Privacybeleid

1. Data Controller

The data controller for this website and the contest, as defined by data protection law, is fritz-kola GmbH, represented by its managing directors, Ludwigstr. 14, 20357 Hamburg, Tel.: +49 (0)40 219071690, Email: info@fritz-kola.de.

The contact information for our data protection officer is as follows:

Prof. Dr. Andre Döring, c/o Robin Data GmbH, Fritz-Haber-Straße 9, 06217 Merseburg, Tel.: +49 (0)3461 4798961, Email: datenschutz@robin-data.io.

2. Visiting Our Website

When you visit our website, the browser on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the file accessed
• Website from which the access originated (Referrer-URL)
• The browser you are using and, if applicable, your computer’s operating system, as well as the name of your Internet service provider

This data is processed in accordance with Article 6(1), first sentence, point (f) of the GDPR. The legitimate interest stems from ensuring the technical functionality of our website. The log files are deleted after 14 days.

3. Third-Party Websites

To the extent that we provide links to other websites on this site, our Privacy Policy does not apply to those sites. Please read the privacy policies posted on those sites. Since we have no control over them, we are not liable for the content or functionality of external websites. We also do not receive any data about you from third-party websites when you follow the links or enter data on the linked sites.

4. Cookies

This website uses cookies. Cookies do not harm your computer and do not contain viruses. Rather, they are small text files that are stored on your computer and saved by your browser.

On the one hand, they ensure the technical functionality of our website. On the other hand, they enable us to improve the user-friendliness, effectiveness, and security of our website and our services. To the extent that cookies serve the technical operation of the website and are essential for its technical operation, this constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Cookies that are not essential for the operation of the website are set only on the basis of your consent pursuant to Article 6(1)(a) of the GDPR.

For more information about the cookies we use, particularly regarding their retention periods, please refer to the Cookie Consent Manager, which you can access via this link:
https://fritz-kola-shop.com/#reopenBanner

We use the Cookie Consent Manager tool provided by Pandectes OÜ, Harju maakond, Kuusalu vald, Pudisoo küla, Männimäe/1, 74626, Estonia.

When you visit our website, a connection is established to Pandectes’ server. This requires the transfer of your IP address, referrer URL, and browser information.

This transfer is based on Article 6(1)(c) and (f) of the GDPR. The legitimate interest lies in maintaining technical functionality.

Further information on data protection at Pandectes can be found at the following link:
https://pandectes.io/privacy-policy/

5. Contacting Us

If you send us a message using the contact information provided on our website, we will process your contact information and any other personal data contained in the message in order to handle your inquiry.

The personal data we process may include:

• Title
• First and last name
• Address
• Phone or fax number
• Email address

This data is processed on the basis of your (implied) consent pursuant to Article 6(1)(a) of the GDPR. If the communication serves to initiate a business transaction, the processing is also based on Article 6(1), sentence 1, (b) of the GDPR.

The data will be deleted immediately after the matter has been resolved, unless the communication is necessary to defend against or assert claims, or must be retained due to tax law requirements. In this case, the data will be deleted after three years, beginning with the year following the year in which the communication took place, or after 10 years.

5.1 Contact Form and Contests via Jotform

We use the Jotform service provided by Jotform Inc. to make our contact form available and to conduct contests. When you use the contact form or enter a contest, we process the

personal data you enter. This includes, in particular:

  • Last Name
  • First Name
  • Email Address
  • Country
  • Reason for the inquiry
  • Your message, depending on the reason for your inquiry, as well as additional information such as:
    • Order number
    • Product
    • Best-by date (MHD)
    • ZIP code
    •  Operating mode

This processing is carried out to handle your inquiry or to conduct the sweepstakes and is based on Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

We select data centers in Germany for data storage. Since Jotform Inc. is headquartered in the U.S., access to personal data from the U.S. cannot be ruled out in individual cases. Jotform Inc. is certified under the EU-U.S. Data Privacy Framework (DPF). Therefore, a adequacy decision by the European Commission pursuant to Article 45 of the GDPR applies to data transfers to Jotform. A data processing agreement pursuant to Article 28 of the GDPR has been concluded with Jotform. Voluntary Newsletter Subscription You may voluntarily consent to receiving our newsletter via the contact form or as part of contests. This consent is voluntary and not a prerequisite for processing your inquiry or participating in the contest. If you provide your consent, your name and email address will be transmitted to our newsletter service provider, CleverReach. You will then receive an email as part of the double opt-in process. Your newsletter subscription will only take effect after you confirm this email. The legal basis for processing your data for the purpose of sending the newsletter is your consent pursuant to Article 6(1)(a) of the GDPR. You may revoke your consent at any time with future effect, for example, via the unsubscribe link included in every newsletter.

6. Store

In our store, we offer various services for purchase. When processing an order for a product, we process the following personal data from you:

• Email address
• First and last name
• Address
• Payment information
• Ordered items

We use the Shopify store platform provided by Shopify International Ltd., c/o Intertrust Ireland, 2nd Floor, 1–2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland. For more information on Shopify’s privacy policy, please visit the following link:
https://www.shopify.com/de/legal/privacy/app-users

To process your payment, your data will be transferred to PayPal (Europe) S.à r.l. et Cie, S.C.A. Further information on PayPal’s privacy policy can be found at the following link:
https://www.paypal.com/de/legalhub/privacy-full

Your personal data is processed for the purpose of contract fulfillment in accordance with Art. 6(1)(b) of the GDPR.

We store your data until the expiration of the general statute of limitations pursuant to §§ 195, 199 of the German Civil Code (BGB), i.e., until the end of the third year following the year in which the contract was concluded. Due to legal requirements under the German Commercial Code (HGB) and the German Fiscal Code (Abgabenordnung), we are obligated to retain data relevant for tax purposes for six or ten years, respectively. Upon expiration of the aforementioned periods, we will delete this data immediately.

Cancellation Feature

On our website, you have the option to cancel your contract using an electronic cancellation feature. When you use this feature, we process the personal data you enter, specifically:
• First and last name
• Email address
• Mailing address
• Order number, as well as order and delivery dates
• Additional details regarding the cancellation, if applicable

This processing is carried out for the purpose of receiving, processing, and documenting your cancellation, as well as to fulfill our legal obligations in connection with contract fulfillment. The legal basis for this is Article 6(1)(c) of the GDPR and Article 6(1)(b) of the GDPR. After submitting the form, you will receive an email confirming receipt of your cancellation.
To provide the cancellation function, we use the Shopify app “EU Cancellation Button” from 401layers UG (limited liability), Dorothea-Erxleben-Str. 1a, 40721 Hilden, Germany. In this context, personal data may be transferred to the app provider. The provider acts as a data processor and is contractually obligated to comply with applicable data protection regulations. Your data will be stored only for as long as necessary to process the withdrawal and to fulfill statutory retention obligations.

7. Customer Reviews

You have the option to review products purchased through our store. For this purpose, we use the judge.me app provided by Judge.me Ltd., c/o Buckworths, 2nd Floor, 1–3 Worship Street, London, England, EC2A 2AB.

When you submit a customer review, we send your first and last name, your email address, the order date, and the order number to judge.me to verify the validity of the review. This data is processed based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR. This interest consists in ensuring the authenticity of customer reviews.

Furthermore, the reviews you write can be viewed by other visitors to our store. In this context, your name, star rating, and the content of the review text—including any accompanying image—are processed. This data is processed solely on the basis of your (implied) consent pursuant to Article 6(1)(a) of the GDPR.

If you have also given your consent pursuant to Article 6(1)(a) of the GDPR, we will send your email address, order number, and order date to judge.me so that a request for you to submit a review can be sent to you.

We will delete your review if you withdraw your consent or request that we delete it.

For more information on data protection at judge.me, please visit the following link:
https://judge.me/privacy

8. Web Analytics & Tracking

8.1 Google Analytics

In order to tailor the design of our website to your needs and to continuously optimise it, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this context, pseudonymised user profiles are created and cookies (see section 4) are used. The following information about your use of this website is stored in the cookie:

  • App updates
  • Click path
  • Date and time of visit
  • Device information
  • Downloads
  • Flash version
  • Location information
  • IP address
  • JavaScript support
  • Pages visited
  • Purchasing activity
  • Referrer URL
  • Usage data
  • Widget interactions
  • Browser information

The information is used to analyse website usage, to compile reports on website activity, and to provide further services related to website and internet usage for the purposes of market research and the user-centred design of these web pages. This information may also be transferred to third parties where required by law or where third parties process this data on our behalf. Under no circumstances will your IP address be merged with other data held by Google. IP addresses are anonymised so that they cannot be linked to you (IP masking).

Further information on data protection in connection with Google Analytics can be found at the following link:

support.google.com/analytics/answer/6004245?hl=de.

The legal basis for the processing is your consent in accordance with Article 6(1)(a) of the GDPR.

Please note that it cannot be ruled out that the information collected may be transferred to servers operated by Google LLC in the USA.

It is not possible to trace the recorded user behaviour back to you as an individual. Consequently, no personal data is stored.

8.2 Microsoft Clarity

We also use Microsoft Clarity, a web analytics service provided by Microsoft Ireland Operations Limited.

In this context, pseudonymised usage profiles are created and cookies and similar technologies are used. In addition, so-called session replays and heatmaps are used to better understand user behaviour on our website.

In particular, the following information regarding your use of this website is processed:

  • Mouse movements and click behaviour
  • Scrolling behaviour
  • Pages visited and interactions (e.g. entries made as part of the promotion)
  • Date and time of the visit
  • Duration of visit
  • Device information (e.g. operating system, screen resolution)
  • Browser information
  • Referrer URL
  • Approximate location information
  • IP address (truncated/anonymised)

The information is used to analyse the use of the website and the promotion, to generate reports on website activity, and to gain insights into how to improve the user-friendliness and tailor the website to users’ needs.

Microsoft Clarity masks the data collected, so that any personal data entered is not recorded.

The legal basis for processing is your consent in accordance with Article 6(1)(a) of the GDPR.

The data collected may be transferred to Microsoft’s servers, including those in the USA, and processed there. Microsoft is certified under the EU-US Data Privacy Framework.

Further information on data protection at Microsoft Clarity can be found at:

privacy.microsoft.com/de-de/privacystatement

It is generally not possible to trace the recorded user behaviour back to you personally.

9. Data Subject Rights

You have the right:

• pursuant to Article 7(3) of the GDPR, to withdraw your consent at any time. As a result, we may no longer continue processing the data based on that consent in the future;

• to request information about your personal data processed by us in accordance with Article 15 of the GDPR. In particular, you may request information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of processing, or objection; the existence of a right to lodge a complaint; the origin of your data, if it was not collected by us; and the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details;

• pursuant to Article 16 of the GDPR, to request the immediate rectification of inaccurate personal data or the completion of your personal data stored by us;

• pursuant to Article 17 of the GDPR, to request the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims;

• to request the restriction of the processing of your personal data pursuant to Article 18 of the GDPR, provided that you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, and we no longer need the data but you require it to assert, exercise, or defend legal claims, or you have objected to the processing pursuant to Article 21 of the GDPR;

• pursuant to Article 20 of the GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller;

• to object to the processing of your personal data pursuant to Article 21 of the GDPR, provided that the processing is based on our legitimate interest and there are grounds for the objection arising from your particular situation;

• to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR. As a general rule, you may contact the supervisory authority at your usual place of residence, your place of work, or our company headquarters.

You may exercise the aforementioned rights by sending a request to the following email address:
datenschutz@robin-data.io