GGN Label Platform
No automated decision-making/profiling is performed.
The body responsible for collecting and handling your data is:
GLOBALG.A.P. c/o FoodPLUS GmbH
50672 Cologne, Germany
Tel: +49 (0) 221-57776-0.
For questions relating to data protection, please contact our data protection officer, either via the contact details above or via e-mail at firstname.lastname@example.org.
C. Categories of Data
We collect and process different categories of personal data depending on how you use our GGN label platform.
When you register as a customer with the GGN label platform we will collect your: username, password, first name, surname, work mobile phone, work e-mail address, work address, of-fice phone, office fax, and company you work for. If you provide us with additional infor-mation such as photo/avatar, we will also process this information.
When you contact us through the contact form of the GGN Label platform, we will collect your: name, e-mail address, and message.
Please note that GLOBALG.A.P. may receive messages that require translation. In such cas-es, our employees use translation tools (e.g., Google translator) to process your inquiry. Thus, please ensure that you do not enter personal information into the message field of your in-quiry.
When you contact us by phone, e-mail, in person, or via any other business contact channel, we will collect the information you provide us. Typical information collected is first name and surname, e-mail address, phone, and company you work for, although other types of infor-mation provided by you could be collected.
When you visit our GGN label platform as a User to inform yourself about the Certified Com-panies and our labels, we (or the webspace provider commissioned by GLOBALG.A.P.) col-lect data about every access to the GGN label platform (known as server log files). The ac-cess data includes: name of the webpage or webservice accessed, file, date and time of the access, data volume transferred, any data input, report of successful access, browser type including version, User’s operating system, referrer URL (the page visited previously), IP ad-dress, where relevant user name and the requesting provider. This data is not merged with other data sources or other personal data about you. The IP address is stored for the duration of the session for this purpose. GLOBALG.A.P. further reserves the right to review the log data retrospectively if there are specific indications that justify a suspicion of unlawful use.
D. Purpose and Legal Basis for Processing
When you register as a certified company we need to process your personal data to manage and maintain the business relationship, comply with our contractual obligations (that is, to pro-vide you with the service), and comply with our legal obligations under the law. The legal basis for processing your personal data is a user agreement (Art. 6 (1) (b) GDPR). In case you submit additional data based on your consent, the legal basis for processing is Art. 6 (1) (a) GDPR.
When you place an inquiry with us by using the contact form or via any other of our business contact channels, we need to process your personal data to respond to your request, manage and maintain the business relationship, comply with our contractual obligations (that is, to pro-vide you with the service), and comply with our legal obligations under the law. The legal basis for processing your personal data is a user agreement (Art. 6 (1) (b) GDPR). In case you submit additional data based on your consent, the legal basis for processing is Art. 6 (1) (a) GDPR.
If you visit our GGN label platform as a User to inform yourself about the Certified Company, GLOBALG.A.P. uses the log data solely for statistical analyses and for the purpose of operat-ing, securing, and optimizing the GGN label platform. The system needs to store the IP ad-dresses temporarily to enable the GGN label platform to be delivered to you. Data is saved in server log files to safeguard the functionality of the websites. The data also helps GLOB-ALG.A.P. to optimize the GGN label platform and safeguard the security of the IT systems. These purposes constitute a legitimate interest of GLOBALG.A.P. in data processing. The legal basis here is Art. 6 (1) (f) GDPR.
To the extent we are required to process any of your personal data to comply with a legal obligation, we will process your personal data on basis of Art. 6 (1) (c) GDPR.
E. Disclosure to Third Parties and Forwarding of Data to Countries outside the EEA/EU
GLOBALG.A.P. will receive access to your personal data. Only relevant individuals who are acting within their job description and have a need to know will have access to your personal data.
In certain cases, third-party providers may be given access to your personal data. We will only disclose your personal data to third parties if you have provided your consent or subject to another permitted circumstance in accordance with the Applicable Data Protection Law. These include in the first instance service providers commissioned by us who support our business operations (Art. 28 GDPR). This covers e.g. webspace or telemedia-service provid-ers for the operation and/or maintenance of the GGN label platform or the forwarding of in-voicing or tax-relevant information to service providers for the purposes of invoicing and ac-counting or controlling. In these cases, however, the scope of the transmitted data will extend only to the minimum required to achieve the purposes pursued via the data processing.
We will not share your personal data with local authorities or courts except where we are re-quired to do so by applicable law, a court order, or a legally binding injunction. If we are legally obliged to disclose specific personal data on the basis of a judicial decision or following a re-quest for information from law-enforcement or supervisory authorities or authorized third par-ties in conjunction with investigatory proceedings or the suspicion of a criminal act, an unlaw-ful act or other acts that may give rise to legal liability for you or us, we will disclose the data required for the investigation, such as name, address, e-mail address, or other relevant infor-mation (Art. 6 (1) (c) GDPR). Similarly, we reserve the right to process and use Users’ per-sonal data to enforce or defend against claims (Art. 6 (1) (f) GDPR).
Additional information relevant to the GGN label platform Certified Companies: your personal data is available through the GGN label platform to your company colleagues registered on the GGN label platform. Your personal data is NOT available to other registered and Certified Companies.
F. Retention Periods for Personal Data
We will deactivate or cancel the registered Certified Company data as soon as appropriate to avoid unauthorized access to information. It is then no longer visible in the GGN Label Plat-form and you will not receive any new communications. We will delete personal data of those registered Certified Companies after the end of statutory retention obligations if and where applicable.
In consideration of the applicable provisions under Applicable Data Protection Law, we will delete the stored personal data about you without any action on your part if there is no longer a need for the information to be known to perform the purpose associated with the storage or if the storage of the data is not permitted for other legal reasons. In some cases provided for by law (e.g., statutory retention obligations), your personal data may be blocked instead of deleted.
H. Integration of Third-party Content and Services
Third-party content, such as YouTube videos, RSS feeds, or graphics from other websites, may be integrated into these online offerings. This usually assumes that the providers of this content (hereinafter referred to as “Third-Party Providers”) will be aware of the Users’ IP ad-dress. This is because they would not be able to transmit the content to the browser of the User in question without the IP address. The IP address is therefore necessary in order to display this content. We endeavor only to use such content where the respective provider solely uses the IP address to deliver the content. At the same time, we have no influence over whether the Third-Party Providers use the IP address e.g., for statistical purposes. Where we are aware of this, we will notify the Users accordingly. The use of enhanced presentation op-tions for information purposes and to optimize your user experience is within our mutual legit-imate interest (Art. 6 (1) (f) GDPR).
Further information about the use of YouTube videos can be found below.
I. YouTube Videos
Videos are shown on the GGN label platform via the provider YouTube. These are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter referred to as “YouTube”). If a webpage containing such a button (identifiable by the YouTube icon in the lower right of the video preview) is accessed and you activate the corresponding content (Art. 6 (1) (a) GDPR), your browser creates a direct connection with the YouTube servers. The showing of videos within the GGN label platform is further a legitimate interest of ours and yours (Art. 6 (1) (f) GDPR). YouTube transmits the content of the YouTube button directly via your browser and is integrated into the respective webpage. We have no further influence over the data that YouTube collects via the button. It is likely that your IP address is recorded and cookies are set, among other things.
II. Google Maps
III. Google Translation API
IV. Piwik PRO
This processing is done only subject to your prior consent. Thus, the legal basis for this pro-cessing is (Art. 6 (1) a) GDPR). The information generated by the cookies about the use of the GGN label platform is stored on the servers of Piwik PRO or service providers commis-sioned by them in Europe. The IP address is anonymized immediately after processing and before saving. The information generated by Piwik PRO is not used to identify the User of the GGN label platform personally and is not merged with other personal data of the User.
You can also prevent the installation of the cookies by making a corresponding setting in your browser software. However, GLOBALG.A.P. refers Users to the fact that in this case they may not be able to use the full functionality of this website. For further information about this topic, see https://piwikpro.de/datenschutz/.
V. Use of Social Plugins via Integration using the Two-click Solution
On the GGN label platform we use buttons from social networks, known as social plugins (hereinafter referred to as “Plugins”), as explained in further detail below. These enable you to perform actions related to the contents of the GGN label platform. The legal basis for the pro-vision of the Plugins on the GGN label platform is our legitimate interest in the user-friendly design of our website (Art. 6 (1) (f) GDPR).
If you are registered with the respective social network and are logged in, you can communi-cate directly with the social network. To increase the protection of Users’ personal data while visiting the GGN label platform, the Plugins are integrated into the respective webpage using the “two-click solution”. This guarantees that no connection is made with the servers of the provider of the social network at first when our webpages containing such a Plugin are ac-cessed. Only when a User activates a Plugin does the User’s browser create a direct connec-tion to the servers of the provider of the social network. The content of the respective Plugin is transmitted directly to the User’s browser and integrated into the webpage.
Through the integration of the Plugin, the provider of the social network is given the infor-mation that a User has accessed the webpage in question. If the User is logged on to the so-cial network, the provider of the social network can allocate the visit to the User’s account on the social network. When Users interact with the Plugins, for instance by clicking a share but-ton or posting a comment, the corresponding information is transmitted from the User’s browser directly to the social network and saved there. As the provider of this site we are not informed about the content of the data transferred or its use by the social network.
If a User is a member of a social network and does not want the network to collect data about him via the GGN label platform and link it to the membership data saved by the social net-work, he needs to log out of the social network prior to visiting the GGN label platform. Simi-larly, it is generally possible to block Plugins using add-ons for your browser, for example us-ing the “NoScript” script blocker (http://noscript.net/).
Specifically, the following Plugins are integrated into our website using the two-click solution.
Facebook Social Plugins
Users can also completely prevent the loading of the Facebook Plugins via browser add-ons using “Facebook Blocker”, e.g., for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/facebook-blocker/, for Opera: https://addons.opera.com/de/extensions/details/facebook-blocker/?display=en, or for Chrome: https://chrome.google.com/webstore/detail/facebookblocker/chlhacbfddknadmnmjmkdobipdpjakmc?hl=de[U8]
Twitter Social Plugins
Linkedin Social Plugins
Instagram Social Plugins
Additionally, Plugins of the social network Instagram, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as “Instagram”) are integrated into the GGN label platform. For information about the purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights in this regard and configuration options to protect your privacy, refer to the Instagram data policy: https://help.instagram.com/519522125107875.
Alongside the GGN label platform, we also maintain a dedicated presence on Facebook (hereinafter referred to as “Company Page”) and the GGN label platform may contain links to this Company Page. When you access the Company Page, Facebook processes personal data, which is even possible if you are not logged on to Facebook when the page is accessed. However, Facebook provides us with detailed statistics, which consist of summarized infor-mation relating to the use of our Company Page on Facebook. These statistics enable us to identify for example how often or by how many unique users the Company Page and individ-ual posts on this page are accessed or e.g. rated. However, the statistics do not permit us to identify which specific persons have visited the Company Page or accessed or rated individ-ual posts. As is generally the case with Facebook, however, the Company Page shows which Facebook user has rated or commented on a post.
Facebook provides further information about data processing by Facebook in its privacy poli-cy: http://de-de.facebook.com/policy.php#.
I. Rights of data subjects
You have the following rights:
the right to request confirmation of whether personal data relating to you is being pro-cessed and details of this data and any additional information and a copy of the data (Art. 15 GDPR);
the right to request the completion of incomplete personal data or the rectification of incorrect personal data (Art. 16 GDPR);
under Art. 17 GDPR, the right to request that personal data be deleted immediately, or, if need be under Art. 18 GDPR, that the data processing be restricted (if this data is subject to statutory retention periods, we will block it for the duration of the retention period);
the right to receive, or have transmitted to a third party, the relevant personal data that you have provided to us and that we process in an automated manner on the basis of your consent or in the performance of a contract. The data will be provided in a ma-chine-readable format. If you request the direct transfer of the data to a different con-troller, this will only be done if it is technically feasible (Art. 20 GDPR).
the right to object at any time to the processing of personal data processed by us on the basis of a legitimate interest of ours (Art. 6 (1) f) DGSVO), pursuant to Art. 21 GDPR; and
the right to withdraw any consents granted pursuant to Art. 7 (3) GDPR with future ef-fect. This will not affect the lawfulness of any processing performed on the basis of such consent up to the revocation.
We will notify any recipients to whom we have disclosed your personal data about any cor-rection or erasure of the personal data or restriction of the processing, unless this turns out to be impossible or would involve disproportionate effort.
You can assert the above rights against us, e.g., by notifying us by post via the contact details described above or e-mail to email@example.com.
That notwithstanding, you have the right to submit a complaint to the competent supervisory authority (Art. 77 GDPR).