Privacy Statement

At Lorenz Bahlsen Snack-World GmbH & Co KG Germany (hereinafter also referred to as “Controller”), we take the protection of your personal data very seriously. We also adhere to the pertinent data protection regulations, in particular the provisions set forth in the European Union’s General Data Protection Regulation (GDPR). In the following, we would like to inform you when we collect data within the context of the use of our website and how we use this data.

I. Controller

The Controller, as defined within the scope of GDPR and other national data protection regulations valid in the individual EU member states along with other data protection-relevant provisions, is:

Lorenz Bahlsen Snack-World GmbH & Co KG Germany

Rathenaustr. 54

63263 Neu-Isenburg

Phone: +49 6102 - 2930

E-mail: snacks.info-line@lbsnacks.com

Website: www.lorenz-snacks.com

Our full masthead can be found here.

II. Contact information for the Data Protection Officer

The contact information of the Controller’s Data Protection Officer is:

E-mail: Datenschutz@lbsnacks.com

III. Contact information of the regulatory authority

The contact information for the regulatory authority responsible for our site is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (Commissioner for Data Protection and Freedom of Information)

PO Box 3163

65021 Wiesbaden

Phone: +49 611 1408 - 0

Fax: +49 611 1408 - 900

E-mail: poststelle@datenschutz.hessen.de

IV. General information

1. Scope of the data processing

In general, we only collect and use our website user's personal data insofar as this is required for the provision of our content and services as well as to provide a functional website. The collection and the use of our website user's personal data is only processed insofar as this is permitted by the legal provisions, or if the users have provided their consent.

2. Legal basis for data processing

Insofar as we gather a user’s consent through our website for the processing of personal data, Art. 6, Sec. 1 a) GDPR serves as the legal basis for the processing of personal data.

In the processing of personal data that is required for the fulfilment of a contract whose contractual party is the user, then Art. 6, Sec. 1 b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of a quasi-contractual obligation or pre-contractual measures.

Insofar as personal data is required for the fulfilment of a legal obligation to which our company is subject to, then Art. 6, Sec. 1 c) GDPR serves as the legal basis.

If the processing of the data is pertinent to the protection of a legitimate interest of our company or of a third party, and if the interests, basic rights, and fundamental freedoms of the affected user do not outweigh the first-mentioned interests, then Art. 6, Sec. 1 f) GDPR serves as the legal basis for the data processing (so-called “balancing of interests”).

Moreover, there are additional legal bases for the processing of personal data. These are specifically listed – insofar as they are relevant – in the following.

3. Duration of storage

The user’s personal data is deleted or blocked as soon as the intended purpose of the data storage is no longer valid. Data storage may extend beyond this period if this is provided through the European or national governing bodies in union regulations, laws, or other provisions to which our company is subject. A blocking or deletion of the data also occurs upon expiration of the storage period as noted in the aforementioned standards unless there is a requirement for the further storage of the data for purposes of contract conclusion or contract fulfilment.

4. Transfer of personal data

If we transfer personal data, then only to service providers who assist us in fulfilling the aforementioned purposes. As “processors,” these companies must only use your personal data within the scope of order fulfilment on our behalf. These companies are also obligated to comply with the pertinent data protection provisions. The processors used by us are:

Denkwerk GmbH

Vogelsanger Str. 66

50823 Cologne

In all other respects, however, no personal data is forwarded to third parties.

5. Place of data processing

The processing of your personal data occurs in member states of the European Union (EU) or rather the European Economic Area (EEA). Regarding any processing of data by service providers based outside the EU/EEA, please refer to the descriptions of the individual data processing operations below.

V. Processing of personal data on the website

1. Provisioning of the website and creation of log files

a) Description of the data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

- Information regarding the type of browser and the version used

- The user’s operating system

- The user’s IP address

- Date and time of access

- Website(s) from which the user’s system was directed to our website

- Website(s) accessed by the user’s system via our website

Our system stores this data in log files, whereby the user’s IP address is only stored in completely anonymous form (in other words as 0.0.0.0) so that the IP address can no longer be used to identify an individual. Storage of this data together with the user’s other personal data does not occur.

b) Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6, Sec. 1 f) GDPR.

c) Purpose of data processing

The storage in log files ensures the functionality of the website. Furthermore, the data helps us to optimize the website and to ensure the security of our information technology systems. In this regard, we do not analyze the data for marketing-related purposes. These purposes also include our legitimate interest in data processing in accordance with Art. 6, Sec. 1 f) GDPR.

d) Duration of storage

The data will be deleted as soon as the grounds for its collection are no longer valid. The stored log files will be deleted after a maximum of seven days.

e) Possibility of objection and removal

The collection of data for provisioning the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

2. Contact forms and e-mail contact

a) Description of the data processing

Our website includes contact forms that are used for queries from customers, distributors, and the media. These forms may be used for electronically contacting the respective party. If a user selects this option, the data entered into the electronic form is transferred to us and stored. The mandatory data includes:

- First name and last name

- E-mail address

- Message

Moreover, the user can also fill in other optional fields and can also transfer files by using the upload function.

Alternatively, it is also possible to contact us using the provided e-mail address. In this case, the personal data transferred via the user’s e-mail is stored.

This data is not forwarded to third parties. The data is exclusively used for the processing of the communication between the parties.

b) Legal basis for data processing

The legal basis for the processing of the data is Art. 6, Sec. 1 f) GDPR. If e-mail correspondence is being used with the intention of concluding a contract, or if it serves a quasi-contractual obligation, then the additional legal basis for the processing of the data is Art. 6, Sec. 1 b) GDPR.

c) Purpose of data processing

The processing of the personal data from the entry form is solely used for purposes of contacting the interested party. In case communication is established, this also constitutes the required legitimate interest in the processing of the data.

d) Duration of storage

The data will be deleted as soon as the grounds for its collection are no longer valid. For the personal data entered into the input screen of the respective contact form, and for data that has been transmitted by e-mail, this applies if the individual correspondence with the user is finished. The correspondence is finished, if it can be inferred that the particular situation has been resolved.

e) Possibility of objection and removal

If the users contact us through either the contact form or by sending an e-mail, then they may revoke their consent to the storage of their personal data at any time. This revocation can be sent to the contact information listed under No. II of our Data Privacy Statement. In case consent is revoked, the correspondence with the user cannot continue and all personal data that has been collected within the scope of the correspondence will be deleted by us.

3. Online job applications

We would like to make the job application process easier for you. Therefore, we have made it possible for you to apply online. Further information and a separate Data Privacy Statement can be found in our Applicant Portal.

VI. Use of cookies

1. Description of the data processing

We use “cookies” to make our website experience as enjoyable as possible as well as to enable certain functionalities. Cookies are small text files that are stored in the browser and/or by the browser on the user's end device. Once the user accesses a website, the cookie can be stored on the user’s operating system. This cookie contains a string of characters that enables the browser to be uniquely identified when the website is accessed again.

a) Technically necessary cookies

We use technically necessary cookies that are required for the smooth functioning of our website. The following cookies are used:

- SERVERID / Purpose: Webserver allocation from upstream load balancer

- SESS84bf1ebd7cbc8d6aadc576b03d580bce / Purpose: Session cookie from upstream load balancer

b) Technically unnecessary cookies

We do not use any technically unnecessary cookies on our website.

c) Notification regarding changes to browser settings

Most browsers are configured so that they automatically accept cookies. The user can prevent the browser from storing cookies by making the appropriate settings. However, this may limit the website’s functionality.

2. Legal basis for data processing

The legal basis for the processing of personal data and the use of technically necessary cookies is Art. 6 Sec. 1 b) and f) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of the website for the user. Some functions of our website cannot be provided without the use of cookies. These functionalities require that the browser be recognized even after another website has been visited. Our legitimate interest in data processing in accordance with Art. 6, Sec. 1 f) GDPR is also included in this purpose.

The user data collected on our website is not used for creating user profiles.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and are transferred from there to our website. Therefore, the user also has complete control regarding the use of cookies. By changing the browser’s settings, you can either deactivate or restrict the transmission of cookies. Cookies that have been stored can be deleted at any time. This can also be performed automatically. If cookies are deactivated for our website, then it is possible that not all website functions will be available.

VII. Social media links, links to Google Maps

1. Social media

Our website may contain links to our official social media accounts. These are:

- Facebook

- Twitter

- Pinterest

- Instagram

- TikTok

- YouTube

- Xing

- LinkedIn

- Kununu

The links have been marked with the respective log of the social network; no social plugins from the above-mentioned social networks are used.

If you click on a social network link, please consider that the processing of your personal data is the responsibility of the respective social network and that we do not have – nor do we receive – any knowledge of the actual scope of usage of your personal data by the respective provider. For information about the scope of the processing of your personal data by providers of social networking services – as well as the options available for protecting your privacy – please refer to the privacy policies of the respective providers.

2. Links to Google Maps

Our website contains a link to Google Maps, which assists you in planning your route when visiting one of our sites. Google Maps is a service of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. However, a plugin for Google Maps is not implemented on our website due to data protection reasons. If you click on the Google Maps link, please consider that the processing of your personal data is the responsibility of Google and that we do not have – nor do we receive – any knowledge of the actual scope of usage of your personal data by Google. For additional information regarding the scope of the processing of your personal data by Google, as well as the options available for protecting your privacy, please refer to Google Map’s privacy policies.

VIII. Rights of data subjects

If your personal data is processed, then you are considered a “data subject” in terms of GDPR. In that case, you have the following rights towards the Controller:

1. Right of access

You have the right to be informed whether or not your personal data is being processed; if this is the case, then you have the right to access this personal data as well as to the information listed in detail in Art. 15 GDPR.

2. Right to rectification

You have the right to request, without unnecessary delay, the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data (Art. 16 GDPR).

3. Right to restriction of processing

You have the right to demand the restriction of data processing if one of the prerequisites listed in Art. 18 GDPR has been met, e.g., if you have objected to the processing of your data, then for the duration of the examination as to whether the objection can be upheld.

4. Right to erasure

You have the right, upon request, to demand that your personal data be immediately erased, insofar as one of the reasons listed in Art. 17 GDPR is applicable, e.g., if the data is no longer required for the intended purposes and the legal storage regulations do not prevent erasure.

5. Right to data portability

Pursuant to Art. 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format to transfer this data – either by you or if technically feasible by us – to a third party.

6. Right to object

Within the scope of the prerequisites of Art. 21 GDPR, you have the right, for reasons that are related to your own specific situation, to object to the processing of your personal data at any point in time.

7. Right to revoke the declaration of consent under data protection law

You have the right to revoke a declaration of consent provided to us at any time. By revoking your declaration of consent, the lawfulness of the processing carried out based on the consent until revocation is not affected.

8. Your rights during automated decisions

If, in exceptional cases, we use automated decisions on individual cases – including profiling – then we are obligated in accordance with the legal requirements to implement measures so that you can influence the decision (Art. 22 GDPR).

9. Right of appeal to a supervisory authority

Notwithstanding any other administrative or judicial remedy, you have the right to appeal to a supervisory authority – in particular, in the member state of your place of residence, your place of work, or the place of the alleged violation – if you believe that the processing of your personal data violates data protection regulations.

The contact information for the pertinent supervisory authority is listed in No. III of the Data Privacy Statement.

10. Miscellaneous

We hereby inform you that the data subject’s rights may be limited through EU laws or applicable national laws.

To assert the above rights, please contact us under the contact information listed in No. II of the Data Privacy Statement. Queries submitted electronically will usually be answered electronically insofar as you have not made any deviating specifications in your query.

IX. External links

Our website may contain links to third-party websites. Insofar as this is not immediately recognizable, we will inform you that this is an external link. We have no influence on the content and design of third-party websites. This Data Privacy Statement is not applicable to third-party websites.

X. Amendments to this Data Privacy Statement

The ongoing advancement of the internet and the constantly changing legal landscape require that we make changes to our Data Privacy Statement from time to time. We will inform you here about all relevant updates.

Last update: February 2021