Privacy Statement and Data Subject´s Rights in accordance with Art. 13, 14 GDPR
The protection of your personal data is an important concern for the Ludwig Schokolade GmbH & Co. KG. Therefore, our company collects and processes your personal data strictly in accordance with the data protection regulations. On this page, we inform you about the collection and processing of your personal data according to Art. 13, 14 GDPR.
Responsible for data processing is
Ludwig Schokolade GmbH & Co. KG
51469 Bergisch Gladbach
T +49 2202 105-500
F +49 2202 105-501
Our data protection officer is
PricewaterhouseCoopers Legal AG Rechtsanwaltsgesellschaft
c/o Dr. Jan-Peter Ohrtmann
Moskauer Straße 19
T +49 211 981-0
When visiting this website and using the various offers, we process your personal data as described in detail below.
When operating the website, we work together with an external service provider whom we have carefully selected and obliged in accordance with data protection regulations.
Table of Content
- Google WebFonts
- Google reCAPTCHA
- Google Analytics
- Matomo (previous Piwik)
- Facebook Fanpage
- Contact and Customer Complaints: form and email function
- Data Security
- Data Subject´s Rights
In addition, your browser transmits access data, so-called server log files, which we process each time you visit our website in order to guarantee system security and to compile usage statistics. In particular, the time of your visit, the page from which you visit us (referrer. URL), the subpages visited, your IP address, the data volume and the browser you use are transmitted to us. This data is required to ensure system security, e.g. to identify and block the hacker in the event of a hacker attack. This is in our overriding, legitimate interest and is in accordance with Art. 6 para 1 sent. 1 lit. f GDPR.
3. Google WebFonts
Our website uses Google WebFonts, a service provided by Google, Inc. This service enables us to provide you with a uniform, visually appealing website using the font library related to it. This is performed by loading and displaying the fonts used on this website through the browser you are using.
According to our information, the browser you use establishes a connection to the servers of our service provider and the information that our website was accessed with the IP address you used, is recorded. It is possible that your IP address will also be transmitted to the USA. The certification of our service provider under the EU-US Privacy Shield ensures an adequate level of data protection (list available at https://www.privacyshield.gov/list).
A uniform and visually appealing design of our website is in our overriding, legitimate interest (Art. 6 para 1 sent. 1 lit. f GDPR). There is neither a user analysis nor a user profile created; your IP address is used exclusively for the targeted transmission of fonts.
Information of our third-party Google about WebFonts: https://fonts.google.com/about
4. Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
With reCAPTCHA it should be checked whether the data entry on our websites (e.g. in a contact form) is done by a human being or by an automated program. For this reCAPTCHA analyzes the behavior of the web site visitor on the basis different characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Visitors to the website are not informed that an analysis is taking place.
Data processing is carried out in accordance with Art. 6 para 1 sent. 1 lit. f GDPR. The website operator has a legitimate interest in protecting his website offers against abusive automated spying and SPAM.
5. Google Analytics
a) Purpose of data processing, recipient of personal data
We are using Google Analytics, a web analyses service provided by Google LLC. With Google Analytics we are together with Google generating user profiles and user statistics to construct a needs-oriented and user-friendly Website. As our data processor, Google processes the data generated by Google Analytics, to analyze your usage of the websites, to generate reports on your activities on the websites and to provide us with further services in terms of your website usage. The evaluation of such information and statistics helps us to improve our offer for you as our website visitor. If you have given us your consent to use the Google Analytics cookie, Google is filing such Google Analytics cookie on your device. The information gathered by such cookie is, in general, transmitted by Google onto a Google server located in the USA.
Generally, no personal data are processed with the Google Analytics cookie. Google shortens your IP address when transmitting within EU-member states or within other members underlying the European Economic Area. In exceptional cases in which your complete IP address is transferred to the Google US servers, an appropriate level of data protection is ensured, since Google has complied with the EU-US Privacy Shield (https://www.privacyshield.gov/list). In addition, we enhanced the Google Analytics tool on our websites with a plug-in called „AnonymizeIP“ to grant an anonymization of your IP address even in such exceptional cases so that your IP address cannot be related with you as person. Google does not merge your IP address with other data. There is no EU resolution confirming that the USA provides an adequate data protection level. Thus, in case of exceptions in which personal data is transferred to the US, the data privacy level is granted by the EU-US Privacy Shield (https://www.privacyshield.gov/list).
b) Legal basis, storage period, no obligation to provide personal data
Our usage of Google Analytics is legally based on Article 6 Sec. 1, page 1 lit. a) of the EU-GDPR. Web sessions will automatically be closed after 30 minutes of inactivity. Personal data provided in connection with campaigns are stored for a maximum time period of two years. You are neither legally nor contractually obligated to provide your personal data.
c) Revocation of your consent
You can revoke your consent to Google Analytics’ data processing at any time and for future times. You have several options to revoke your consent:
(i) You can prohibit the Google Analytics Cookie in your browser’s software personal settings.
You will find the personal settings of your respective browser under the following links:
Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Opera™ : http://help.opera.com/Windows/10.20/de/cookies.html
(ii) You can also install a browser plug-in which prevents the tracking; please see also http://tools.google.com/dlpage/gaoptout?hl=de (if such plug-in is available for your browser). Please note, when clicking this link, you are leaving our website.
(iii) Furthermore, you can also revoke your consent by a respective information to us (please see also Sec. 11 f below).
d) Information on the service provider
Data processing on behalf
We have concluded a contract with Google for data processing on behalf and fully implemented the strict requirements of the German data protection authorities for the use of Google Analytics.
6. Matomo (previous Piwik)
This website uses the open source web analysis service Matomo. Matomo uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. For this purpose, the information generated by the cookie about the use of this website is stored on our server.
This website uses Matomo with the extension “AnonymizeIP”. This shortens the processing of IP addresses and prevents direct personal contact. The IP address transmitted by your browser using Matomo will not be merged with other data collected on our website.
Matomo cookies remain on your device until you delete them.
Matomo cookies are stored in accordance with Art. 6 para. 1 sent. 1 lit. f GDPR. The website operator has a legitimate interest in anonymized analysis of user behavior in order to optimize his website and his advertising.
If you do not agree to the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie is stored in your browser, which prevents Matomo from saving usage data. If you delete your cookies, the Matomo Opt-Out cookie will also be deleted. The opt-out must be reactivated the next time you visit our site.
7. Facebook Fanpage
We are using the Facebook service “Insights“ for evaluation of our Facebook fanpages. When you visit our fanpage, we are, together with Facebook, processing your data provided via the Facebook service „Insights“. Such data includes information on your action and interaction on and in connection with our fanpages, thus the collected data can be personal data.
Please note that we do not have information on Facebook’s data processing. Thus, when visiting our fanpage or when sharing and linking our fanpages with other users and fanpages, Facebook might track your actions and collect your personal data for its own purposes.
8. Contact and Customer Complaints: form and email function
You can contact us directly using the contact form provided on our website. If you do, you must provide your name, e-mail address, title and address. We collect this information, your message, your IP address and the time you submit the form. You can also contact us via our Facebook fanpage (please see Section 7). In this case, your name, email address and address are required only in the event of a complaint.
We also offer you the opportunity to contact us directly via e-mail. If you click on the ” e-mail ” button on our website, your e-mail program will open and you can send us a message to our pre-registered e-mail address. We have no influence on the data processing by the e-mail program of your respective provider; we only create a link to the e-mail program.
You are neither legally nor contractually obliged to provide your personal data. Without your personal data though (e.g. e-mail and postal address) we are not able to handle your queries or complaints. We are processing the information provided to us via our contact form, e-mail or Facebook fanpage only to reply to your queries. We delete it as soon as the communication is completed, unless legal storage obligations require a storage. We have a legitimate interest in processing such data pursuant to EU-GDPR, Article 6, Sect. 1, Page 1 lit. b). We process your IP-address and the time of your query to identify and repel possible automatic hacker attacks.
9. Data Security
In order to protect your personal data as best as possible, we use SSL encryption (https standard) for technical and organizational security measures, which are also adapted in accordance with the current state of the art in each case.
10. Data Subject´s Rights
If personal data relating to you as a natural person is used, you are entitled to various data subject´s rights. In accordance with § 34 BDSG (“Federal Data Protection Act”), Art. 15 GDPR, you have the right to be informed about your personal data stored and its origin, the recipients or categories of recipients to whom data are passed on, and the purpose of storage. You are entitled to have your personal data rectified, erased or to restrict the processing in accordance with § 35 BDSG, Art. 16 – 18 GDPR. Furthermore, you can request the transfer of data to another responsible party in accordance with Art. 20 GDPR.
In addition, you can object to the further processing of your data if we process your data on the basis of a legitimate interest (Art. 6 para. 1 sent. 1 lit. f GDPR). As far as we do not process your data for advertising purposes, this requires a reason, which results from your special situation. In the event of an objection, we will no longer process your personal data as soon as we receive it, during the subsequent check and, in the event of a justified objection, delete it after completion of the check (§ 36 BDSG, Art. 21 GDPR).
You can revoke your consent to data processing (Art. 6 para 1 sent. 1 lit. a GDPR) at any time; we will then not process your personal data further unless we have legal permission to do so.
An objection or revocation does not affect the legality of data processing in the past. We fulfil the rights to which you are entitled immediately and free of charge. Please contact us or our data protection officer; you will find our contact details at the beginning of this data protection declaration.
Finally, under Art. 77 GDPR, you have the right to submit a complaint with the responsible data protection supervisory authority.