Data Protection Policy

1 Data Protection Policy of GEPA mbH
GEPA - The Fair Trade Company

Protecting your personal data is very important to us. Accordingly we will, of course, always treat your personal data in compliance with the statutory provisions on Data Protection. We have commissioned a qualified and reliable external data protection officer. The appointment of the external data protection officer is carried out by UIMC, Dr. Voßbein GmbH & Co KG.

This policy sets out information regarding the processing of personal data.

 

1.1 Collection and Processing of Personal Data 

As a rule you can use our online offering without disclosing your identity. Where we ask for personal data on our website (such as name, address, or email), for example as part of contract forms or when subscribing or registering, providing such information is entirely voluntary. Such information will be used for our own business purposes (such as sending you the materials/information requested).

If you have any questions, we offer the opportunity for you to contact us via the contact form on our website. For this certain information is marked as mandatory, and this needs to be provided in order to enable us to answer the query. Additional information may be provided on a voluntary basis. Data processing for the purposes of contacting us is done in accordance with Art. 6 (1) S. 1 (a) GDPR, on the basis of the voluntary consent provided by you.

The personal data collected by us for using the contact form will be deleted after your request has been processed and after the relevant retention periods for tax and commercial law purposes have expired.

You can withdraw any such consent you may have given us - e.g. for the purposes of receiving a newsletter or some other interesting information - at any time, without having to provide any reasons and with effect for the future. To do this you may use the contact form above, or any other method stipulated in the newsletter.
 

1.2 Protocols

Every time you access our website, protocols are created and processed for statistical purposes, while maintaining the anonymity of the individual user.

  • Referrer (page on which the link was located through which you came to our website)
  • Search terms (where the referrer is a search engine
  • Your IP-address will be analysed in order to determine the country of origin and the provider.
  • Browser, operating system, installed plug-ins, and screen resolution.
  • Time spent on the pages.

Based on our legitimate interest pursuant to Article 6 (1) (f) of the GDPR, the data stipulated above shall be processed for the following purposes:

  • Ensuring a smooth connection with the website,
  • Ensuring that our website is comfortable to use,
  • Analysis of the security and stability of the system, and
  • for other administrative purposes.

1.3 Contact via email, telephone or fax

If you contact us via email, telephone or fax, your request, including all of the personal data resulting from that query (name, request), will be stored and processed by us, for the purposes of dealing with your query. We will not pass those data on to third parties without your consent.


Where your query relates to the performance of a contract or is necessary in order to carry out any pre-contractual steps, then any such data will be processed on the basis of Article 6 (1) (b) GDPR. In all other cases, the processing of personal data is based on your consent (Article 6 (1)(a) GDPR) and/or our legitimate interests (Art. 6 (1)(f) GDPR), as we have a legitimate interest in effectively dealing with any requests addressed to us.


The data sent to us by you by way of a contact request remains with us until such time as you request that we delete this, withdraw your consent for these data to be stored, or the purpose for storing such data no longer persists (e.g. after we have completed your request). Any mandatory statutory provisions, including in particular the statutory retention periods, shall remain unaffected.

1.4 Data processing when contacting us by phone

When you contact us by phone, then your phone number will be recorded and processed for statistical purposes, although the individual users remain anonymous, unless the number is already assigned to an existing customer. Based on our legitimate interest pursuant to Article 6 (1) (f) of the GDPR, the phone number shall be processed for the following purposes:

  • Ensuring that your query is answered in an effective manner, or, as the case may be, that your query is addressed by us in a target-oriented manner.
  • Analysis of the security and stability of the system, and
  • for other administrative purposes.

We reserve the right to check these data retrospectively if we become aware of concrete indications that there has been some unlawful use. These data are deleted immediately as soon as they are no longer required for their purpose, but in any event no later than after six months.

1.5 Transmission of Data

As a rule, any transmission of your data to third parties for commercial or non-commercial purposes, without your express permission, is excluded. We shall only transmit your personal data to third parties, where this is legally permissible [e.g. on the basis of Article 6 GDPR], and/or where this is necessary. Occasionally we employ service providers for the statutorily envisioned processing of data; for example, we work with the following hosting providers and agencies for our internet pages.

Website

Hosting provider

Agengy

gepa.deHost Europe GmbHSystkom GmbH
gepa-shop.dePlusServer GmbHtm-webentwicklung GmbH
gepa-wug.deWebOscar.netfrieauff.com
gepa-ausserhaus.deHost Europe GmbHSystkom GmbH
fairtrade.de1und1 Internet SEtm-webentwicklung GmbH
fair-plus.deHost Europe GmbHSystkom GmbH
gepa-jetztfairemilch.deHost Europe GmbHSystkom GmbH
gepa-wuppertal.deWebOscar.netfrieauff.com

 

However, the full responsibility for data processing remains with us. Moreover, we occasionally use plugins of third-party providers on our website; please see below for further details.

1.6 Liability for own content

The contents of this page have been produced with the utmost care. However, we cannot guarantee that the contents are accurate, complete, and current. As service providers, we are responsible for our own contents on these pages, as per the general statutory provisions.

1.7 Liability for Links (content from external providers)

These own contents must be differentiated from links to contents provided by third-party providers. We have no influence on their contents, so responsibility for the content of the linked pages shall rest with the respective provider or operator of the website in question.

1.8 Rights of the Data Subject

Pursuant to Article 15 et seqq. of the GDPR. and provided the conditions stipulated therein have been met, you have the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data relating to you infringes this Regulation. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

1.9 Changes to our Data Protection Policy

We reserve the right to amend this data protection policy from time to time in order to ensure that it complies with the legal requirements current from time to time, or in order to implement any changes to our services, e.g. when introducing new services. Any future visit would then be governed by the data protection policy as amended.

1.10 Cookies

 

This page uses cookies. Cookies are text files stored on your computer, which allow us to analyse how you use our website, and to automatically recognise you the next time you visit the website.

Any cookies that are not technically necessary for operating the website will only be used by us if you have provided your consent via the cookie consent tool pursuant to Art. 6 (1) (a) GDPR. You can change your settings at any time, and by doing so withdraw your consent with effect for the future. Additional possibilities for excluding cookies are set out below.

 

1.11 Web Analysis using Google Analytics

If you have provided your consent pursuant to Art. 6 (1) (a) GDPR when visiting this website, allowing us to use tracking cookies, then, based on that consent, this website will use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google analytics uses so-called “cookies”, text files stored on your computer, which allow an analysis of how you use our website.

 

The information regarding your use of this website, created by the cookies (including your abbreviated IP address), will be transmitted to a Google server in the US, and stored there for a period of 14 months. Google will use this information in order to analyse your use of the website, in order to produce reports regarding the website activities for the website operator and in order to provide further services to the website operator connected with the use of the website and internet use. Google will also transmit this information to third parties, where this is a statutory requirement, or where such third parties process these data on behalf of Google. Your browser’s IP address, as transmitted by your browser as part of Google Analytics, does not get linked to any other data collected by Google.

 

If you have given your consent to the use of tracking cookies but you want to object to this use at some later point in time, you can do so by installing a so-called add-on on your browser. In order to do that, you can follow this link which will direct you to Google’s website: tools.google.com/dlpage/gaoptout?hl=en [external website]. Alternatively you can revoke your consent by deleting your browser settings and clicking our Overlay Cookie Consent Tool again.

 

You can find further information regarding the conditions of use and data protection here: https://marketingplatform.google.com/about/analytics/terms/us/ or here https://policies.google.com/?hl=en&gl=en. Please note that on this website Google Analytics has been extended by the code “anonymizeIp”, in order to ensure that IP addresses can be collected in an anonymised manner (so-called IP masking).

 

1.12 eTracker

The provider of this website uses the services of the company etracker GmbH from Hamburg, Germany (https://www.etracker.com) for the purposes of analysing user data. As a standard we do not use cookies for the purposes of web analysis. To the extent that we do use cookies for the purposes of analysis and optimising, we will explicitly ask for your consent separately in advance. If this is the case and you have given us your consent, then cookies are used that allow a statistical analysis of the reach of this website, measuring the success of our online marketing measures and also to run testing processes, e.g. in order to test and optimise different versions of our online offering or its component parts. Cookies are little text files that are stored on the device of a user by the internet browser. etracker cookies do not contain any information that would make the identification of a user possible.

 

The data produced by etracker are then processed and stored on behalf of the provider of the website, and such processing and storing is done exclusively in Germany, meaning that they are subject to the strict German and European data protection legislation and standards. etracker has been independently audited and certified in this respect, and has been awarded the data protection quality seal: ePrivacyseal

 

This data processing is based on the legal provisions of Art. 6 (1) (f) (legitimate interest) of the General Data Protection Regulation (GDPR). Our interest for the purposes of the GDPR (legitimate interest) is optimising our online offering and our online presence. As our visitors’ privacy is very important to us, any data that might possibly allow any connection to an individual person, such as IP addresses, registration, or device identifiers, are anonymised and pseudonymised as early as possible. The data are not used for any other purpose, such as combining them with other data or passing them on to third parties.

 

You may object to the data processing as set out above at any time. Any such objection shall have no detrimental effects.

 

Further information regarding data protection and etracker can be found here https://www.etracker.com/datenschutz/.

 

1.13 Google Maps

We use Google Maps to show maps. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You will be alerted to these pages accordingly.

 

By using this service, you consent to Google collecting, processing, and using the data collected as part of this, as well as such data as you enter yourself. You can find the conditions of use for Google Maps here: https://www.google.com/intl/en_en/help/terms_maps/  [external page].

2 Data Processing as part of the Newsletter Subscription

2.1 Data Processing

We, the GEPA mbH, GEPA – The Fair Trade Company, of GEPA-Weg 1, 42327 Wuppertal, telephone: +49 (0)202 266 83 0, email: info@gepa.de, will only process your personal data in connection with the order and your receipt of our newsletter, in order to send you information about our products, services, events and other information about us that you might find interesting. The data provided by you are necessary for us sending you our newsletter. Without these data we will not be able to consider your registration for our newsletter. You can object to such information being sent at any time with effect for the future.


In order to ensure consensual sending of newsletters, we use the so-called double-opt-in process. As part of this, the potential recipient asks to be added to a list. Following this the user is sent a confirmation email and given the option of confirming this registration in a legally sound manner. The address is only actively included in the mailing list if it is confirmed.
 

2.2 Microsoft Dynamics 365 Cloud for Marketing

We use the marketing automation system Microsoft Dynamics 365 Cloud for Marketing provided by the Microsoft Corporation (Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich) – hereinafter “Microsoft” in order to carry our marketing activities, for analysis purposes and in order to address customers and potential customer in a targeted manner. The data are processed inside the European Union.


In particular we use the system for sending email communications (e.g. in connection with making downloads available), for event management (e.g. administration of participants), and for making available landing pages and contact forms.


Our use of the provider Microsoft and of this system, the carrying out of statistical data collection and analyses, as well as recording the registration process for the purposes of email communication, are all done on the basis of your consent to communicating by email via Microsoft Dynamics 365 Cloud for Marketing. It is our aim to use a user friendly and secure system, which serves our business interests as well as well as meeting the expectations of the users.


The system components that are part of our online offering (such as forms) use so-called “cookies” that are stored on a user’s computer, and which allow an analysis of how our website is used.
In particular the following information is collected: client ID, the geographical location, type of browser, duration of the visit and websites visited.


Pseudonymised email tracking: Part of the statistical analysis is the determination of whether the newsletters are read, when they are read, and which links are clicked. Although this information could technically be allocated to the individual recipients of the newsletter, any analysis of personal data is switched off, and any information regarding the recipients of newsletters are only analysed in pseudonymised form and cannot be decrypted and allocated to individual persons.


You can find further information regarding data protection issues in Microsoft’s privacy statement https://privacy.microsoft.com/en-gb/privacystatement.


Additional information regarding the use of cookies in connection with the system can be found here: https://docs.microsoft.com/en-us/dynamics365/marketing/cookies.
 

2.3 Storage and Erasure of Data

Your data will be stored for as long as this is required for the purposes set out above. These data will be deleted at the latest once the contractual relationship has come to an end and any retention periods stipulated under civil, commercial or tax law have expired.

2.4 Your Rights

Please note that pursuant to article 15 et seqq. of the GDPR you have the following rights as a Data Subject, subject to the conditions defined therein: The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

3 Data Processing as part of the Customer Contract (B2C)

3.1 Data Processing

We, the GEPA mbH, GEPA – The Fair Trade Company, of GEPA-Weg 1, 42327 Wuppertal, telephone: +49 (0)202 266 83 0, email: info@gepa.de, process data relating to your person in connection with the conclusion, performance and execution of the contract entered into, or where this is necessary in order to take steps prior to entering into a contract, as per article 6 (1)(b) of the GDPR, and in order to comply with legal obligations (for example regarding commercial or tax law)  on the basis of article 6 (1)(c) of the GDPR.


Furthermore, data are also processed for legitimate purposes as per article 6 (1)(f) of the GDPR, such as internal market research and marketing purposes, internal statistics, optimisation of offers. The legitimate interests here lie particularly in optimising processes and cost effective allocation; your interests, basic rights and basic freedoms are given due consideration when doing this.


The data provided by you are necessary for the performance of the contract. Without these data we will not be able to perform the contract.

3.2 Information for users of www.gepa-shop.de

You can sign in to the secure area of our website using your personal identifier. For this we process the following data:

  • When did you last sign in
  • Items in your shopping basket

Furthermore, as part of our online shop we also process the following customer data once an order has been placed:

  • IP-Address
  • Master data (Name, Address, etc.)
  • Email address
  • Payment details
  • Customer number
  • Items ordered and order history
  • Date of Birth as part of the legal requirements of the German Youth Protection Legislation (Jugendschutzgesetz).

We reserve the right to check these data retrospectively if we become aware of concrete indications that there has been some unlawful use. These data are deleted immediately as soon as they are no longer required for their purpose, but in any event no later than after six months after they are no longer required.


Where you have provided us with consent to do this, we will be using your data to send you information about our products, services, events, and other information about us that you might find interesting. You can object to such information being sent at any time with effect for the future.

3.3 Transmission of Data / Service Providers

Your personal data may be transmitted to external service providers (such as delivery companies or financial institutions, processing payments). External IT-service providers may also be able to access your data (as part of contract data processing pursuant to article 28 of the GDPR). In such cases the service providers act on our instructions, which is ensured by way of corresponding contracts having been entered into. Some of these service providers have their seat outside the EU/EEC; these service providers ensure an appropriate level of data protection by entering into EU standard contract clauses. At any time you have the opportunity to receive a copy of these arrangements here.

3.4 Storage and Erasure of Data

Your data will be stored for as long as this is required for the purposes set out above. These data will be deleted at the latest once the contractual relationship has come to an end and any retention periods stipulated under civil, commercial or tax law have expired.

3.5 Your Rights

Please note that pursuant to article 15 et seqq. of the GDPR you have the following rights as a Data Subject, subject to the conditions defined therein: The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

4 Processing Customer Data (B2B) 

(Personal Data refers to all such data as relates to you as a natural person):

4.1 Data Processing

As a contract partner of your company, we, the GEPA mbH, GEPA – The Fair Trade Company, of GEPA-Weg 1, 42327 Wuppertal, telephone: +49 (0)202 266 83 0, email: info@gepa.de, process personal data relating to your person in connection with producing offers, and to perform the contracts as per article 6 (1)(b) of the GDPR, as well as for the purposes of fulfilling contractual and legal obligations (e.g. in relation to commercial and tax law) on the basis of article 6 (1)(c) of the GDPR. The contract is entered into between us and your company. External requirements (e.g. revenue/tax law) may result in personal data regarding your person may be compared with lists published by public authorities.


Furthermore, data are also processed for legitimate purposes as per article 6 (1)(f) of the GDPR, such as internal market research and marketing purposes, internal statistics. The legitimate interests here lie particularly in optimising processes and cost effective allocation; your interests, basic rights and basic freedoms are given due consideration when doing this.


Only where you have provided us with consent to do this, or where we have reasonably informed you as part of the data collection as per section 7 of the German Act Against Unfair Competition [UWG] / section 107 of the Austrian Telecommunications Act, will we be using your data to send you information about our products, services, events, and other information about us that you might find interesting. You can object to such information being sent at any time with effect for the future.


The data provided by you are necessary for the performance of the contract. Without these data we will not be able to perform the contract entered into with your company.
 

4.2 Information for users of www.gepa-shop.de

You can sign in to the secure area of our website using your personal identifier. For this we process the following data:

  • When did you last sign in
  • Items in your shopping basket

Furthermore, as part of our online shop we also process the following customer data once an order has been placed:

  • IP-Address
  • Master data (Name, Address, etc.)
  • Email address
  • Payment details
  • Customer number
  • Items ordered and order history

4.3 Information for users of www.gepa-wug.de

You can sign in to the secure area of our website using your personal identifier. For this we process the following data:

  • Master data (Name, Address, etc.)
  • Email address
  • Timing of notification
  • Total number of logins
  • When the last order was placed
  • Number of orders
  • Items ordered

We reserve the right to check these data retrospectively if we become aware of concrete indications that there has been some unlawful use. These data are deleted immediately as soon as they are no longer required for their purpose, but in any event no later than after six months after they are no longer required.
 

4.4 Transmission of Data

Your personal data may be transmitted to external service providers (such as delivery companies or financial institutions, processing payments). External IT-service providers may also be able to access your data (as part of contract data processing pursuant to article 28 of the GDPR). In such cases the service providers act on our instructions, which is ensured by way of corresponding contracts having been entered into. Some of these service providers have their seat outside the EU/EEC; these service providers ensure an appropriate level of data protection by entering into EU standard contract clauses. At any time you have the opportunity to receive a copy of these arrangements here.

4.5 Storage and Erasure of Data

Your data will be stored for as long as this is required for the purposes set out above. These data will be deleted at the latest once the contractual relationship has come to an end and any retention periods stipulated under civil, commercial or tax law have expired.

4.6 Your Rights

Please note that pursuant to article 15 et seqq. of the GDPR you have the following rights as a Data Subject, subject to the conditions defined therein: The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5 Data processing by suppliers and other business partners (B2B)

5.1 Data processing

As a contract partner of your company, we, the GEPA mbH, GEPA – The Fair Trade Company, of GEPA-Weg 1, 42327 Wuppertal, telephone: +49 (0)202 266 83 0, email: info@gepa.de, process personal data relating to your person in connection with our legitimate interest in producing offers, to perform the contracts, for accounting and cost calculation purposes as per article 6 (1)(f) of the GDPR, as well as for the purposes of fulfilling contractual and legal obligations (e.g. in relation to commercial and tax law) on the basis of article 6 (1)(c) of the GDPR. The contract is entered into between us and your company. External requirements (e.g. revenue/tax law) may result in personal data regarding your person may be compared with lists published by public authorities.


Furthermore, data are also processed for legitimate purposes as per article 6 (1)(f) of the GDPR, such as statutorily stipulated information, such as internal delivery details, delivery purpose, information on quality, certification, or internal statistics. The legitimate interests here lie particularly in optimising processes and cost-effective allocation; your interests, basic rights and basic freedoms are given due consideration when doing this.


Only where you have provided us with consent to do this, or where we have reasonably informed you as part of the data collection as per section 7 of the German Act Against Unfair Competition [UWG] / section 107 of the Austrian Telecommunications Act, will we be using your data to send you information about our products, services, events, and other information about us that you might find interesting. You can object to such information being sent at any time with effect for the future.


The data provided by you are necessary for the performance of the contract. Without these data we will not be able to perform the contract entered into with your company.
 

5.2 Transmission of Data / Service Providers

Your personal data may be transmitted in part to external service providers (such as tax advisors, legal advisors, testing laboratories, certifiers, etc.). External IT-service providers may also be able to access your data (as part of contract data processing pursuant to article 28 of the GDPR). In such cases the service providers act on our instructions, which is ensured by way of corresponding contracts having been entered into. Some of these service providers have their seat outside the EU/EEC; these service providers ensure an appropriate level of data protection by entering into EU standard contract clauses. At any time you have the opportunity to receive a copy of these arrangements here.

5.3 Storage and Erasure of Data

Your data will be stored for as long as this is required for the purposes set out above. These data will be deleted at the latest once the contractual relationship has come to an end and any retention periods stipulated under civil, commercial or tax law have expired.

5.4 Your Rights

Please note that pursuant to article 15 et seqq. of the GDPR you have the following rights as a Data Subject, subject to the conditions defined therein: The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6 Data Processing as part of the Application Procedure

6.1 Data Processing

We - GEPA mbH - GEPA - The Fair Trade Company, Human Resources, bewerbung@remove-this.gepa.de - process your personal data in relation to your person in connection with your application process, and in order to evaluate how you might potentially be employed. In order to come to a well-reasoned personnel decision, we process the information you have provided on the basis of section 26 of the German Data Protection Act (BDSG) and article 6 (1)(b) of the GDPR. In addition to this, evaluations based on objective, non-discriminating criteria will be stored as well; where this is permissible in the individual case, publicly accessible personal data may also be stored in relation to your person.


The data provided by you are necessary for the application process. Without these data we will not be able to consider your application.
 

6.2 Transmission of Data / Service Providers

Provided you have provided your consent thereto, we may also pass your personal data on to our affiliated companies in order to offer you additional entry options within our group of companies. Even those of our affiliated companies that have their seat outside the EU ensure an appropriate level of data protection by entering into EU standard contract clauses.


External IT-service providers may also be able to access your data (as part of contract data processing pursuant to article 28 of the GDPR). In such cases the service providers act on our instructions, which is ensured by way of corresponding contracts having been entered into. Some of these service providers have their seat outside the EU/EEC; these service providers ensure an appropriate level of data protection by entering into EU standard contract clauses. At any time you have the opportunity to receive a copy of these arrangements here.

6.3 Storage and Erasure of Data

Your data will be stored for as long as this is required for the purposes of the personnel selection procedure, as set out above. In the event that you object to the processing of your data during the personnel selection procedure, those data will be deleted, provided that this is not precluded by any statutory retention periods.

These data will then be deleted following the end of the application process, and after any limitation periods have expired, unless you have provided your consent to store your application for further job offers. Speculative applications will be stored until they are withdrawn or, at most, up to two years, following which they will be deleted.

6.4 Your Rights

Please note that pursuant to article 15 et seqq. of the GDPR you have the following rights as a Data Subject, subject to the conditions defined therein: The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

7 Social Media

7.1 Facebook

For the purposes of providing the information services provided under https://www.facebook.com/gepa.fairtradecompany, GEPA mbH, GEPA – The Fair Trade Company, of GEPA-Weg 1, 42327 Wuppertal, telephone: +49 (0)202 266 83 0, email: info@gepa.de, (external data protection officer: UIMC Dr. Voßbein GmbH & Co KG - contact details here) makes use of the technical platform and the services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2.

Please note that if you use this Facebook page and its functions, you do so at your own responsibility. This shall apply in particular in respect of the use of any interactive functions, such as commenting, sharing or evaluating.

7.1.1 Collection of Data

Instead of using Facebook plugins, we have decided to only link to Facebook, so that your visiting our website does not automatically transmit your personal data to Facebook.

This technological solution also avoids that we automatically collect your personal data in this respect. By linking to the site, Facebook will also only process your personal data if you actively click the Facebook button. However, if you are already logged in to your Facebook account when you access our website, then Facebook will at least process the information which of our web pages you visited with your IP address, at what time, and with what browser. We have no influence on the type and extent of the personal data processed by Facebook.

We will only start to collect your personal data via Facebook if you become active on our Facebook Fan page, for which we are responsible together with Facebook, and disclose your personal data. By entering your data on our Facebook page, you consent to us processing your data pursuant to Art. 6 (1) (a) GDPR.

Further information regarding the use of your data can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy [external link]

You can find information on how to manage or delete information about you here: https://www.facebook.com/privacy/explanation.

We ourselves neither collect nor process any data from your use of the service. However, should we share any of your comments or respond to them, or if we compose posts ourselves that reference your profile, then the data you have provided to the service, including in particular your (user)name and the contents published on your account, shall be processed to such extent as these have been included in our offer and made available to our fans.

Information pursuant to Art. 26 (2) GDPR: The Operator and we have an arrangement as per Art. 26 (1) GDPR (joint responsibility - see in this respect: Page-Insights-addition in respect of the responsible party). Within this scope, the operator operates the entire IT infrastructure of the service, implements its own data protection provisions, maintains a separate user relationship with you (provided that you are a registered user of that service) and is also responsible, jointly with us, for deleting illegal or inappropriate posts or contents on the page. Moreover, the operator is solely responsible for any questions regarding the data from your user profile, to which we, as a business, have no access.

In cases of requests for information and asserting user rights, the most effective way is to contact Facebook directly. Only Facebook has access to the user data and can take the relevant steps and provide information.

The Data Controller regarding the respective user information is Facebook Ireland. This business may be contacted either online or by mail to the following address:


Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland


In addition to this, you also have the right to lodge a complaint with the regulatory authority responsible for Facebook Ireland, the Irish Data Protection Commission, or with a local regulatory authority.

If you would like to assert your user rights in respect of any specific data processing which we have control over, please contact us. In those cases we will check your request (e.g. a request for information or an objection) ourselves, and, where necessary, will forward it to the operator responsible where your request relates to any data processing carried out by an operator of the social media network.
 

7.1.2 Your Rights

Pursuant to Article 15 et seqq. of the GDPR. and provided the conditions stipulated therein have been met, you have the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data relating to you infringes this Regulation. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.


For further details see here: https://www.facebook.com/about/privacy (How can you exercise your rights provided under the GDPR?)


If you assert any rights in respect of the collection of data for use with Facebook Insights, we will forward that query to Facebook, as we have neither the technological ability nor the authority to answer your query.

7.2 Twitter

Twitter is a blogging service, which enables users to publish text messages with a maximum length of 280 characters. It is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Instead of using Twitter plugins, we have decided to only link to Twitter, so that your visiting our website does not automatically transmit your personal data to Twitter.

By linking to the site, Twitter will only process your personal data if you actively click the Twitter button. However, if you are already logged in to your Twitter account when you access our website, then Twitter will already be processing your data. We have no influence on the type and extent of the personal data processed by Twitter.


We will only start to collect your personal data via Twitter if you become active on Twitter and disclose your personal data. By entering your data on Twitter, you consent to us processing your data pursuant to Art. 6 (1) (a) GDPR.


Further information regarding the use of your data can be found in Twitter’s privacy policy: https://twitter.com/en/privacy [external link]
 

7.3 LinkedIn

Like Xing, LinkedIn is a professional network, enabling people to cultivate their existing business contacts and generate new business contacts. That website is operated by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Instead of using plugins, we merely link to LinkedIn. This means that your personal data will not be transmitted automatically to LinkedIn when you visit our website. By linking to the site, LinkedIn will only process your personal data if you actively click the LinkedIn button. We have no control over the type and scope of your personal data that will be processed by LinkedIn.


Further information regarding the use of your data can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy?_l=de_DE [external link]

7.4 YouTube

YouTube is the largest, best-known, and most popular video platform in the world. That website is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary company of Google LLC.


For data protection reasons we have decided to only provide links to this website, rather than using YouTube plugins. This means that we do not process any of your personal data in this respect, and neither can YouTube automatically collect your data when you visit our website, provided that you are not logged in to your YouTube account when you visit our website. This technical solution enables you to decide if and when you wish to transmit any personal data to YouTube. It is only once you actively click on the YouTube button that your browser makes a connection to the YouTube servers and transmits your user data to YouTube. We have no influence on the type and extent of your data processed by YouTube.


Further information regarding the use of user data can be found in YouTube’s Privacy Policy: https://policies.google.com/privacy?hl=en&gl=en [external link]

7.5 Instagram

Instagram is a free online service that allows users to share photographs and videos. Our website links to the website of Instagram. The site is operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Our website links to the website of Instagram, instead of incorporating Instagram plugins. This means that your personal data will not be transmitted automatically to Instagram when you visit our website. By linking to the site, Instagram will only process your personal data if you actively click the Instagram button. However, if you are already logged in to your Instagram account when you access our website, then Instagram will be processing your personal data. We have no influence on the type and extent of the personal data processed by Instagram.


Further information regarding the use of your data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875 [external link]

7.6 Push notifications from Signalize

If you activate push notifications for this website via the service “Signalize”, then in order to make the notifications available to you a function of your internet browser or, as the case may be, your mobile operating system. Only anonymous or pseudonymous data are transmitted when sending notifications. Depending on the configuration of the website, these data could be:

 

  • Pseudonymous username: a randomly generated value (e.g.: 108bf9a85547edb1108bf9a85547edb1), that is stored in a tracking-cookie ID.
  • Pseudonymous digital fingerprints, pseudonymous mobile identifier numbers for devices, and, where appropriate, pseudonymous cross-device-identifiers.

Such data are only processed in order to deliver the notifications you have subscribed to, and to manage the settings relating to notifications. We would ask you to provide your consent for these data to be stored. The legal basis for this data processing is Art. 6 (1) (a) GDPR. You can opt out of receiving notifications at any time using your browser settings or the settings of your mobile device. You can find information on opting out of push notifications here: https://signalize.com/docs/sonstiges/opt-out-info/


In order to be able to sensibly personalise the push notifications for you, we use the preferences collected via a tracking pixel based on a pseudonymous profile, and, where you have given consent, also those preferences collected via cookies, and we then we will combine your message ID with the website user profile, but only for the purpose of sending personalised notifications. The tracking technology is also used for purposes of statistical analysis of the notifications on our behalf. This makes it possible to check whether a notification has been delivered and whether it has been clicked. The data produced by this are then processed and stored on our behalf by the company etracker GmbH, from Hamburg, who provide the Signalize service, and such processing and storing is done exclusively in Germany, meaning that they are subject to the strict German and European data protection legislation and standards. etracker has been independently audited and certified in this respect, and is authorised to use the data protection quality seal ePrivacyseal:https://www.eprivacy.eu/kunden/vergebene-siegel/firma/etracker-gmbh/


This data processing for the purposes of statistical analysis of the notifications and in order to better personalise notifications on the basis of the recipients’ interests is done on the basis of our legitimate interest in personalised direct marketing as per Art. 6 (1) (f) GDPR.  As our visitors’ privacy is very important to us, any data that might possibly allow any connection to an individual person, such as IP addresses, registration, or device identifiers, are anonymised and pseudonymised as early as possible. In this way, any direct relatability to individual persons is made impossible. The data are not used for any other purpose, such as combining them with other data or passing them on to third parties. 


You may object to the data processing as set out above at any time.

8 Data protection officer

If you have any questions regarding the processing of your personal data, you can contact our data protection officer directly, who, together with his team, will also be available in any cases of requests for information, applications, or complaints. 

The data protection officer for GEPA mbH - GEPA - The Fair Trade Company is:

Dr. Jörn Voßbein
external data protection officer
Otto-Hausmann-Ring 113
42115 Wuppertal
https://Datenschutz.UIMC.de
Telephone: 0202 - 265 74 0
datenschutz.gepa@uimc.de

As at 05/2021