Data Protection at a Glance

Based on the information obligations pursuant to Section 13 of the General Data Protection Regulation, we would like to transparently inform you about processing of your data. The following notes provide a simple overview of what data we collect and for what purposes we use them.

Personal data include all data that makes it possible to identify you in person.

Detailed information on the subject of data protection can be taken from our data protection statement listed below this text. We inform you about processing of the data of nearly any person group, such as customers, applicants, suppliers, business partners and website visitors. For the sake of providing a better overview, we divide this detailed data protection statement into the following sections:

  1. General notes and mandatory information
  2. Information on processing of data on this website
  3. Information on processing of personal data for own business purposes

General notes on data protection on our website
The operators of these pages take protection of your personal data very seriously. We treat your personal data confidentially and comply with the statutory data protection rules and this data protection statement. When you use this website, various personal data will be collected. This data protection statement explains which data we collect and what we use them for. It also explains how and for what purpose this is done. We would like to point out that the data transmission on the internet (e.g. in the case of email communication) may involve gaps in security. Complete data privacy against third-party access is not possible.

How do we collect your data on this website?
Your data will be collected when you disclose them to us. These may be data you enter in a contact form. Other data will be recorded automatically by our IT systems when you visit the website. These are in particular technical data (e.g. web browser, operating system or time at which the page was called up). These data are collected automatically as soon as you enter our website.

What do we use your data for?
Part of the data are collected in order to ensure defect-free provision of the website. Other data may be used for analysing your user behaviour.

SSL or TLS encryption
This page uses SSL or TLS encryption for reasons of safety and to protect the transmission of confidential contents, such as orders or queries that you send to us as the page operator. An encrypted connection can be recognised by the address line of the browser switching from “http://” to “https://” and the lock icon being shown in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by any third parties.

Analysis tools and third-party provider tools
Your surfing behaviour can be statistically evaluated when you visit our website. This is done in particular using cookies and analysis programmes. Analysis of your surfing behaviour usually takes place anonymously; your surfing behaviour cannot be tracked back to you. You can object to this analysis or prevent it by not using certain tools. For detailed information on this, see the following data protection statement.
You can object to this analysis. We will inform you about the objection options in this data protection statement.

Detailed Data Protection Statement

1. General notes and mandatory information

Controller for processing
The controller for data processing in general and on this website is:

Semper idem Underberg AG
Underbergstraße 3
47495 Rheinberg
Phone: 0049 2843 920-0
Email: services@underberg.com

The controller is the natural or legal person who, alone or together with others, decides about the purposes and means of processing of personal data (e.g. names, email addresses, etc.).

Legally required data protection officer
We have appointed a data protection officer for our company.

Fabio Pastars
Data Protection Officer Semper idem Underberg AG
Underbergstraße 3
47495 Rheinberg
Telefon: 0049 2843 920-0
E-Mail: datenschutz@underberg.com

What rights do you have on processing of your data?

Revocation of your consent to data processing activities
Many data processing activities are only permitted with your express consent. You may revoke consent once granted at any time. An informal notification by email to us is sufficient for this. The legality of the data processing activities performed until the revocation will not be affected by this.

Information concerning your data
You have the right to demand information concerning your personal data processed by us and to demand a copy of these data. The information contains the following: processing purposes, data categories, their recipients or categories of recipients as well as, if possible, the planned duration of data storage or criteria for specification of this duration.

Rectification, erasure, restriction
You also have the right to demand that the data be corrected if they are inaccurate, or deleted if data storage is inadmissible. If erasure is not possible ― for various reasons ― you have the right to demand restriction of processing or blocking of your data.

Recht auf Right to object
As far as processing is based on point (f) of Article 6 (1) GDPR (reconciliation of interests), you have the right to object to processing of such data at any time. We no longer process such personal data in that case, except if we can present any mandatory legitimate reasons that override your legitimate interests, or if the processing is necessary for the establishment, exercise or defence of legal claims.

Recht auf Right to data portability
You have the right to have any data that we process automatically based on your consent or to perform a contract transferred to you or a third party in a common machine-readable format. If you demand direct transfer of the data to another controller, this shall be done only as far as it is technically feasible.

Right to complain to the relevant supervisory authority
In case of violations of data protection law, the data subject has a right to complain to the relevant supervisory authority. The relevant supervisory authority in matters of data protection law is the state data protection officer of the Federal state in which the company is registered. For a list of the data protection officers and their contact details, see the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

To exercise your rights, please contact our data protection officer at datenschutz@underberg.com.

2. Information on Processing of Data on this Website

1. Objection to advertising emails

We hereby object to the use of the contact details published within the scope of the imprint obligation for the transmission of not expressly requested advertisements and information materials. The providers of the pages expressly reserve the right to take legal action in the case of transmission of non-solicited advertising material, for example, by way of spam mails.

2. Encrypted payment transactions on this website

If you are under any obligation to submit your payment details (e.g. account number of direct debiting) to us after conclusion of a contract subject to fees, such data will be needed for payment processing. The payment transactions via common means of payment (Visa/MasterCard, direct debiting) will take place solely via an encrypted SSL or TLS connection. An encrypted connection can be recognised by the address line of the browser switching from “http://” to “https://” and the lock icon being shown in your browser line.
In case of encrypted communication, your payment data that you transmit to us cannot be read by any third parties.

3. Recipients

Only our employees who are responsible for technical administration, maintenance and further development of the website have access to your personal data.
If you contact us, employees who are responsible for handling the respective process will also receive access to your personal data.
In addition to this, we employ external IT service companies to maintain our IT systems, which may receive access to your personal data within the context of their work. This shall apply accordingly to hosting providers. Additionally, employees of banks that manage your and our accounts may access your personal data as described below.

4. Transmission

Subject to the transmission of usage data to the USA and New Zealand described below in connection with PayPal, we will not pass on your personal data to any third country outside of the EU. Any other transmission shall only take place if we are required to do so by law or authorities or if the data must be passed on within the context of your use of the website.

5. How long do we secure your personal data?

Your personal data will be deleted if you have revoked a consent given to processing or if the personal data are no longer required to meet the purpose pursued by their processing. Cookies will be deleted after 12 months.
Data generated in connection with contact will be deleted after 12 months.

6. Automated decision making and profiling

We will not use your personal data for automated decision making. We also will not use your personal data to compile any profiles. Please note that we do not use any identification software of our own and that we do not evaluate any biometric data. However, please note as well that it is not excluded that a social network may use such software.

7. Why are your personal data collected?

We need your personal data to permit use of the website. You are able to choose not to provide us with your personal data or to provide us with incomplete information. However, this may render us unable to offer you use of the website or to do so in full, or it may prevent you from participating in a lottery or competition.

8. Data collection on our website

Cookies
Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a DSGVO); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the scope of this data protection declaration and, if necessary, request your consent.

Cookie consent with Borlabs cookie
Our website uses the cookie consent technology of Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection law. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not shared with the Borlabs cookie provider.

The collected data will be stored until you request us to delete it or until you delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

Borlabs Cookie Consent Technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.

Server log files/protocol files
The provider of the website will collect and store automatically information in so-called server log files that your browser submits to us automatically. These are:

  • browser type and browser version;
  • operating system used;
  • referrer URL;
  • host name of the accessing computer;
  • time of the server query; and
  • internet protocol address.

These data will not be combined with any other data sources.
The legal ground for data processing is point (b) of Article 6 (1) GDPR, which permits the processing of data for the performance of a contract or for taking the necessary steps prior to entering a contract. Without any further additional information, such as information from an internet service provider concerning the owner of the connection, which we usually do not have without any specific cause, such as suspected violation of laws, we will be unable to assign these data to individual identifiable persons.

Processing of data (customer and contract data)
We collect, process and use personal data only as far as they are required to found, design contents or change the legal relationship (stock data). The legal ground for this collection, processing and use is point (b) of Article 6 (1) GDPR, which permits the processing of data for the performance of a contract or for taking the necessary steps prior to entering a contract. We collect, process and use personal data concerning the use of our websites (usage data) only as far as this is required in order to enable the user to use the service or to settle fees for use.
The collected customer data will be deleted after the end of the order or termination of the business relationship. Statutory retention periods shall remain unaffected.

Data transmission on conclusion of the contract for online shops, dealers and shipping of goods
We transmit personal data to third parties only when this is necessary within the scope of contract processing, e.g. to the companies charged with delivery of the goods or the credit institution charged with processing of payments. Further transmission of the data shall only take place if you have expressly consented to transmission. Your data will not be passed on to any third parties without express consent, e.g. for advertising purposes.
The legal ground for data processing is point (b) of Article 6 (1) GDPR, which permits the processing of data for the performance of a contract or for taking the necessary steps prior to entering a contract.

Contact form
f you send us any queries via the contact form, your information from the contact form (first name, last name, email, country, phone number (voluntary information), message), including the contact details you indicate there, will be stored by us for processing of the request and in case we have any subsequent questions. We will not pass on your data without your consent.
The data entered in the contact form shall thus only be processed based on your consent (point (a) of Article 6 (1) GDPR). You may revoke your consent at any time. An informal notification by email to services@underberg.com is sufficient for this. The legality of the data processing activities performed until the revocation will not be affected by this. The data you entered in the contact form will remain with us until you request us to delete them, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been completely processed). Mandatory statutory provisions ― in particular retention periods ― shall not be affected by this.

Age of majority
When you visit our website, you will be asked if you are a legal adult.

9. Analysis tools and marketing

Matomo
This website uses the web analysis software Matomo (www.matomo.org), a service of provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”), to collect and store data based on our legitimate interest in statistical analysis of user behaviour for the purpose of optimisation and marketing in accordance with point (f) of Artcile 6 (1) GDPR. These data can be used to compile usage profiles with pseudonyms and evaluate them for the same purpose. Cookies can be used for this. Cookies are small text files that are locally stored in the temporary storage of the page visitor’s internet browser. The cookies permit, among others, recognition of the internet browser. The data collected with the Matomo technology (including your pseudonymised internet protocol address) are processed on our servers.
The information generated by the cookie in the user profile with pseudonym are not used in order to personally identify the visitor of this website and are not combined with any personal data on the carrier of the pseudonym.
If you do not agree to storage and evaluation of such data from your visit, you may object to storage and use at any time with one click of your mouse below. In this case, a so-called opt-out cookie will be placed in your browser, with the consequence that Matomo will not collect any session data. Please note that complete erasure of your cookies will delete the opt-out cookie as well and that you may have to re-activate it then.

https://stats.diversa-spez.de/index.php?module=CoreAdminHome&action=optOut&language=de&backgroundColor=ffffff&fontColor=000000&fontSize=12px&fontFamily=arial

10. Plugins AND Tools

YouTube
We have integrated YouTube videos from YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA in our website offer, which are stored on http://www.youtube.com and can be played directly from our website. By your visit to our website, YouTube will be informed that you have called a sub-page of our website. YouTube stores the data collected concerning you in usage profiles and uses them for the purpose of market research, advertising and/or demand-oriented design of its website. The data will be transmitted no matter if YouTube provides a user account through which you are logged in or whether you have no user account. If you have a YouTube user account and do not desire any assignment to your profile, you need to log out before you activate the YouTube button. Evaluation of your usage profile will take place even for users who are not logged in, in particular in order to display demand-oriented advertisements and in order to inform other users of YouTube of your activities on our website. You have a right to object to the generation of these user profiles. In order to exercise this right, you must contact YouTube. We cannot influence the data transmission and use of your data by YouTube and refer to the following link for further information concerning the data protection statement of YouTube: https://www.google.de/intl/de/policies/privacy/.

11. Customer data

Tops & More loyalty award programme
We process personal data from you whenever you request an award from the Tops & More programme. The legal ground for this processing is point (b) of Article 6 (1) GDPR, which permits the processing of data for the performance of a contract or for taking the necessary steps prior to entering a contract. It would not be possible for us to provide your award without processing your data.
We continue to store your data after fulfilling the award request so that we will recognise you when you request further awards from the programme and so that we can honour your loyalty. The data are not processed for any other purpose. The legal ground for this processing is point (f) of Article 6 (1) GDPR which permits us to process data when we have legitimate interests in the processing. Our legitimate interest in this case is the care of our loyal and faithful customers of many years’ standing through our awards programme. You may object to the storage of your data at any time (services@underberg.com), in which case we will erase your data, provided that we are not prevented from doing so by statutory retention periods. Such retention periods may result (as one example) from tax law, which may require archiving of documents and vouchers relevant for tax purposes for periods of up to ten years.

12. Social Media

Information about data processing with regard to online presence in social media
We maintain several online representations within social networks and platforms in order to communicate with customers, interested parties and users being registered there and to provide information about our services. Processing of personal data of users is based on our legitimate interests in an effective information of users and communication with users in accordance with point (f) of Article 6 (1) GDPR. If the users are asked by the respective providers for consent to processing of their data (that is, users express their agreement e.g. by ticking a checkbox or confirming by button), the legal preconditions of the processing according to point (a) of Article 6 (1) and Article 7 GDPR are met.
Following ECJ judgment of 05/06/2018, we must provide you with comprehensive information about the data processing that takes place via and through the Facebook website (and possibly other social media). At the moment, we have not been sufficiently informed by the operators of these platforms, so at this point we would like to refer you to the relevant data processing directives and rights to object (opt-out) that apply to the respective social networks. Requests for information and assertion of data subject rights can only be asserted with the respective providers, as solely these have access to the respective user data.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
Data protection: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Data protection:  https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Share buttons
In order to prevent transmission of data to the service providers Facebook, Twitter and Pinterest without your knowledge, we do not use the social media plug-ins of these providers. This ensures that personal data will not be passed on to the providers of the individual social plug-ins directly when you enter the page, but only and exclusively if you click one of the social media buttons. Only then may data be transmitted to the corresponding service provider and stored there.

13. Newsletter

Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

Sendinblue (formerly Newsletter2Go)
This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Sendinblue GmbH is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of receiving the newsletter is stored on Sendinblue GmbH’s servers in Germany.
If you do not want Sendinblue GmbH to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website.

Datenanalyse durch Sendinblue GmbH
With the help of Sendinblue GmbH, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.
We can also see whether certain predefined actions were performed after opening/clicking (conversion rate). We can thus recognize, for example, whether you have made a purchase after clicking on the newsletter.
Sendinblue GmbH also enables us to subdivide (“cluster”) the newsletter recipients based on various categories. In doing so, the newsletter recipients can be subdivided by age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.

For detailed information on the functions of Sendinblue GmbH, please refer to the following link: https://de.sendinblue.com/funktionen/

Legal basis
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage duration
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Sendinblue GmbH after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

For more details, please refer to the privacy policy of Sendinblue GmbH at: https://de.sendinblue.com/datenschutz-uebersicht/.

3. Information on Processing of Personal Data for Own Business Purposes

1. Purposes and legal basis of processing

We collect and process your personal data for the following purposes:

Processing of personal data

  • o perform pre-contractual measures or initiate a purchasing contract or business relationship. This processing is based on point (b) of Article 6 (1) GDPR. You may object to the storage of your data at any time, in which case we will erase your data, provided that we are not prevented from doing so by statutory retention periods.
  • To perform the contract and to support the customer base. The legal ground for this processing is point (b) of Article 6 (1) GDPR, which permits the processing of data for the performance of a contract or for taking the necessary steps prior to entering a contract. The data will be deleted after the end of the business relationship, except if there are any statutory retention periods. Such retention periods may result (as one example) from tax law, which may require archiving for periods of up to ten years.
  • We also process personal data to perform campaigns and lotteries. Such processing takes place based on your consent in accordance with point (a) of Article 6 (1) GDPR. After the end of the lottery, all data that you as participant submitted to us will be deleted, unless any different statutory or contractual retention regulations exist.
  • We may also use the addresses of our customer base for letter advertisements; this processing is based on point (f) of Article 6 (1) GDPR. Our legitimate interest is in personal direct marketing. You have the right at any time to object to use of your data for the purpose of direct marketing.
  • We use the email addresses of our customer base, i.e. only those with whom we have a business relationship, for marketing emails. This processing is based on point (f) of Article 6 (1) GDPR in conjunction with Section 7 (3) UWG. Our legitimate interest is in simple and cost-efficient marketing contact with our customer base. Of course, this is done under observation of the high requirement of Section 7 (3) UWG, which defines the exceptions for use of the email addresses of the customer base. You have the right at any time to object to use of your email address for the purpose of direct marketing.
  • To exercise your rights, please contact our data protection officer at datenschutz@underberg.com.

2. Transmission of data

We may transmit your personal data to other companies as far as this is permitted or required in the scope of the purposes and legal basics presented. Apart from this, personal data will be processed by external service providers on our order based on contracts for processing activities according to Article 28 GDPR, in particular in the area of information technology and data processing. Your data will not be passed on outside of the EU in any case.

3. Storage of the data

Your personal data will only be stored as long as knowledge of the data is required for the contractual relationship or the purposes for which they were collected or if there are any statutory or contractual retention rules. Statutory retention periods result, among others, from provisions under social law and tax law and can be up to ten years for documents and vouchers relevant under tax law.