1. Introduction
With the following information, we would like to provide you, as the "data subject," an overview of the processing of your personal data by us and your rights under data protection laws. The use of our websites is generally possible without entering personal data. However, if you wish to take advantage of specific services provided by our company through our website, the processing of personal data may be necessary. If the processing of personal data is required, and there is no legal basis for such processing, we generally obtain your consent.
The processing of personal data, such as your name, address, or email address, always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the specific data protection regulations applicable to "Milchprüfring Bayern e. V." Through this privacy statement, we aim to inform you about the scope and purpose of the personal data we collect, use, and process.
As the data controller, we have implemented numerous technical and organizational measures to ensure the most comprehensive protection of the personal data processed through this website. However, internet-based data transmissions can generally have security vulnerabilities, and absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us through alternative means, such as by phone or postal mail.
You can also take simple and easily implementable measures to protect your data against unauthorized access by third parties. Therefore, we would like to provide you with some tips on secure handling of your data:
Passwords should consist of at least 12 characters and be chosen so that they are not easily guessed. Therefore, they should not include common everyday words, your own name, or the names of relatives but should include a combination of uppercase and lowercase letters, numbers, and special characters.
2. Responsible
The person responsible within the meaning of the GDPR is:
Milchprüfring Bayern e. V.
Hochstatt 2, 85283 Wolnzach, Deutschland
Telefon: +49 (0) 8442-9599-0
Telefax: Telefax: +49 (0) 8442-9599-250
E-Mail: info@mpr-bayern.de
Vertreter des Verantwortlichen: Alfred Enderle
3. Data protection officer
You can contact the data protection officer as follows:
Stefan Auer
Phone: 0911 / 148986-50
Email: office@ascon-datenschutz.de
You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
4. Definitions
The privacy statement is based on the terms used by the European legislator in the enactment of the General Data Protection Regulation (GDPR). Our privacy statement is intended to be easily readable and understandable for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
In this privacy statement, we use, among others, the following terms:
Personal data refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific features expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).
Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.
Pseudonymization is the processing of personal data in a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency, or another body to whom personal data is disclosed, whether a third party or not. However, authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not considered recipients.
Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her for a specific purpose.
5. Legal basis for processing
Art. 6(1) lit. a) GDPR (in conjunction with § 25(1) TTDSG) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, in processing operations required for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6(1) lit. b) GDPR. The same applies to processing operations necessary for the performance of pre-contractual measures, such as in cases of inquiries about our products or services.
If our company is subject to a legal obligation that requires the processing of personal data, such as for fulfilling tax obligations, the processing is based on Art. 6(1) lit. c) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor in our facility were to be injured, and their name, age, health insurance data, or other vital information had to be disclosed to a doctor, hospital, or other third parties. In such a situation, the processing would be based on Art. 6(1) lit. d) GDPR.
Finally, processing operations could be based on Art. 6(1) lit. f) GDPR. Processing on this legal basis is permitted for operations not covered by any of the aforementioned legal bases when the processing is necessary for the legitimate interests pursued by our company or by a third party, provided that the interests or fundamental rights and freedoms of the data subject do not override those interests. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator, who considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2 GDPR).
6. Data Transmission to Third Parties
Transmission of your personal data to third parties for purposes other than those listed below does not take place.
We only disclose your personal data to third parties if:
As part of the processing operations described in this privacy statement, personal data may be transmitted to the United States. Companies in the United States only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework, and thus, the adequacy decision of the EU Commission according to Art. 45 GDPR applies. We have explicitly mentioned this in the privacy statement regarding the relevant service providers. To protect your data in all other cases, we have concluded data processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent according to Art. 49(1) lit. a) GDPR can serve as the legal basis for the transfer to third countries. This may not apply in the case of data transfers to third countries for which the European Commission has issued an adequacy decision according to Art. 45 GDPR.
7. Technology
7.1 SSL/TLS Encryption
To ensure the security of data processing and protect the transmission of confidential content such as orders, login details, or contact inquiries that you send to us as the operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the "https://" in the browser's address bar instead of "http://" and by the padlock icon in your browser.
We employ this technology to safeguard the transmission of your data.
7.2 Cloudflare (Content Delivery Network)
Our website uses features provided by CloudFlare. The provider is CloudFlare, Inc., 665 3rd St. #200, San Francisco, CA 94107, USA. CloudFlare offers a globally distributed Content Delivery Network with DNS. Technically, the transfer of information between your browser and our website is routed through CloudFlare's network. CloudFlare can thus analyze the data traffic between the user and our websites, for example, to detect and defend against attacks on our services. Additionally, CloudFlare may store cookies on your computer for optimization and analysis purposes.
You can configure your browser to inform you about the placement of cookies, allow cookies only in specific cases, exclude the acceptance of cookies for certain cases or in general, and enable automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Based on the GDPR, we have concluded a data processing agreement with Cloudflare or have implemented EU standard contractual clauses. Cloudflare collects statistical data about visits to this website. Access data includes: name of the accessed website, file, date and time of access, data volume transferred, message about successful access, type and version of browser, user's operating system, referrer URL (previously visited page), IP address, and requesting provider. Cloudflare uses the log data for statistical analysis to operate, secure, and optimize the service.
If you have given consent for the use of Cloudflare, the legal basis for processing personal data is Art. 6(1) lit. a) GDPR. Additionally, we have a legitimate interest in using Cloudflare to optimize and secure our online offering. The legal basis for this is Art. 6(1) lit. f) GDPR. Personal data is retained for as long as necessary to fulfill the processing purpose. The data is deleted when it is no longer necessary to achieve the purpose.
This U.S. company is certified under the EU-US Data Privacy Framework. An adequacy decision according to Art. 45 GDPR has been made, allowing the transfer of personal data without further guarantees or additional measures.
For more information about CloudFlare, please visit: https://www.cloudflare.com/privacypolicy/.
8. Cookies
8.1 General Information about Cookies
Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site. The cookie contains information that results from the context with the specific device used. However, this does not mean that we gain direct knowledge of your identity. The use of cookies is intended to make the use of our offering more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted when you leave our site.
Additionally, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period. If you visit our site again to use our services, it is automatically recognized that you have been here before, and which entries and settings you made, so you don't have to enter them again.
Furthermore, we use cookies to statistically record the use of our website and to evaluate our offering for optimization purposes. These cookies allow us to automatically recognize, upon revisiting our website, that you have already visited it. The cookies set in this way are automatically deleted after a defined time. The respective storage duration of cookies can be found in the settings of the implemented consent tool.
8.2 Legal Basis for the Use of Cookies
The data processed by cookies that are required for the proper functioning of the website are necessary for the protection of our legitimate interests and those of third parties under Art. 6(1) lit. f) GDPR.
For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6(1) lit. a) GDPR.
9. Contents of our Website
9.1 User Registration
You have the option to register on our website by providing personal data.
The personal data transmitted to us through the registration process is determined by the respective input mask used for registration. The personal data you enter is collected and stored exclusively for internal use and our own purposes. We may also arrange for the data to be disclosed to one or more processors, such as a parcel service, who will also use the personal data exclusively for internal purposes attributable to us.
Upon registration on our website, the IP address assigned by your Internet service provider (ISP), as well as the date and time of registration, are also stored. The storage of this data is necessary to prevent the misuse of our services and, if necessary, to investigate crimes committed. In this respect, the storage of this data is necessary for our protection. Generally, this data is not disclosed to third parties, unless required by law or for law enforcement purposes.
Your registration, provided voluntarily with the submission of personal data, also serves the purpose of offering you content or services that can only be offered to registered users due to the nature of the matter. Registered individuals are free to modify or delete the personal data provided during registration at any time.
Upon request, we will provide information at any time about the personal data stored about you. Furthermore, we will correct or delete personal data at your request, provided that there are no legal retention obligations. A data protection officer named in this privacy policy and all other employees are available to the data subject as a contact person in this context.
The processing of your data is carried out in the interest of a convenient and easy use of our website. This constitutes a legitimate interest within the meaning of Art. 6(1) lit. f) GDPR.
9.2 Services / Digital Goods
We only transmit personal data to third parties if this is necessary for the processing of contracts, for example, to the credit institution responsible for processing payments. Further transmission of the data does not occur, or only if you have expressly consented to the transmission. The legal basis for data processing is Art. 6(1) lit. b) GDPR, which permits the processing of data for the fulfillment of a contract or for pre-contractual measures.
9.3 Application Management / Job Market
We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically. This is particularly the case if an applicant submits corresponding application documents electronically, for example, by email or via a web form on the website. If we conclude an employment or service contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If we do not enter into an employment or service contract with the applicant, the application documents will be automatically deleted two months after the announcement of the rejection decision, unless deletion is contrary to other legitimate interests on our part. Another legitimate interest in this sense is, for example, a duty of proof in a proceeding under the General Equal Treatment Act (AGG).
The legal basis for processing your data is Art. 88 GDPR in conjunction with § 26(1) BDSG.
10. Newsletter Dispatch
10.1 Newsletter Dispatch to Existing Customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. In this regard, we do not need to obtain separate consent from you according to § 7(3) UWG. The data processing takes place solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6(1) lit. f) GDPR. If you have initially objected to the use of your email address for this purpose, no emails will be sent by us. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person named at the beginning. You will only incur transmission costs according to the basic rates. After receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
10.2 Advertising Newsletter
On our website, you have the option to subscribe to the newsletter of our company. The personal data that is transmitted to us when ordering the newsletter is determined by the input mask used for this purpose.
We regularly inform our customers and business partners about our offers via a newsletter. Our company's newsletter can only be received by you if:
A confirmation email will be sent to the email address you entered for the first time for newsletter dispatch for legal reasons, in a double opt-in procedure. This confirmation email serves to check whether the owner of the email address has authorized the receipt of the newsletter.
When registering for the newsletter, we also store the IP address assigned by your Internet service provider (ISP) to your IT system at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of your email address at a later date and therefore serves our legal protection.
The personal data collected as part of the registration for the newsletter will only be used to send our newsletter. Subscribers to the newsletter may also be informed by email if this is necessary for the operation of the newsletter service or a registration related to this, as could be the case in the event of changes to the newsletter
10.3 Brevo (formerly Sendinblue)
This website uses Brevo for the dispatch of newsletters. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Brevo is a service that allows the organization and analysis of newsletters, among other things. The data you enter for newsletter subscription purposes is stored on Sendinblue's servers in Germany. If you do not wish for analysis by Brevo, unsubscribing from the newsletter is necessary. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website.
You can revoke your consent at any time. You can also prevent processing at any time by unsubscribing from the newsletter. You can also prevent the storage of cookies by adjusting your browser settings. Additionally, the storage and transmission of personal data can be prevented by disabling JavaScript in your web browser or installing a JavaScript blocker (e.g., https://noscript.net or https://www.ghostery.com). Please note that these measures may limit the functionality of our website.
With the help of Brevo, we can analyze our newsletter campaigns. For example, we can see if a newsletter message has been opened and which links have been clicked. This allows us to determine which links are clicked most frequently.
Furthermore, we can identify whether specific predefined actions (conversion rate) have been taken after opening/clicking. For instance, we can determine if you made a purchase after clicking on the newsletter.
Brevo also allows us to categorize newsletter recipients into different groups (so-called "clustering"). Newsletter recipients can be divided, for example, based on age, gender, or location. This helps tailor newsletters to specific target groups.
Detailed information on Brevo's features can be found here: https://www.brevo.com/de/features/.
Data processing is based on your consent according to Art. 6(1) lit. a) GDPR. You can revoke this consent at any time. The legality of data processing operations already carried out remains unaffected by the revocation.
The data you provided to us for newsletter subscription purposes will be stored by us until you unsubscribe from the newsletter. After unsubscribing from the newsletter, your data will be deleted from both our servers and Brevo's servers. Data stored by us for other purposes (e.g., email addresses for the members' area) remains unaffected by this.
You can view Brevo's privacy policy at: https://www.brevo.com/de/datenschutz-uebersicht/.
10.4 Newsletter Tracking
Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to enable log file recording and log file analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns. The embedded tracking pixel allows the company to determine whether and when an email from you has been opened and which links contained in the email have been clicked.
Personal data collected through such tracking pixels included in newsletters are stored and analyzed by us to optimize newsletter dispatch and better tailor the content of future newsletters to your interests. This personal data is not disclosed to third parties. Data subjects are entitled to revoke their separate consent given via the double opt-in procedure at any time. After revocation, this personal data will be deleted by us. We interpret a unsubscribe from the newsletter as an automatic revocation.
Such an evaluation is carried out in accordance with Art. 6(1) lit. f) GDPR based on our legitimate interests in displaying personalized advertising, market research, and/or designing our website in a needs-based manner.
11. Our Activities on Social Networks
To communicate with you in social networks and inform you about our services, we have our own pages there. When you visit one of our social media pages, we are jointly responsible for the processing with the provider of the respective social media platform, within the meaning of Art. 26 GDPR.
We are not the original provider of these pages but only use them within the possibilities offered to us by the respective providers.
Therefore, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as the protection of your rights, e.g., to information, deletion, objection, etc., may be difficult, and processing in social networks often occurs directly for advertising purposes or for the analysis of user behavior by the providers, without us being able to influence this. If the providers create user profiles, cookies are often used, or the usage behavior is assigned to your own member profile in the social networks.
The described processing of personal data is carried out in accordance with Art. 6(1) lit. f) GDPR based on our legitimate interest and the legitimate interest of the respective provider to be able to communicate with you in a contemporary manner and inform you about our services. If you have to give consent as a user to the respective providers for data processing, the legal basis refers to Art. 6(1) lit. a) GDPR in conjunction with Art. 7 GDPR.
Since we do not have access to the databases of the providers, we would like to point out that you can best assert your rights (e.g., information, correction, deletion, etc.) directly with the respective provider. We have provided further information on the processing of your data on social networks below for each social network provider we use:
12. Web Analysis
12.1 Matomo
We have integrated the Matomo component from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, on this website. Matomo is a software tool for web analysis, used to collect, gather, and analyze data about the behavior of visitors to websites. This includes data such as the internet page from which an individual came to a website (referrer), which subpages of the website were accessed, or how often and for what duration a subpage was viewed. This information is used for optimizing the website and for cost-benefit analysis of internet advertising.
The software operates on the server of the data controller, and log files that are sensitive to data protection are exclusively stored on this server.
Matomo sets a cookie on your IT system. This cookie enables us to analyze the usage of our website. Each time one of the individual pages of this website is accessed, the Matomo component automatically prompts the web browser on your IT system to transmit data for the purpose of online analysis to our server. Through this technical process, we gain knowledge about personal data, such as the IP address of the individual concerned, which is used, among other things, to trace the origin of visitors and clicks.
Using the cookie, personal information such as access time, location, originating source of access, and frequency of visits to our website is stored. On each visit to our web pages, this personal data, including the IP address of your internet connection, is transmitted to our server. We store this personal data and do not disclose it to third parties. These processing operations only occur with the explicit consent according to Art. 6(1)(a) GDPR. You can view Matomo's privacy policy here.
13. Your Rights as the Data Subject
13.1 Right to Confirmation
You have the right to request confirmation from us as to whether or not your personal data is being processed.
13.2 Right to Information According to Art. 15 GDPR
You have the right to obtain from us, at any time, free information about the personal data stored about you, as well as a copy of this data in accordance with legal requirements.
13.3 Right to Rectification According to Art. 16 GDPR
You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of processing.
13.4 Deletion According to Art. 17 GDPR
You have the right to demand that the personal data concerning you be deleted immediately, provided one of the legally prescribed reasons applies, and provided that processing or storage is not necessary.
13.5 Restriction of Processing According to Art. 18 GDPR
You have the right to request us to restrict processing if one of the legal conditions is met.
13.6 Data Portability According to Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format. You also have the right to transmit this data to another data controller without hindrance from us, to whom the personal data was provided, provided that processing is based on consent according to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract according to Art. 6(1)(b) GDPR, and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, in exercising your right to data portability under Art. 20(1) GDPR, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.
13.7 Objection According to Art. 21 GDPR
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Art. 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
In individual cases, we process personal data to conduct direct advertising. You can object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is related to such direct advertising. If you object to us processing your personal data for direct marketing purposes, we will no longer process the personal data for these purposes.
Additionally, you have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you at our organization for scientific or historical research purposes, or for statistical purposes in accordance with Art. 89(1) GDPR, unless such processing is necessary to fulfill a task carried out in the public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
13.8 Withdrawal of Consent to Data Processing
You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
13.9 Complaint to a Supervisory Authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
14. Routine Storage, Deletion, and Blocking of Personal Data
We process and store your personal data only for the period required to achieve the purpose of storage or as provided for by the legal provisions to which our company is subject. If the purpose of storage no longer applies or if a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.
15. Duration of Storage of Personal Data
The criterion for the duration of storage of personal data is the respective statutory retention period. After the expiry of the retention period, the corresponding data is routinely deleted, provided it is no longer required for contract fulfillment or contract initiation.
16. Timeliness and Amendment of the Data Protection Declaration
This data protection declaration is currently valid and has the status of: January 2024. Due to the further development of our websites and offers or due to changed legal or official requirements, it may be necessary to change this data protection declaration. The current data protection declaration can be accessed and printed by you at any time on the website under "https://www.mpr-bayern.de/de/Datenschutzerklaerung".
17. Information Obligations
This data protection declaration was created with the support of the data protection software: audatis MANAGER.
