Section 1 General information
(1) Information on the collection of personal data
Thank you for your interest in our website. The protection of your personal data on the occasion of your visit to our homepage has a particularly high priority for the management of the BURGER GROUP. The following information provides you with an overview of how we process your personal data and your data protection rights. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behavior.
If a data subject wants to use special enterprise services via our website, such as for example our contact form, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain the consent of the data subject. The processing is always carried out in accordance with the EU General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection provisions applicable to the BURGER GROUP.
As the controller, the BURGER GROUP has implemented technical and organizational measures to ensure the most complete protection of personal data processed through this website against loss, destruction, access, alteration or dissemination by unauthorized persons. This also includes that we use encrypted transmissions when handling your personal data. We use the SSL (Secure Sockets Layer) coding system for this.
Nevertheless, absolute protection cannot be guaranteed due to fundamental security gaps in Internet-based data transmissions.
(2) Data protection officer
Responsible according to Art. 4(7) of the EU General Data Protection Regulation (GDPR) and the applicable country-specific data protection provisions is
You can reach the data protection officer at the above address with the addition “for the attention of the data protection officer” or by email at firstname.lastname@example.org
(3) General information on data processing
We collect and use personal data of our users only insofar as this is necessary for the provision of a functional website as well as for the presentation of our contents and the provision of services. The collection and use of our users’ personal data regularly takes place only with the user’s consent. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.
The following statutory bases for the processing of your personal data will apply:
- Processing based on your consent (Article 6(1)(a) GDPR)
- Processing for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures (Article 6(1)(b) GDPR)
- Processing for the fulfillment of a legal duty to which our company is subject (Article 6(1)(c) GDPR)
- Processing in the event that vital interests of the data subject or another natural person require the processing of personal data (Article 6(1)(d) of the GDPR)
- Processing to protect a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of the data subject outweigh the former interest (Article 6 (1) f GDPR). Legitimate interests can be in particular:
- to deliver the contents of our website correctly
- statistical evaluations to check and optimize the website;
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack;
- responding to requests and providing services and/or information intended for you;
- the processing and transfer of personal data for internal or administrative purposes;
- the prevention and detection of fraud and crime;
- Ensuring the permanent functionality of our information technology systems and the technology of our website with the aim of increasing data protection and data security in our company.
Section 2 Your rights
(1) Your rights as a data subject
You can request information about the data stored about you at the above address (Art. 15 GDPR). In addition, you can request a correction if we have stored incorrect data about you (Art. 16 GDPR). In addition, you may, under certain conditions, request the deletion of your data (Art. 17 GDPR) or assert the right to object (Art. 21 GDPR). You also have the right to restrict the processing of your personal data (Article 18 GDPR) and the right to demand the return of the data you have provided (Article 20 GDPR). With regard to the right to information and the right of deletion, the restrictions under Sections 34 and 35 BDSG apply.
You have the right, if you are of the opinion that the processing of your personal data is contrary to the provisions of the General Data Protection Regulation, to contact your respective competent regulator for data protection (Article 77 GDPR in conjunction with Section 19 BDSG). In the case of Baden-Württemberg, this is the State Commissioner for Data Protection and Freedom of Information, Königstrasse 10 a, 70173 Stuttgart.
If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected by this. Please also note that we may need to retain certain data for a certain period of time to comply with legal requirements.
(2) Information about your right to object according to Article 21 GDPR
1. INDIVIDUAL RIGHT OF OBJECTION
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.
2. RIGHT OF OBJECTION TO THE PROCESSING OF DATA FOR THE PURPOSE OF DIRECT MARKETING
In individual cases, we process your personal data in order to carry out direct advertising. You have the right of objection at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made without formalities and should preferably be addressed to: To protect your rights, you are welcome to contact the persons listed under Section 1(2).
(3) Who gets your data?
Unless otherwise stipulated in the detailed descriptions of the offers, those departments within our company will have access to your data that need it to fulfill our contractual and legal duties or to implement our legitimate interests. We will only pass on information about you outside the company if this is permitted or required by legal or official notification duties, the passing on is necessary for the processing and thus the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, we have your consent or we are authorized to provide information.
If we use contracted service providers for individual functions of our offer, these have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. Your personal data will then be processed on the basis of order processing contracts in accordance with Art. 28 GDPR and we will ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers for the development of the website as well as the management of the website.
If we wish to use your data for promotional purposes, we will inform you in detail about the respective processes below.
(4) How long will your data be stored?
Unless otherwise specified in the detailed descriptions of the offers, we process and store your personal data for as long as it is necessary for the fulfillment of our contractual and legal duties.
Your personal data is regularly deleted or blocked if it is no longer required for the fulfillment of contractual or legal duties, you have exercised your right to deletion, all mutual claims have been fulfilled, and there are no other statutory retention duties or statutory justification bases for the storage.
Section 3 Collection of personal data when visiting our website
(1) Use of server log files
Each time a data subject or automated system accesses the website, a series of general data and information is recorded in log files. This includes an Internet protocol address (IP address), the browser types and versions used, the website from which an accessing system accesses our website (i.e. “referrer”), the sub-websites which are accessed via an accessing system on our website, the date and time of an access to the website and other similar data and information which serve to avert danger in the event of attacks on our information technology systems.
The statutory basis for the temporary storage of the data and the log files is based on Art. 6(1)(f) GDPR with the above-mentioned legitimate interests.
Temporary storage of the IP address by the system is necessary to ensure delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. This is also based on our legitimate interest in data processing according to Art. 6(1)(f) GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. There is a further possibility to check the log files if there is a justified suspicion of illegal use or a concrete attack on our website due to concrete indications. Our legitimate interest in processing lies here in the purpose of clarifying and prosecuting such attacks and unlawful uses.
“Cookies” are small files that are stored on users’ devices. Cookies can be used to store different information. The information may include, for example, the language settings on a website or where a video was watched. Cookies are usually also used when a user’s interests or behavior (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This process is also known as “tracking,” i.e. following the potential interests of users. We also include in the term “cookies” other technologies that perform the same functions as cookies (e.g. where user details are stored using pseudonymous online identifiers, also known as “user IDs”).
General information on withdrawal and objection (opt-out): Irrespective of whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to or revoke the processing of your data by cookie technologies (collectively referred to as “opt-out”).
(3) Further functions and offers of our website
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. This usually requires you to provide further personal data which we use to provide the relevant service and to which the above data processing principles apply.
(4) Use of the contact options
There is the possibility of contacting us via the email address provided, the use of which involves the storage of the user’s personal data transmitted with the email. The data will only be used for further conversation with you and will not be passed on to third parties. The processing of data transmitted in the course of sending an email is based on a legitimate interest pursuant to Art. 6(1)(f) GDPR.
If the contact is aimed at the conclusion of a contract, the statutory basis for the processing pursuant to Art. 6(1)(b) GDPR must also be included with the implementation of pre-contractual measures and any subsequent processing for the fulfillment of a contract.
Personal data that is processed by us in the context of a general contact enquiry by email is only stored by us until the respective correspondence has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
Consent to process your personal data can be revoked at any time. In the case of contacting us by email, you may of course also object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.
(5) Web analysis
(6) Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). Google Analytics uses so-called “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event that IP anonymization is activated on this website, your IP address will be truncated in advance by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must opt out on all systems used. If you click here, the opt-out cookie will be set: Deactivate Google Analytics
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, which means that they cannot be traced back to a specific person. Insofar as the data collected about you has a personal reference, this is accordingly immediately excluded and the personal data is thus immediately deleted.
We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases where personal data is transferred to the US, Google will use the standard contractual clauses after the EU-US Privacy Shield agreement is no longer valid: https://privacy.google.com/businesses/compliance/#!?modal_active=none#gdpr . The statutory basis for the use of Google Analytics is Art. 6(1)(a) GDPR. The data sent by us and linked to cookies, user IDs, or advertising IDs are automatically deleted after 26 months. The deletion of data whose retention period has been reached takes place automatically once a month.
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your Google customer account under “My data,” “Personal data.”
(7) Use of Google Tag Manager
This website uses the Google Tag Manager. Through this service, website tags can be managed via an interface. The Google Tool Manager only implements tags. This means: No cookies are used, and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
You can find more information about Google Tag Manager at: https://support.google.com/tagmanager/#topic=3441530
(8) Use of social media
We currently use the following social media links: Google, YouTube. We use the “two-click solution.” This means that when you visit our site, initially no personal data is passed on to the above-mentioned social media provider. You can recognize the provider of the link by the mark on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field—and thereby activate it—will the provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under Section 3 of this declaration will be transmitted.
We have no influence on the data collected and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the provider.
The provider stores the data collected about you as a usage profile and uses this for the purposes of advertising, market research, and/or designing its website as needed. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the links, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The statutory basis for the use of the plug-ins is Art. 6(1)(f) GDPR.
The data transfer takes place regardless of whether you have an account with the provider and are logged in there. If you are logged in to the provider, the data we collect is directly assigned to your account with the provider. If you click the activated button and, for example, link to the page, the provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you to avoid anything being assigned to your profile with the provider.
Further information on the purpose and scope of the data collection and its processing by the provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.
Addresses of the respective plug-in providers and URL with their data protection notices:
b) YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.
c) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. // https://privacy.google.com/businesses/compliance/#!?modal_active=none#gdpr
Section 4 Collection and use of personal data for business partners/interested parties
(1) For what and on what statutory basis do we process your data (purpose)?
Based on your consent (Art. 6(1)(a) GDPR)
Insofar as you have given us consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. Please note that the withdrawal is only effective for the future. Processing operations that have preceded the withdrawal are not affected.
For the fulfillment of contractual duties (Art. 6(1)(b) GDPR)
The processing is carried out in the context of the performance of contracts to which you are a party or at your request for the performance of pre-contractual measures. The purposes of data processing depend on the respective contractual documents and subject matter of the contract, in this case accordingly on the existing customer (framework) contract with you.
Within the framework of the balancing of interests (Art. 6(1)(f) GDPR)
Where necessary, we process your data to protect the legitimate interests of us or third parties. Our legitimate interest is in particular for international management and control measures, marketing purposes, improvement of our business relationship, assertion of legal claims and defence in legal disputes.
(2) What data are processed?
Your contact data, customer data, contract data, in the case of factory visits, photos of you, if applicable, following your express consent.
(3) Who gets your data?
Within our company, access to your data is granted to those offices that receive it within the framework of the so-called “least privilege” (allocation of user rights to the lowest possible extent) and the “need-to-know” principle (knowledge of data only when necessary). Service providers and vicarious agents employed by us may also receive data for these purposes if they comply with our data protection requirements and instructions.
With regard to the transfer of data to recipients outside of our company, we may only transfer data if this is necessary, a statutory provision requires this, you have consented to this, or order processors commissioned by us have undertaken to comply with the requirements of the GDPR and the BDSG.
Under these conditions, recipients of personal data may be:
- BURGER GROUP employees with a corresponding business relationship with you
- Employees of the corporate group with overarching management and control tasks
- Service providers within the framework of order processing
In the case of PR and marketing activities (after your prior express consent):
- Website visitors
- Readers of our print media and publications
- Users of our social media
(4) Where does your data come from?
We have received your data from you ourselves and sometimes through companies we have appointed, such as credit insurance companies. We also receive data from publicly accessible sources, such as the Internet (certificates, etc.).