Status 04/2023

Table of content

1. Name and address of the data controller
2. Contact details of the data protection officer
3. General information on data processing
4. Rights of the data subject
5. Use of cookies
6. Newsletter
7. Email contact
8. Application by email and application form
9. Company website
10. Use of company appearances in job-oriented networks
11. Hosting
12. Partner programs
13. Plugins used
14. Use of WP-Statistics

The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Casualfood GmbH
Hugo-Eckener-Ring, FAC 1
60549 Frankfurt am Main
Germany
Phone: +49 69 65007260
Email: marketing@casualfood.de

Webseite: www.casualfood.de

The data protection officer of the responsible party is:

DataCo GmbH
Dachauer Straße 65
80335 München
Germany
Phone: +49 89 7400 45840
Webseite: www.dataguard.de

1. Scope of the processing of personal data

As a matter of principle, we process personal data of our users only to the extent that this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is required by legal regulations.

2. Legal basis for the processing of personal data

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) p. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) p. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and storage duration

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, by law or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

1. The right of access (Art. 15 GDPR)

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

If this is the case, you have a right of access to this data and to the following information:

• Processing purposes
• Categories of personal data
• Recipients or categories of recipients
• Planned storage period or the criteria for determining this period
• The existence of the rights of rectification, cancellation or restriction or opposition
• Right of appeal to the competent supervisory authority
• If applicable, origin of the data (if collected from a third party)
• If applicable, existence of automated decision-making including profiling with meaningful information about the logic involved, the scope and the effects to be expected
• If applicable, transfer of personal data to a third country or international organisation

2. Right to rectification (Art. 16 GDPR)

If your personal data is incorrect or incomplete, you have the right to request that the personal data be corrected or completed without delay.

3. Right to restriction of processing (Art. 18 GDPR)

If one of the following conditions is met, you have the right to request restriction of the processing of your personal data:

• You dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data;
• in the context of unlawful processing, you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
• we no longer need your personal data for the purposes of processing, but you need your personal data to assert, exercise or defend your legal claims or
• after you have objected to the processing, for the duration of the examination as to whether our legitimate grounds outweigh your grounds.

4. Right to erasure (“right to be forgotten”) (Art. 17 GDPR)

If one of the following reasons applies, you have the right to request immediate deletion of your personal data:

• Your data is no longer necessary for the processing purposes for which it was originally collected;
• you revoke your consent and there is no other legal basis for the processing;
• you object to the processing and there are no overriding legitimate grounds for the processing or you object pursuant to Art. 21 (2) GDPR;
• your personal data is processed unlawfully;
• the deletion is necessary for compliance with a legal obligation under Union law or the law of the Member State to which we are subject;
• the personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

Please note that the above reasons do not apply insofar as the processing is necessary::

• To exercise the right to freedom of expression and information;
• to fulfill a legal obligation or to perform a task that is in the public interest and to which we are subject;
• for reasons of public interest in the field of public health;
• for archival purposes in the public interest, scientific or historical research purposes, or statistical purposes;
• to assert, exercise or defend legal claims.

5. Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, common and machine-readable format or to request the transfer to another controller.

6. Right to object to certain data processing (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) sentence 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

7. Right of complaint to supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. A list of the supervisory authorities with local jurisdiction in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

We currently do not use cookies on our website. Should we use cookies in the future, you will find the information on setting cookies below:

1. Description and scope of data processing

When you visit our website, we use technical aids for various functions, in particular cookies, which can be stored on your terminal device. When you call up our website and at any time later, you have the choice of whether you generally permit the setting of cookies or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the entity that sets the cookie. Below we describe what kind of cookies we use:

• We currently do not use cookies on our website.

Technically necessary cookies may be used in the future, which are required for the technical structure of the website. Without these cookies, it is possible that our website is not displayed (completely correctly) or the support functions are not possible..

The following data could be stored and transmitted in the future by the technically necessary cookies:

• Language settings
• Frequency of page views

2. Purpose of data processing

The purpose of using technically necessary cookies is basically to ensure the functionality of a website. Some functions of our website may not be offered in the future without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

For the following applications we may need the technically necessary cookies in the future:

• Adoption of language settings

3. Legal basis for data processing

The provisions of the Telecommunications Telemedia Data Protection Act (“Telekommunikation-Telemedien-Datenschutz-Gesetz”; TTDSG) are relevant for the storage of information in the end user’s terminal equipment and/or access to information already stored in the end user’s terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment is carried out on the basis of Paragraph 25 (2) No. 2 TTDSG. This storage and access to the information in your terminal equipment serves to facilitate your use of our website and to be able to offer you our services as you have requested. Some functions of our website also do not work without the use of these cookies and could therefore not be offered. The cookies are generally deleted after the session ends (e.g. logging out or closing the browser) or after the expiry of a specified duration. Information about different storage periods for cookies can be found in the following sections of this privacy policy.

1. Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us.

• Email address

No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. Purpose of data processing

The collection of the user’s email address is used to deliver the newsletter.
The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

3. Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 para. 1 p. 1 lit. a GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the email address of the user is stored as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

5. Possibility of revocation

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.
This also enables the revocation of consent to the storage of personal data collected during the registration process.

1. Description and scope of data

On our website, it is possible to contact us via the email address provided. In this case, the personal data of the user transmitted with the email will be stored.

The data is used exclusively for the processing of the conversation.

2. Purpose of data processing

In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

3. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. Our legitimate interest is to optimally answer your inquiry that you send by e-mail.

If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of objection

If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

A revocation of consent can be initiated by email.

All personal data stored in the course of contacting us will be deleted in this case.

A revocation of consent can be initiated by email.

1. Scope of the processing of personal data

Our website contains an application form that can be used for electronic applications. If an applicant takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

• Salution
• First name
• Last name
• Address
• Telephone / mobile phone number
• Email address
• Information about education and schooling
• Language skills
• Curriculum vitae
• Certificates
• Photo
• Country of residence, nationality

Alternatively, you can also send us your application by email. In that case, we will collect your email address and the data you provide in the email.

After sending your application, you will receive a confirmation of receipt of your application documents by email from us.

Your data will not be passed on to third parties. The data will be used exclusively for the processing of your application.

2. Purpose of data processing

The processing of personal data from the application form serves us solely to process your application. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process is used to prevent misuse of the application form and to ensure the security of our information technology systems.

3. Legal basis for data processing

The legal basis for the processing of your data is the initiation of a contract, which takes place at the request of the data subject, Art. 6 para. 1 p. 1 lit. b Alt. 1 GDPR and Paragraph 26 para. 1 p. 1 BDSG.

The legal basis for the processing of data in the context of the applicant pool is the explicit declaration of consent by the applicant, Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR. You can revoke your consent at any time with effect for the future.

4. Duration of storage

After completion of the application process, the data will be stored for up to six months. Your data will be deleted after the six months at the latest. In the event of a legal obligation, the data will be stored within the scope of the applicable provisions.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Exercising your rights

The applicant has the possibility to object to the processing of personal data at any time. In such a case, the application can no longer be considered.

Use of company presences in social networks:

Instagram:

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

On our company page, we provide information and offer Instagram users the opportunity to communicate. If you carry out an action on our Instagram company page (e.g. comments, posts, likes, etc.), you may make personal data (e.g. clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by the Instagram company jointly responsible for the Casualfood GmbH company presence, we cannot make any binding statements about the purpose and scope of the processing of your data.

We use our corporate presence in social networks for communication and information exchange with (potential) customers. In particular, we use the corporate presence for:

The use is designed for recruiting and information about the company and competitions.

In this context, publications about the company’s presence may include the following content:

• Information about services
• Competitions
• Customer contact
• Recruiting

Every user is free to publish personal data through activities.

Insofar as we process your personal data in order to evaluate your online behavior, offer you sweepstakes or conduct lead campaigns, this is done on the basis of your express declaration of consent, Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR. The legal basis for processing personal data for the purpose of communicating with customers and interested parties is Art. 6 para. 1 p. 1 lit. f GDPR. Thereby, our legitimate interest is to answer your request optimally or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

We store your activities and personal data published via our Instagram corporate presence until you revoke your consent. In addition, we comply with the statutory retention periods. We further process data from our corporate presence in our systems. These are stored there for the following period of time: The data is only stored on the respective platform.

For the processing of your personal data in third countries, we have provided appropriate safeguards in the form of standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR. A copy of the standard data protection clauses can be requested from us.

You can object at any time to the processing of your personal data that we collect in the course of your use of our Instagram corporate presence and assert your data subject rights as stated under IV. of this privacy policy. To do so, send us an informal email to marketing@casualfood.de.

You can find more information about the processing of your personal data by Instagram and the corresponding objection options here: https://help.instagram.com/519522125107875

1. Scope of data processing

We use the possibility of company appearances in profession-oriented networks. We maintain a company presence on the following job-oriented networks:

LinkedIn:

LinkedIn, UC
Wilton Place
Dublin 2
Ireland

XING:

XING SE
Dammtorstraße 30
20354 Hamburg
Germany

On our site we provide information and offer users the opportunity to communicate.

The company website is used for job applications, information/PR and active sourcing.

We do not have any information on the processing of your personal data by the companies jointly responsible for the corporate presence. For more information, please refer to the privacy policy of:

LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

XING:
https://privacy.xing.com/en/privacy-policy

If you carry out an action on our company website (e.g. comments, posts, likes, etc.), it is possible that you make personal data (e.g. clear name or photo of your user profile) public.

2. Legal basis for data processing

The legal basis for the processing of personal data for the purpose of communication with customers and interested parties is Art. 6 para. 1 p.1 lit. f GDPR. Our legitimate interest is to answer your request optimally or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

Our company website serves to inform users about our services. In doing so, every user is free to publish personal data through activities.

4. Duration of storage

We store your activities and personal data published via our corporate website until you revoke your consent. In addition, we comply with the statutory retention periods.

5. Possibility of objection

You can object at any time to the processing of your personal data that we collect in the course of your use of our company website and assert your data subject rights as stated under IV. of this data protection declaration. To do so, send us an informal email to the email address stated in this data protection declaration.

You can find more information about exercising your rights here:

LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

XING:
https://privacy.xing.com/en/privacy-policy

The website is hosted on our own servers. Third parties do not get access to server log files.

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Date and time of the server request
• IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website; for this purpose, the server log files must be collected.

The location of the website’s server is geographically in Germany.

Furthermore, we use the following partner programs:

• Onlyfy

We use plugins for various purposes. The plugins used are listed below:

1. Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

2. Transfer to third countries

When using plugins marked with third country transfer or USA, personal data may be transferred to servers in third countries outside the EU, such as the United States of America. The legal basis for this transfer is consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. The United States of America does not provide an adequate level of data protection based on a decision of the European Union. The essential risk of the transfer lies in the obligation of the plug-in providers to make user data accessible to American authorities under certain circumstances. An order processing agreement with standard contractual clauses is currently in place with all providers in order to make the third-country transfer as data-protection-friendly and secure as possible. Adjustments to the ECJ ruling of 16.07.2020 (Schrems II, ref. C-311/18) including additional security measures are currently being sought by us. A copy of the standard data protection clauses can be requested by sending an informal email to us.

3. Possibility of revocation

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection as well as the processing of your personal data by the respective providers by preventing the storage of third-party cookies on your computer, using the “Do Not Track” function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com) in your browser.

1. Scope of processing of personal data

We use functionalities of the statistics plugin WP-Statistics from Verona Lab, 5460 W Main St, 13478 NY, Verona, United States (hereinafter referred to as Verona Lab).

WP-Statistics is a statistics plugin through which the operator of the website receives statistics about the visitors of this website.
The following personal data is processed by Verona Labs:

• No processing by Verona Labs, as the processing only takes place on the client side. Similarly, no data is transmitted to Verona Lab.

Processed by our side are:

• IP address (anonymized)
• Pages visited and contents
• Origin of the visitor (referrer URL)
• Duration of the visit
• Browser used and operating system

Further information on the processing of data by Verona Lab can be found here:
https://wp-statistics.com/privacy-and-policy/

2. Purpose of data processing

The use of WP-Statistic serves us to analyze user activities and based on this to improve the quality of our website and its contents. By analyzing the usage data, we can understand how our website is used and optimize our offer.

3. Legal basis for the processing of personal data

The processing of personal data is based on our legitimate interest in an effective analysis of our website and its use according to Art. 6 Para. 1 S.1 lit. f GDPR.

4. Duration of storage

The data collected by WP-Statistics will be automatically deleted after 365 days. There is no storage beyond this.

5. Possibility of objection and elimination

Since WP-Statistics only stores the IP addresses of the visitors of our website in anonymized form, an objection to the data collection in the sense of Art. 21 GDPR is not feasible for us.

This privacy policy was created with the support of DataGuard.