The following information aims to give you an overview of how we handle your data which we collect in connection with your visit to our website www.elb-milch.de de and the use of the functions and services offered there. We would also like to inform you about your data protection rights. The individual data processed and the way it is used depends on the services availed of in each case.
1. Controller responsible, article 4 (7) GDPR
The controller responsible for the processing of your data within the meaning of article 4 (7) of the General Data Protection Regulation (GDPR) is
Milchwerke "Mittelelbe" GmbH
Heerener Str. 49, 39576 Stendal
2. What are "personal data"?
Personal data are information about you that can be used to identify you, e.g. your name, address or telephone number. Information that does not allow conclusions to be drawn about a certain or identifiable person is not included.
3. Scope of data collection, processing and use
You can visit our website and call up all content without us collecting your personal data and without you having to provide personal data.
a) Contact by e-mail
If you contact us by e-mail, your e-mail including any personal data contained in it (such as name and address) will be stored on our incoming mail server. The e-mail will then be forwarded to the responsible contact person within our company.
b) How to find us
4. Purpose of processing and legal basis
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
a) For the fulfilment of contractual obligations (article 6 paragraph 1 b) GDPR)
Data is processed to enable us to provide our contractual services or to perform pre-contractual measures, which are carried out on request.
b) In the context of balancing interests (article 6 paragraph 1 f) GDPR)
In addition to use for the actual performance of the contract, it may be necessary to process your data in order to protect our legitimate interests or those of third parties, e.g.
- Ensuring the IT security of our system
c) Based on your consent (article 6 paragraph 1 a) GDPR)
We need your consent for certain purposes. We will only process your data if you have expressly consented to this. You can revoke your consent at any time. The revocation shall not affect the legality of the processing prior to receiving the revocation.
5. Recipient of the data
We will only forward your personal data to third parties in individual cases if we have informed you of this in advance and obtained your consent.
6. Transfer of data to third countries
We do not transfer any data to recipients based outside the EU and the EEA.
7. Length of storage
We will delete e-mail enquiries as soon as we have answered the enquiry and the reason for contacting us has been dealt with.
If you send us data needed to fulfil contractual and legal obligations, we will only store this data until the obligations have been fulfilled.
If the data are no longer needed for this, they will be regularly deleted. The data will not be deleted if
- They are subject to commercial and tax accounting retention obligations
- Data must be retained as proof of claims resulting from a contractual relationship within the regular period of limitation (3 years, section 195 of the German Civil Code (BGB)).
8. Data security
We take all appropriate technical and organisational measures to ensure the protection of your data.
9. Your data protection rights
As a "data subject" you have the right to information pursuant to article 15 GDPR, the right to rectification pursuant to article 16 GDPR, the right to deletion pursuant to article 17 GDPR, the right to restriction of processing pursuant to article 18 GDPR, the right to object to processing pursuant to article 21 GDPR and the right to data portability pursuant to article 20 GDPR. The restrictions according to sections 34 and 35 of the German Data Protection Act (BDSG) (as amended) apply to the right to information and the right to deletion. You also have the right to lodge a complaint with the responsible data protection authority (article 77 GDPR in conjunction with section 19 BDSG (as amended)).