The provider (in the following also referred to as “we”) collects, uses and stores your personal data in accordance with the EU General Data Protection Regulation (GDPR), the German Data Protection Act (“Bundesdatenschutzgesetz”) and the German Telemedia Act (“Telemediengesetz”). Personal data means any information relating to an identified or identifiable natural person. Below we inform you about the type, extent and purpose of the collection and use of personal data.
1. Who is responsible for data processing and who can you contact?
The party responsible for data processing is:
Verantwortlich für die Datenverarbeitung ist:
Borrelli Fine Foods GmbH
Schleißheimer Str. 108,
85748 Garching b. München
+49 (0)89/23 75 23 75
2. Which data are being processed and what are the sources of these data?
We process personal data (Art. 4 Nr. 1 GDPR) which we receive in the course of conducting our business as provider of aonline shop (name, addresses, email-adresses, purchased item and payment method).
3. For what purpose and on what legal basis are the data processed?
a) Processing personal data to fulfil contractual obligations (Art. 6 para. 1 b GDPR):
If we enter into a contractual relation (including the initiation of contractual relation) the processing of personal data takes place for the provision of our services an online shop provider according to Art. 6 para. 1 b GDPR.
b) Processing personal data to fulfil legal requirements (Art. 6 para. 1 c GDPR):
In the event that our company is subject to a legal obligation which requires the processing of personal data, such as for example the fulfilment of tax obligations, the processing of personal data is made pursuant to Art. 6 para. 1 lit. c GDPR.
c) Processing personal data according to Art. 6 para. 1 f GDPR:
Finally, data processing activities can be conducted on the basis of Art. 6 para. 1 lit. f GDPR which covers data processing activities which are do not fall under any of the afore mentioned legal provisions and which covers data processing which is necessary for the purposes of the legitimate interests pursued by us or a third party and provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
4. Legitimate interests of the controller that are being pursued by the controller or a third party
If the processing of personal data is based on Article 6 para. 1I lit. f GDPR our legitimate interest is the conduct of our business and the related communication with you (recital 47 GDPR).
5. SSL encryption
For security reasons and in order to protect confidential information, such as requests submitted via our contact form, we use SSL-encryption. If an encrypted connection has been effected the address-line of your browser will show „https://“ instead of „http://“ and you might notice a locker symbol in your browser. If SSL is activated third parties cannot read data that you send to us.
6. Server Logfiles
We collect and store information on the basis of Art. 6 para 1 lit. f GDPR about your visits of our website in so calles log-files on our server. The logfiles contain data that your browser is automatically sending to us, such as:
- shortended IP-adress
- browser type/ browser version
- your operating system
- referrer URL (or the website visited previously)
- date and time of the server request
- amount of transmitted data
- your internet service provider
These data will be collected and processed only for the purpose of measuring the statistics of our website performance. These data will not be connected with data from other data sources.
8. Period of data storage
We process and store personal data only for the period, which is required to meet the purpose of processing, or as long and to the extent as statutory laws require us to process and/or store such data.
If the purpose of processing does not apply anymore and the applicable statutory retention requirement expires, we will as a matter of routine erase data or restrict the processing of data in accordance with the applicable statutory laws.
9. Google Analytics
We have activated the functionality IP anonymization. In case of activation of the IP anonymization, Google will shorten the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area before sending it to the USA. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On our behalf Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider.
Google will not associate your IP address with any other data held by Google.
Opposition to the data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set which prevents the collection of your data on future visits to this website: disable Google Analytics
10. Information about the use of softjob
We use cloud-based software called Softjob by SoftJob Software Engineering, Via Gaetano Ratti 82/84, 20855Lesmo MB, ITALY, to manage customer data. We use Softjob as a CRM system to manage the customer relationship with you. Details on JotForm’s handling of personal data can be found here: https://www.softjob.it
11. Information about the transfer of data to a third country
We do not transfer personal information to countries outside the EU.
12. Is there an automated decision-making process?
We do not use automated decision-making processes under Art. 22 GDPR for initiating decisions on the establishment or carrying out of the business relationship, which would have legal consequences for the data subject or would have a similar significant negative impact on this person.
13. Rights of the data subject
The data subject has gem. Art. 15 GDPR the right to obtain free information on request about the personal data stored about him as well as the purpose of the data processing. The data subject has also gem. Articles 16, 17 and 18 GDPR the right to correct incorrect data and block and delete his personal data. Moreover the data subject has, subject to Art. 20 GDPR, the right to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from our part. According to Art. 21 (1) GDPR, the data subject shall also have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6 (1) GDPR. We will comply with the aforementioned requests if and to the extent such compliance is required by the applicable statutory laws. Requests for access to and rectification or erasure of personal data or restriction of processing may be directed to the email or post address stated in our website’s imprint. Each data subject has the right to lodge a complaint with a supervisory authority of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.