Privacy policy

GGN Label Platform

A. Scope

This privacy policy applies to all personal data collected or processed by GLOBALG.A.P. c/o FoodPLUS GmbH (hereinafter referred to as “GLOBALG.A.P.” or “we”) when using the GGN label platform under www.ggn.org (hereinafter referred to as “GGN label platform”). This website is accessible by everyone (hereinafter referred to as “User”) and provides information about agricultural businesses that are certified against the GLOBALG.A.P. standards (hereinafter referred to as “Certified Company” or “Certified Companies”) and registered on the GGN label platform.

When using any of the websites operated by GLOBALG.A.P. c/o FoodPLUS GmbH, e.g., www.globalgap.org or www.database.globalgap.org, the general privacy policy by GLOBALG.A.P. applies.

This GGN label platform privacy policy describes how GLOBALG.A.P. collects, processes, and protects personal data, how we use and protect this data, and your rights in relation to this information. This is performed in accordance with the provisions of the General Data Protec-tion Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Tel-emedia Act (TMG), and other applicable data-protection regulations (hereinafter referred to jointly below as “Applicable Data Protection Law”).

No automated decision-making/profiling is performed.

B. Controller

The body responsible for collecting and handling your data is:

GLOBALG.A.P. c/o FoodPLUS GmbH

Spichernstr. 55

50672 Cologne, Germany

E-mail: info@globalgap.org,

Tel: +49 (0) 221-57776-0.

For questions relating to data protection, please contact our data protection officer, either via the contact details above or via e-mail at dataprivacy@globalgap.org.

C. Categories of Data

We collect and process different categories of personal data depending on how you use our GGN label platform.

When you register as a customer with the GGN label platform we will collect your: username, password, first name, surname, work mobile phone, work e-mail address, work address, of-fice phone, office fax, and company you work for. If you provide us with additional infor-mation such as photo/avatar, we will also process this information.

When you contact us through the contact form of the GGN Label platform, we will collect your: name, e-mail address, and message.

Please note that GLOBALG.A.P. may receive messages that require translation. In such cas-es, our employees use translation tools (e.g., Google translator) to process your inquiry. Thus, please ensure that you do not enter personal information into the message field of your in-quiry.

When you contact us by phone, e-mail, in person, or via any other business contact channel, we will collect the information you provide us. Typical information collected is first name and surname, e-mail address, phone, and company you work for, although other types of infor-mation provided by you could be collected.

When you visit our GGN label platform as a User to inform yourself about the Certified Com-panies and our labels, we (or the webspace provider commissioned by GLOBALG.A.P.) col-lect data about every access to the GGN label platform (known as server log files). The ac-cess data includes: name of the webpage or webservice accessed, file, date and time of the access, data volume transferred, any data input, report of successful access, browser type including version, User’s operating system, referrer URL (the page visited previously), IP ad-dress, where relevant user name and the requesting provider. This data is not merged with other data sources or other personal data about you. The IP address is stored for the duration of the session for this purpose. GLOBALG.A.P. further reserves the right to review the log data retrospectively if there are specific indications that justify a suspicion of unlawful use.

D. Purpose and Legal Basis for Processing

When you register as a certified company we need to process your personal data to manage and maintain the business relationship, comply with our contractual obligations (that is, to pro-vide you with the service), and comply with our legal obligations under the law. The legal basis for processing your personal data is a user agreement (Art. 6 (1) (b) GDPR). In case you submit additional data based on your consent, the legal basis for processing is Art. 6 (1) (a) GDPR.

When you place an inquiry with us by using the contact form or via any other of our business contact channels, we need to process your personal data to respond to your request, manage and maintain the business relationship, comply with our contractual obligations (that is, to pro-vide you with the service), and comply with our legal obligations under the law. The legal basis for processing your personal data is a user agreement (Art. 6 (1) (b) GDPR). In case you submit additional data based on your consent, the legal basis for processing is Art. 6 (1) (a) GDPR.

If you visit our GGN label platform as a User to inform yourself about the Certified Company, GLOBALG.A.P. uses the log data solely for statistical analyses and for the purpose of operat-ing, securing, and optimizing the GGN label platform. The system needs to store the IP ad-dresses temporarily to enable the GGN label platform to be delivered to you. Data is saved in server log files to safeguard the functionality of the websites. The data also helps GLOB-ALG.A.P. to optimize the GGN label platform and safeguard the security of the IT systems. These purposes constitute a legitimate interest of GLOBALG.A.P. in data processing. The legal basis here is Art. 6 (1) (f) GDPR.

To the extent we are required to process any of your personal data to comply with a legal obligation, we will process your personal data on basis of Art. 6 (1) (c) GDPR.

E. Disclosure to Third Parties and Forwarding of Data to Countries outside the EEA/EU

GLOBALG.A.P. will receive access to your personal data. Only relevant individuals who are acting within their job description and have a need to know will have access to your personal data.

In certain cases, third-party providers may be given access to your personal data. We will only disclose your personal data to third parties if you have provided your consent or subject to another permitted circumstance in accordance with the Applicable Data Protection Law. These include in the first instance service providers commissioned by us who support our business operations (Art. 28 GDPR). This covers e.g. webspace or telemedia-service provid-ers for the operation and/or maintenance of the GGN label platform or the forwarding of in-voicing or tax-relevant information to service providers for the purposes of invoicing and ac-counting or controlling. In these cases, however, the scope of the transmitted data will extend only to the minimum required to achieve the purposes pursued via the data processing.

We will not share your personal data with local authorities or courts except where we are re-quired to do so by applicable law, a court order, or a legally binding injunction. If we are legally obliged to disclose specific personal data on the basis of a judicial decision or following a re-quest for information from law-enforcement or supervisory authorities or authorized third par-ties in conjunction with investigatory proceedings or the suspicion of a criminal act, an unlaw-ful act or other acts that may give rise to legal liability for you or us, we will disclose the data required for the investigation, such as name, address, e-mail address, or other relevant infor-mation (Art. 6 (1) (c) GDPR). Similarly, we reserve the right to process and use Users’ per-sonal data to enforce or defend against claims (Art. 6 (1) (f) GDPR).

Personal data may be passed in this way to third parties that are domiciled in non-EEA or non-EU countries and where the EU Commission has not established a level of data protec-tion comparable to the EU (e.g., USA). In this case, prior to forwarding we will ensure either that an adequate level of data protection is in place at the recipient, in particular by obtaining your consent in advance or through specific guarantees (Art. 44 et seq. GDPR) as well as in particular self-certification of a recipient in the US in accordance with the principles of EU-US Privacy Shield or agreement with the recipient in the third country to what are termed the EU standard contractual clauses. A copy of suitable guarantees can be obtained on request via the -email address set out at the end of this privacy policy. Basic information about the partic-ipants of the EU-US Privacy Shield can further be found under www.privacyshield.go. Basic information about the EU standard contractual clauses can be found here, and information about the adequacy decisions here.

Additional information relevant to the GGN label platform Certified Companies: your personal data is available through the GGN label platform to your company colleagues registered on the GGN label platform. Your personal data is NOT available to other registered and Certified Companies.

F. Retention Periods for Personal Data

We will deactivate or cancel the registered Certified Company data as soon as appropriate to avoid unauthorized access to information. It is then no longer visible in the GGN Label Plat-form and you will not receive any new communications. We will delete personal data of those registered Certified Companies after the end of statutory retention obligations if and where applicable.

In consideration of the applicable provisions under Applicable Data Protection Law, we will delete the stored personal data about you without any action on your part if there is no longer a need for the information to be known to perform the purpose associated with the storage or if the storage of the data is not permitted for other legal reasons. In some cases provided for by law (e.g., statutory retention obligations), your personal data may be blocked instead of deleted.

G. Cookies

We store cookies on our Users’ hard drives unless they actively block them. Cookies are small files that permit specific information relating to the device to be stored on the User’s accessing device (PC, smartphone, etc.). They first enhance the friendliness of websites and thus aid the User (e.g., by storing login data), and second enable the recording of statistical data about website use and analysis to improve websites. You can influence how cookies are used. Most browsers have an option that limits or completely prohibits the storage of cookies. However, it should be noted that usage, and in particular user comfort, may be restricted without cookies. For further information about the use of cookies and how you can deactivate them, see www.meine-cookies.org or www.youronlinechoices.com. The legal basis for setting cookies for the technical operation of our website and providing the services required by the User is Art. 6 (1) (f) GDPR. If you give us your prior consent, we may also use track-ing/analysis cookies within the framework of our websites. The legal basis in these cases is Art. 6 (1) (a) GDPR.

H. Integration of Third-party Content and Services

Third-party content, such as YouTube videos, RSS feeds, or graphics from other websites, may be integrated into these online offerings. This usually assumes that the providers of this content (hereinafter referred to as “Third-Party Providers”) will be aware of the Users’ IP ad-dress. This is because they would not be able to transmit the content to the browser of the User in question without the IP address. The IP address is therefore necessary in order to display this content. We endeavor only to use such content where the respective provider solely uses the IP address to deliver the content. At the same time, we have no influence over whether the Third-Party Providers use the IP address e.g., for statistical purposes. Where we are aware of this, we will notify the Users accordingly. The use of enhanced presentation op-tions for information purposes and to optimize your user experience is within our mutual legit-imate interest (Art. 6 (1) (f) GDPR).

Further information about the use of YouTube videos can be found below.

I. YouTube Videos

Videos are shown on the GGN label platform via the provider YouTube. These are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter referred to as “YouTube”). If a webpage containing such a button (identifiable by the YouTube icon in the lower right of the video preview) is accessed and you activate the corresponding content (Art. 6 (1) (a) GDPR), your browser creates a direct connection with the YouTube servers. The showing of videos within the GGN label platform is further a legitimate interest of ours and yours (Art. 6 (1) (f) GDPR). YouTube transmits the content of the YouTube button directly via your browser and is integrated into the respective webpage. We have no further influence over the data that YouTube collects via the button. It is likely that your IP address is recorded and cookies are set, among other things.

If you are logged on to YouTube as a member, YouTube may allocate information about the webpages accessed and YouTube content to your user account. This may also be the case if you log on to YouTube as a member at another point in time. Further information about the scope and purpose of the data collection and the further use and processing of the data by YouTube as well as your associated rights and configuration options to protect your privacy can be found in the YouTube privacy policy: https://www.google.de/intl/de/policies/privacy/.

II. Google Maps

The GGN label platform uses Google Maps API applications. This enables us to display inter-active maps directly on the GGN label platform and enables you to conveniently use the map function. We use Google Maps to allow Certified Companies to search their location, address and geo-position, translate geo-positions into addresses and addresses into geo-positions. You can view Google’s terms of use here: https://policies.google.com/terms?hl=en. You can find Google’s privacy policy here: https://policies.google.com/privacy?hl=en.

III. Google Translation API

The GGN label platform uses Google translate API to allow register Users to automatically translate free texts inputted by other Users into their language. The free-text fields can be sent to Google for translation if required by another registered Certified Company. Please ensure that you do not enter personal information into the GGN label platform free-text fields. You can view Google’s terms of use here: https://policies.google.com/terms?hl=en. You can find Google’s privacy policy here: https://policies.google.com/privacy?hl=en.

IV. Piwik PRO

The GGN label platform uses the web analysis service Piwik PRO from the provider Piwik PRO GmbH (hereinafter referred to as “Piwik PRO”) for the statistical analysis of user ac-cess. Piwik PRO may use cookies, tags, IP addresses, and what is known as fingerprinting to enable an analysis of Users’ website use. This may include the collection or processing of the following data: IP address (anonymized), user ID, date and time of the request, title or URL of the page visited, URL of the page visited previously, screen resolution, time zone, files clicked on and downloaded, links clicked to external websites, display speed of the pages, User’s geo-data (country, region, city, approximate longitude and latitude), browser language, user agent of the browser used, randomly assigned one-off user ID, time of a User’s first visit, time of a User’s previous visit, number of a User’s visits.

This processing is done only subject to your prior consent. Thus, the legal basis for this pro-cessing is (Art. 6 (1) a) GDPR). The information generated by the cookies about the use of the GGN label platform is stored on the servers of Piwik PRO or service providers commis-sioned by them in Europe. The IP address is anonymized immediately after processing and before saving. The information generated by Piwik PRO is not used to identify the User of the GGN label platform personally and is not merged with other personal data of the User.

You can also prevent the installation of the cookies by making a corresponding setting in your browser software. However, GLOBALG.A.P. refers Users to the fact that in this case they may not be able to use the full functionality of this website. For further information about this topic, see https://piwikpro.de/datenschutz/.

V. Use of Social Plugins via Integration using the Two-click Solution

On the GGN label platform we use buttons from social networks, known as social plugins (hereinafter referred to as “Plugins”), as explained in further detail below. These enable you to perform actions related to the contents of the GGN label platform. The legal basis for the pro-vision of the Plugins on the GGN label platform is our legitimate interest in the user-friendly design of our website (Art. 6 (1) (f) GDPR).

If you are registered with the respective social network and are logged in, you can communi-cate directly with the social network. To increase the protection of Users’ personal data while visiting the GGN label platform, the Plugins are integrated into the respective webpage using the “two-click solution”. This guarantees that no connection is made with the servers of the provider of the social network at first when our webpages containing such a Plugin are ac-cessed. Only when a User activates a Plugin does the User’s browser create a direct connec-tion to the servers of the provider of the social network. The content of the respective Plugin is transmitted directly to the User’s browser and integrated into the webpage.

Through the integration of the Plugin, the provider of the social network is given the infor-mation that a User has accessed the webpage in question. If the User is logged on to the so-cial network, the provider of the social network can allocate the visit to the User’s account on the social network. When Users interact with the Plugins, for instance by clicking a share but-ton or posting a comment, the corresponding information is transmitted from the User’s browser directly to the social network and saved there. As the provider of this site we are not informed about the content of the data transferred or its use by the social network.

If a User is a member of a social network and does not want the network to collect data about him via the GGN label platform and link it to the membership data saved by the social net-work, he needs to log out of the social network prior to visiting the GGN label platform. Simi-larly, it is generally possible to block Plugins using add-ons for your browser, for example us-ing the “NoScript” script blocker (http://noscript.net/).

Specifically, the following Plugins are integrated into our website using the two-click solution.

  1. Facebook Social Plugins

The GGN label platform uses Plugins of the social network facebook.com, operated by Fa-cebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as “Face-book”). According to Facebook, only an anonymized IP address is stored in Germany. As the provider of the GGN label platform we are not informed about the content of the data trans-ferred or its use by Facebook. We are not told when the User clicked which button. For in-formation about the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and configuration options to protect your privacy, refer to the Facebook privacy policy: https://www.facebook.com/about/privacy/.

Users can also completely prevent the loading of the Facebook Plugins via browser add-ons using “Facebook Blocker”, e.g., for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/facebook-blocker/, for Opera: https://addons.opera.com/de/extensions/details/facebook-blocker/?display=en, or for Chrome: https://chrome.google.com/webstore/detail/facebookblocker/chlhacbfddknadmnmjmkdobipdpjakmc?hl=de[U8]

  1. Twitter Social Plugins

We also use Plugins of the social network provider Twitter. These are operated by Twitter Inc., 795 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as “Twitter”). For information about the purpose and scope of the data collection and the further processing and use of the data by Twitter, as well as your rights in this regard and con-figuration options to protect your privacy, refer to the Twitter privacy policy: https://twitter.com/privacy.

  1. Linkedin Social Plugins

Plugins of the social network LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as “LinkedIn”) are also integrated into the GGN label platform. For information about the purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and configuration options to protect your privacy, refer to the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.

  1. Instagram Social Plugins

Additionally, Plugins of the social network Instagram, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as “Instagram”) are integrated into the GGN label platform. For information about the purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights in this regard and configuration options to protect your privacy, refer to the Instagram data policy: https://help.instagram.com/519522125107875.

  1. Facebook Fanpage

Alongside the GGN label platform, we also maintain a dedicated presence on Facebook (hereinafter referred to as “Company Page”) and the GGN label platform may contain links to this Company Page. When you access the Company Page, Facebook processes personal data, which is even possible if you are not logged on to Facebook when the page is accessed. However, Facebook provides us with detailed statistics, which consist of summarized infor-mation relating to the use of our Company Page on Facebook. These statistics enable us to identify for example how often or by how many unique users the Company Page and individ-ual posts on this page are accessed or e.g. rated. However, the statistics do not permit us to identify which specific persons have visited the Company Page or accessed or rated individ-ual posts. As is generally the case with Facebook, however, the Company Page shows which Facebook user has rated or commented on a post.

Facebook provides further information about data processing by Facebook in its privacy poli-cy: http://de-de.facebook.com/policy.php#.

I. Rights of data subjects

You have the following rights:

the right to request confirmation of whether personal data relating to you is being pro-cessed and details of this data and any additional information and a copy of the data (Art. 15 GDPR);

the right to request the completion of incomplete personal data or the rectification of incorrect personal data (Art. 16 GDPR);

under Art. 17 GDPR, the right to request that personal data be deleted immediately, or, if need be under Art. 18 GDPR, that the data processing be restricted (if this data is subject to statutory retention periods, we will block it for the duration of the retention period);

the right to receive, or have transmitted to a third party, the relevant personal data that you have provided to us and that we process in an automated manner on the basis of your consent or in the performance of a contract. The data will be provided in a ma-chine-readable format. If you request the direct transfer of the data to a different con-troller, this will only be done if it is technically feasible (Art. 20 GDPR).

the right to object at any time to the processing of personal data processed by us on the basis of a legitimate interest of ours (Art. 6 (1) f) DGSVO), pursuant to Art. 21 GDPR; and

the right to withdraw any consents granted pursuant to Art. 7 (3) GDPR with future ef-fect. This will not affect the lawfulness of any processing performed on the basis of such consent up to the revocation.

We will notify any recipients to whom we have disclosed your personal data about any cor-rection or erasure of the personal data or restriction of the processing, unless this turns out to be impossible or would involve disproportionate effort.

You can assert the above rights against us, e.g., by notifying us by post via the contact details described above or e-mail to dataprivacy@globalgap.org.

That notwithstanding, you have the right to submit a complaint to the competent supervisory authority (Art. 77 GDPR).