Data protection information

Thank you for your interest in our website and the data processing involved. The following data protection information contains, among other things, information about which personal user data is processed when you visit our website, the legal basis on which this data processing is based and what rights you are entitled to as the data subject. By providing this information, we comply with our transparency obligations pursuant to Art. 12 and 13 of the European Data Protection Regulation (EU GDPR).

Person responsible
The person responsible for this website within the meaning of the GDPR, the Federal Data Protection Act (BDSG) and other data protection regulations is:

CHOCOTECH GmbH
Dornbergsweg 32
38855 Wernigerode
Phone: +493943 5506-0
E-Mail: datenschutz@chocotech.de

Further information about our company and contact details can be found in our Imprint.

We have appointed a data protection officer for our company. You can get in touch with our DPO using the following contact details:

Ms Antonia Schreiber
DATA 4.0 Gesellschaft für Datenschutz und Datensicherheit mbH
Dornbergsweg 2
38855 Wernigerode
E-Mail: a.schreiber@data40.de
Phone: +493943 5099490

Hosting

Provision of our website and log files

Description and scope of data processing

Our website is hosted by a service provider (external hosting). For this purpose, we use the technical services of Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter "Mittwald").

Every time our website is accessed, the web server automatically collects the following information from your system and stores it:

IP address,
Date and time of the request,
Time zone difference to GMT,
Content of the website,
Access status (HTTP status),
Transferred data volume,
Request website,
Web browser,
Operating system,
Language of the version of the browser

Legal basis for data processing

The legal basis of the hosting and the temporary storage of the aforementioned data as well as its logging in so-called log files is our legitimate interest as website operator according to Art. 6 para. 1 lit. f DSGVO in conjunction with § 25 para. 2 no. 2 TTDSG. This ensures the optimal provision of our online service.

Insofar as consent has been requested, processing is carried out in accordance with Art. 6 para. 1 lit. a DSGVO in conjunction with § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in your end device (e.g. device fingerprinting) as defined by the TTDSG. You can revoke your consent at any time.

We have concluded an order processing contract (AVV) with Mittwald. Therefore, your data will only be processed to the extent necessary for the provision of the service.

Purpose of data processing

The temporary storage of your IP address by the web server is necessary in order to deliver the website to your computer. For this purpose, your IP address must remain stored for the period that you visit the website.

We store the data in log files to ensure the functionality of our website. Furthermore, these files help us to optimise our website and to ensure the security of our information technology systems (e.g. to detect attacks). This data is not evaluated for marketing purposes.

Storage period

The data mentioned above will be deleted as soon as it is no longer required for the fulfilment of the stated purpose. This is the case with respect to processing data that is required to provide the website after you have terminated your visit.

Data stored in log files is deleted no later than after 7 days. Storage beyond this time frame may take place. In this case, your IP address will be deleted or made anonymous so that it is no longer possible to link it to your system.

Use of cookies and conset services

Cookies

Description and scope of data processing

We use cookies on our website. Cookies are text files that are stored on your end device. They can be stored for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit. Permanent cookies remain on your end device until you delete them yourself or until your web browser automatically deletes them. A distinction is made between cookies which are necessary for technical purposes and cookies from possible third-party providers.

Legal basis for data processing

The legal basis for the use of cookies required for functional purposes is our legitimate interest as website operator according to Art. 6 para. 1 lit. f DSGVO in conjunction with. §25 para. 2 no. 2 TTDSG.

The legal basis for storing cookies, which are not subject to technical necessity but serve our tracking and marketing interests, is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO in conjunction with §25 para. 1 TTDSG. You can revoke this consent at any time. The legality of the data processing that took place up until the revocation remains unaffected.

Purpose of data processing

Technically necessary cookies allow us to provide our website free of errors and in a user-friendly manner.

The use of cookies for commercial purposes enables us to continuously improve the user experience of our website and to generate personalised offers.

Storage period and right to object

Please refer to the cookie settings for the storage period of the individual cookies.

You can delete stored cookies at any time in your browser settings or via the settings in the cookie content area. In addition, you can set individual preferences in your browser by generally objecting to the setting of cookies by websites or third-party providers. We would like to point out that by excluding cookies you may not be able to use our website to its full extent.

Cookie consent with Sgalinski

Description and scope of data processing

This website uses Sgalinski's cookie consent technology to obtain your consent to store certain cookies on your end device or to use certain technologies and to document this in accordance with the data protection law. The provider of this technology is Stefan Galinski Internetdienstleistungen, Bahnhofstr. 52, 37339 Gernrode (hereinafter "Sgalinski"). When you access our website, the following data is transferred to Sgalinski:

Your consent(s) or withdrawal of your consent(s)
User-Hash
Information about your browser
Information about your end device
Time of your visit to the website

Sgalinski stores a cookie in your browser in order to identify your consents or your revocation of such consents. The data collected in this way is stored until you request us to delete it, delete the Sgalinski cookie yourself or the purpose for storing the data no longer applies.

Legal basis for data processing

Sgalinski is used to obtain the legally required consent for the use of cookies. The legal basis is Art. 6 para. 1 p. 1 lit. c) DSGVO.

Additional information on data processing

Sgalinski is responsible for further processing of data. Additional information about security and data protection at Sgalinski can be found under the following link https://www.sgalinski.de/datenschutz/.

How to contact us

Contact us by e-mail or contact form

Description and scope of data processing

You can contact us in the following ways:

Contact form
E-mail address provided in the imprint
Via the electronic contact details of our employees

If you contact us via these channels, your personal data transmitted with the enquiry will be processed by us. You can find out which data this concerns in detail by reviewing the input fields of our form. In addition, all other data that you voluntarily provide to us as part of your enquiry will be transmitted.

Legal basis for data processing

The legal basis for the processing of your data from the enquiry is your voluntary consent in accordance with Art. 6 para. 1 lit. a) DSGVO. You can revoke this consent at any time. The legality of the data processing that took place up until the revocation remains unaffected.

If your enquiry is directed toward the conclusion of a contract, then the additional legal basis for this data processing is the initiation or fulfilment of a contract pursuant to Art. 6 (1) lit. b) DSGVO.

Purpose of data processing

The processing of the aforementioned personal data is solely for the purpose of handling your request for contact.

Storage period

The data mentioned above will be deleted as soon as it is no longer required for the fulfilment of the stated purpose. This applies to the personal data that you have sent us by e-mail or via our contact form after the respective conversation with you has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

Right of revocation

You have the option to object to this data processing at any time. You can send an objection to the following e-mail address: datenschutz@chocotech.de

All personal data stored as part of the contact will be deleted in this case.

Fonts

Integration of MyFonts

Description and scope of data processing

We use MyFonts for the uniform display of fonts. The provider of this service is Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA (hereinafter "MyFonts"). When you visit our website, the required web fonts are loaded into your browser cache. This ensures the uniform presentation and display of our script. A web font tracking script or similar technology is embedded on our site to check compliance with the license terms and the number of monthly page views. According to the information provided by MyFonts, the IP address of website visitors is transmitted to servers outside the EU only in an anonymised form. No personal data is collected or processed.

Legal basis for data processing

The legal basis for the integration of MyFonts and consequently for the needs-based design of our website is our legitimate interest as website operator pursuant to Art. 6 para. 1 lit. f) GDPR.

More information on data processing

Further information on how MyFonts handles your data is available at https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy and at https: //www.monotype.com/legal/privacy-policy.

Map services

Integration of OpenStreetMap with consent

Description and scope of data processing

We integrate the maps from the service OpenStreetMap (https://www.openstreetmap.org) into our website. This service is provided by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. OpenStreetMap is provided under the Open Data Commons Open Database License (ODbL). For correct display of the map material and short-term storage of the settings made, the IP address, information about the use of this website and user location data are forwarded to OpenStreetMap.

Legal basis for data processing

If you have consented to the processing, your data will be processed on the basis of Art. 6 para. 1 lit. a) DSGVO in conjunction with § 25 para. 1 TTDSG. Your consent can be withdrawn at any time.

Additional information on data processing

OpenStreetMap is responsible for further data processing. For more information on data processing by OpenStreetMap, please see the data privacy policy https://wiki.openstreetmap.org/wiki/Privacy_Policy.

Publication of job advertisements/online applications

Description and volume of data processing

Whenever there is a requirement, we publish job advertisements on our website. Applications can be submitted by post or electronically. When you submit your application data by e-mail or using our online form, we record and store all the personal data which you disclose. Your data is not forwarded to third parties.

Legal basis for data processing

We process your application data in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest of filling vacant positions within our company in a task-oriented and qualified manner.

If an appointment is made as a result of your application, the processing of your application data must be legally recognised as per Article 6(1)(b) GDPR as the implementation of contractual measures.

If you submit your application to us electronically, or use the online form to submit your application, you agree to the processing of your personal data as per Article 6(1)(a) GDPR.

Purpose of data processing

Using your application data, it is possible for us to select applicants for vacant positions.

Duration of storage

We store your data until the application process is completed. If your application does not lead to an appointment, we delete, i.e. destroy, your data, taking into account the legally defined objection periods, once rejection has been communicated.

If you have consented to additional data storage, the respective defined storage period applies.

Right to revocation

If you have provided us with your consent for additional storage of your application data, you have the right to revoke it at any time without the requirement to state reasons. To do so, please contact us by post or send your revocation to the following address: datenschutz@chocotech.de.

Social networks

Description and volume of data processing

We maintain profiles on social networks. For this purpose, we draw on the technical infrastructure of the respective platform operator. The operators of social networks generally provide their customers with comprehensive analyses on profile visitors, and also use the personal data for their own purposes, e.g. advertising. The data processing processes are not always transparent and comprehensible, but comprise at least the following processing actions in relation to data protection:

Processing of interests and visited profiles (in particular if you are signed in on the social network with your own profile)
Capture of your IP address and further information which is stored on your terminal, e.g. using cookies
Information on your terminal and, if applicable, your location

The operators of social networks use this data, for instance, to supply you with advertising relating to your interests, and collect comprehensive data on visitors and users. Please refer to the regulations for data processing and use of the respective platform operator for further information on data processing processes and conditions of use.

Legal basis for data processing

The legal basis for use of social networks is our legitimate interest as the website owner in the clear depiction of our company and our range of products and services as per Article 6(1)(f) GDPR.

Joint responsibility and data subject rights

We hold joint responsibility, together with the operator of the respective social network, for the processing of your personal data as per Article 26 GDPR. You can assert your data subject rights both to the platform operator and us. We expressly point out that we can offer no guarantees that you will be able to assert your data subject rights with the service provider of the social network.

Duration of storage

If you do not delete cookies, they remain on the terminal you use. You have the option of preventing the storage of cookies by making the appropriate setting in your browser. For this purpose, please use the help area of your web browser, and follow the respective instructions. We expressly point out that in this case, it is possible that no all the offered functions of the website will work to their full extent.

The data of yours captured by our profiles on social networks is deleted once the purpose has been fulfilled or you request the deletion of your data. If you have provided us with your consent for data processing, you have the right to revoke it at any time. In such cases, we also delete your data. The legal storage periods remain unaffected in the process.

LinkedIn

We operate a company profile on LinkedIn. For this purpose, we draw on the technical services of the operator LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Republic of Ireland (referred to hereinafter as "LinkedIn").

We have made an agreement with LinkedIn on joint responsibility (Page Insights Joint Controller Addendum ("Addendum")). You can find the agreement at https://legal.linkedin.com/pages-joint-controller-addendum.

We expressly point out that LinkedIn has its registered office in the USA. Your personal data is stored and processed on servers in the USA. The European Court of Justice (ECJ) has decided that the USA is not a safe third country in the spirit of GDPR, and there is a different level of data protection than in the EU. The US service providers are obliged to reveal personal data, e.g. to the security authorities, without the consent of the data subject. We expressly point out that it is therefore impossible to rule out the possibility that the data of yours on the US servers will be processed, analysed and permanently stored for surveillance purposes or other purposes.

We have no influence on the contents transmitted or the data processing of LinkedIn. If you do not want data to be associated with your user account, please sign out from your own LinkedIn profile before your visit our LinkedIn profile.

LinkedIn is responsible for the further processing of your personal data. Please refer to the LinkedIn data protection policy for further information on data processing by the social network LinkedIn https://www.linkedin.com/legal/privacy-policy.

YouTube

We operate a channel on the social video network YouTube. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland (referred to hereinafter as "Google"). When you visit our channel or play our videos, your personal data is processed. These include, e.g.:

The terminal used (e.g. desktop computer, smartphone, tablet, intelligent speaker)
You IP address
Access date and time
Your browser and browser type and any settings made
Website from which you wish to view the video
Videos which you view

We expressly point out that, if you are connected to your YouTube account while you call up the videos on our page, the information will be linked to your user account.

The transfer of data to the Google servers in the USA are subject to the standard contract clauses of the EU Commission. You will find further information on the subject at https://privacy.google.com/businesses/processorterms/mccs/.

Google Ireland Limited is responsible for further data processing. You will find information on the handling of your data by YouTube and Google at https://policies.google.com/privacy

RIGHT TO OBJECT TO THE COLLECTION OF DATA IN SPECIAL CASES AND TO DIRECT MARKETING (ART. 21 DSGVO)

IF DATA PROCESSING IS CARRIED OUT PURSUANT TO. ART. 6 PARA. 1 LIT. E) OR F) DSGVO, YOU MAY OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS RELATING TO YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING. PLEASE REFER TO THE DATA PROTECTION PROVISIONS FOR THE RESPECTIVE LEGAL GROUNDS ON WHICH PROCESSING IS BASED. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1) DSGVO).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR MARKETING PURPOSES. THIS ALSO APPLIES TO PROFILING, TO THE EXTENT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION ACCORDING TO ART. 21 PARA. 2 DSGVO).

Objection to advertising e-mails

We hereby object to the use of published contact data in our imprint for sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.

Our data protection information is always up to date

Our website is subject to advances in technology that are associated with the operation and possible uses of web services. Therefore, we reserve the right to adapt our data protection information in accordance with changes to our security and data protection measures and any possible further data processing and to make this information available to you here in the version that is currently valid.

Data protection information