Privacy Statement 

Controller 

Confiserie Burg Lauenstein GmbH 
Thomas Luger, Managing Director 
Lauensteiner Strasse 41 
96337 Ludwigsstadt 
Phone: 0 92 63 / 9 45 – 0 
Fax: 0 92 63 / 9 45 – 45 
Email: info@lauensteiner.de 

In this privacy statement, we provide you with information regarding the scope of the processing of your personal data (hereinafter known simply as “data”). 
 

Data Processing 

We process data as part of the operation of our website. The processing of the data also encompasses disclosure in the form of transfer. The EU Commission has implemented an adequacy decision, the EU-US Privacy Shield, for the transfer of data to the USA. In this decision, the Commission certifies that the safeguards for the transfer of data to the USA on the basis of the EU-US Privacy Shield are in conformity with the data protection standards in the EU. Insofar as we transfer data to the USA, we have marked the certification of our service providers according to the EU-US Privacy Shield. Details regarding the relevant data, purposes of the processing, legal grounds, recipients and transfers to third countries are described below. 
 

a) Log file 

We record your visit to our websites in a log file. At the time of your visit, we process the following data: name of the website accessed each time, date and time of the access, volume of transferred data, type and release of your browser, the operating system you are using, the referrer URL (the previously visited website), your IP address and the accessing provider. This is necessary to ensure the security of the website.  

We process the data on the basis of our legitimate interests in accordance with point (f) of Art. 6 (1) GDPR. The log file is erased after seven days unless it is required for the clarification or as evidence of concrete legal violations that become known within the retention period. 


b) Hosting 

All data that must be processed in relation to the operation of this website are stored as part of the hosting. This is necessary for the operation of the website. We process the data on the basis of our legitimate interests in accordance with point (f) of Art. 6 (1) GDPR. We utilise the services of web hosting providers for the provision of our online site and we transfer the aforementioned data to them. 
 

c) Establishing contact 


If and when you contact us, your data (name, contact data, insofar as you have provided them) and your message are processed solely and exclusively for the purpose of processing and handling your query. We process these data on the basis of point (b) of Art. 6 (1) GDPR or of point (f) of Art. 6 (1) GDPR for the handling of your query. 

Use of data relating to registration for an email newsletter 
We offer to you the opportunity to register for our newsletters on our websites/applications. To ensure that you did not make any mistakes when entering your email address, we utilise the so-called double opt-in procedure (DOI procedure). After you enter your email address in the registration field and give your consent to the receipt of our newsletters, we send a confirmation link to the address you have given. Your email address will not be added to our distribution list for distribution of our newsletters until you click on this confirmation link. The legal basis for this data processing is point (a) of Article 6 (1) GDPR.
Right to withdraw consent
You may withdraw your consent at any time by clicking on the unsubscribe link at the end of every newsletter.
  

d) Job applications 

If you contact us for the purpose of sending us your application for employment with our company, e.g. per email or using the contact form, your data (e.g. name, email address, desired place of employment insofar as you have indicated one), your message and the transmitted application documents will be processed solely and exclusively for the purpose of processing and handling your job application. Legal grounds for the data processing are Section 26 BDSG [Federal Data Protection Act] (new) and point (b) of Art. 6 (1) GDPR. The application data will be erased after a period of 2 months from the end of the application process, but at the latest after a period of 6 months from receipt of the application. If your application leads to employment, the data will be transferred to your personnel file. Legal basis for this is also point (b) of Art. 6 (1) GDPR. 



e) Customer account 

If and when you open a customer account, you give your consent to the storage of your master data (name, address, email address, bank account) and user data (user name, password). This enables us to identify you as a customer, and you have the opportunity to manage your orders. Your data are processed on the basis of your consent in accordance with point (a) of Art. 6 (1) GDPR. 


f) Processing of purchases 

We process your order data for the performance of the purchase contract. The processing of the data is based on point (b) of Art. 6 (1) GDPR. We transfer your address data to the company contracted to handle delivery. Insofar as it is necessary for performance of the contract, we also transfer your email address or your phone number to the company contracted to handle delivery for the purpose of arranging a delivery date (notice of delivery). We transfer your transaction data (name, date of the order, payment method, shipment and/or receipt date, amount and payment recipient, as appropriate bank account or credit card data) to the payment service provider contracted to handle the payment. 
 

g) Creditworthiness check 

We transfer your name and address to a credit agency, which compares these data with their own database for the purpose of checking your creditworthiness. The credit agency sends the results of your creditworthiness check to us. In the event of a purchase against invoice, we process these data on the grounds of our legitimate interests pursuant to point (f) of Art. 6 (1) GDPR because we provide an advance service by shipping the goods and bear the risk of a bad debt. In all other cases, your data are processed solely and exclusively on the basis of your consent pursuant to point (a) of Art. 6 (1) GDPR. 
 

h) Website analysis and marketing 


We utilise so-called cookies so that certain functions can be used. These are small data packages that are stored on your device and exchanged with other providers. Some of the cookies we use are erased immediately when you close your browser (so-called session cookies). Other cookies remain on your device so that we recognise your browser when you come back for another visit (persistent cookies). You can erase all the cookies stored on your device and make the appropriate settings on commonly used browsers to prevent the storage of cookies. In this case, however, you may have to re-enter some of the settings every time you visit our website and accept restrictions of some of the functions. We use cookies in relation to the following functions. 
 

GOOGLE TAG MANAGER 

This website uses Google Tag Manager. The Tag Manager does not capture any personal data. The tool triggers other tags that may, under certain circumstances, for their part capture data. Google Tag Manager does not access any such data. If the domain or cookie level has been disabled, this will apply to all tracking tags that are implemented using Google Tag Manager. You will find Google’s privacy policy concerning this tool here: https://www.google.de/tagmanager/use-policy.html. 
 

Google Analytics 

We use Google Analytics, a web analysis service offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google uses certain cookies for this service. The information about your use of the website generated by the cookie (including your IP address) is transmitted to a Google server in the USA and stored there. We use the collected information to evaluate your use of the website, to compile reports about these website activities for the website operators and to perform further services related to the use of the website. We process the data thus obtained in pursuit of our legitimate interest in the optimal marketing of our online portfolio pursuant to point (f) of Art. 6 (1) GDPR. Under no circumstances will Google combine your IP address with other Google data. We wish to point out that this website uses Google Analytics with the extension “anonymizeIp()”. This results in the truncation of the IP addresses before they are transferred to a server in the USA. As a rule, this prevents any direct attribution to a specific person in relation to the stored data. Only in exceptional cases is the full IP address transferred to a server in the USA and truncated there. You may object to this data collection at any time, effective for the future, by using the browser add-on disabling this function available from Google Analytics at http://tools.google.com/dlpage/gaoptout?hl=de. Please note in addition the remarks on Google’s use of data in the Google Partner Network at http://www.google.com/intl/de/policies/privacy/partners/. Google is certified by https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. 

You will find additional information about privacy at https://policies.google.com/privacy?hl=de&gl=de. 
 

Use of Google Invisible reCAPTCHA 

We use the service Invisible reCAPTCHA of Google, Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) on our website. 

This serves to distinguish entries made by a person from those made by automated machine processes. Operating in the background, Google collects and analyses use data that are used by Invisible reCAPTCHA to distinguish between genuine users and bots. This is done by transferring your entry to Google and making further use of it there. In addition, the IP address and any other data Google requires for the service Invisible reCAPTCHA are transferred to Google. These data are processed by Google within the European Union and, under certain circumstances, in the USA as well. Google has obtained certification pursuant to the US-EU data protection treaty “Privacy Shield” and is consequently obligated to comply with European data protection regulations. Processing is based on point (f) of Art. 6 (1) GDPR in pursuit of our legitimate interest in protecting our website from automated espionage, misuse and spam. You will find details about Google reCAPTCHA and the related privacy statement at https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy. 
 

GOOGLE ADWORDS REMARKETING 

Our website uses the functions of Google AdWords Remarketing for advertising this website in the Google search results and on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For this purpose, Google places a cookie in the browser of your device; it automatically enables interest-based advertising by the use of a pseudonym cookie ID and on the basis of the websites you visit. Processing is in pursuit of our legitimate interest in the optimal marketing of our website pursuant to point (f) of Art. 6 (1) GDPR. Any more extensive data processing takes place solely insofar as you have given Google your consent to Google’s linking of your internet and app browser history with your Google account and to using information from your Google account to personalise advertisements that you view on the web. If, in this case, you are logged on to Google while visiting the pages of our website, Google uses your data in combination with Google Analytics data to create and define target group lists for cross-device remarketing by temporarily linking your personal data with Google Analytics data to create target groups. You can permanently disable the placing of cookies for advertising purposes by downloading and installing the browser plugin using the following link: https://www.google.com/settings/ads/onweb/. Alternatively, you can find information about the placement of cookies and make the appropriate settings at the Digital Advertising Alliance at the internet address www.aboutads.info. Finally, if you make the appropriate settings in your browser, you will be notified when cookies are placed on the computer and can decide on a case-by-case basis whether to accept them, to accept them for specific cases or to preclude their placement in general. If cookies are blocked, the functionality of our website may be restricted. Google LLC, headquarters in the USA, is certified under the US-European data protection treaty “Privacy Shield”, which guarantees compliance with the data protection level of the EU. You can see more detailed information and the data protection provisions relating to advertising and Google at this address: http://www.google.com/policies/technologies/ads/. 



Use of Facebook Remarketing 

We use the remarketing function “Custom Audiences” of Facebook, Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; “Facebook”) on our website. 

This function allows the specific addressing of visitors to the website with interest-related advertising on the social network Facebook. 

The remarketing tag from Facebook has been implemented on the website for this purpose. When you visit the website, a direct connection to the Facebook servers is established via this tag. At this time, information about which of our pages you have visited is transferred to the Facebook server. Facebook attributes this information to your personal Facebook user account. When you visit the social network Facebook, you are shown personalised, interest-related Facebook ads. Processing is based on point (f) of Art. 6 (1) GDPR and is in pursuit of our legitimate interest in the aforementioned purpose. 

You have the right to object at any time to this processing of personal data relating to you pursuant to point (f) of Art. 6 (1) GDPR on grounds relating to your particular situation. 

You can do this by disabling the remarketing function “Custom Audiences” here. You will find more detailed information about Facebook’s collection and use of the data, your related rights and your options for the protection of your private sphere in the privacy policies of Facebook at https://www.facebook.com/about/privacy/. 


BING UNIVERSAL EVENT TRACKING (UET) 

Data are collected and stored on our website using technologies of Bing Ads; they are used to create use profiles based on pseudonyms. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 90852-6399, USA. This service allows us to track users’ activities on our website if they have been directed to our website via advertisements of Bing Ads. If you are referred to our website from such an advertisement, a cookie will be placed on your computer. A Bing UET tag has been integrated into our website. This is a code that, in conjunction with the cookie, stores certain non-personal data about the use of the website. These data include (among others) the time spent on the website, what sections of the website were accessed and the advertisement that referred the users to the website. No information about your identity is captured. The captured information is transferred to Microsoft servers in the USA and stored there for a maximum period of 180 days. You can prevent the capture of the data related to the use of the Website that are generated by the cookie and the processing of these data by disabling the placement of cookies. This may under certain circumstances restrict the functionalities of the website. Moreover, Microsoft may be able, under certain circumstances, to use so-called cross-device tracking to track your use behaviour across a number of your electronic devices, which allows the company to display personalised advertising on Microsoft websites and in Microsoft apps. You can disable this activity at http://choice.microsoft.com/de-de/opt-out. You will find more detailed information about the analysis services of Bing on the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/de/53056/2). You will find more detailed information about privacy at Microsoft and Bing in the Microsoft privacy statement (https://privacy.microsoft.com/de-de/privacystatement). 

AFFILINET 

affilinet GmbH, Sapporobogen 6–8, 80637 Munich, places a cookie on visitors’ devices for the correct capture of sales and/or leads. This cookie is placed by the domain partners.webmasterplan.com or banners.webmasterplan.com. The cookies placed by affilinet are accepted by the default settings of your internet browser. If you do not wish to allow the storage of these cookies, disable the acceptance of the cookies from these domains in your internet browser. affilinet cookies store solely the ID of the referring partner and the attribution number of the advertising means the visitors click on (banners, text links or similar means) that are required to process payments. The partner ID is used during the performance of a transaction so that the commission that is to be paid to the referring partner can be attributed correctly to this partner. The legal basis for this data processing is point (f) of Article 6 (1) GDPR. 

You will find details about data protection at https://www.affili.net/de/datenschutz. 

Linking of external content 

We utilise external dynamic content to optimise the presentation and the services of our website. During a visit to the website, a query is automatically transmitted by API to the server of the pertinent content provider, at which time certain log data (e.g. the users’ IP addresses) are transferred to this server as well. The dynamic content is subsequently transferred to our website and displayed there. We use external content in relation to the following functions. 

Quality seals 

The Trusted Shops Trustbadge is integrated into this website to display our Trusted Shops quality seal and the Trusted Shops products for buyers after an order. The Trustbadge and the services acquired with it are a product of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. When the Trustbadge is accessed, your IP address, date and time of the access, transferred data quantity and the requesting provider (access data) are transferred to the Trusted Shops servers. These access data are not analysed and are automatically overwritten at the latest seven days after the end of your visit to the site. These data are transferred in pursuit of our legitimate interest in the best possible marketing of our portfolio pursuant to point (f) of Art. 6 (1) GDPR. 

Additional personal data are transferred to Trusted Shops solely if and when you decide to use Trusted Shops products after concluding an order or have previously registered for their use. In this case, the contractual agreement established between you and Trusted Shops applies. We use certain cookies that store your IP address for the analysis of user behaviour on our website, for the optimisation of our online portfolio and to personalise contents and advertisements. 

Duration of the data storage 

We store personal data solely as long as required for the purpose for which they are processed or until you have withdrawn any consent you have granted. If and when statutory retention periods must be observed, the storage period for certain data may be as long as 10 years without regard for the purposes of the processing. 

Your rights as a data subject 

a) Access 

Upon request, you may obtain, free of charge, information about all personal data we have stored about you. 

b) Rectification, erasure, restriction of processing (blocking), objection 

If and when you no longer consent to the storage of your personal data or if the data have become incorrect, we will order the deletion or restriction of your data or carry out the required corrections (to the extent possible under applicable law) upon receiving instructions to this effect. This provision applies as well if we are to restrict the processing of data in future. 

c) Data portability 

Upon request, we will provide your data to you in a commonly used, structured and machine-readable format so that you can, if you wish, transfer your data to another controller. 

d) Right to lodge a complaint 

You have the right to lodge a complaint with a supervisory authority (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html). 

e) Right to withdraw consent for the future 

You may withdraw your consent, effective for the future, at any time. The withdrawal of your consent is without prejudice to the lawfulness of the processing prior to the point in time of the withdrawal of consent. 

f) Restrictions 

The above rights do not cover any data for which we are unable to identify the data subject, e.g. if the data have been anonymised for analysis purposes. Access, erasure, restriction, rectification or portability to another company of these data may be possible if you provide to us additional information that makes identification possible. 

g) Exercising your rights as a data subject 

If you have any questions about the processing of your personal data or requests for access, rectification, restriction, withdrawal of consent or the erasure of data or for the transfer of your data to another company, please contact info@lauensteiner.de. 

MODIFICATIONS OF THIS PRIVACY STATEMENT 

We reserve the right to modify our privacy statements if this should become necessary because of new technologies. Please be sure that you have the most recently revised version. Whenever fundamental modifications of this privacy statement are made, we will announce them on this website. 

Any potential customers and visitors to our website who have privacy questions can reach us at this address: 

Mr Gerald Lill 

Projekt 29 GmbH & Co. KG 

Ostengasse 14 

93047 Regensburg 

Phone: 0941 2986930 

Fax: 0941 29869316 

Email: info@lauensteiner.de 

Internet: www.projekt29.de 

If our data protection officer is unable to answer your queries to your satisfaction, you have in every case the right to lodge a complaint with the competent data protection supervisory authority in your state [Bundesland].