Data Protection Declaration

Data Protection Declaration

We are very pleased about your interest in our association. Data protection is of particular importance for the management of the Bundesverband Naturkost Naturwaren (BNN) e.V (Federal Association of Natural Foods / Natural Products), a registered association (hereinafter referred to as BNN). A use of the internet pages of the BNN is basically possible without any indication of personal data. However, if an affected person wishes to use our association's special services via our website, personal data processing may be required. If the processing of personal data is required and there is no legal basis for such processing, we generally seek the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always in accordance with the General Data Protection Regulation (EU-GDPR) and in accordance with the country-specific data protection provisions applicable to the BNN. By means of this privacy policy, our association wishes to inform the public about the nature, extent and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed of their rights under this privacy policy.

The BNN, as the controller, has implemented numerous technical and organisational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps so that absolute protection can not be guaranteed. For this reason, every person concerned is free to submit personal data to us in alternative ways, for example by telephone.

1. Name and contact details of the responsible controller

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions of a data protection character is:
Federal Association of Natural Foods Natural Products (BNN), registered association

Office:
Michaelkirchstr. 17-18
Staircase C
D-10179 Berlin
Tel. +49 (0) 30/847 12 24-44
Fax +49 (0) 30/847 12 24-40
E-Mail: info | at | n-bnn.de

2. Contact details of the data protection officer

The data protection officer of the controller of the Federal Association of Natural Food Natural Products (BNN) e.V. is reachable  under the address as mentioned above, or under the e-mail: datenschutz | at | n-bnn.de.

3. Cookies

The internet pages of the BNN (https://n-bnn.de/en) use cookies. Cookies are small text files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies are not viruses, Trojans or other malicious software.
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. In the cookie information is stored, each resulting in connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity.
By using cookies, BNN can provide users of this website with more user-friendly services that would not be possible without cookies. On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our page. By means of a cookie, the information and offers on our web pages can be optimized in the sense of the user. Temporary cookies allow us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies need not reenter their credentials each time they visit the website, as this is done by the website and the cookie stored on the user's computer system. The data processed by cookies are required for the purposes mentioned in order to safeguard our legitimate interests as well as third parties according to Art. 6 para. 1 sentence 1 lit. f GDPR.
The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Furthermore, cookies already set can be transferred at any time. The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
When you visit our website, you will see a banner at the top where you can agree to the use of cookies.

4. Collecting general data and information

 The website of the BNN collects a series of general data and information each time the website is accessed by an affected person or an automated system. This general data and information is stored in the log files of the server. The data that can be gathered are (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the internet page from which an accessing system accesses our website (so-called referrers), (4) the sub-web pages which are accessed via an accessing system on our website (5) the date and time of access to a website page, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used in the event of attacks on our information technology systems.
When using this general data and information, the BNN does not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the contents of our website, (2) to optimize the content of our website as well as its advertisements, (3) to ensure the continued functioning of our information technology systems and the technology of our website, and ( 4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack. This anonymously collected data and information is therefore statistically and further evaluated by the BNN with the aim of increasing data protection and data security in our association, in order to ultimately ensure the best possible level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.

5. Registration on our website

The data subject has the possibility to register on the website of the data controller by providing personal data. Which personal data are sent to the controller is derived from the respective input mask used for the registration by the data subject. The personal data entered by the data subject will be collected and stored solely for internal use by the responsible controller and for his own purposes. The responsible controller may arrange for the transfer to one or more third party processors, such as a parcel service, who also uses the personal data only for internal use attributable to the responsible controller.
By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) of the data subject, the date and time of registration are also stored. The storage of this data takes place against the background that only so the misuse of our services can be prevented, and these data, in case of need, make it possible to clarify committed offenses. In this respect, the storage of this data is required to secure the responsible controller. A disclosure of these data to third parties is in principle not taking place, unless there is a legal obligation to pass them on or to disclose them for law enforcement reasons.
By registering the data subject voluntarily providing personal data, the data controller is meant to provide the data subject with content or services that, due to the nature of the case, can only be offered to registered users. Registered persons are free to modify or to delete at any time the personal data given at registration completely from the database of the data controller.

6. Subscription to our press releases / special newsletter

 On the BNN website, users are given the opportunity to subscribe to press releases and / or special newsletters of our company. If, pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR they have expressly consented, the BNN uses personal data to send users irregular press releases or special newsletters. Which personal data are transmitted to the data controller when ordering the press releases or the special newsletters results from the input mask used for this purpose.
The BNN informs at irregular intervals by means of a press release or a special newsletter about offers or updates of the association. If, pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR they have expressly consented, the BNN uses personal data to regularly send users a press release or a special newsletter. In principle, the two services of our association can only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject is registered for dispatch. For legal reasons, a confirmation e-mail will be sent at the first application to the e-mail address registered by a data subject in a double-opt-in procedure. This confirmation email serves to check whether the owner of the e-mail address is the person concerned who authorised the receipt of the press release / newsletter.
When registering, we also store the IP address assigned by the Internet Service Provider (ISP) of the computer system used by the data subject at the time of registration and the date and time of registration. The collection of these data is necessary in order to understand the (possible) misuse of an affected person's e-mail address at a later date and therefore serves as legal safeguards for the controller.
The personal data collected as part of a subscription to the newsletter will only be used to send the press release or our newsletter. In addition, subscribers may be notified by e-mail if this is necessary for the operation of the service or registration, as might be the case in the event of changes to the offer or technical changes. The subscription can be terminated at any time by the data subject. The consent to the storage of personal data that the data subject has given us for the sending can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in every press release / newsletter. Furthermore, it is also possible to deregister for dispatch at any time directly on the controller's website, or to inform the controller in a different way.

7. Newsletter tracking

The newsletters of the BNN contain so-called counting pixels. A counting pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded pixel, the BNN can detect if and when an e-mail was opened by an affected person and which links in the e-mail were called by the person concerned.
Such personal data collected via the counting pixels contained in the newsletters are stored and evaluated by the controller in order to optimize the delivery of the newsletter and to even better adapt the content of future newsletters to the interests of the data subject. Affected persons are at any time entitled to revoke the separate declaration of consent made via the double-opt-in procedure. After revocation, these personal data are deleted by the controller. A deregistration from the receipt of the newsletter indicates the BNN automatically as a revocation.
Newsletter2Go is used as newsletter software. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and using it for purposes other than sending newsletters. Newsletter2Go is a German, certified provider, which was selected according to the requirements of the German Federal Data Protection Act. More information can be found here.

8. Contact via the website

Due to legal regulations, the BNN website contains information that allows you to contact our company quickly and to communicate with us directly, which also includes a general address of the so-called electronic mail (e-mail address).
If an affected person contacts the data controller by e-mail or through a contact form, the personal data provided by the data subject will be automatically saved. Such data pursuant to Art. 6 para. 1 sentence 1 lit. A GDPR, submitted on a voluntary basis by a data subject to the data controller, will be stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.

9. Rights of the data subject

a) Right to confirmation
Each data subject has, pursuant to Art. 15 GDPR, the right granted by the European directive and regulatory authority to require the controller to confirm whether personal data relating to him / her are being processed. If an affected person wishes to make use of this confirmation right, they can contact our data protection officer or another employee of the controller at any time.

b) Right of access to information
Each person concerned by the processing of personal data has, pursuant to Article 15 of the GDPR, the right granted by the European directives and regulations to obtain at any time free information from the controller about the personal data stored about him and a copy of that information.
In particular, you can obtain information on the processing purposes, the category of personal data, the categories of recipients to whom your data are or have been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of the right to complain, the source of the data, if not collected from us, and the existence of automated decision-making, including profiling and, where appropriate, meaningful information about their details.  If an affected person wishes to exercise this right to information, they can contact our data protection officer or another employee of the controller at any time.

c) Right of rectification

Any person affected by the processing of personal data has the right granted under the Art. 16 GDPR of the European directives and regulations to demand the immediate correction of any incorrect personal data stored in it, or request their completion. If an affected person wishes to exercise this right of rectification, they can contact our data protection officer or another member of the data controller at any time.

b) Right of information

Each person concerned by the processing of personal data has, pursuant to Article 15 of the GDPR, the right granted by the European Directives and Regulations to obtain at any time free information from the controller about the personal data stored about him as well as to obtain a copy of that information.
In particular, you can obtain information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of the right to appeal, the source of their data, if not collected from us, and the existence of automated decision-making, including profiling and, where appropriate, meaningful information about their details.
If an affected person wishes to exercise this right to information, they can contact our data protection officer or another employee responsible for the processing of the data at any time.

c) Right to rectification

Any person affected by the processing of personal data has the right granted under the Art. 16 GDPR of the European directives and regulations to demand the immediate correction of any incorrect personal data stored in it, or request their completion. If an affected person wishes to exercise this right of rectification, they can contact our data protection officer or another employee responsible for the processing of the data at any time.

d) Right to cancellation (right to be forgotten)

Any person affected by the processing of personal data has the right granted under Art. 17 GDPR of the European directives and regulations, to demand from the controller that the personal data concerning him / her be deleted immediately, provided the processing does not lead to the exercise of the right of freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims.
If one of the reasons listed above is applicable and an affected person wishes to arrange for the deletion of personal data stored at BNN, they may, at any time, contact our data protection officer or another employee responsible for the processing of the data at any time. The data protection officer of the BNN or another employee responsible for the processing of the data will arrange that the request for deletion be fulfilled immediately.

e) Right to restriction of processing

Any person affected by the processing of personal data has the right granted by the European directives and regulations under Article 18 of the GDPR, to demand that the controller restrict the processing, as far as the accuracy of the data is disputed by him that processing is inaccurate, the person concerned refuses to delete them and the BNN no longer needs the data, but the data subject needs them to assert, exercise or defend legal claims or has lodged an objection against the processing pursuant to Art. 21 DS-GDPR.
If one of the above conditions is met and an affected person wishes to request the restriction of personal data stored by BNN, they may at any time contact our data protection officer or another employee responsible for the processing of the data at any time. The data protection officer of the BNN or another employee responsible for the processing of the data will initiate the restriction of the processing.

f) Data portability

Each person concerned by the processing of personal data has, in accordance with Article 20 of the GDPR, the right granted by the European directives and regulations concerning personal data relating to the data subject, provided to a controller in a structured way, to obtain these data in a common and machine-readable format, or to request the transfer to another person in charge. In order to assert the right to data portability, the data subject may at any time contact the Data Protection Officer or another employee appointed by the BNN.

g) Right of appeal

Any person affected by the processing of personal data has, in accordance with Article 21 of the GDPR, the right granted by the European directives and regulations to file an appeal at any time, for reasons arising from their particular situation which violate the processing of personal data held pursuant to Art. 21 GDPR 6 (1) (e) or (f) DGPR. This also applies to profiling based on these provisions.
In order to exercise the right of appeal, the data subject may contact the data protection officer of the BNN or another member of staff directly. A written notification is sufficient. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, to exercise his right of opposition by means of automated procedures using technical specifications.

h) Automated decisions in individual cases including profiling

Any person affected by the processing of personal data has the right, in accordance with Article 22 of the GDPR Regulation, the right granted by the European directives and regulations not to be subjected only to a decision based on automated processing solely, including profiling, which has legal effect on it, or similarly affect them significantly. If the data subject wishes to enforce rights related to automated decision-making, they may contact our data protection officer or other responsible employees at any time.

i) Right to revoke a data protection consent

Each person affected by the processing of personal data has, pursuant to Article 7 para 3 of the GDPR, the right granted by the European directive and regulatory authority to revoke a once given consent to the processing of personal data at any time.
If the data subject wishes to assert their right to withdraw a once given consent, they may at any time contact our data protection officer or another responsible employee.

j) Right to appeal

Every person affected by the processing of personal data has, in accordance with Art. 77 GDPR, the right granted by the European directive and regulatory authority to appeal to a supervisory authority.

As a rule, you can contact the supervisory authority of your usual place of residence or work or our registered office. The supervisory authority responsible for the BNN can be found in paragraph 20.

10. Data protection in applications, and in the application process.

The controller collects and processes the personal data of applicants for the purpose of the application procedure. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. When the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate by the controller, the application documents will be automatically deleted two months after the announcement of the rejection decision, unless deletion precludes other legitimate interests of the controller. Other legitimate interests in this sense may be, for example, a burden of proof in a procedure under the German General Equal Treatment Act (AGG).

11. Privacy Policy for application and use of Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network. A social network is an Internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in virtual space. A social network can serve as a platform to exchange views and experiences, or allows the Internet community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos and socialize via friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. When an affected person lives outside the US or Canada, the legal entity for the processing of personal data are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. The data policy published by Facebook, which is available at https://www.facebook.com/policy.php, provides information on the collection, processing and use of personal data by

12. Privacy Policy for the use and application of Google Analytics (with anonymisation function)

 The controller has integrated on this website the component Google Analytics (with anonymisation function). Google Analytics is a web analytics service. Web analysis is the elicitation, collection and analysis of data concerning the behavior of visitors to websites. Among other things, a web analysis service collects data on which website an affected person has come to a website (so-called referrers), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. A web analysis is mainly used to optimize a website and cost-benefit analysis of Internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition "_gat._anonymizeIp" for web analytics via Google Analytics. By means of this addendum, the IP address of the Internet access of the data subject will be shortened and anonymised by Google if the access to our website is from a Member State of the European Union or from another state party under the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website.
Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are, has already been explained above. By using this cookie Google is enabled to analyse the usage of our website. Each time one of the pages of this website is accessed by the controller and a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. As part of this technical process, Google will be aware of personal data, such as the IP address of the person concerned, which serve, among other things, Google to track the origin of the visitors and clicks, and subsequently make commission settlements possible.
The cookie stores personally identifiable information, such as access time, the location from which access was made, and the frequency of site visits by the data subject. Each time you visit our website, your personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.
The affected person can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics on the computer system of the affected person can be deleted at any time via the Internet browser or other software programs.
Furthermore, the data subject has the option of objecting to and preventing the collection of the data generated by Google Analytics for the use of this website and the processing of this data by Google. To do this, the person must download and install a browser add-on at https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a contradiction. If the data subject's information technology system is later deleted, formatted or reinstalled, the data subject must re-install the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.
Additional information and Google's privacy policy can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/en.html. Google Analytics is explained in more detail at https://marketingplatform.google.com/about/analytics/.

13. Legal basis of processing

Art. 6 I lit. A GDPR serves our association as the legal basis for processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill the terms of a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing shall be based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. In that case the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. This legal base is provided when processing operations are not covered by any of the above legal bases , when processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned prevail. Such processing operations are particularly allowed to us because they have been specifically mentioned by the European legislator. In that regard, it is considered that a legitimate interest could be assumed if the data subject is a customer of the controller (GDPR recital 47, second sentence).

14. Qualifying interests in the processing that are being pursued by the controller or a third party

Is the processing of personal data based on Article 6 I lit. f GDPR, is our legitimate interest in conducting our business for the benefit of all of our employees and our shareholders.

15. Duration for which the personal data is stored

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of the storage or, as the case may be, by the European directives or regulations or by any other legislator in laws or regulations which the controller was provided for.
The criterion for the duration of the storage of personal data is the particular purpose for which the personal data was collected or processed. The personal data are routinely deleted if they are no longer required for contract fulfillment or contract initiation. Exceptionally, this does not apply if the processing of personal data is required to fulfill an obligation under German law or EU law (pursuant to Art. 17 para. 3 lit. b GDPR), or BNN is committed, due to tax or commercial law requirements, to longer storage, or if the data subject has consented to an additional storage. Personal information means all information that is used to identify the data subject and which can be traced back to him - such as name, address, e-mail address and telephone number.

16. Legal or contractual provisions for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; Possible consequences of non-provision

We clarify that the provision of personal information is in part required by law (such as tax regulations) or may also result from contractual arrangements (such as details of the contractor). Occasionally it may be necessary for a contract to be concluded that an affected person provides us with personal data that must subsequently be processed by us. For example, the data subject is required to provide us with personal information when our association concludes a contract with him / her. Failure to provide the personal data would mean that the contract with the person concerned could not be concluded. Before the data subject provides personal data, the data subject can contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract, or is required for the conclusion of the contract, if there is a legal obligation to provide the personal data, and what would be the consequence of the failure to provide the personal data.

17. Existence of automated decision-making

As a responsible association we refrain from automatic decision-making.

18. Credit check

 Our association checks your credit standing in certain cases where there is a legitimate interest. For this purpose, we work together with the Creditreform Hamburg von Decken KG, Wandalenweg 8-10, 20097 Hamburg, from which we get the data needed. For this purpose, we will send your name and contact details to Creditreform. Further information on data processing at Creditreform can be found in the detailed information sheet "Creditreform Information acc. Art. 14 EU-GDPR (see Annex 1)” or at https://en.creditreform.de/eu-gdpr.html

19. Links

Despite careful content control, we assume no liability for the content of external links. The content of the linked pages are the sole responsibility of their operators.

20. Competent supervisory authority

Data protection supervisory authority Berlin
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
Visitors Entrance:
Puttkamerstr. 16-18
Tel .: +49 30 13889-0
Fax: +49 30 2155050
E-Mail: mailbox@datenschutz-berlin.de