The protection of your personal data is very important to us. In order to ensure that all data processing procedures on our website and in our offers are transparent and comprehensible for you as a visitor and user (referred to as “user”) of our website, we inform you in this data protection declaration about the type, scope and purpose of the processing of your personal data on our website.
A form to exercise the affected laws can be found here: Form to exercise the affected laws
This data protection declaration is currently valid and has the status April 2021. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on our website under “Data protection”.
Explanation of Terms
- ‘Personal data’ (referred to as “data”) means any information relating to an identified or identifiable natural person (referred to as “data subject”); a person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to specific identifiers or characteristics. Personal data therefore includes, for example, names, addresses, e-mail address, job title, date of birth, telephone number, user behavior, IP address, location data, genetic data, health data, etc.
- ‘Processing’ means any operation with respect to personal data, such as collecting, recording, organizing, arranging, storing, adapting, modifying, retrieving, consulting, using, disclosing, transmitting, dissemination, making available, matching, link, restricting, erasing or destroying personal data.
- ‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
- ‘Pseudonymization’ means that personal data are processed in such a way that they can no longer be attributed to specific a data subject without the use of additional information. Provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- ‘Controller’ means a natural person, company, agency, public authority, agency or other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.
- ‘Processor’ means a natural person, company, agency, public authority, institution or other body that processes personal data on behalf of the controller.
- ‘Recipient’ means a natural person, company, agency, public authority, institution or other body to which personal data is disclosed, whether or not a third party.
- ‘Third party’ means a natural person, company, agency, public authority or body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct authority of the controller or the processor.
- ‘Consent’ is any indication of intention given voluntarily by the data subject for the specific case in an informed manner and unambiguously in the form of a statement or other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
Responsible for the processing of personal data on this website is:
FLAVEX Naturextrakte GmbH
+49 (0) 6835 / 91 95 – 0
+49 (0)6835 / 91 95 – 95
Data Protection Officer
Contact details of our data protection officer are:
Company Sicon GmbH
Tel:+49 (0) 6831/122 411
Fax: +49 (0) 6831/122 370
General information on the processing of personal data
Types of data processed
On our website, we collect and process inventory data (e.g. names, addresses), contact data (e.g. e-mail addresses, telephone numbers, fax numbers, postal address), usage data (e.g. websites visited, links clicked, interest in content, assess times, access locations), content data (e.g. comments, text entries, photos, videos) and meta and communication data (e.g. device information, browser information, IP addresses).
Categories of affected persons
The person affected by the processing of personal data are all visitors and users of our website.
Purpose of processing
We collect and process the personal data of the users of our website in order to communicate with them and to inform them (e.g. contact and other inquiries, newsletters), to perform statistics, reach measurement and analyses (e.g. with marketing and analysis tolls), so that we can better design and optimize content and functions, to technically manage and optimize the website and to close security gaps.
Legal basis for the processing of personal data
We only process personal data if we are entitled to do so on a legal basis. We will name these legal bases individually. Apart from that, we are always entitled to process personal data if the data subject has consented (see Art. 6 para. 1 lit. a, Art. 7 GDPR), if we are obliged to fulfill contractual or pre-contractual obligations (see Art. 6 para. 1 lit. b GDPR), if we have to fulfill legal obligations (see Art. 6 para. 1 lit. c GDPR), or if we protect our legitimate interests (see Art. 6 para. 1 lit. f GDPR).
Recipients of personal data
We sometimes transfer personal data to processors or other third parties (e.g. payment service providers, hosting agencies, newsletter services, shipping companies, etc.) with whom we cooperate. We are entitled to do this if the data subject has consented to this (see Art. 6 par. 1 lit. a, Art. 7 GDPR), if we thereby fulfill contractual or pre-contractual obligations (see Art. 6 para. 1 lit. b GDPR), if we thereby fulfill a legal obligation (see Art. 6 para. 1 lit. c GDPR) or if we safeguard our legitimate interests (see Art. 6 para. 1 lit. f GDPR). We conclude a so-called order processing agreement with order processors in accordance with Art. 28 GDPR, according to which they also undertake to comply with data protection.
This website is hosted by:
DE 48153 Münster
Telefon: +49 251 1498 2000
The hosting services used by us serve to provide the following services:
Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this website. The legal basis for the use of the hosting services is the protection of our legitimate interests in the analysis, optimization and economic and secure operation of our website (see Art. 6 para. 1 p. 1 lit. f GDPR).
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of all users of this website on a basis. The data is stored as long as there is a purpose for it. After that the data will be deleted, unless there are legal retention obligations to the contrary.
Processing of personal data in third countries
If we transfer data to a third country, e.g. because we commission service providers there, we are entitled to do so if the data subject has consented to this (see Art. 6 Para. 1 lit. A, Art. 7 GDPR), if we thereby fulfill contractual or pre-contractual obligations (see Art. Art. 6 para. 1 lit. b GDPR), if we thereby fulfill a legal obligation (see Art. 6 para. 1 lit. c GDPR) or if we safeguard our legitimate interests (see Art. 6 para. 1 lit. f GDPR). A third country is any country outside the European Union (EU) or the European Economic Area (EWR). When transferring data to third countries, we pay attention to compliance with Art. 44 ff. GDPR), to existing guarantees or findings of the EU on an adequate level of data protection in the third country, as well as to the conclusion of any necessary agreements, e.g. standard contractual clauses.
When you contact us by e-mail, fax, telephone or mail, the data you provide (e.g. e-mail address, name, telephone number, fax number, address) will be processed by us in order to respond to your inquires. We are entitled to do this in accordance with Art. 6 Para 1 lit b GDPR. User data many also be stored in a customer relationship management system (“CRM system”) or in comparable databases.
We delete all data after storage is no longer necessary or restrict processing if there are legal retention obligations. The necessity of retaining the data is reviewed every two years at the latest.
Deletion / blocking of your personal data
We store your personal data only for as long as is necessary to achieve the purposes stated here. In addition, we only store your data if this is required by (e.g. 6 years in accordance with § 257 (1) HGB and 10 years in accordance with § 147 (1) AO for commercial and business letters, invoices, offers, etc.). After the respective purpose has ceased or these periods have expired, that data will be blocked or deleted in accordance with the statutory provision pursuant to Art. 17, 18 GDPR.
Encrypted transmission of your data
All personal data that you enter on our website and send to us are transmitted encrypted on our website according to the state of the art.
Furthermore, we secure our website and associated IT systems through technical and organizational measures against loss, destruction, access, modification or distribution of your personal data by unauthorized persons.
Collection of access data and web server log files
On the basis of our legitimate interests in the analysis, optimization and economic operation of our website, we collect the following data pursuant to Art. 6 para. 1 lit. f GDPR about each access tour website (so-called we server log files):
- IP address of the user
- Name of the accessed website
- File, date and time of access
- Amount of data transmitted (Body Bytes Sent)
- Message about successful access
- Browser type together with version
- Htaccess user
- Domain name of the requesting Internet Service Provider
- Called URL/subpage
- Protocol (e.g. http 2.o)
- Referrer URL (previously visited website)
- User Agent
- Operating system of the user
The data is used for statistical evaluations for the purpose of the operation, security and optimization of the website. The data is stored for security reasons (e.g. for the clarification of the fraud/abuse cases) for a period of 7 days. If longer storage is required for evidentiary purposes, they will be deleted after the final clarification of the matter.
Your rights as a data subject
You have the right to receive information and a copy of your personal data stored by us free of charge at any time (see Art. 15 GDPR).
You have the right to correct or complete your possibly incorrectly stored data (see Art. 16 GDPR).
You also have the right to restrict the processing of your data (see Art. 18 GDPR) and the right to delete your data (see Art. 17 GDPR). Deletion of your data is not possible insofar as we are obligated to continue to store the data for the purpose of processing the contract or due to the other legal retention obligations. Instead of deletion, we will block your data.
You also have the right to request the transfer of your data stored by us to another company or to have it transferred by us (see Art. 20 GDPR).
You also have the right to object to future processing of the data concerning you (see Art. 21 GDPR).
Furthermore, you have the right to revoke any consent you have given for the future (see Art. 7 (3) GDPR).
To exercise the aforementioned rights, please contact our data protection officer mentioned above.
In addition, you can file a complaint with the competent data protection supervisory authority (see Art. 77 GDPR).
Furthermore, cookies are stored on your computer when you use our website. Cookies are small text files that enable specific information related to the device to be stored on the user’s access device (PC, smartphone). They are used for the user-friendliness of websites (e.g. storage of login data), the collection of statistical data on website usage and for analysis for the purpose of improving the website. Cookies cannot execute programs or transfer viruses to your computer.
This website uses the following types of cookies:
- Transient (temporary) cookies
- Persistent (permanent) cookies
Transient cookies are automatically deleted when you close the browser or log out. These include in particular the session cookies. These sore a so-called ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website.
Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
Both types of cookies may originate from us (then “first-party cookies”) or from third parties (“third-party cookies”).
Cookie consent with Borlabs cookie
Our website uses the cookie consent technology of Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection law. The provider of this technology is Borlabs – Benamin A. Borschein, Rübenkamp 32, 22305 Hamburg (referred to as Borlabs).
When you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. This data is not shared with the Borlabs cookie provider.
The collection data will be stored until you request us to delete it or you delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
The provider of this website uses services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. Cookies are used to enable a statistical analysis of the use of this website by its visitors and the display of usage-related content or advertising. Cookies are small text files that are stored by the Internet browser on the user’s terminal device. Etracker cookies do not contain any information that enables identification of a user.
The data generated by etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is therefore subject to strict German and European data protection laws and standards. Etracker has been independently audited and certified in this matter and awarded the ePrivacyseal, the data protection seal of approval.
The data processing is carried out on the legal basis of Art. 6 para. 1 lit. f (legitimate interest) of The EU General Data Protection Regulation (EU- GDPR). Our legitimate interest is the optimization of our online offer and our web presence. Since the privacy of our visitors is particularly important to us, the IP address is anonymized at etracker as early as possible and login or device identifiers are converted at etracker to a unique key that is not assigned to a person.
No other use, merging with other data or disclosure to third parties is made by etracker.
You can object to the aforementioned data processing at any time, insofar as it is personal. Your objection will not have any adverse consequence for you.
Further information on data protection at etracker can be found here.
General objection to cookies for marketing purposes
Furthermore, the storage of cookies can be prevented by setting this in the security settings of your browser. However, you may then not be able to use all the functions for this website. These options apply to all cookies or analysis tools mentioned below that we use for marketing purposes on this website.
Other offers on our website
Vacancies/jobs are published on our website for which you can apply by e-mail, fax or post. Applicants are responsible for the secure transmission of applications containing personal data via these communication channels.
In order to be able to process the applications, we require minimum data resulting from the job advertisement. These are, for example, data such as names, address data and the documents belonging to the application, such as cover letter, resume and certificates. Further data can be submitted voluntarily.
We process the data provided by applicants only for the purposes of the application process. The legal basis for the processing of this data is the fulfillment of our pre-contractual obligations within the scope of the application procedure pursuant to Art. 6 (1) lit. b GDPR in conjunction with § 26 Privacy Act-new. An additional legal basis may result from Art. 6 (1) lit. f GDPR, insofar as data processing becomes necessary for us, for example in the context of legal proceedings.
If applicants voluntarily provide special categories of personal data pursuant to Art. 9 (1) GDPR, we process them in accordance with Art. 9 (2) lit. b GDPR. Insofar as we request these special categories of data, the data processing is carried out in accordance with Art. 9 (2) lit. a GDPR.
In the event of a successful application, the applicant data will be processed by us for the purpose of establishing an employment relationship in accordance with Art. 6 para. 1 lit. b GDPR in conjunction with § 26 Privacy Act-new.
Otherwise, the data of the applicants will only be stored by us for the period of the application procedure and at the longest in accordance with the generally recognized and statutory retention periods. After this period, or in the event that an application is withdrawn, the data will be deleted. The data will be deleted at the latest six months after the position has been filled, in order to be able to respond to any claims by applicants under the General Equal Treatment Act. Further data may also be stored for longer in order to fulfill other legal obligations.
If an applicant consents, we include his or her applicant data in our applicant pool in order to be able to contact him or her for future job postings. The legal basis for such data processing is the applicant’s voluntary informed consent pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR. Applicants ae informed that their consent to inclusion in the applicant pool is voluntary and has no influence on the current application process. They can revoke their consent at any time for the future and object to data processing in the applicant pool for the future in accordance with Art. 21 GDPR. These declarations can be sent to the above address for data protection inquiries/to our data protection officer. The applicant data in the applicant pool is deleted after a maximum of two years, unless legal regulations require longer storage.
Integration of third-party services and content
YouTube videos information
This website does not embed videos from the YouTube company. When you click on the company videos displayed on our website, you leave our site and are redirected to YouTube’s servers. After starting a YouTube video, further data processing operations are established, in which we have no influence or control.
Font Awesome (local hosting)