Privacy and Data Security Information
For us at Suddenbrooks GmbH, protecting your privacy is of utmost importance. We take the protection of your personal data very seriously. Therefore, we want you to know when we store which data and how we use it. With this privacy policy, we would like to inform you about our data protection measures.
Part 1: General Information on Data Protection Regarding Our Data Processing According to Articles 13, 14, and 21 of the General Data Protection Regulation (GDPR)
Part 2: Additional Information on Data Protection on Our Websites
Part 1: General Information on Data Protection Regarding Our Data Processing According to Articles 13, 14, and 21 of the General Data Protection Regulation (GDPR)
We take data protection seriously and hereby inform you about how we process your data and which rights and claims you have according to data protection regulations. Valid from May 25, 2018.
1 Responsible Party for Data Processing and Contact Information
Contact details of our Data Protection Officer:
Suddenbrooks GmbH
Data Protection Officer
Andreas Safar
Scheffelstr. 32
04277 Leipzig
Email: compliance@coffeehousemary.com
Responsible Party in terms of data protection law:
Suddenbrooks GmbH
Andreas Safar
Scheffelstr. 32
04277 Leipzig
Phone: +49 341 2474 1779
Email: andreas.safar@coffeehousemary.com
2 Purposes and Legal Basis for Data Processing
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other applicable data protection regulations (details below). The specific data processed and the manner in which it is used largely depends on the services you have requested or agreed upon. Further details or additions regarding the purposes of data processing can be found in the respective contractual documents, forms, consent declarations, and/or other information provided to you (e.g., when using our website or our terms and conditions). In addition, this privacy notice may be updated from time to time, as can be seen on our website www.suddenbrooks.com.
2.1 Purposes for Fulfilling a Contract or Pre-Contractual Measures (Article 6 (1) b GDPR)
The processing of personal data occurs to fulfill our contracts with you, perform your orders, and carry out measures and activities related to pre-contractual relationships, such as with potential customers. Specifically, processing serves to provide services in accordance with your orders and wishes, including the necessary services, measures, and activities. This primarily includes contract-related communication with you, documentation of transactions, orders, and other agreements, as well as quality control through appropriate documentation, goodwill procedures, business process management, and optimization measures. This also includes fulfilling general due diligence obligations, risk management, reporting, internal and external communication, emergency management, billing, tax assessment of business services, legal claims assertion, and defense in legal disputes; ensuring IT security (e.g., system or plausibility tests), general security measures (e.g., building security, access control), ensuring data integrity, authenticity, and availability, preventing and investigating crimes; control by supervisory bodies or audit committees (e.g., internal audit).
2.2 Purposes Based on Legitimate Interests of Ours or Third Parties (Article 6 (1) f GDPR)
Beyond fulfilling the contract or pre-contract, we may process your data if necessary to safeguard legitimate interests of ours or third parties, particularly for the following purposes:
• Advertising or market and opinion research, provided you have not objected to the use of your data;
• Obtaining information and exchanging data with credit agencies, as long as this goes beyond our economic risk;
• Testing and optimizing demand analysis procedures;
• Developing services and products as well as existing systems and processes;
• Disclosure of personal data during due diligence in business sales negotiations;
• Matching with European and international anti-terrorism lists, if beyond legal obligations;
• Enriching our data, e.g., by using publicly available data;
• Statistical analysis or market analysis;
• Benchmarking;
• Assertion of legal claims and defense in legal disputes unrelated to the contractual relationship;
• Restricted data storage, if deletion is not possible or would involve disproportionate effort due to the nature of the storage;
• Development of scoring systems or automated decision-making processes;
• Prevention and investigation of crimes, if not solely to fulfill legal obligations;
• Building and facility security (e.g., through access controls and video surveillance), going beyond general due diligence obligations;
• Internal and external investigations, security checks;
• Possible recording of telephone conversations for quality control and training purposes;
• Obtaining and maintaining private or public certifications;
• Ensuring and enforcing house rights through appropriate measures, including video surveillance to protect our customers and employees, and to secure evidence of crimes and their prevention.
2.3 Purposes Based on Your Consent (Article 6 (1) a GDPR)
Processing of your personal data for specific purposes (e.g., using your email address for marketing purposes) may also occur based on your consent. Generally, you can revoke this consent at any time. You will be separately informed about the purposes and the consequences of revoking or not granting consent in the respective consent text.
In principle, the revocation of consent takes effect only for the future. Processes carried out before the revocation remain unaffected and lawful.
2.4 Purposes for Compliance with Legal Obligations (Article 6 (1) c GDPR) or in the Public Interest (Article 6 (1) e GDPR)
Like anyone participating in economic activity, we are subject to a variety of legal obligations. These are primarily legal requirements (e.g., commercial and tax laws) but may also include regulatory or other governmental requirements. Purposes for processing may include identity and age verification, fraud and money laundering prevention, combating terrorism financing and asset endangering crimes, matching with European and international anti-terrorism lists, fulfilling tax-related control and reporting obligations, archiving data for data protection and security purposes, as well as audits by tax and other authorities. Additionally, disclosure of personal data may be required as part of governmental or judicial measures for evidence collection, criminal prosecution, or enforcement of civil claims.
3 Categories of Data We Process and Their Source
As far as necessary for providing our services, we process personal data lawfully obtained from other companies or third parties (e.g., credit agencies, address publishers). We also process personal data that we have lawfully extracted, received, or acquired from publicly available sources (such as telephone directories, commercial and association registers, registration registers, debtor directories, land registers, press, internet, and other media).
Relevant personal data categories may include:
• Personal data (name, birthdate, birthplace, nationality, marital status, profession/industry, and similar data)
• Contact information (address, email address, phone number, and similar data)
• Address data (registration data and similar data)
• Payment/coverage confirmation from banks and credit cards
• Information about your financial situation (credit data including scoring, i.e., data for assessing economic risk)
• Customer history
• Data about your use of the telemedia services we offer (e.g., time of visiting our websites, apps, or newsletters, pages/links clicked, and similar data)
• Video data
4 Recipients or Categories of Recipients of Your Data
Within our organization, those internal departments or organizational units that require your data to fulfill our contractual and legal obligations or to process and implement our legitimate interest will receive your data. Your data will only be shared with external parties in the following cases:
• In connection with contract execution;
• For the purpose of fulfilling legal requirements, where we are obligated to disclose, report, or share data, or where data sharing is in the public interest (see Section 2.4);
• Where external service providers process data on our behalf as processors or function providers (e.g., external data centers, support/maintenance of IT systems, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility checks, data destruction, procurement, customer management, mail services, marketing, media technology, research, risk controlling, billing, telecommunications, website management, auditing services, credit institutions, printing companies, or waste disposal companies, courier services, logistics);
• Due to our legitimate interest or the legitimate interest of a third party for the purposes outlined in Section 2.2 (e.g., authorities, credit agencies, collection agencies, lawyers, courts, experts, affiliated companies, and supervisory bodies);
• If you have given us consent to transmit the data to third parties.
We will not share your data with third parties beyond the above. If we engage service providers as part of a processing contract, your data will be subject to the same security standards as our own. In other cases, recipients may only use the data for the purposes for which it was transmitted.
5 Duration of Data Storage
We process and store your data for the duration of our business relationship. This includes the initiation of a contract (pre-contractual relationship) and the execution of a contract. In addition, we are subject to various retention and documentation obligations, which arise from the Commercial Code (HGB) and the Tax Code (AO). The prescribed retention and documentation periods can extend up to ten years beyond the end of the business relationship or pre-contractual relationship. Furthermore, specific legal regulations may require a longer retention period, such as the preservation of evidence in accordance with statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may apply. When the data is no longer required to fulfill contractual or legal obligations and rights, it will regularly be deleted unless its limited reprocessing is required to fulfill the purposes listed in Section 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest exists, for example, if deletion is not possible due to the specific nature of the storage, or would only be possible with disproportionate effort, and processing for other purposes is excluded by appropriate technical and organizational measures.
6 Processing of Your Data in a Third Country or by an International Organization
Data may be transferred to entities in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if necessary for the performance of a contract with you, if required by law (e.g., tax reporting obligations), if it is in our or a third party’s legitimate interest, or if you have given us consent. The processing of your data in a third country may also occur in connection with the involvement of service providers within the scope of a processing agreement. If the relevant country has not been recognized by the EU Commission as having an adequate level of data protection, we ensure that your rights and freedoms are adequately protected and guaranteed through corresponding contracts in accordance with EU data protection provisions. Detailed information will be provided upon request.
Information about suitable or appropriate safeguards and the possibility of obtaining a copy can be requested from the Data Protection Officer.
7 Your Data Protection Rights
Under certain conditions, you can assert your data protection rights against us.
You have the right to obtain information about your data stored with us in accordance with Art. 15 GDPR (possibly with restrictions under § 34 BDSG).
Upon your request, we will correct the data we have stored about you under Art. 16 GDPR if it is incorrect or faulty.
If you wish, we will delete your data under the principles of Art. 17 GDPR, unless other legal regulations (e.g., legal retention obligations or the restrictions under § 35 BDSG) or an overriding interest on our part (e.g., to defend our rights and claims) prevent this.
Considering the conditions of Art. 18 GDPR, you may request that we restrict the processing of your data.
Furthermore, you can object to the processing of your data under Art. 21 GDPR, in which case we must stop processing your data. However, this right to object applies only in the presence of specific circumstances related to your personal situation, and the rights of our organization may contradict your right to object.
You also have the right to receive your data in a structured, commonly used, and machine-readable format under the conditions of Art. 20 GDPR or to transmit it to a third party.
In addition, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future (see Section 2.3).
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you first address any complaints to our Data Protection Officer.
Your requests to exercise your rights should, if possible, be made in writing to the address provided above or directly to our Data Protection Officer.
8 Scope of Your Obligation to Provide Your Data
You only need to provide the data necessary to initiate and conduct a business relationship or for a pre-contractual relationship with us, or that we are legally required to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also apply to data required later in the course of the business relationship. If we request additional data, you will be separately informed that the provision of this data is voluntary.
9 Existence of Automated Decision-Making in Individual Cases (Including Profiling)
We do not use purely automated decision-making processes according to Article 22 GDPR. If we were to use such a process in the future in individual cases, we will inform you accordingly, if required by law. In some cases, we may process your data to assess certain personal aspects (profiling). To provide you with targeted information about products, we may use evaluation tools. These tools allow for needs-based product design, communication, and advertising, including market and opinion research. Such processes may also be used to assess your creditworthiness and to combat money laundering and fraud. Credit scoring models may be used to assess the likelihood of a customer meeting their contractual payment obligations. Such scoring models help us assess creditworthiness, decision-making in product contracts, and risk management. The calculation is based on mathematically and statistically recognized and proven methods and is based on your data, such as income, expenses, existing liabilities, profession, employer, length of employment, past business relationship experiences, proper repayment of previous loans, and information from credit agencies. Nationality and special categories of personal data under Article 9 GDPR are not processed in this context.
Information about Your Right to Object under Art. 21 GDPR
1. You have the right to object at any time to the processing of your data based on Art. 6 para. 1 f GDPR (processing based on a balancing of interests) or Art. 6 para. 1 e GDPR (processing in the public interest) if there are reasons based on your particular situation. This also applies to profiling based on this provision as defined in Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
2. We may also process your personal data to conduct direct marketing. If you do not wish to receive such marketing, you have the right to object at any time; this also applies to profiling, to the extent it is linked to such direct marketing. We will respect your objection for the future. Your data will no longer be processed for direct marketing purposes if you object to the processing for these purposes. The objection can be made informally and should preferably be addressed to:
Suddenbrooks GmbH
Andreas Safar
Scheffelstr. 32
04277 Leipzig
Phone: +49 341 2474 1779
Email: andreas.safar@coffeehousemary.com
Our privacy policy and information regarding our data processing according to Articles 13, 14, and 21 GDPR may change from time to time. All changes will be published on this page. Older versions will be available for your review in an archive.
Part 2: Additional Information on Data Protection on Our Websites
This privacy policy applies to all websites managed by Suddenbrooks GmbH.
Data Collection and Processing When Accessing from the Internet
When you visit our websites, our web servers temporarily store each access in a log file. The following data is collected and stored until it is automatically deleted:
• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Amount of data transmitted
• Message indicating whether the retrieval was successful
• Identification data of the browser and operating system used
• Website from which the access was made
• Name of your internet service provider
The processing of this data takes place to enable the use of the website (establishing the connection), ensuring system security, managing the technical infrastructure, and optimizing the internet services. The IP address is only analyzed in cases of attacks on the network infrastructure of Suddenbrooks GmbH or for other data security reasons.
Use and Disclosure of Personal Data
Personal data is only collected if you provide it voluntarily. Any use of your personal data will only occur for the specified or legally permissible purposes and to the extent necessary to achieve these purposes. The personal data you provide via one of our websites (e.g., your name, address, or email address) will be processed for correspondence with you or for the purpose for which you provided the data (e.g., registration for a closed user area, delivery service, verification of login data, participation in sweepstakes, or sending requested informational material). Additionally, we will use this data to send occasional offers to inform you about new products and other services or promotions that may interest you, only to the extent permitted by law or if you have given us your consent. We will always ask for your consent in the legally required scope beforehand. For example, with your consent, we will send you our email newsletter with interesting offers and promotions from our company and selected partners. Your name will be stored to address you personally in the newsletter. Before sending the newsletter, we will send a confirmation email to your provided email address, in which you must confirm your subscription by clicking on the included link. As part of the newsletter registration, we also store the time of your registration and confirmation to be able to prove proper registration of our newsletter recipients. You will be informed of your right to withdraw or object at any time. For this, please contact us at the contact email address or postal address provided below. In the case of newsletters, you can also click on the unsubscribe link included at the bottom of the newsletter. The transmission of personal data to government institutions and authorities only occurs in the context of legal requirements or when the transfer is necessary for legal or criminal prosecution in the event of attacks on our network infrastructure.
Disclaimer and Links to Third-Party Websites
Suddenbrooks GmbH strives to provide current and correct content on this website. However, despite maximum care, Suddenbrooks GmbH cannot guarantee the accuracy, timeliness, or completeness of this content. Liability claims against Suddenbrooks GmbH arising from the direct or indirect use of the website are generally excluded unless Suddenbrooks GmbH acted willfully or grossly negligently. Furthermore, Suddenbrooks GmbH reserves the right to make changes or additions to the information provided without prior notice. The links to third-party websites are carefully selected and reviewed. However, Suddenbrooks GmbH has no influence on future changes to the linked websites. Suddenbrooks GmbH therefore accepts no liability for the content of websites operated by third parties to which it refers. The respective provider of the linked website is responsible and the point of contact for any violations. If Suddenbrooks GmbH subsequently becomes aware of the unlawfulness of the content, the respective link will be removed. To set a link on an external website to our website, explicit written permission from Suddenbrooks GmbH must always be obtained beforehand.
Cookies
We use the standard cookie banner provided by Wix.com to obtain your consent for the use of cookies and similar technologies. Through the cookie banner, you can decide whether to accept or reject the use of certain cookies. You can adjust your settings at any time by clicking on the cookie banner available on our website.
What types of cookies do we use?
Essential Cookies:
These cookies are necessary for our website to function properly. They cannot be disabled.
Marketing Cookies:
These cookies allow us and third parties to tailor content and advertisements to your interests.
Functional Cookies:
Functional cookies store your settings and preferences to provide you with a personalized and pleasant user experience.
Analytical Cookies:
These cookies help us analyze and understand how our website is used, enabling us to improve our services.
Managing your cookie settings:
You can adjust or revoke your cookie settings at any time via the cookie banner on our website. Additionally, you can disable cookies in your browser settings. Please note, however, that this may restrict the functionality of our website.
Third-party services and data sharing:
Some of the cookies used on our website are set by third-party providers such as Wix.com or other partners whose services we utilize. For more information about the cookies used by Wix, please refer to the Wix.com Privacy Policy.
Web Tracking via Google Analytics
This website uses Google Analytics, a web analytics service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses so-called “cookies,” text files that are stored on your computer and allow an analysis of your website usage. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, by activating IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website usage and internet use to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.
Google Maps
This site uses the Google Maps service. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. To use the features of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. When Google Maps is activated, Google may use Google Web Fonts to display fonts uniformly. When you visit Google Maps, your browser loads the necessary web fonts into its browser cache to display texts and fonts correctly. The use of Google Maps is in the interest of presenting our online offerings attractively and for easy location of the places we list on the website. This constitutes a legitimate interest under Art. 6 para. 1 lit. f GDPR. If consent was requested, the processing will occur solely on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. For more information on how user data is handled, see Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Security
Suddenbrooks GmbH uses appropriate technical and organizational security measures to protect the personal data we manage from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved according to technological developments. If you wish to contact us by email, we point out that the content of unencrypted emails can be accessed by third parties. We recommend sending confidential information either encrypted or by postal mail.
Validity and Currency
Due to the development of our website or the implementation of new technologies, it may become necessary to change this privacy policy. Suddenbrooks GmbH reserves the right to change the privacy policy at any time, with effect for the future. We recommend that you read the current privacy policy from time to time.
Copyright
All content on this website, including text, images, graphics, layouts, audio, video, and animation files, is subject to copyright and other intellectual property protection laws. It may not be copied, altered, or used for commercial purposes or distribution on other websites. Should you still wish to use any of this content, explicit prior written consent from Suddenbrooks GmbH is required. Any violation may result in criminal or civil legal consequences.
Date: 19.09.2024