Date: 16.05.2024

Privacy policy

In accordance with Art. 13 and 14 of the EU General Data Protection Regulation (EU-GDPR), this privacy policy contains information about the collection and processing of your personal data by us when you visit our website and when you submit an application to us as a prospective employee, and also about the cookies we use and other accesses to terminal devices in accordance with ePrivacy law. The controller for data processing is:

endori food GmbH & Co. KG

Industriestrasse 2

96135 Stegaurach

Telephone: +49 (0)951 917 975-0

Email: info@endori.de

We have appointed the following data protection officer for our company in Germany:

Stephan Eschenbacher
IT-Consulting & Service
Eckenstraße 50
90480 Nuremberg
Telephone: +49 (0)911 401 823
Email: datenschutz@endori.de

Overview:

  1. Website visitors
  2. Contact with us
  3. Participation in prize games
  4. Applicants
  5. Rights of data subjects
  6. Updates and changes

I. Website visitors

When you visit our website, we process your personal data and access your terminal device. Our website is hosted by CANCOM SE, Erika-Mann-Str. 69, D-80363 Munich (group headquarters), who we have engaged under data privacy laws.

1. Server and error logfiles

With each visit to our website, your browser transmits access data (so-called server logfiles or access logs) which we process to ensure system security. These logfiles record the following information:

  • Previously visited websites (if applicable, which search engine is used including keywords used);
  • Requested websites including number of loaded pages and most recently opened page before leaving the website;
  • Browser type and browser version;
  • Operating system used and type of device;
  • Date and time of access;
  • Length of stay;
  • IP address.

Temporary storage of this data is required for use of the website in order to allow successful delivery of the website. Further storage in protocol files (logfiles/logs) is carried out to ensure the website’s functionality and system security.
In addition, error logfiles are written where the page fails to load or cannot be navigated correctly. These logfiles record the data and time of the visit, the error type and the IP address. This information is required in order to be able to analyse and fix the error.
Such processing of data is also necessary for the purposes of our legitimate interests (Art. 6 (1)(f) EU-GDPR), the acquisition of data is imperative for the provision of our website for the stated reasons (§ 25 Abs. 1 TDDDG / (German) Teleservices Data Protection Act). Data shall be deleted as soon as it is no longer required for these purposes. In the provision of the website, this is the case when the current session is ended. Protocol files are stored for 90 days to ensure full system security and enable errors to be effectively analysed and fixed. The recording of data for the purpose of making the website available and storing data in logfiles is absolutely necessary for the operation of the website. As a result, the user shall not have the option to object to such processing.

2. Consent Management Tool ("cookie banner")

In order to manage the use of cookies and other tags by our website, we use the Consent Management Platform of Usercentrics GmbH, Munich. With this tool, we can inform you when you visit our website which tools we use, which of your data is processed and for what purposes. We will ask you there for your consent to use these tools, unless they are absolutely necessary for the operation of our website, and can record and store your selection and any changes that may be made to it on an ongoing basis and, if necessary, transfer it on to our cooperation partners.

We have integrated the usercentrics tool via the Google Tag Manager, a kind of organizational tool provided by Google Ireland Ltd, Dublin, which enables us, as the website operator, to organize the tools on our site and control their use. In particular, this enables us to ensure that certain tools are only activated if, after and as long as you have given your consent (and not revoked it).

Your selection on the banner, i.e. whether and if so to what extent you agree to the use of further tools or that you do not consent to this, is recorded and stored in a database for verification purposes and stored in local storage on the device used by you, in order to ensure this during your session and also thereafter during further visits to our website. For this purpose, we collect and process the following information via usercentrics in addition to your consent decision (yes / no):

  • Device Information
  • Browser Information
  • Anonymized IP address
  • Opt-in and opt-out data
  • Date and time of the visits

For our verification purposes, this data is processed - in addition to being stored in the local storage of your terminal - in a database with location in the EU.

The use of this Consent Management Platform including the Google Tag Manager is necessary for us to comply with our legal obligations, to inform you about the use of the tools and to ask for your consent for all those tools that are not absolutely necessary, to collect, prove, keep and, if necessary, transfer the data to third parties. This is imperative in view of the legal requirements to be observed by us under data protection and ePrivacy law (§ 25 Abs. 1 TDDDG / (German) Teleservices Data Protection Act). We will retain your decisions for as long as they are valid and for more than three years thereafter, to be able to prove whether you have consented and/or revoked your consent. This is in our legitimate interest (legal basis: Art. 6 (1) f GDPR).

You can change your choice of which tools are used on our website at any time. To do so, click here to open the Consent Management Platform again and change your settings, e.g. to give further consent or to revoke consent you have given. These changes will be stored again in local storage on your device and will be recorded by us for verification purposes. Once you have agreed to the setting of cookies, they will not be deleted even if you revoke them. Instead, the execution of the underlying script is prevented, so we start one step ahead with the usercentrics-solution. This prevents the cookies from remaining active. They then no longer record any information and also no longer allow access to information from your device.

Since we cannot operate the site in a legally compliant manner without the use of usercentrics and Tag Manager, it is no longer possible to visit our site in the event of an objection. Both even if you do not give any consent or revoke all consent, as we necessarily rely on these tools to control the use of tools through our website, including the use of the Consent Management Platform. However, you can change your preferences directly with Google at: http://www.google.com/settings... or alternatively, you can disable the use of cookies for interest-based advertising through the Ad Network Initiative by following the instructions at https://thenai.org/opt-out/. However, you may then no longer be able to use our website in the same way.

You can find further information about data processing by usercentrics GmbH here: https://usercentrics.com/privacy-policy/

For more information about the data processing by Google, whose tag manager we use, please see here about the tag manager: https://www.google.com/intl/de... and here about data protection: https://policies.google.com/privacy?hl=en

3. Our cookies

When you visit our website, we use a cookie to store language recognition information (“i18n_redirected”) which allows us to make our website available to you with your selected language settings (legal basis: § 25 Abs. 1 TDDDG / (German) Teleservices Data Protection Act). The cookie stays in place for 12 months and is automatically deleted after this period.

If you wish to decline the use of cookies, you can block the use of cookies in your browser settings. Alternatively, visit the US site http://aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/ to change the use of cookies on your device. You will still be able to visit our website but may not be able to use it in the same way.

4. Google Analytics (with consent)

This website uses the usage analysis tool of the web analytics service Google Analytics, on this website and on the websites www.endori-professional.com and www.endori-shop.de. Google Analytics is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Analytics script is loaded each time the page is loaded. However, Google Analytics cookies will only be used on your end device and data collected and evaluated from this website and the two other websites with your consent.

Google Analytics uses so-called “cookies” for this reach analysis in the event of your consent. These are text files that are stored on your computer and allow your use of the website to be analysed. Google claims to store all data and information in the EU; however, support access from the USA cannot be ruled out.

Google Analytics cookies are only stored and these analysis tools are only used if you agree to this via our cookie banner (§ 25 Abs. 1 TDDDG / (German) Teleservices Data Protection Act; Art. 6 (1)(a), Art. 49 (1)(a) EU-GDPR). If data is transferred to the US, the EU-US Data Privacy Framework ensures an adequate level of data protection (adequacy decision of the EU-Commission) as Google is certified under the EU-US Data Privacy Framework. Specifically, the Google Analytics script is loaded each time the site is loaded. However, data pertaining to your use of the site will only be collected and disclosed to Google once you click “Agree”. If you click on “Decline”, a cookie will be stored on your end device preventing analysis by Google Analytics and the use of cookies by Google Analytics for future visits to our website (“opt-out cookies”). Even if you have clicked “Agree”, you may revoke your consent at any time using the link below.

IP anonymisation

Google only uses the IP address to derive location data and then deletes it immediately. According to its own information, this always takes place in a member state of the EU or the EEA. Google uses this information on behalf of the operator of this website to evaluate your use of the website, compile web activity reports and deliver other services pertaining to website and Internet use in relation to the website operator. The IP address transmitted from your browser as part of Google Analytics will not be matched with other Google data.

Browser plug-in

You can also prevent the storage of cookies through your browser settings. However, please note that this may result in you not being able to use all functions of this website to their full extent. You can also prevent the recording of data created by cookies and pertaining to your use of the website (incl. your IP address) at Google and the processing of such data by Google by downloading and installing the browser plug-in via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Revoking consent

You can prevent the recording of your data by Google Analytics and revoke any consent provided for the use of Google Analytics by clicking on the following link Change settings. This link leads to our Consent Management Platform where you can change your settings for the future.

Contract data processing

We have concluded a contract with Google on contract data processing and implement the strict provisions of the German data privacy authorities for the use of Google Analytics.

Duration of storage

Cookies used by Google remain on your end device even after you leave our website (for up to 2 years). The use of long-term cookies allows us to recognise you on your next visit to our website. This recognition is performed using cookies to optimise the content of our website. User and event-level data stored at Google which is linked to cookies, user recognition (e.g. user ID) or ad IDs (e.g. DoubleClick cookies, Android ad ID) will be anonymised or deleted after 14 months. You can find details on this at the following link: https://support.google.com/analytics/answer/7667196?hl=en

More information about the use of user data by Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

5. Personalised ads: Meta- (Facebook & Instagram), Pinterest and TikTok tracking pixels, Google Ads Remarketing (with consent)

With your consent, we use so-called pixels or tags from Facebook, Instagram, Pinterest, LinkedIn and TikTok as well as Google Ads Remarketing in our online content.

We use these pixels and Google Ads to show you ads esp. on Facebook, Instagram, Pinterest, LinkedIn and TikTok for our products after you have shown interest in by previously visiting our website. Our aim is to target our ads to such people who are interested in our products. To do so, we also use the services of Google Ireland Ltd. (Tag Manager, Remarketing, Analytics).

Meta Pixel: Facebook and Instagram

With your consent, we use the Meta pixel on the Facebook and Instagram social media platforms. Both of these are operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If you visit our website, the pixel sends hashed information to Meta for the Facebook and Instagram networks. This means that if you visit our website, give your consent and are a Facebook and/or Instagram user, the pixels will send the information that you visited our website and whether you performed certain actions (so-called events, e.g. searched for a recipe) together with a hashed version of your Facebook/Instagram ID to the relevant network. We use pixels exclusively for this website and do not link them with other websites. We also do not disclose any information about you, such as customer information, to Facebook.

We also use conversion information via the Meta pixel: This allows us to receive statistical information from Facebook on how many visitors on Facebook and Instagram visited our website through the ads placed there. This then allows us to better target our advertising on Facebook and Instagram to those who are actually interested in our products.

endori does not process any personal data for this purpose as it is not possible for us to allocate the hashed versions of your Facebook/Instagram ID to you as a person. This can only be done by Meta. We also do not receive any information on you such as your name, age etc.

Google Ads Remarketing

We use the remarketing technology of Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") This feature is used to present interest-based advertisements to visitors to our website of the online offering as part of the Google advertising network. To this end, so-called "cookies", text files, are stored on your end device which make it possible to recognise the visitor when calling up an online offer which belongs to the Google advertising network.

On these pages, the visitor can then be presented with advertisements relating to content that the visitor has previously called up on other online offers that use Google's remarketing function. According to its own statements, Google does not collect any personal data during this process. To the best of our knowledge, Google stores a small file containing a sequence of numbers in the browsers of visitors to the website. This number is used to record visits to the website and data on the use of the website.

LinkedIn Insight Tag

With your consent, we will set a LinkedIn insight tag that will allow to recognize you when you visit LinkedIn and to display targeted advertising from us there. LinkedIn members can control the use of their personal information for advertising purposes in their account settings. The LinkedIn insight tag further allows us to better understand the acceptance and success of our ads. Finally, we receive demographic information from your LinkedIn profile, if you maintain one, such as your job title, the industry you work in, or your employer.

For this purpose we will set pixels and LinkedIn will also set a unique LinkedIn browser cookie on the device you use. LinkedIn uses this cookie to collect the following data, which is not made available to us - we only receive analysis data from LinkedIn, but not information relating to you. LinkedIn collects the following information: Metadata such as IP address, timestamps and page events (e.g., page views), URL, referrer URL, IP address, device and browser information (user agent). The IP addresses are truncated or hashed. The direct identifiers are removed within seven days in order to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days.

Pinterest tag

With your consent, we also use the so-called Pinterest tag offered by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, to place personalised and targeted ads on the platform via our advertising account.

If you visit our website, the tag sends hashed information to Pinterest for use on its website and/or app. This means that if you visit our website, give your consent and are a Pinterest user, the tags will send the information that you visited our website and whether you performed certain actions (so-called events, e.g. searched for a recipe) together with a hashed version of your Pinterest ID to the network. We use tags exclusively for this website and do not link them with other websites. We also do not disclose any information about you, such as customer information, to Pinterest.

We also use conversion information via the Pinterest tag: This allows us to receive statistical information from Pinterest on how many visitors on Pinterest visited our website through the ads placed there. This then allows us to better target our advertising on Pinterest to those who are actually interested in our products.

TikTok Pixel

We use the TikTok pixel of the social media platform TikTok with your consent. This platform is operated under joint responsibility by TikTok Technology Limited, 10 Earlsfort Terrace, D02 T380, Co. Dublin, Dublin, D02t380, Ireland, and TikTok Information Technologies UK Limited, 1 London Wall, London, EC2Y 5EB, UK.

In the event of a visit to our website, the pixel sets cookies and transmits hashed information to TikTok. Specifically, this means: If you visit our website, have given us your consent and are a user of TikTok, the pixel transmits the information that you have visited our website and whether you have performed certain actions there (so-called events, such as searching for a recipe) together with a hashed version of your TikTok ID. We use the pixels solely for this website and do not link them to other websites, nor do we transmit any other information about you to TikTok, such as customer information.

We also use conversion information through the TikTok pixel: We receive statistical information from TikTok about how many visitors to TikTok have visited our website via our advertisements placed there, so that we can better target our campaigns on TikTok to the people who are actually interested in our products.

endori does not regularly process any personal data in this context, as it is not possible for us to assign the hashed version of your TikTok ID to you as a person; only TikTok can do this. We also do not receive any information about you, such as your name, age, etc.

Consent and revoking consent

Processing of the aforementioned personal data and use of pixels as well as Google Ads is permitted with your consent (§ 25 Abs. 1 TDDDG / (German) Teleservices Data Protection Act; Art. 6 (1)(a) EU-GDPR), which you can also give and revoke individually for each service and which is also obtained in accordance with ePrivacy law. You may prevent your data from being recorded and revoke any given consent to the aforementioned ad tracking by clicking the following link Change settings. This link leads to our Consent Management Platform where you can change your settings for the future.

To also prevent further data processing by Meta/Facebook, Pinterest and TikTok, use the following link and change your settings there:

https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fpreferences%2F%3Fentry_product%3Dad_settings_screen → Deactivate your Pinterest tag ad preferences: Check the box in your Pinterest account settings (https://www.pinterest.de/settings/privacy) next to “Use information from our partners to improve which recommendations and ads you see”.

In the TikTok app, click "Me/I" and go to the settings page. There, click the three dots in the upper right corner, then click Personalization and data, and then use the toggle. You can change this setting at any time.

Alternatively, you can delete your browser history or uncheck the option to show ads based on partner data under “Ad preferences” or “Personalized Ads on Pinterest” in your Facebook, Instagram and/or Pinterest account. These settings will be applied to all devices used with the corresponding Facebook/Instagram login (computer, smartphone etc.).

You can find more information on data processing by Facebook using so-called Custom Audiences, supported by the Facebook and Instagram pixels, directly from the responsible third-party provider:
Meta Platforms
Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; in particular in relation to the Facebook pixel under https://www.facebook.com/business/learn/facebook-ads-pixel and in relation to data privacy under https://de-de.facebook.com/privacy/explanation and under https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=368390626577968&bc[1]=285881641526716

Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, particularly under https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag. More information on the possibility to revoke consent on Pinterest can be found on the third-party provider’s website under: https://help.pinterest.com/de/article/personalized-ads-on-pinterest.

TikTok
Technology Limited, 10 Earlsfort Terrace, D02 T380, Co. Dublin, Dublin, D02t380, Ireland, jointly with TikTok Information Technologies UK Limited, 1 London Wall, London, EC2Y 5EB, UK, privacy policy https://www.tiktok.com/legal/privacy-policy-eea?lang=en

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, in particular under http://www.google.com/privacy/ads/.

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Policy: https://www.linkedin.com/legal/privacy-policy

In particular, as the parent companies are US companies (TikTok: China), information may also be transferred to the USA or China. In cases of possible transfers of data to US-servers, the EU-US Data Privacy Framework ensures an adequate level of data protection (adequacy decision of the EU-Commission) as far as providers are certified according to the referred framework. Information on the certification of individual providers can be found at: https://www.dataprivacyframework.gov/s/participant-search.

As far as providers are not yet certified, in the case of data transfer to China or in case of a data transfer to other third countries without an adequacy decisiona suitable level of data protection is enhanced by the use of standard contractual clauses issued by the EU-Commission. However, no adequate level of data protection may currently be ensured for the transfer of personal data to China or to non-certified providers in the US. Your data may be subject to access by authorities for control and monitoring purposes, against which neither effective legal remedies nor data subject rights can be enforced. Therefore, please only consent to the transfer of your data to third countries if you nevertheless agree to this (Art. 49 I 1 a GDPR).

Duration of storage

Pixels are only active for the duration of your visit to our website. Coookies set by the TikTok Pixel have a duratio of 13 months. We do not have any control over the duration for which Meta, Pinterest and TikTok process data transferred to them. We delete data in Google Ads Remarketing with revocation.

6. Google Maps (with confirmation)

This website uses the mapping service Google Maps via an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To ensure data protection on this website, Google Maps is deactivated when you enter this website. A direct connection to Google's servers will only be established if you activate Google Maps yourself: Before you click on "Confirm", the map is hidden. Only after you have clicked will the map become visible and data about your visit will be transmitted to Google (generally only your IP address, as we have excluded the transmission of the referrer URL in our referrer policy; however, we cannot rule out the possibility that Google may use your data for its own purposes). This prevents your data from being transferred to Google when you first enter the site.

In addition, we link to the third-party service of Google Maps in some places. If you click on these links, you will be redirected to the Google Maps website; as a rule, your IP address will then also be transmitted there, but not the information about which page you came from, as we have excluded this in our referrer policy.

We only actively use Google Maps after your click and thus with your consent (§ 25 Abs. 1 TDDDG / (German) Teleservices Data Protection Act; Art. 6 I 1 a, Art. 49 I 1 a EU-DSGVO). You can always revoke further processing for the future by deleting your browser history and the confirmation given is thus no longer noted.

Your IP address transmitted to Google in the event of consent is usually transmitted to a Google server in the USA and stored there. We have no influence on this data transfer after activating Google Maps. If data is transferred to the US, the EU-US Data Privacy Framework ensures an adequate level of data protection (adequacy decision of the EU-Commission) as Google is certified under the EU-US Data Privacy Framework.

More information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/en/policies/privacy/

7. Social media presence (with confirmation)

We use the social media platforms Facebook, YouTube, Instagram, Pinterest, LinkedIn and TikTok. We have created company pages on these platforms and we also provide links to these pages on our website using the corresponding icons.

Our presence on the social media platforms Facebook, YouTube, Instagram, Pinterest, LinkedIn and TikTok, as well as the links to these on our website, allow you to share our content with others or get in touch with us and discuss our products. Clicking on the relevant icon on our website or visiting our social media pages directly allows you to log in to the relevant platform using your account and interact with the relevant social media page.


Wherever we refer to our social media pages on our website, using icons for example, we always work with the 2-click solution. This means that your information, generally your IP address, is only transmitted to third-party providers when you click on the icon or the link. These icons and links otherwise remain “deactivated”. An information box will appear when you click on the corresponding icons or links leading to third-party pages.

Clicking on an icon will redirect you from our website to our corresponding social media page and your data will be transferred to this third-party provider, generally your IP address. Information pertaining to the site from which you came will not be disclosed based on our Referrer Policy. This also applies if you do not have an account with the relevant provider or are not logged in. If you have your own account, the provider will regularly link this information with your account. This is also possible even if you are not logged in.

TikTok collects certain data from users when they visit the platform, even if they use the TikTok app without an account. The data processed, according to TikTok, includes IP address, instance IDs (which allow them to determine which devices to deliver messages to), mobile carrier, time zone settings, identifiers for advertising purposes, and the version of the app being used, as well as data about the device being used to access the platform, such as the device model, device system, network type, device ID, screen resolution and operating system, audio settings, and connected audio devices. When users log in from multiple devices, TikTok can use the profile data to analyze activity across devices.

If you visit Facebook, we will possibly present you a Facebook leads ad from us there. If you click on it, you can register for our newsletter. We will explain the details under „newsletter“.
We have no control over what personal data is collected by this third-party provider and how it uses such data if you use the social media platforms. We are also not aware of how such data is processed.

Facebook usage statistics

We use usage statistics disclosed by Meta/Facebook and by TikTok (“Page Insights”) to continuously improve our presences there. This data is only collected by Facebook / TikTok and disclosed to us if you have your own account and visit our page. Facebook / TikTok and endori are joint controllers for such data processing. We have concluded an agreement with Facebook in this respect which governs in a transparent manner the distribution of duties (Art. 26 EU-GDPR; available to download at https://www.facebook.com/legal/terms/page_controller_addendum). An important aspect of this agreement is the stipulation that Facebook is primarily responsible for processing visitor data and fulfils all relevant EU-GDPR obligations pertaining to the processing of visitor data (including, but not limited to, fulfilling the rights of the data subject). We have also entered into a corresponding agreement with TikTok (Art. 26 EU GDPR; available at https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms) to define the respective responsibilities for compliance with the obligations under the GDPR with respect to joint processing. The essence of the agreement is that we are responsible for providing you with this information and TikTok is responsible for enabling the rights of data subjects under Articles 15-20 of the GDPR with respect to the personal data stored or otherwise processed by TikTok pursuant to the joint processing. We outline below where you can find further information on data processing by Facebook and TikTok.

Legal bases

Our social media pages, including links to them, allow you to receive even more attractive offers on other channels and communicate directly with these pages and their users. In turn, this enables us to make our website and its information more attractive and interesting for you. The use of social media is therefore in our legitimate interests (Art. 6 (1)(f) EU-GDPR). By actively clicking on the social media icons, you can decide whether your personal data is disclosed to the third-party providers. The evaluation of analyses disclosed to us by Meta/Facebook and TikTok (“Page Insights”) is also in our legitimate corporate interests (Art. 6 (1)(f) EU-GDPR). User data is provided via Facebook / TikTok in anonymised form.

Data processing by third-party providers

We have no control over what personal data is collected by these third-party providers and how they use such data. We are also not aware of how such data is processed. Please note that some of these providers are located outside of the EU and your data is therefore likely to be transmitted to third countries for which a suitable level of data privacy is not necessarily ensured. More information on the use of your data can be obtained from the relevant third-party providers:

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, privacy policy: https://de-de.facebook.com/about/privacy/, cookie information: https://de-de.facebook.com/policies/cookies

Here also Instagram, as well as: https://help.instagram.com/519522125107875?helpref=page_content

YouTube: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, privacy policy: https://policy.pinterest.com/de/privacy-policy

TikTok Technology Limited, 10 Earlsfort Terrace, D02 T380, Co. Dublin, Dublin, D02t380, Ireland, jointly with TikTok Information Technologies UK Limited, 1 London Wall, London, EC2Y 5EB, UK, privacy policy https://www.tiktok.com/legal/privacy-policy-eea?lang=en

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Policy: https://www.linkedin.com/legal/privacy-policy

In particular, as the parent companies are US companies (TikTok: China), information may also be transferred to the USA or China. In cases of possible transfers of data to the US, the EU-US Data Privacy Framework ensures an adequate level of data protection (adequacy decision of the EU-Commission) as far as providers are certified according to the referred framework. Information on the certification of individual providers can be found at: https://www.dataprivacyframework.gov/s/participant-search.

As far as providers are not yet certified, in the case of data transfer to China or to other third countries without a adequacy decision, a suitable level of data protection is enhanced by the use of standard contractual clauses issued by the EU-Commission. However, no adequate level of data protection may currently be ensured for the transfer of personal data to China or to non-certified providers in the USA. Your data may be subject to access by authorities for control and monitoring purposes, against which neither effective legal remedies nor data subject rights can be enforced. Therefore, please only consent to the transfer of your data to third countries if you nevertheless agree to this (Art. 49 I 1 a GDPR)

8. Online shop

You can access our online shop via our website. Please note this online shop is made available by a third-party provider and not endori. If you visit this online shop, your data will be disclosed to office direkt. Third-party provider information: office direkt Service-Center GmbH, In der Wässerscheid 49, 53424 Remagen, info@office-direkt.de

9. Newsletter

If you would like to receive the newsletter offered on our website and on Facebook in order to keep up to date with new products, you will be required to provide your email address. We need this so that we can send the newsletter.

Newsletter registration on our website

If you register on our website for our newsletter, we will ask you for your e-mail address and have it confirmed via a double opt-in.

We obtain your consent prior to sending the first newsletter (Art. 6 (1)(a) EU-GDPR). This consent can be revoked and you can unsubscribe from the newsletter at any time by clicking on “Unsubscribe” in the newsletter or sending an email to socialmedia@endori.de.

We verify your consent for signing up to our newsletter mailing list via a confirmation email sent to you (“double opt-in”). Only if you click on the link in this confirmation email you will receive future newsletters. We store your IP address and the time stamp when you register for the newletter for the first time and when you confirm your subscription to the newsletter via double opt-in so that we can track and prove your consent (this is in our legitimate interest, Art. 6 (1)(f) EU-GDPR). We store your data as long as you receive our newsletter and for three years after termination of the contractual relationship.

Newsletter registration via Facebook Lead Ads

You can also see ads from us on Facebook with the note that we would like to send you our newsletter with more information about our products (so-called Facebook Lead Ads). These are displayed on the platform operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If you click on them, regularly with the note "click here to register", you will be taken to a pre-filled mask. We link you via the ads in particular to our privacy policy here, so that you can inform yourself directly about data processing. If you want to, you can click on "submit" to register for our newsletter.

We thereby obtain your consent (legal basis: Art. 6 (1)(a) EU-GDPR). You can revoke this at any time and unsubscribe from the newsletter for the future by clicking on "unsubscribe" in the newsletters or by sending us an e-mail to socialmedia@endori.de.

We verify your consent via a confirmation e-mail to you ("double opt-in"). Only if you click on the link in this confirmation mail will you receive the newsletter in the future. We save your IP address and the time stamp when you register for the newletter for the first time and when you confirm your subscription to the newsletter via double opt-in so that we can track and prove your consent (this is in our legitimate interest, Art. 6 (1)(f) EU-GDPR). We store your data as long as you receive our newsletter and for three years after termination of the contractual relationship.

If you click on the confirmation link, we will transfer your e-mail address with the information from the double opt-in and that it was generated via Facebook Lead Ads to our newsletter database. In this case, the processing instructions as described below apply, especially to the integrated service provider Sendinblue.

The extent to which Meta/Facebook processes your data is beyond our influence and we do not know. Facebook processes your data based on the relationship between you and Facebook. Further information:

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Privacy Policy: https://de-de.facebook.com/about/privacy/, Cookie Notice: https://de-de.facebook.com/policies/cookies

Newsletter mailing

Irrespective of the way you have registered for our newsletter, we will use the data you provide us with for the newsletter subscription to send it to you, including the measurement of statistical values for our newsletter dispatch, i.e. whether the newsletter was successfully delivered, whether it was opened and whether articles from it were clicked on. In order to collect this information, a web beacon is integrated into the respective newsletter. This is an image file in the e-mail that your browser downloads when you open the e-mail. In the process, information is sent to us, addressed via your IP and e-mail address, as to whether the delivery was successful, the newsletter was opened and whether individual articles were clicked on.

For the technical processing of the newsletter, we use Sendinblue. This is a service provided by the external provider Sendinblue GmbH, Koepenicker Straße 126, 10179 Berlin. We have carefully selected this provider and engaged him under data privacy laws on the basis of a Data Processing Agreement, in compliance with the requirements of Art. 28 EU-GDPR. More information about data privacy at Sendinblue can be found at https://www.sendinblue.com/gdpr/ and at https://www.sendinblue.com/legal/privacypolicy/.

10. Promotions

From time to time we offer promotions, such as the creation of a veggie menu. In the course of this, we process the data requested from you in order to be able to carry out the actions. In each case, we ask for your consent (legal basis: Art. 6 I 1 a GDPR), which you can revoke at any time for the future by sending a message to our contact details provided at the beginning. You will then no longer be able to participate in the promotion. If you do not revoke your consent, your data will be deleted at the latest after the end of the promotion and expiry of statutory retention rights and obligations.

To carry out the promotions, we involve external service providers in a data protection-compliant manner, regularly as order processors, such as agencies or printers. To carry out our promotions, we also use the survey tool "Lamapoll", a service provided by Lamano GmbH & Co. KG, Berlin. For this purpose, we have concluded an order processing agreement with Lamano GmbH & Co. KG.

11. Data security

For security reasons and to protect the transfer of confidential information that you send to us as the site operator, we use effective encryption on our site (TLS 1.2, ECDHE_RSA with P-256, and AES_128_GCM). You can identify an encrypted connection through the address bar switching from “http://” to “https://” and the padlock symbol in the browser bar. If encryption is active, data you disclose to us cannot be read by third parties.

II. Contact with us

You can contact us via various channels, including telephone and email. You can find contact details on our website, including a link to our email address. Click on these hyperlinked email addresses (in the form of buttons) on our website to open them in your email program. You can then send us a message to the pre-populated email address. We have no control over the data processing carried out by the email program of your respective provider. We only create a link to your email program.

The information you disclose to us will only be processed by us for the purposes of processing your contact request. This information will not be disclosed to third parties unless this is required to process your request. We delete all personal data processed as part of our correspondence upon completing your request unless legal obligations or rights to preserve records require us to retain such data for a longer period of time.

This processing of information disclosed to us by you is completely in our legitimate interest (Art. 6 (1)(f) EU-GDPR). Depending on the request, data may be processed for the purposes of performing a contract (Art. 6 (1)(b) EU-GDPR) or complying with legal obligations (Art. 6 (1)(c) EU-GDPR).

III. Participation in prize games

If you would like to participate in one of our competitions, we collect personal data from you, regularly your first and last name and, if applicable, your address, e-mail address and/or telephone number, in order to be able to address and contact you. Without separate consent, we will process your personal data exclusively for the purpose of conducting the competition. Your data will not be transferred to third parties, unless this is absolutely necessary for the execution of the competition. The legal basis is the participation contract that comes into effect with your participation in the competition (Art. 6 I 1 b EU-GDPR). Your data will be deleted as soon as they are no longer required for the achievement of these purposes, i.e. upon termination of the competition and expiry of any further statutory retention obligations.

IV. Applicants

Any documents submitted or other personal data collected as part of the application process are protected as personal data under Art. 4 (1) of the EU General Data Protection Regulation (GDPR). We must hereby inform you of the details of such processing in accordance with Art. 13 GDPR.

Your personal data is processed by our company solely within the scope of data privacy provisions, particularly GDPR, the German Federal Data Protection Act (BDSG) and the Austrian Data Protection Act. Your personal data may only be collected, stored, processed or used in accordance with applicable data privacy laws (data processing, Art. 4 (2) GDPR) where this is explicitly permitted or prescribed by law or where you have explicitly consented to such (Art. 6, Art. 7 GDPR). Processing your personal data is permitted in particular where this is required for the decision pertaining to the establishment of an employment relationship or for the performance or termination of such once established (Section 26 (1) BDSG, Art. 6 (1)(b) GDPR). The same applies where the processing of data is required to preserve the controller’s legitimate interests for purposes other than the employment relationship, and where there is no reason to assume that your interest warranting protection in the exclusion of processing or use of this data as the data subject overrides that of the controller (Art. 6 (1)(f) GDPR).

1. Responsibility

The controller (Art. 4 (7) GDPR) for the processing of your personal data as part of the application process for applications in Germany is:

endori food GmbH & Co. KG
Industriestrasse 2
96135 Stegaurach

For all questions relating to data privacy, please contact our external data privacy officer in Germany directly using the contact details provided at the start.

2. Personal data and processing purposes

Application for an advertised position

We require customary and informative application documents from you which outline your profile and qualifications so that we can include you in the application process for a particular vacancy. In principle, we only use your application documents as part of the process to fill the position for which you explicitly applied. We will first direct your application documents to the relevant HR department, where they are evaluated. Our HR team in Germany is responsible for applications in Germany; our HR teams in both Germany and Austria are responsible for applications in Austria. Your application documents are then transferred to a software application obtained from Datev eG, Nuremberg. All data recorded using this software is stored on servers in Germany. This software grants access to your documents to HR staff members and to managers of the department for which the position was advertised. For applications relating to manager positions, management will also be included and will have access to your application documents. If the application process is taken further, your documents may also be printed out for further processing (in paper form). For informational purposes in this context, further personal data may be collected from you personally, from general professional sources or from former employers and teachers throughout the application process. The legal bases for such data processing are Art. 6 (1)(b) and (f) GDPR, Section 26 (1) BDSG. Should the application process not lead to employment, we will delete and destroy your applicant data as soon as a period of six months has elapsed after a definitive rejection by you or by our company. Printed documents (paper documents) will, however, be destroyed immediately following a definitive rejection.

Should the application process lead to employment, we will include your application documents in your HR file under Art. 6 (1)(b) GDPR and Section 26 (1) BDSG in order to provide information about your profile and qualifications for the purpose of performing your employment relationship. In this case, your application documents will only be deleted and destroyed once your employment relationship has ended and an additional three years have elapsed since the end of the year of termination. Data collected in connection with the application process in Austria may be retained for a longer period due to legal retention obligations and rights (particularly for tax reasons) in order to comply with these retention periods. In this case too, printed documents (paper documents) will be immediately destroyed upon completion of the application process.

Speculative applications

If you submit a speculative application that does not relate to any particular vacancy, we may refer to your application documents in our recruitment decisions on all potentially eligible positions. We will first direct your application documents to the relevant HR department (Germany for positions in Germany; Germany and Austria for positions in Austria) where they are evaluated. Your application documents are then transferred to a software application obtained from Datev eG, Nuremberg. All data recorded using this software is stored on servers in Germany. This software grants access to your documents to HR staff members and to managers of the departments for which your application could be of interest. For applications relating to manager positions, management will also be included and will have access to your application documents. If your application is taken further, your documents may in certain cases also be printed out for further processing (in paper form). In this case, we may also collect further personal data from you personally, from generally accessible sources or from former employers and teachers in order to obtain a deeper understanding of your profile and qualifications. The legal bases for such data processing are Art. 6 (1)(b) and (f) GDPR, Section 26 (1) BDSG. We will regularly delete and destroy your applicant data after expiry of a period of one year from receipt of your application. However, for all application processes for which your documents were referred to, your applicant data will not be deleted or destroyed before a period of six months has elapsed after definitive rejection by you or by our company. Printed documents (paper documents) will, however, be destroyed immediately following a definitive rejection.

Should the application process lead to employment, we will include your application documents in your HR file under Art. 6 (1)(b) GDPR and Section 26 (1) BDSG, where required, in order to provide information about your profile and qualifications for the purpose of performing the employment relationship. In this case, your application documents will only be deleted and destroyed once your employment relationship has ended and an additional three years have elapsed since the end of the year of termination. Data collected in connection with the application process in Austria may be retained for a longer period due to legal retention obligations and rights (particularly for tax reasons) in order to comply with these retention periods. In this case too, printed documents (paper documents) will be immediately destroyed upon completion of the application process.

3. Internal collaboration and collaboration with third-party companies

Our headquarters are located in Bamberg. If you apply for a position in our branch in Austria, your application documents will therefore usually be evaluated by the relevant colleagues in Germany as well. This transfer of data is inevitable within our organisation and permitted in our legitimate interests (Art. 6 (1)(f) GDPR).

Beyond this internal exchange, we also benefit from the advantages of a collaborative company and business community. With respect to data processing, this means we do not perform all data processing procedures in house. Some are performed in collaboration with external service providers:

  • Career platforms: We advertise our vacancies on external career platforms (e.g. the Federal Employment Agency, Stepstone or Indeed) in order to find the right candidate. If you apply via these platforms, the platforms will forward your documents to us, where required. Our collaboration with these platforms does not go beyond this exchange.
  • External (IT) service providers that, as a data processor, we have contractually bound to process data strictly according to our specifications and instructions and to protect such data from a technical and organisational perspective.
  • External (IT) service providers that are working for us under their own responsibility and which have been contractually bound to protect data from a technical and organisational perspective.

4. Disclosure to other third parties, disclosure outside of the EU

Your personal data will, if necessary, be disclosed to third parties outside of endori food GmbH & Co. KG where this is required for the stated intended purpose and permitted under Art. 6 GDPR, Section 26 (1) BDSG.

We do not transfer any of your data to a location outside of the EEA. Such transfer may take place outside of the EEA but via portals used by you (e.g. Indeed). We do not have any control over or responsibility for data processing by such portals.

V. Rights of data subjects

We fulfil your granted rights immediately and without charge. Please contact us. You can find our contact details at the start of this privacy policy.

You have various data protection rights that you may exercise against us where personal data relating to you as a natural person is processed. Under Section 34 of the German Federal Data Protection Act (BDSG) and Art. 15 EU-GDPR, you have the right to information pertaining to your stored personal data and its origin, recipients or recipient categories to whom the data is disclosed and the purpose for such storage.

In addition, you also have the right under Section 35 BDSG and Art. 16–18 EU-GDPR to request your personal data be amended or deleted, or processing of such data be restricted.

Furthermore, under Art. 20 EU-GDPR, you may request your data be transferred to another controller. Where the prerequisites set out in Art. 20 EU-GDPR are met, you have the right to obtain copies of the data that we automatically process based upon your consent or performance of a contract, or have such copies delivered to a third party. Recording data for the purpose of making the website available and storing protocol files are absolutely necessary for the operation of the website. Such recording and storage is therefore not subject to consent under Art. 6 (1)(a) EU-GDPR or performance of a contract under Art. 6 (1)(b) EU-GDPR and is justifiable under Art. 6 (1)(f) EU-GDPR. In this respect, the prerequisites under Art. 20 (1) EU-GDPR are not met.

In addition, you may also object to the further processing of your data if we process your data based on a legitimate interest (Art. 6 (1)(f) EU-GDPR) or where you are explicitly granted the right to object under Art. 21 EU-GDPR. There must be a particular reason for such objection where your data is not processed for advertising purposes. In the event you object to data processing, upon receipt of such objection we will cease further processing your data while we review the case. Once this review is complete, in the event of a justified objection, we will delete your data from our active databases and only retain this data under legal obligations and rights to preserve records, noting in an ad-block file that you do not wish to be contacted by us (Section 36 BDSG, Art. 21 EU-GDPR).

You may revoke any given consent to data processing at any time (Art. 6 (1)(a) EU-GDPR). We will then cease further processing of your personal data and delete such data unless we are legally permitted to continue processing.

Any objection or revocation does not affect the legitimacy of any previous processing.

We fulfil your granted rights immediately and without charge. Please contact us. You can find our contact details at the start of this privacy policy.

If you believe that any processing of data violates data protection law, you have the right to raise a complaint with a data protection authority of your choice (Section 19 BDSG, Art. 77 EU-GDPR). This also includes data protection authorities responsible for us. You can contact the authorities using the details below:

Bayerische Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18

91522 Ansbach

Telephone: +49 (0) 981 180093-0

Website: www.lda.bayern.de

The responsible authorities in Austria are

Österreichische Datenschutzbehörde

Barichgasse 40–42

1030 Vienna

Telephone: +43 1 52 152-0

Website: www.dsb.gv.at

VI. Updates and changes

We occasionally update this privacy policy in response to new developments. If we are able to contact you, we will do so to notify you about the relevant changes.

Date of this privacy policy: 11. November 2021