Data Protection Policy

Foto: GEPA - The Fair Trade Company/A. Welsing

Data Protection Policy of GEPA mbH
GEPA - The Fair Trade Company

Protecting your personal data is very important to us. Accordingly we will, of course, always treat your personal data in compliance with the statutory provisions on Data Protection. We have commissioned a qualified and reliable external data protection officer, appointed by UIMC, Dr. Voßbein GmbH & Co KG. 

This policy sets out information regarding the processing of personal data.

Collection and Processing of Personal Data 

As a rule you can use our online offering without disclosing your identity. Where we ask for personal data on our website (such as name, address or email), for example as part of contract forms or when subscribing or registering, providing such information is entirely voluntary. Such information will be used for our own business purposes (such as sending you the materials/information requested). 

If you have any questions, we offer the opportunity for you to contact us via the contact form on our website. For this certain information is marked as mandatory, and this needs to be provided in order to enable us to answer the query. Additional information may be provided on a voluntary basis. Data processing for the purposes of contacting us is done in accordance with Art. 6 (1) S. 1 (a) GDPR, on the basis of the voluntary consent provided by you. 

The personal data collected by us for using the contact form will be deleted after your request has been processed and after the relevant retention periods for tax and commercial law purposes have expired. 

You can withdraw any such consent you may have given us - e.g. for the purposes of receiving a newsletter or some other interesting information - at any time, without having to provide any reasons and with effect for the future. To do this you may use the contact form above, or any other method stipulated in the newsletter.

Protocols

Every time you access our website, protocols are created and processed for statistical purposes, while maintaining the anonymity of the individual user.

  • Referrer (page on which the link was located through which you came to our website)
  • Search terms (where the referrer is a search engine
  • Your IP-address will be analysed in order to determine the country of origin and the provider.
  • Browser, operating system, installed plug-ins, and screen resolution
  • Time spent on the pages

Based on our legitimate interest pursuant to Article 6 (1) (f) of the GDPR, the data stipulated above shall be processed for the following purposes:

  • Ensuring a smooth connection with the website,
  • Ensuring that our website it comfortable to use,
  • Analysis of the security and stability of the system, and for other administrative purposes.
  • We reserve the right to check these data retrospectively if we become aware of concrete indications that there has been some unlawful use.

These data are deleted immediately as soon as they are no longer required for their purpose, but in any event no later than after six months. 

Transmission of Data

As a rule, any transmission of your data to third parties for commercial or non-commercial purposes, without your express permission, is excluded. We shall only transmit your personal data to third parties, where this is legally permissible [e.g. on the basis of Article 6 GDPR], and/or where this is necessary. Occasionally we employ service providers for the statutorily envisioned processing of data; for example, we work with the following hosting providers and agencies for our internet pages. 

Website

Hosting Provider

Agency

gepa.deHost Europe GmbHDittmann Media GmbH
gepa-shop.dePlusServer GmbHtm-webentwicklung GmbH
gepa-wug.deWebOscar.netfrieauff.com
gepa-ausserhaus.deWebOscar.nettm-webentwicklung GmbH
fairtrade.de1und1 Internet SEtm-webentwicklung GmbH
fair-plus.deHost Europe GmbHDittmann Media GmbH
gepa-jetztfairemilch.deHost Europe GmbHDittmann Media GmbH
gepa-wuppertal.deWebOscar.netfrieauff.com

 

However, the full responsibility for data processing remains with us. Moreover, we occasionally use plugins of third-party providers on our website; please see below for further details.

Liability for own content

The contents of this page have been produced with the utmost care. However, we cannot guarantee that the contents are accurate, complete and current. As service providers, we are responsible for our own contents on these pages, as per the general statutory provisions.

Liability for Links (contents from external providers)

These own contents must be differentiated from links to contents provided by third-party providers. We have no influence on their contents, so responsibility for the content of the linked pages shall rest with the respective provider or operator of the website in question.

Rights of the Data Subject

Pursuant to Article 15 et seqq. of the GDPR. and provided the conditions stipulated therein have been met, you have the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability; Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data relating to you infringes this Regulation. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

Changes to our Data Protection Policy

We reserve the right to amend this data protection policy from time to time in order to ensure that it complies with the legal requirements current from time to time, or in order to implement any changes to our services, e.g. when introducing new services. Any future visit would then be governed by the data protection policy as amended.

Cookies

This page uses cookies. Cookies are text files stored on your computer, which allow us to analyse how you use our website, and to automatically recognise you the next time you visit the website.  You can adjust your browser settings to prevent cookies being installed. However, this may result in you not being able to use all of our offers in their entirety

Web Analysis using Google Analytics 

This website uses Google Analytics, a web analysis service by Google Inc. (“Google”).  Google analytics uses so-called “cookies”, text files stored on your computer, which allow an analysis of how you use our website. The information regarding your use of this website, created by the cookie, will generally be transmitted to a Google server in the US, and stored there. 

We only use Google Analytics with the IP anonymisation enabled. This means: Your IP address is shortened by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US, and be shortened there. 

Acting on behalf of the website operator, Google will use this information in order to analyse your use of the website, in order to produce reports regarding the website activities for the website operator and in order to provide further services to the website operator connected with the use of the website and internet use. Your browser’s IP address, as transmitted by your browser as part of Google Analytics, does not get linked to any other data collected by Google. 

You can prevent cookies from being stored by adjusting your browser settings accordingly; however, please note that if you do that you may not be able to use all functions on this website to their full extent. 

Moreover, you can prevent the data relating to your use of the website and produced by the cookie (including your IP address) being collected by Google, and such data being processed by Google by downloading the browser plug-in available here http://tools.google.com/dlpage/gaoptout?hl=de 

You can prevent your information being collected by Google Analytics by clicking the link below. This will set an opt-out cookie, which will thereafter prevent your data being collected when visiting this website:
Deactivate Google Analytics 

You can find further information regarding the conditions of use and data protection here: http://www.google.com/analytics/terms/de.html or here: https://www.google.de/intl/de/policies/ . Please note that on this website Google Analytics has been extended by the code “anonymizeIp”, in order to ensure that IP addresses can be collected in an anonymised manner (so-called IP masking).

Google Maps

We use Google Maps to show maps. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You will be alerted to these pages accordingly. 

By using this service, you consent to Google collecting, processing and using the data collected as part of this, as well as such data as you enter yourself. You can find the conditions of use for Google Maps here: http://www.google.com/intl/de_de/help/terms_maps.html [external page].

Facebook (Like-Button) with data protection friendly “Shariff“-solution

On our website so-called plug-ins for the social network Facebook are offered. These are marked with that network’s logo. Social plugins are a type of technology, which allows you as a user to share certain content via a direct connection with members of social networks. 

In order to use these social plug-ins in a data-friendly manner, we use the solution provided by the c’t-project “Shariff“: “The usual social media buttons transmit the user data to Facebook & Co. each time you visit the site and provide the social networks with precise information about your surfing behaviour (user tracking). For this to happen you neither need to be logged in, nor do you need to be a member of the network. A Shariff-button, on the other hand, only creates the direct contact between the social nework and the visitor, when the latter actively clicks the “share” button.” 

(Source and further information: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

It is only once you interact with the plug-in, for example by clicking the “share” button, that this information is transmitted directly to a network served and stored there. Moreover, this information is published via your profile and shown to your contacts. 

For further information regarding the purpose and scope of data collection and the further processing and use of the data by Facebook as well as information on your rights and your settings options for protecting your privacy, please refer to the network's data protection information: http://www.facebook.com/policy.php 

YouTube

Our website uses plug-ins from YouTube, which is operated by Google. That website is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages which uses a YouTube plugin, a connection to the YouTube servers will be created. This will result in YouTube being notified about which of our pages you have visited. If you are logged in to your YouTube account, you enable YouTube to allocate your surfing habits to your personal profile. You can prevent this by logging out of your YouTube account. Further information regarding the use of user data can be found in YouTube’s Privacy Policy: https://www.google.de/intl/de/policies/privacy [external link]

Data Processing as part of the Newsletter Subscription

Data Processing

We, the GEPA mbH, GEPA – The Fair Trade Company, of GEPA-Weg 1, 42327 Wuppertal, telephone: +49 (0)202 266 83 0, email: info@gepa.de, will only process your personal data in connection with the order and your receipt of our newsletter, in order to send you information about our products, services, events and other information about us that you might find interesting. You can object to such information being sent at any time with effect for the future. For the purposes of statistics, there is tracking regarding which links in the newsletter have been clicked and lead to actions on our website (“conversion”). The data provided by you are necessary for us sending you our newsletter. Without these data we will not be able to consider your registration for our newsletter.

External Service Providers

As part of sending out our newsletter we use a service provider (Clever Elements GmbH), who will be able to access your data as part of contract data processing pursuant to article 28 of the GDPR. Here the service provider acts on our instructions, which is ensured by way of corresponding contracts having been entered into. Clever Elements is a certified German provider, that was selected bearing in mind the requirements of the GDPR and the German Federal Data Protection Act. If you have subscribed to the newsletter for direct customers of the GEPA online shop, this newsletter is produced and mailed out by GEPA itself.

Your Rights

Please note that pursuant to article 15 et seqq. of the GDPR you have the following rights as a Data Subject, subject to the conditions defined therein: The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

Data Processing as part of the Customer Contract (B2C)

Data Processing

We, the GEPA mbH, GEPA – The Fair Trade Company, of GEPA-Weg 1, 42327 Wuppertal, telephone: +49 (0)202 266 83 0, email: info@gepa.de, process data relating to your person in connection with the conclusion, performance and execution of the contract entered into, or where this is necessary in order to take steps prior to entering into a contract, as per article 6 (1)(b) of the GDPR, and in order to comply with legal obligations (for example regarding commercial or tax law) on the basis of article 6 (1)(c) of the GDPR. Furthermore, data are also processed for legitimate purposes as per article 6 (1)(f) of the GDPR, such as internal market research and marketing purposes, internal statistics, optimisation of offers. The legitimate interests here lie particularly in optimising processes and cost effective allocation; your interests, basic rights and basic freedoms are given due consideration when doing this. The data provided by you are necessary for the performance of the contract. Without these data we will not be able to perform the contract.

Information for users of www.gepa-shop.de

You can sign in to the secure area of our website using your personal identifier. For this we process the following data:

  • When did you last sign in
  • Items in your shopping basket

Furthermore, as part of our online shop we also process the following customer data once an order has been placed:

  • IP-Address
  • Master data (Name:, Address:. etc.)
  • Email address
  • Payment details
  • Customer number
  • Items ordered and order history

We reserve the right to check these data retrospectively if we become aware of concrete indications that there has been some unlawful use. These data are deleted immediately as soon as they are no longer required for their purpose, but in any event no later than after six months after they are no longer required.

Where you have provided us with consent to do this, we will be using your data to send you information about our products, services, events and other information about us that you might find interesting. You can object to such information being sent at any time with effect for the future.

Transmission of Data / Service Providers

Your personal data may be transmitted to external service providers (such as delivery companies or financial institutions, processing payments). External IT-service providers may also be able to access your data (as part of contract data processing pursuant to article 28 of the GDPR). In such cases the service providers act on our instructions, which is ensured by way of corresponding contracts having been entered into.

Storage and Erasure of Data

Your data will be stored for as long as this is required for the purposes set out above. These data will be deleted at the latest once the contractual relationship has come to an end and any retention periods stipulated under civil, commercial or tax law have expired.

Your Rights

Please note that pursuant to article 15 et seqq. of the GDPR you have the following rights as a Data Subject, subject to the conditions defined therein: The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

Processing Customer Data (B2B)

(Personal Data refers to all such data as relates to you as a natural person):

Data Processing

As a contract partner of your company, we, the GEPA mbH, GEPA – The Fair Trade Company, of GEPA-Weg 1, 42327 Wuppertal, telephone: +49 (0)202 266 83 0, email: info@gepa.de, process personal data relating to your person in connection with producing offers, to perform the contracts, for accounting and cost calculation purposes as per article 6 (1)(b) of the GDPR, as well as for the purposes of fulfilling contractual and legal obligations (e.g. in relation to commercial and tax law) on the basis of article 6 (1)(c) of the GDPR. The contract is entered into between us and your company. External requirements (e.g. revenue/tax law) may result in personal data regarding your person may be compared with lists published by public authorities. Furthermore, data are also processed for legitimate purposes as per article 6 (1)(f) of the GDPR, such as internal market research and marketing purposes, internal statistics. The legitimate interests here lie particularly in optimising processes and cost effective allocation; your interests, basic rights and basic freedoms are given due consideration when doing this.

Only where you have provided us with consent to do this, or where we have reasonably informed you as part of the data collection as per section 7 of the German Act Against Unfair Competition [UWG] / section 107 of the Austrian Telecommunications Act, will we be using your data to send you information about our products, services, events and other information about us that you might find interesting. You can object to such information being sent at any time with effect for the future. The data provided by you are necessary for the performance of the contract. Without these data we will not be able to perform the contract entered into with your company.

Information for users of www.gepa-shop.de

You can sign in to the secure area of our website using your personal identifier. For this we process the following data:

  • When did you last sign in
  • Items in your shopping basket

Furthermore, as part of our online shop we also process the following customer data once an order has been placed:

  • IP-Address
  • Master data (Name:, Address:. etc.)
  • Email address
  • Payment details
  • Customer number
  • Items ordered and order history

Information for users of www.gepa-wug.de

You can sign in to the secure area of our website using your personal identifier. For this we process the following data:

  • Master data (Name:, Address:. etc.)
  • Email address
  • Timing of notification
  • Total number of logins
  • When the last order was placed
  • Number of orders
  • Items ordered

We reserve the right to check these data retrospectively if we become aware of concrete indications that there has been some unlawful use. These data are deleted immediately as soon as they are no longer required for their purpose, but in any event no later than after six months after they are no longer required.

Transmission of Data

Your personal data may be transmitted to external service providers (such as delivery companies or financial institutions, processing payments). External IT-service providers may also be able to access your data (as part of contract data processing pursuant to article 28 of the GDPR). In such cases the service providers act on our instructions, which is ensured by way of corresponding contracts having been entered into. 

Storage and Erasure of Data

Your data will be stored for as long as this is required for the purposes set out above. These data will be deleted at the latest once the contractual relationship has come to an end and any retention periods stipulated under civil, commercial or tax law have expired. 

Your Rights

Please note that pursuant to article 15 et seqq. of the GDPR you have the following rights as a Data Subject, subject to the conditions defined therein: The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

Data processing by suppliers and other business partners (B2B)

Data Processing

As a contract partner of your company, we, the GEPA mbH, GEPA – The Fair Trade Company, of GEPA-Weg 1, 42327 Wuppertal, telephone: +49 (0)202 266 83 0, email: info@gepa.de, process personal data relating to your person in connection with producing offers, to perform the contracts, for accounting and cost calculation purposes as per article 6 (1)(b) of the GDPR, as well as for the purposes of fulfilling contractual and legal obligations (e.g. in relation to commercial and tax law) on the basis of article 6 (1)(c) of the GDPR. The contract is entered into between us and your company. External requirements (e.g. revenue/tax law) may result in personal data regarding your person may be compared with lists published by public authorities.

Furthermore, data are also processed for legitimate purposes as per article 6 (1)(f) of the GDPR, such as statutorily stipulated information, such as internal delivery details, delivery purpose, information on quality, certification, or internal statistics. The legitimate interests here lie particularly in optimising processes and cost effective allocation; your interests, basic rights and basic freedoms are given due consideration when doing this.

Only where you have provided us with consent to do this, or where we have reasonably informed you as part of the data collection as per section 7 of the German Act Against Unfair Competition [UWG] / section 107 of the Austrian Telecommunications Act, will we be using your data to send you information about our products, services, events and other information about us that you might find interesting. You can object to such information being sent at any time with effect for the future. 

The data provided by you are necessary for the performance of the contract. Without these data we will not be able to perform the contract entered into with your company. 

Transmission of Data / Service Providers

Your personal data may be transmitted in part to external service providers (such as tax advisors, legal advisors, testing laboratories, certifiers, etc.). External IT-service providers may also be able to access your data (as part of contract data processing pursuant to article 28 of the GDPR). In such cases the service providers act on our instructions, which is ensured by way of corresponding contracts having been entered into. Some of these service providers have their seat outside the EU/EEC; these service providers ensure an appropriate level of data protection by entering into EU standard contract clauses / binding corporate rules / through Privacy Shield. These arrangements can be viewed here / At any time you have the opportunity to receive a copy of these arrangments here. 

Storage and Erasure of Data

Your data will be stored for as long as this is required for the purposes set out above. These data will be deleted at the latest once the contractual relationship has come to an end and any retention periods stipulated under civil, commercial or tax law have expired. 

Your Rights

Please note that pursuant to article 15 et seqq. of the GDPR you have the following rights as a Data Subject, subject to the conditions defined therein: The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

Data Processing as part of the Application Procedure

Data Processing 

We - GEPA mbH - GEPA - The Fair Trade Company, Human Resources, bewerbung@remove-this.gepa.de - process your personal data in relation to your person in connection with your application process, and in order to evaluate how you might potentially be employed. In order to come to a well-reasoned personnel decision, we process the information you have provided on the basis of article 6 (1)(b) of the GDPR. In addition to this, evaluations based on objective, non-discriminating criteria will be stored as well; where this is permissible in the individual case, publicly accessible personal data may also be stored in relation to your person. 

The data provided by you are necessary for the application process. Without these data we will not be able to consider your application.

Transmission of Data / Service Providers

Provided you have provided your consent thereto, we may also pass your personal data on to our affiliated companies in order to offer you additional entry options within our group of companies. Even those of our affiliated companies that have their seat outside the EU ensure an appropriate level of data protection by entering into EU standard contract clauses / binding corporate rules.

Storage and Erasure of Data

Your data will be stored for as long as this is required for the purposes of the personnel selection procedure, as set out above. In the event that you object to the processing of your data during the personnel selection procedure, those data will be deleted, provided that this is not precluded by any statutory retention periods.  

These data will then be deleted following the end of the application process, and after any limitation periods have expired, unless you have provided your consent to store your application for further job offers. Speculative applications will be stored until they are withdrawn or, at most, up to two years, following which they will be deleted.

Your Rights

Please note that pursuant to article 15 et seqq. of the GDPR you have the following rights as a Data Subject, subject to the conditions defined therein: The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Moreover, pursuant to Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority. Where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2) GDPR (consent), you further have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;

Data protection officer

If you have any questions regarding the processing of your personal data, you can contact our data protection officer officer directly, who, together with his team, will also be available in any cases of requests for information, applications, or complaints. 

The data protection officer for GEPA mbH - GEPA - The Fair Trade Company is:

Dr. Jörn Voßbein
data protection officer  
Nützenberger Straße 119
42115 Wuppertal
https://Datenschutz.UIMC.de 
Telephone: 0202 - 265 74 0
datenschutz.gepa@remove-this.uimc.de 

As at 05/2018