Privacy policy - Organic Farming Italy

Data protection according to GDPR

In the following, we inform you about the nature, scope and purpose of the collection and use of personal data on our website. In terms of content, we are guided by the EU General Data Protection Regulation (GDPR), because the data protection provisions of the German Telemedia Act (TMG) are unlikely to be applicable from 25.05.2018.

The company responsible for this website (and the general contact details) can be found in our imprint.

Would you like to contact our data protection officer in particular? Then send an e-mail to info@organicfarming-italy.com. Your request will be treated confidentially.
Our data protection officer is not responsible for ensuring that your specific requests are fulfilled (information, etc.); rather, he is available to answer your confidential questions and general legal matters.

You have the right to complain to the relevant data protection supervisory authority in accordance with Article 77 GDPR.

You are welcome to contact us before contacting the supervisory authority; our very competent company data protection officer takes care of your request much faster and just as thoroughly. If we can’t help you, you can still contact the supervisory authority.

Of course, you have numerous personal rights that we would like to fulfill:

You have the right to complain to the relevant data protection supervisory authority in accordance with Article 77 GDPR.

Of course, you have numerous personal rights that we would like to fulfill:

Information

We comply with the obligation to provide information in this data protection declaration.
Correction
You can request the correction of incorrect data.
Deletion
You can request the deletion of your data, provided that the numerous exceptions of the GDPR do not apply.
Restriction of processing
You can request that your data no longer be actively used (e.g. if you doubt the accuracy of your data).e.g. if you doubt the accuracy of the data).
Right to object to our “legitimate interests”
If there are overriding interests in your individual case that outweigh our operational interests, you can object to the processing. In many cases, this can be done via an “opt-out”.
Data portability
If you actively provide data, and the legal basis for the processing (a) your consent or (b) constitutes our contractual relationship, you may request that we provide you with this data in electronic form.

Retrieving information from the website

Within the framework of the normal “surfing” on our website, the following data is collected and used in your sense for the delivery of websites:

Date and time (We can make a time assignment and use this to locate e.B. technical problems.
IP address (The collection of the IP address is necessary so that the web server can send you the desired data.)
The requested data (Which file do you request? In which subdirectory is it located?)
The port through which you request the data (this information is sent automatically by your browser. This port will give you the web page you want.)
The referring website (Some browsers also send the URL of the previously used website every time they are retrieved.)
Name of the browser you use to browse the Internet (this information is sent automatically by your browser. We may use this information to visually display the content in the best possible way. Your browser may also send other information, e.B. about installed programs)
The status of the retrieval (Here we can see if the desired website exists and could be successfully delivered to you.)
Miscellaneous: For the sake of completeness, it should be mentioned that your browser may send additional data to our web server (name of the browser, screen resolution, etc.). We naturally have no influence on this.

The data described above is stored in the Web server’s memory for only a fraction of a second. This process is technically absolutely necessary to make a website available, so we have a “legitimate interest” in this within the meaning of Article 6 (1f) GDPR. The web server is located with a European operator.

Due to the nature of the Internet, this data is inevitably processed on a large number of servers until your request arrives on our web server; therefore, it is also possible to survey and use in “third countries” (e.g. the USA). Our company has no influence on this process.

Our website works internally consistently SSL-encrypted. In this respect, the operators of worldwide web servers do not have any insight into the transported content.

The above data is additionally stored in the form of log files for a limited time in order to be able to analyze possible technical problems (or hacker attacks). We keep these log files for 5 days. If there are no problems (or hacker attacks), no one looks into these files. These log files are important for proving criminal conduct to law enforcement; in this respect, we have a “legitimate interest” in this within the meaning of Article 6 (1f) GDPR.

Contact form

You can use the contact form to request information quickly and unbureaucratically. Please understand that we request your specific contact details; experience shows that we can only provide you with information in a targeted manner.

The collection of data in this respect is justified by our “legitimate interest” within the meaning of Article 6 (1f) GDPR, because a smooth contact favours our business purposes. If a contractual relationship were to arise from the contact form, the (pre-) contractual performance within the meaning of Article 6 (1b) GDPR should also be mentioned as the legal basis. If you do not want to give us this data in the contact form, please contact us by phone.

(In passing, the formerly existing obligation to give consent to the contact form does not (no longer exist) because the underlying section 12 para. 1 TMG is no longer applicable).

The entry of your data into the contact form takes place SSL-encrypted and is therefore confidential. However, the data of the contact form will be forwarded to our company by e-mail unencrypted. In this respect, confidentiality is not guaranteed overall. However, if full confidentiality is important to you, please send us an e-mail (our email server supports TLS encryption, if YOUR email server also supports it).

After the e-mail with the contact form data is sent, no data remains on the web server.

If you wish to delete the resulting e-mail, please let us know. If there are no important reasons (e.g. laws) against this, we will gladly respond to your request.

Cookies

Cookies are small text files that are stored on your hard drive by your browser. This is useful for a variety of purposes to adapt a website to users. Switching off and deleting cookies is an important issue. A general guide can be found here. We also recommend the website www.youronlinechoices.com. There are different types of cookies in terms of storage time and access rights:

a) Own short-term cookies (“session cookies”)

These cookies are uncritical under data protection law and are usually used to design our own website. The legal basis is our “legitimate interest” within the meaning of Article 6 (1f) GDPR. These cookies will be deleted as soon as you close the browser. Specifically, these are:

We do not use such cookies.

b) Own cookies with longer duration

These cookies allow us to allow our website to recognize your browser in the long term. This allows us to customize the content “tomorrow” or “next” week.

We do not use such cookies.

d) Long-term third-party cookies

These cookies are readable and writable by ourselves and also by other websites. This means that other services can also access this data. This is particularly interesting for customized advertising and for connecting to “social networks”.

Google Analytics

Cookies are set by Google as part of the pseudonymized user profiles on our website. This is only for our internal evaluation (see below). DoubleClick.net (Google Group)
We consider it to be in our legitimate interest within the meaning of Article 6 (1f) GDPR that your visit to our website may result in you seeing advertising from us on the Google advertising network. This is done within Google’s DoubleClick advertising network. Concrete information and shutdown options can be found here Google writes: We use cookies to make ads more appealing to users and more valuable for publishers and advertisers. Cookies are typically used to select user-relevant ads, improve campaign performance reporting, or prevent a user from seeing the same ads multiple times. Google uses cookies such as the NID and SID cookies to customize advertising in Google products such as Google Search. Such cookies include your latest searches, your previous interactions with an advertiser’s ads or search results, and your visits to an advertiser’s website. In this way, we can show you customized ads on Google. We also use cookies for advertisements that we display in various places on the web. The most important ad default cookie for non-Google websites is called IDE. It is stored for two years and can be used by other Google websites to display appropriate advertisements. Google accesses this cookie from servers worldwide. This cookie is not associated with you and is not sold to third parties (says Google).

Statistical analysis of the use of our website (Google Analytics) It is of great economic importance for our company that we can statistically evaluate the use of our website by our visitors. We are not concerned with evaluating the behaviour of an individual. Rather, it is about overarching statistical aspects: on which side do visitors “enter” our site? How many clicks does the average visitor make?

You may have heard about the position paper of the German Data Protection Conference, where the topic of “consent” in connection with “tracking mechanisms and user profiles” is also briefly mentioned under point 9.

As we understand (and not just ours), the above position paper does not mean that we need to obtain consent for our internal website usage statistics. We share the view of the Article 29 Working Paper 194 (chapter 4.3 on page 10) that there is no risk to your rights and freedoms if you proceed carefully. The supervisory authorities have also explicitly subscribed to this European understanding of the law in the Above DSK Position Paper.

Rest assured that these statistics are not personal in any form. These statistics are of great importance to our company and we see this as a legitimate interest within the meaning of Article 6 (1f) GDPR; if you wish to object to this, we will of course be happy to offer you an “opt-out” option.
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”),1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Detailed information can be found here.

Google Analytics uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, comcompile reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to the full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Google Maps

We offer you a convenient way to plan the way to our company. For this purpose, we use an API the map service Google Maps. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. As soon as you access this page, your IP address will be sent to Google. This is an American company; data is sent to non-European countries (Google participates in the EU-US PrivacyShield). If you enter your own data in this card (e.B. your own place of residence), this data will also be transmitted. Google provides information here. We see this service as a “legitimate interest” within the meaning of Article 6 (1f) GDPR.

Zapier

To integrate various databases and web tools, we use Zapier, a service provided by Zapier Inc, 548 Market St #62411, San Francisco, California 94104, USA. When using Zapier, data is transferred to the USA, which is generally considered a third country with an insecure level of data protection under the GDPR. We have no knowledge of the content of the transferred data, how it is used or how long it is stored by Zapier. We have concluded an order processing contract with Zapier in accordance with Art. 28 GDPR.

Zapier is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000TNk2AAG&status=Active.

If you do not want Zapier to use your data, you must unsubscribe from the newsletter/marketing emails. We provide a corresponding link for this purpose in every newsletter / marketing message. You can also unsubscribe from marketing e-mails directly at shop@neuenarrative.de.

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter/marketing emails. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide us with will be stored by us until you unsubscribe from the newsletter / marketing emails and will be deleted from our servers as well as from Zapier’s servers after you unsubscribe from the newsletter / marketing emails. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. Further information on data protection at Zapier can be found at https://zapier.com/privacy/.

With the following information we inform you about the contents of our newsletter as well as the registration, shipping and statistical evaluation procedure as well as your rights of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.

Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “Newsletter”) only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. For the rest, our newsletters contain information about our services and us.

Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. I.e. You will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can log in with foreign e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation time, as well as the IP address. The changes to your data stored by the shipping service provider will also be logged.

The sending of the newsletter and the success measurement associated with it is based on the consent of the recipients in accordance with the Art. 6 Abs. 1 lit. a, Art. 7 GDPR i.V.m Section 7 para. 2 No. 3 UWG or on the basis of legal permission in accordance with Section 7 para. 3 UWG.

The registration procedure is logged on the basis of our legitimate interests in accordance with the Art. 6 Abs. 1 lit. f GDPR. Our interest is focused on the use of a user-friendly and secure newsletter system that serves our business interests as well as meets the expectations of our users and also allows us to prove consent.

Cancellation/revocation – You can cancel the receipt of our newsletter at any time, i.e. revokeyourd your consents. A link to cancel the newsletter can be found at the end of each newsletter. We may store the e-mail addresses that have been sent out for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense of claims. An individual request for cancellation is possible at any time, provided that the former existence of a consent is confirmed at the same time.

The newsletters are sent by mail service provider “MailChimp”, a newsletter shipping platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the shipping service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thereby provides a guarantee to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The shipping service provider is based on our legitimate interests in accordance with the Art. 6 Abs. 1 lit. f GDPR and an order processing contract in accordance with Article 28(2) 3 p. 1 GDPR.

The shipping service provider may use the data of the recipients in pseudonymous form, i.e. without being assigned to a user, for the optimization or improvement of its own services, e.g. for the technical optimization of the shipping and presentation of the newsletters or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write them down themselves or to pass on the data to third parties.

The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file, which is retrieved from our server when opening the newsletter from our server, or if we use a shipping service provider, from its server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are collected first.

This information is used to improve the technical requirements of the Services on the basis of the technical data or the target groups and their reading behaviour on the basis of the polling locations (which can be determined by means of the IP address) or the access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention, nor, if used, that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

We hereby provide you with all information on data processing by our company.
The corresponding obligations from Articles 13, 13a 14, 15, 26 and 30 of the GDPR are thus covered.

Who are the eligible recipients (both internal and external)?
Human Resources; Academy; File destruction service provider; Employee training by external companies

When will the data be deleted?
10 years after collection (as part of the Academy)
2 years after collection (as part of the Academy information event)
5 years after collection (as part of employee training)

Which categories of data are processed?
Name, training data
Bank and/or credit card data
Receipts (invoices, credit notes, reminders, travel expenses, etc.)
Contact details (name, phone, email, address, etc.)

Which people are affected?
Study participants
People interested in training at the Academy
Employees

The right to “access” (see Article 15 GDPR)
You have the right to access the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “rectification” of inaccurate data (see Article 16 GDPR)
You have the right to have inaccurate data rectified. Please contact us.

The right to “erasure of your data” (see Article 17 GDPR)
You have a right to erasure of your data if (a) the data is no longer necessary; (b) You may need to have revoked your consent or there is no other legal basis (no longer) (c) you have rightly objected to: (d) the data have been wrongly processed; (e) the deletion is required by law; (f) the data comes from children and should be deleted. Please note that under Article 17 (2) GDPR may not be deleted.

The right to “restriction of processing” (see Article 18 GDPR)
You have the right to “block” your data if (a) you dispute the accuracy of the data; (b) the processing is unlawful and you deny deletion; (c) the data is no longer needed by us; (d) you still need the data due to legal claims.

The right to “object to processing” (see Article 21 GDPR)
You have the right to object to processing if there are grounds for doing so arising from your PARTICULAR SITUATION. For our part, it is being weighed up whether we have compelling reasons for processing worthy of protection.

The right to “withdraw consent” (see Article 7 (3) GDPR)
You have the right to withdraw consent (insofar as this is relevant to the processing described here). The revocation applies only to the future.

The right to “data portability” (see Article 20 GDPR)
You have the right to have your data handed over to you if (a) the legal basis is based on consent or a contract; (b) you have made this data available on your own; (c) the data is processed automatically. If these conditions are met, you can also request that we pass on the data to a recipient of your choice.

The right to “lodge a complaint” (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority.
You are welcome to contact us first before contacting the supervisory authority; our highly competent company data protection officer will deal with your request much more quickly and just as thoroughly. If we can’t help you, you can still contact the supervisory authority.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is an automated case-by-case decision taking place? (See Article 4 No. 4 GDPR)
No, this does not take place.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this does not take place.

Are there several persons responsible for ‘common responsibility’? (See Article 26 GDPR)
No, there is only ONE controller mentioned above.

Accounting

In the following we inform you in detail about all important details of this data processing. We refer to all the information requirements resulting from Articles 13, 14, 15, 26 and 30 of the GDPR. What is the purpose of this processing?
Performing operational accounting (handling of incoming and outgoing invoices). Audit. Dunning. Assignment. Preparation of monthly and annual financial statements. transfer)

Who is responsible for this processing?
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

Who is named as the company’s data protection officer? (See Article 37 GDPR)
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

What is the legal basis? Why is this processing allowed? Protection of the legitimate interests of the controller (Article 6 (1f) GDPR) Employment relationship (Section 26 BDSG)

Explanation of the majority of legal bases:
The following data categories are affected in the employment relationship: Wage and salary data, contact data. All other categories of data are of legitimate interest.

Specifically, what “legitimate interests” does the person responsible pursue? (See Article 13 (1d) GDPR)
Right to profit, labor and cost efficiency

Who are the eligible recipients (both internal and external)?
Accounting; External service providers / support staff / technicians; External accounting; Accounting and payroll service providers; Bank

When will the data be deleted again?
10 years after the end of the calendar year (according to Section 147 (3) Of the Tax Code)

Which categories of data are processed?
Bank transfer data
Accounting data
Currency exchange
Bank and credit card data
Receipts (invoices, credit notes, reminders, travel expenses, etc.)
Wage/salary data

Which persons are affected?
Freelance contractors
Employees
Customers
Suppliers

The right to “rectification” of inaccurate data (see Article 16 GDPR)
You have the right to have inaccurate data rectified. Please contact us.

The right to “lodge a complaint” (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority. The contact details are: LDI NRW, Kavalleriestr. 2-4, 40213 Dusseldorf GERMANY, Tel. 0049-211-38424-0, www.ldi.nrw.de.
You are welcome to contact us first before contacting the supervisory authority; our highly competent company data protection officer will deal with your concerns much more quickly and just as thoroughly. If we can’t help you, you can still contact the supervisory authority.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is an automated case-by-case decision taking place? (See Article 4 No. 4 GDPR)
No, this does not take place.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this does not take place.

Are there several persons responsible for ‘common responsibility’? (See Article 26 GDPR)
No, there is only ONE controller mentioned above.

COMPUTER administration

In the following we inform you in detail about all important details of this data processing. We refer to all the information requirements resulting from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Administration of the company’s computer (user management, support, backup, maintenance, etc.)

Who is responsible for this processing?
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

Who is named as the company’s data protection officer? (See Article 37 GDPR)
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)

Specifically, what “legitimate interests” does the person responsible pursue? (See Article 13 (1d) GDPR)
Ensuring data protection and (information) security

Who are the eligible recipients (both internal and external)?
IT consultant; IT department; Human resources

When will the data be deleted again?
10 years after the end of the calendar year (according to Section 147 (3) Of the Tax Code)

Which categories of data are processed?
All e-mail traffic
All Internet usage
Date of computer logon and logoff
Log data (technical type)
Usage data (date and type of usage)
Directory service (MS Active Directory, LDAP, …)

Which people are affected?
Employees
Interested parties
Customers

The right to “rectification” of inaccurate data (see Article 16 GDPR)
You have the right to have inaccurate data rectified. Please contact us.

The right to “lodge a complaint” (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority. You are welcome to contact us before contacting the supervisory authority; our very competent operational data protection officer takes care of your request much faster and just as thoroughly. If we can’t help you, you can still contact the supervisory authority.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is an automated case-by-case decision taking place? (See Article 4 No. 4 GDPR)
No, this does not take place.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this does not take place.
Are there several controllers in the sense of “joint controllership”? (See Article 26 GDPR)
No, there is only the ONE controller mentioned above.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is an automated case-by-case decision taking place? (See Article 4 No. 4 GDPR)
No, this does not take place.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this does not take place.

Are there several persons responsible for ‘common responsibility’? (See Article 26 GDPR)
No, there is only ONE controller mentioned above.

Communication

In the following we inform you in detail about all important details of this data processing. We refer to all the information requirements resulting from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Exchange and transfer of information (e-mails, telephone, Internet, letters, data exchange) and the corresponding management and logging.

Who is responsible for this processing?
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)

Specifically, what “legitimate interests” does the person responsible pursue? (See Article 13 (1d) GDPR)
Right to profit, labor and cost efficiency

Who are the eligible recipients (both internal and external)?
All employees of rheingold

When will the data be deleted again?
Never

What categories of data are processed?
Contact details (name, tel, e-mail, address, …)

Which persons are affected?
Press contacts
Freelance contractors
Employees
Customers
Suppliers

The right to “rectification” of inaccurate data (see Article 16 GDPR)
You have the right to have inaccurate data rectified. Please contact us.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is an automated case-by-case decision taking place? (See Article 4 No. 4 GDPR)
No, this does not take place.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this does not take place.

Are there several persons responsible for ‘common responsibility’? (See Article 26 GDPR)
No, there is only ONE controller mentioned above.

Controlling/ Monitoring

In the following we inform you in detail about all important details of this data processing. We refer to all the information requirements resulting from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Reporting, documenting and analyzing (sales, customer behavior, etc.)

Who is responsible for this processing?
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)

Specifically, what “legitimate interests” does the person responsible pursue? (See Article 13 (1d) GDPR)
Right/obligation to controlling or quality management

Who are the eligible recipients (both internal and external)?
All employees; IT department; COMPUTER service providers

The right to “rectification” of inaccurate data (see Article 16 GDPR)
You have the right to have inaccurate data rectified. Please contact us.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is an automated case-by-case decision taking place? (See Article 4 No. 4 GDPR)
No, this does not take place.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this does not take place.

Are there several persons responsible for ‘common responsibility’? (See Article 26 GDPR)
No, there is only ONE controller mentioned above.

Customer Relationship Management

In the following we inform you in detail about all important details of this data processing. We refer to all the information requirements resulting from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Comprehensive management of existing customers (customer acquisition and retention); Organisation of the Congress

Who is responsible for this processing?
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)

Specifically, what “legitimate interests” does the person responsible pursue? (See Article 13 (1d) GDPR)
Right to advertising (see recital 47 GDPR)

Who are the eligible recipients (both internal and external)?
Head of Department / Head of Division; Accounting; Operators

When is the data deleted?
5 years after collection
10 years after the end of the year ((tax-relevant data) as part of the sale of publications))
immediately after the end of the contract (employees as part of the website)
There is no storage of tracking data (cookies) for website visitors

The right to “rectification” of inaccurate data (see Article 16 GDPR)
You have the right to have inaccurate data rectified. Please contact us.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is an automated case-by-case decision taking place? (See Article 4 No. 4 GDPR)
No, this does not take place.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this does not take place.

Are there several persons responsible for ‘common responsibility’? (See Article 26 GDPR)
No, there is only ONE controller mentioned above.

Advertising

What is the purpose of this processing?
Attracting and retaining customers (awakening interest for new products and services)

Who is responsible for this processing?
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

Who is named as the company’s data protection officer? (See Article 37 GDPR)
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

What is the legal basis? Why is this processing allowed?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)

Specifically, what “legitimate interests” does the person responsible pursue? (See Article 13 (1d) GDPR)
Right to advertising (see recital 47 GDPR)

Who are the eligible recipients (both internal and external)?
Head of Department / Head of Division; Operators

When will the data be deleted again?
The contact details for the newsletter are cleaned up after each shipment, there is no deletion period.

What categories of data are processed?
Contact details (name, tel, e-mail, address, …)

Which people are affected?
Interested parties
Press contacts
All contacts stored in Outlook
Service providers
Customers

The right to “rectification” of inaccurate data (see Article 16 GDPR)
You have the right to have inaccurate data rectified. Please contact us.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is an automated case-by-case decision taking place? (See Article 4 No. 4 GDPR)
No, this does not take place.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this does not take place.

Are there several persons responsible for ‘common responsibility’? (See Article 26 GDPR)
No, there is only ONE controller mentioned above.

Surveillance

In the following we inform you in detail about all important details of this data processing. We refer to all the information requirements resulting from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Opto-Electronic Monitoring
Who is responsible for this processing?
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

Who is named as the company’s data protection officer? (See Article 37 GDPR)
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

What is the legal basis? Why is this processing permissible?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)
Specifically, what “legitimate interests” is the controller pursuing? (See Article 13 (1d) GDPR)
Right/obligation to controlling or quality management

Who are the authorized recipients (both internal and external)?
IT department; police
When will the data be deleted?
5 days after collection (exception: incidents were documented)

What categories of data are processed?
Video

Which persons are affected?
Employees who are in the security area
Persons affected by video surveillance

The right to “rectification” of inaccurate data (see Article 16 GDPR)
You have the right to have inaccurate data rectified. Please contact us.

The right to “lodge a complaint” (see Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority.
You are welcome to contact us first before contacting the supervisory authority; our highly competent company data protection officer will deal with your concerns much more quickly and just as thoroughly. If we can’t help you, you can still contact the supervisory authority.

Data collection by third parties
No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is an automated case-by-case decision taking place? (See Article 4 No. 4 GDPR)
No, this does not take place.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this does not take place.

Are there several persons responsible for ‘common responsibility’? (See Article 26 GDPR)
No, there is only ONE controller mentioned above.

Documentation of information, deletion and other requests

In the following we inform you in detail about all important details of this data processing. We refer to all the information requirements resulting from Articles 13, 14, 15, 26 and 30 of the GDPR.

What is the purpose of this processing?
Individuals can exercise their personal rights. The fulfillment is documented in order to be able to provide proof later if necessary.
Who is responsible for this processing?
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

Who is named as the company’s data protection officer? (See Article 37 GDPR)
Organic Farming Italy
c/o My Bio Farm GmbH
Landsberger Str. 333E
80687 Munich

What is the legal basis? Why is this processing permissible?
Safeguarding the legitimate interests of the controller (Article 6 (1f) GDPR)
Specifically, what “legitimate interests” is the controller pursuing? (See Article 13 (1d) GDPR)
Defense against claims for damages. Proof of data protection compliance.

Who are the eligible recipients (both internal and external)?
Management

When will the data be deleted?
3 years after the relevant contact has been made by the person
Which categories of data are processed?
Information data (possibly name, possibly e-mail, etc.) Information data (possibly personal data that must be provided with information)
Legitimation data (possibly copy of ID card)

Which persons are affected?
Persons who exercise their personal rights (information, deletion, etc.)
The right to “information” (see Article 15 GDPR)
You have a right to information about the data concerning you. This is precisely what the document before us is intended to ensure in the best possible way. If you have any further questions, please feel free to contact us.

The right to “rectification” of inaccurate data (see Article 16 GDPR)
You have the right to have inaccurate data rectified. Please contact us.

Data collection by third parties

No, no data is collected by third parties. Thus, all data is requested/collected by us.

Is profiling taking place? Are personal aspects analyzed or predicted? Is an automated case-by-case decision taking place? (See Article 4 No. 4 GDPR)
No, this does not take place.

Are there data transfers to recipients in third countries (i.e. outside the EU)? (See Article 44 GDPR)
No, this does not take place.

Are there several persons responsible for ‘common responsibility’? (See Article 26 GDPR)
No, there is only ONE controller mentioned above.

Status: 01.01.2025