelle@datenschutz.hessen.de

IV. General information

1. Scope of the data processing

In general, we only collect and use our website user's personal data insofar as this is required for the provision of our content and services as well as to provide a functional website. The collection and the use of our website user's personal data is only processed insofar as this is permitted by the legal provisions, or if the users have provided their consent.

2. Legal basis for data processing

Insofar as we gather a user’s consent through our website for the processing of personal data, Art. 6, Sec. 1 a) GDPR and, if applicable, § 25 para. 1 TTDSG, serve as the legal basis for the processing of personal data.

In the processing of personal data that is required for the fulfilment of a contract whose contractual party is the user, then Art. 6, Sec. 1 b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of a quasi-contractual obligation or pre-contractual measures.

Insofar as personal data is required for the fulfilment of a legal obligation to which our company is subject to, then Art. 6, Sec. 1 c) GDPR serves as the legal basis.

If the processing of the data is pertinent to the protection of a legitimate interest of our company or of a third party, and if the interests, basic rights, and fundamental freedoms of the affected user do not outweigh the first-mentioned interests, then Art. 6, Sec. 1 f) GDPR serves as the legal basis for the data processing (so-called “balancing of interests”).

Moreover, there are additional legal bases for the processing of personal data. These are specifically listed – insofar as they are relevant – in the following.

3. Duration of storage

The user’s personal data is deleted or blocked as soon as the intended purpose of the data storage is no longer valid. Data storage may extend beyond this period if this is provided through the European or national governing bodies in union regulations, laws, or other provisions to which our company is subject. A blocking or deletion of the data also occurs upon expiration of the storage period as noted in the aforementioned standards unless there is a requirement for the further storage of the data for purposes of contract conclusion or contract fulfilment.

4. Transfer of personal data

If we transfer personal data, then only to service providers who assist us in fulfilling the aforementioned purposes. As “processors,” these companies must only use your personal data within the scope of order fulfilment on our behalf. These companies are also obligated to comply with the pertinent data protection provisions. The processors used by us are:

Denkwerk GmbH

Vogelsanger Str. 66

50823 Cologne

In all other respects, however, no personal data is forwarded to third parties.

5. Place of data processing

The processing of your personal data occurs in member states of the European Union (EU) or rather the European Economic Area (EEA). Regarding any processing of data by service providers based outside the EU/EEA, please refer to the descriptions of the individual data processing operations below.

V. Processing of personal data on the website

1. Provisioning of the website and creation of log files

a) Description of the data processing

Each time our website is accessed, our system (server) automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

- Information regarding the type of browser and the version used

- The user’s operating system

- The user’s IP address

- Date and time of access

- Website(s) from which the user’s system was directed to our website

All files transferred from our system to the browser on the user's device (PC, notebook, mobile phone, tablet, or similar) and the use of links from our website to other websites.

The data transfer between our web server and the user's device is encrypted according to the current technical standard if the user's end device supports encryption. Your personal data is protected against unauthorized access on our web server. We only store personal data if it is necessary for the secure functioning of the system and for the use of our services. The creation of log files also largely serves the security of the IT system and thus the protection of your personal data.

b) Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6, Sec. 1 f) GDPR.

c) Purpose of data processing

The storage in log files ensures the functionality of the website. Furthermore, the data helps us to optimize the website and to ensure the security of our information technology systems. In this regard, we do not analyze the data for marketing-related purposes. These purposes also include our legitimate interest in data processing in accordance with Art. 6, Sec. 1 f) GDPR.

d) Duration of storage

The data will be deleted as soon as the reasons for its collection are no longer valid. The exact storage period depends on the purpose of the log file and is specifically detailed in the following paragraphs.

e) Possibility of objection and removal

The user has a right of objection. The objection can be made by sending a message to the contact information in section II. of this privacy statement. If the user does not provide the data, this may mean that the user cannot use our websites or cannot use them to their full extent.

2. Contact forms and e-mail contact

a) Description of the data processing

If there are contact forms on our website, the data entered in the respective input mask (usually first name, last name, e-mail address, message and, if applicable, further optional information of the user) will be transmitted to us and stored by us. 

Alternatively, it is also possible to contact us using the provided e-mail address. In this case, the personal data transferred via the user’s e-mail is stored.

This data is not forwarded to third parties. The data is exclusively used for the processing of the communication between the parties.

b) Legal basis for data processing

The legal basis for the processing of the data is Art. 6, Sec. 1 f) GDPR. If e-mail correspondence is being used with the intention of concluding a contract, or if it serves a quasi-contractual obligation, then the additional legal basis for the processing of the data is Art. 6, Sec. 1 b) GDPR.

c) Purpose of data processing

The processing of the personal data from the entry form is solely used for purposes of contacting the interested party. In case communication is established, this also constitutes the required legitimate interest in the processing of the data.

d) Duration of storage

The data will be deleted as soon as the reasons for its collection are no longer valid. For the personal data entered into the input screen of the respective contact form, and for data that has been transmitted by e-mail, this applies if the individual correspondence with the user is finished. The correspondence is finished, if it can be inferred that the particular situation has been resolved.

e) Possibility of objection and removal

If the users contact us through either the contact form or by sending an e-mail, then they may revoke their consent to the storage of their personal data at any time. This revocation can be sent to the contact information listed under No. II of our Data Privacy Statement. In case consent is revoked, the correspondence with the user cannot continue and all personal data that has been collected within the scope of the correspondence will be deleted by us.

3. Online job applications

We would like to make the job application process easier for you. Therefore, we provide an option for online applications via our homepage (https://lorenz-snacks.de, https://lorenz-snacks.com). Further information and a separate Data Privacy Statement can be found in our Applicant Portal.

4. Whistleblower Portal (Tell us!)

On our homepage (https://lorenz-snacks.de, https://lorenz-snacks.com) you will find a link to the whistleblower portal Tell us! of the Lorenz Group. Specific indications of violations of legal provisions or the Code of Conduct of the Lorenz Group can be reported via the whistleblower portal. Further information and a separate Data Privacy Statement regarding the processing of personal data on Tell us! can be found here.

VI. Use of cookies

1. Description of the data processing

We use “cookies” to make our website experience as enjoyable as possible as well as to enable certain functionalities. Cookies are small text files that are stored in the browser and/or by the browser on the user's end device. Once the user accesses a website, the cookie can be stored on the user’s operating system. This cookie contains short text information.

a) Technically necessary cookies

We use technically necessary cookies that are required for the smooth functioning of our website. The following cookies are used:

- SERVERID / Purpose: Webserver allocation from upstream load balancer

- SESS84bf1ebd7cbc8d6aadc576b03d580bce / Purpose: Session cookie from upstream load balancer

Purpose: To avoid an overload of our web server system a so-called load balancer is used. This load balancer distributes the requests from the Internet to several servers. This cookie is set so that the load balancer recognizes when a request is made whether a server has already been assigned. As a result, each user remains assigned to one server for the duration of the use of a website and there are no fluctuations in the response speed.

Lifetime: Session, i.e. only until the user closes the website in the browser.

b) Technically unnecessary cookies

We do not use any technically unnecessary cookies on our website.

c) Notification regarding changes to browser settings

Most browsers are configured so that they automatically accept cookies. The user can prevent the browser from storing cookies by making the appropriate settings. However, this may limit the website’s functionality.

2. Legal basis for data processing

The legal basis for the processing of personal data and the use of technically necessary cookies is Art. 6 Sec. 1 b) and f)  GDPR, § 25 para. 1 TTDSG.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of the website for the user. Some functions of our website cannot be provided without the use of cookies. These functionalities require that the browser be recognized even after another website has been visited. Our legitimate interest in data processing in accordance with Art. 6, Sec. 1 f) GDPR is also included in this purpose.

The user data collected on our website is not used for creating user profiles.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer for the lifetime described above and are transferred from there to our website. Therefore, the user also has complete control regarding the use of cookies. By changing the browser’s settings, you can either deactivate or restrict the transmission of cookies. Cookies that have been stored can be deleted at any time. This can also be performed automatically. If cookies are deactivated for our website, then it is possible that not all website functions will be available.

VII. Social media links, links to Google Maps

1. Social media

Our website may contain links to our official social media accounts. These are:

- Facebook

- Pinterest

- Instagram

- TikTok

- YouTube

- Xing

- LinkedIn

- Kununu

The references (links) have been marked with the respective logo of the social network; no social plugins from the above-mentioned social networks are used that trigger actions on your behalf (such as automatic posting, liking of our products, etc.); this also applies if you are logged into a social media platform with your user account in parallel. Rather, by clicking on the links, users are merely directed to the pages of the respective social media platform.

If you click on a social network link, please consider that the processing of your personal data is the responsibility of the respective social network and that we do not have – nor do we receive – any knowledge of the actual scope of usage of your personal data by the respective provider. For information about the scope of the processing of your personal data by providers of social networking services – as well as the options available for protecting your privacy – please refer to the privacy policies of the respective providers.

2. Links to Google Maps

Our website contains a link to Google Maps, which assists you in planning your route when visiting one of our sites. Google Maps is a service of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. However, a plugin for Google Maps is not implemented on our website due to data protection reasons. If you click on the Google Maps link, please consider that the processing of your personal data is the responsibility of Google and that we do not have – nor do we receive – any knowledge of the actual scope of usage of your personal data by Google. For additional information regarding the scope of the processing of your personal data by Google, as well as the options available for protecting your privacy, please refer to Google Map’s privacy policies.

VIII. Rights of data subjects

If your personal data is processed, then you are considered a “data subject” in terms of GDPR. In that case, you have the following rights towards the Controller:

1. Right of access

You have the right to be informed whether or not your personal data is being processed; if this is the case, then you have the right to access this personal data as well as to the information listed in detail in Art. 15 GDPR.

2. Right to rectification

You have the right to request, without unnecessary delay, the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data (Art. 16 GDPR).

3. Right to restriction of processing

You have the right to demand the restriction of data processing if one of the prerequisites listed in Art. 18 GDPR has been met, e.g., if you have objected to the processing of your data, then for the duration of the examination as to whether the objection can be upheld.

4. Right to erasure

You have the right, upon request, to demand that your personal data be immediately erased, insofar as one of the reasons listed in Art. 17 GDPR is applicable, e.g., if the data is no longer required for the intended purposes and the legal storage regulations do not prevent erasure.

5. Right to data portability

Pursuant to Art. 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format to transfer this data – either by you or if technically feasible by us – to a third party.

6. Right to object

Within the scope of the prerequisites of Art. 21 GDPR, you have the right, for reasons that are related to your own specific situation, to object to the processing of your personal data at any point in time.

7. Right to revoke the declaration of consent under data protection law

You have the right to revoke a declaration of consent provided to us at any time. By revoking your declaration of consent, the lawfulness of the processing carried out based on the consent until revocation is not affected.

8. Your rights during automated decisions

If, in exceptional cases, we use automated decisions on individual cases – including profiling – then we are obligated in accordance with the legal requirements to implement measures so that you can influence the decision (Art. 22 GDPR).

9. Right of appeal to a supervisory authority

Notwithstanding any other administrative or judicial remedy, you have the right to appeal to a supervisory authority – in particular, in the member state of your place of residence, your place of work, or the place of the alleged violation – if you believe that the processing of your personal data violates data protection regulations.

The contact information for the pertinent supervisory authority is listed in No. III of the Data Privacy Statement.

10. Miscellaneous

We hereby inform you that the data subject’s rights may be limited through EU laws or applicable national laws.

To assert the above rights, please contact us under the contact information listed in No. II of the Data Privacy Statement. Queries submitted electronically will usually be answered electronically insofar as you have not made any deviating specifications in your query.

IX. External links

Our website may contain links to third-party websites. Insofar as this is not immediately recognizable, we will inform you that this is an external link. We have no influence on the content and design of third-party websites. This Data Privacy Statement is not applicable to third-party websites.

X. Amendments to this Data Privacy Statement

The ongoing advancement of the internet and the constantly changing legal landscape require that we make changes to our Data Privacy Statement from time to time. We will inform you here about all relevant updates.

 Last update: March 2024