Data privacy statement
1. DATA PROTECTION AT A GLANCE
General information
When you visit our website, we process personal data. Here, we would like to inform you about this and your rights. The following information provides a basic overview of what happens to your personal data when you visit our website. Personal data includes any data with which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy statement below this text.
DATA COLLECTION ON OUR WEBSITE
Who is responsible for data collection on this website?| ||94
The data processing on this website is carried out by the website operator. You can find their contact information in the legal notice of this website.
How do we collect your data?
On the one hand, your data are collected when you provide them to us. These can be, for example, data that you enter in a contact form. Other data are collected automatically by our IT systems when you visit the website. These are mainly technical data (e.g., Internet browser, operating system, or time of page view). These data are automatically collected as soon as you enter our website.
How do we use your data?
Some data are collected to ensure that the website is made available without errors. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to obtain information about the origin, recipient(s), and purpose of your stored personal data free of charge at any time. Furthermore, you have the right to request the correction, blocking, or deletion of this data. For this and other questions on the subject of data protection, you can contact us at any time at the address provided in the legal notice. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
Third-party analytics and tools
When visiting our website, your surfing behavior can be statistically evaluated. This is done primarily by means of cookies and analytics. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis. We will inform you about the objection options in this privacy statement.
FURTHER DATA PROCESSING
Time for Bread Tel Aviv website
If you click on the link to the website of Zeit für Brot Tel Aviv, you will leave our website.
Online job applications
If you would like to apply to us online, you will be redirected to another website. There you will find detailed data protection information for online applications in the footer.
Google
If you want to plan a route to one of our bakeries or write a review, you will leave our website.
Google Web Fonts
Our website uses so-called web fonts provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for the standardized display of certain fonts. When a page is called up, the browser loads the required fonts directly from Google in order to be able to display them correctly on the end device. In doing so, the browser establishes a connection to Google's servers. As a result, Google becomes aware that our web pages are being accessed via the IP address.
Google web fonts are only used after consent has been given.
The data may also be transferred to Google in the USA. Google has submitted to the EU-U.S. Transatlantic Data Privacy Framework.
Further information on Google Web Fonts can be found athttps://developers.google.com/fonts/faq and in Google's privacy policy:https://www.google.com/policies/privacy.
Facebook
We maintain an online presence on Facebook and process data of the users active there in order to communicate with them and to offer information about us. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it may be more difficult to enforce their rights.
We are jointly responsible with the operator of Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) for collecting (but not further processing) data from visitors to our Facebook page (known as a “Fan Page"). These data include information about the types of content users view or interact with, or the actions they take (see under "Things You and Others Do and Provide" in the Facebook data privacy statement:https:// www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in the Facebook data privacy statement). As explained in the Facebook data privacy statement, Facebook also collects and uses information to provide analytics services to Page operators. We have entered into a special agreement with Facebook to do so. You can view the essence of this agreement here: https://www.facebook.com/legal/controller_addendum.
User data are generally processed for market research and advertising purposes. User profiles can be created from usage behavior and the resulting interests. These can be used, for example, to place advertisements inside and outside of Facebook, which presumably correspond to the user’s interests. For this purpose, cookies are usually placed on the user’s computer; These cookies are then used to store usage behavior and interests. In addition, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of Facebook and logged in there). For a detailed presentation of the respective processing and the options to object (opt-out), we refer to the privacy statements and information provided by Facebook. Requests for information and the assertion of user rights can also be asserted most effectively there.
The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 (1)(f) GDPR. If users are asked by the respective providers to consent to data processing (i.e., declare their consent, for example by checking a box or confirming a button), the legal basis for processing is section 25 TTDSG. For a detailed presentation of the respective processing and the opt-out options), we refer to the Facebook's general privacy statement at: https://www.facebook.com/policy.
Instagram
We maintain an online presence on Instagram and process data of the users active there in order to communicate with them and to offer information about us. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it may be more difficult to enforce their rights.
We are jointly responsible with the operator (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) for collecting (but not further processing) data from visitors to our page. These data include information about the types of content users view or interact with, or the actions they take (see under "Things You and Others Do and Provide" in the Instagram data privacy statement:https:// help.instagram.com/519522125107875), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the data privacy statement).
User data are generally processed for market research and advertising purposes. User profiles can be created from usage behavior and the resulting interests. These can be used, for example, to place advertisements inside and outside of Instagram, which presumably correspond to the user’s interests. For this purpose, cookies are usually placed on the user’s computer; These cookies are then used to store usage behavior and interests. In addition, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of Instagram and logged in there). For a detailed presentation of the respective processing and the options to object (opt-out), we refer to the privacy statements and information provided by Instagram. Requests for information and the assertion of user rights can also be asserted most effectively there.
The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6(1)(f) GDPR. If users are asked by the respective providers to consent to data processing (i.e., declare their consent, for example by checking a box or confirming a button), the legal basis for processing is Art. 6(1)(a) GDPR. For a detailed presentation of the respective processing and the opt-out options, we refer to Instagram's general privacy statement at: https://help.instagram.com/519522125107875.
LinkedIn
We also maintain an online presence on LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) to communicate with users active there and to offer information about us. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it may be more difficult to enforce their rights.
As a rule, user data are also processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms, which presumably correspond to the user’s interests. For these purposes, cookies are usually placed on the user’s computer; These cookies are then used to store usage behavior and interests. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6(1)(f) GDPR. If users are asked by the respective providers for consent to data processing (i.e., declare their consent, for example by marking a checkbox or confirming a button), the legal basis for processing is Section 25 (1) TTDSG. For a detailed description of the respective processing and the opt-out options, please refer to the information provided by the LinkedIn privacy statement: https://de.linkedin.com/legal/privacy-policy| ||145; opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
|| |149
In the event of requests for information and the assertion of user rights, we would like to point out that these can be asserted most effectively with the provider LinkedIn. Only the provider has access to the user's data and can take appropriate measures and provide information directly.
2. GENERAL NOTES AND MANDATORY INFORMATION
Data protection
The operators of this website take protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy statement.
When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This data privacy statement explains what data we collect and what we use them for. It also explains how and for what purpose this is done.
We would like to note that data transmission over the Internet (e.g., e-mail communications) can have security gaps. Complete protection of the data against access by third parties is not possible.
Note on the responsible body
The responsible body for data processing on this website is:
AF ZFB GmbH
rückerstraße 4
10119 Berlin
Berlin-Charlottenburg District Court; HRB 201848 B
Managing directors authorized to represent the company: Stephan K. Heinrich, Arne Hennig
VAT Reg. No.: DE320837782
You can contact our data protection officers atdatenschutz@novaras.info. The responsible authority is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, e-mail addresses, etc.).
Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke an already granted consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right of appeal to the competent supervisory authority
In the event of violations of data protection law, the person concerned has a right of appeal to the competent supervisory authority. The supervisory competent authority in matters of data protection law is the state data protection commissioner of the federal state in which our company is based. A list of the data protection officers and their contact information can be found at: node.htmlhttps://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Data portability rights
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract provided to you or to a third party in a common, machine-readable format. If you request a direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this website uses SSL or TLS encryption. You can identify an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.
Information, blocking, deletion
Within the scope of the applicable legal provisions, you have the right at any time to receive information at no cost about your stored personal data, their origin and recipient(s), the purpose of the data processing and, as appropriate, a right to correction, blocking, or deletion of these data. For this and other questions on the subject of personal data, you can contact us at any time at the address provided in the legal notice.
3. DATA COLLECTION ON OUR WEBSITE
Cookies
Internet sites sometimes use what are known as cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective, and more secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are referred to as "session cookies." They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing your browser. If you disable cookies, the functionality of this website may be limited.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g., shopping cart function) are stored on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (such as cookies for the analysis of your surfing behavior) are stored, these are treated separately in this privacy statement.
Server log data
The provider of the web pages automatically collects and stores information in what are known as server log files, which your browser automatically transmits. These are mainly:
· Browser type and version
· Operating system used
· Referrer URL (address of origin)
· Date and time of server request
· IP address
These data are stored separately from other data that you may provide to us and are not merged with data from others sources.
The basis for data processing is Art. 6(1)(f) GDPR, which permits the data to be processed on the basis of legitimate interests. In this case, there is a legitimate interest in the secure and trouble-free operation of the web server. To ensure this, the administration must be able to detect and track attacks and malfunctions of the system via server log files. In order to be able to recognize attack patterns, hits on the server must be stored. As soon as these data are no longer required, they are deleted. For technical reasons, the data are available to the hosting service provider, who is, however, bound by instructions and contractually obligated to us.
Plausible Analytics
We use the web analytics service Plausible Analytics to better understand how visitors use our website.
For analysis purposes, we therefore collect in particular: the date and time of your visit, title and URL of the visited pages, incoming links, the country you are in, and the user agent of your browser software. This information is processed pseudonymously and anonymized after one day.
The legal basis for this data processing is Art. 6(1)(f) GDPR. Our legitimate interests are to be able to analyze the use of our offer and to optimize it accordingly.
No data are transferred to Plausible Insights OÜ or third parties.
You can find more information about data processing by Plausible at: https://plausible.io/data-policy.
4. DATA PROTECTION INFORMATION FOR VIDEO SURVEILLANCE IN OUR BAKERIES
In order to exercise our householder's rights and to prevent and investigate possible criminal acts, we partially monitor our bakeries by video.
AF ZFB GmbH
rückerstraße 4
10119 Berlin
is responsible for this video surveillance.
You can find information on how to contact our data protection officers at: datenschutz@novaras.info.
The purposes and legal basis lie in the exercise of householder's rights and the prevention and investigation of possible criminal acts. The legal basis is the protection of our legitimate interests. We store the data for a maximum of 72 hours and then delete them automatically.
Information on the rights of affected persons
Persons affected by these measures have the right to obtain confirmation from the controller as to whether personal data concerning them are being processed. If this is the case, they have a right of access to these personal data and the information listed in detail in Art. 15 GDPR.
The affected person has the right to obtain from the controller the rectification without undue delay of inaccurate personal data concerning them and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).
The affected person has the right to request from the controller that personal data concerning them be deleted without delay if one of the reasons listed in detail in Art. 17 of the GDPR applies, e.g., if the data are no longer needed for the purposes pursued (right to deletion).
The affected person has the right to request the controller to restrict processing if one of the conditions listed in Art. 18 GDPR applies, for example, if the affected person has objected to the processing for the duration of the controller's review.
The affected person has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them. The controller shall then no longer process the personal data unless they can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the affected person, or for the establishment, exercise, or defense of legal claims (Article 21 of the GDPR).
Without prejudice to any other administrative or judicial remedy, every affected person shall have the right to lodge a complaint with a supervisory authority if they believe that the processing of personal data relating to them infringes the GDPR (Article 77 GDPR). The affected person may exercise this right before a supervisory authority in the Member State in which they reside, at their workplace, or the place of the alleged infringement. The supervisory competent authority in matters of data protection law is the state data protection commissioner of the federal state in which the respective shop is located. A list of data protection officers and their contact information (in German) can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschrift_links-node.html| ||222.