Privacy Policy SteviaSweet

1. General

This policy contains information on how personal data is collected when using our website, pursuant to Article 13 of the EU General Data Protection Regulation (GDPR). Personal data is any data that can relate to you personally, e.g. your name, address, email addresses and user behaviour.
The Data Controller as defined in Article 4(7) of the GDPR is:
Hermes Sweeteners Ltd.
Ankerstrasse 53
8004 Zürich
Switzerland

Our Data Protection Officer can be contacted at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Alexander Bugl
Sedanstrasse 7
93055 Regensburg
Germany
email: kontakt@buglundkollegen.de
 

2. Your rights

If you use our website and we process your personal data, you are considered to be a Data Subject under the GDPR. Data Subjects may exercise the following rights under the GDPR by contacting the Data Controller:
  • –         Right of access (Article 15)
  • –         Right to rectification (Article 16)
    –         Right to erasure (Article 17)
  • –         Right to restrict processing (Article 18)
  • –         Notification obligation regarding rectification or erasure of personal data or restriction of processing (Article 19)
  • –         Right to data portability (Article 20)
  • –         Right to object (Article 21)
  • –         Right to revoke consent The data processing carried out before consent is revoked remains unaffected on the basis of the consent given until the point of revocation. (Article 7(3))
  • –         Right to lodge a complaint with a supervisory authority (Article 77)
 

3. Cookies consent with Cookiebot

Which cookie banner do we use?
This website uses Cookiebot’s cookie-consent technology to obtain your consent to storing certain cookies on your device and to document them in accordance with data protection regulations. The technology is provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark.
Website: https://cookiebot.com (hereinafter referred to as “Cookiebot”).
When you use our website, the following personal data is transmitted to Cookiebot:
  • –         Your consent(s) or revocation of your consent(s)
  • –         Your IP address
  • –         Information about your browser
  • –         Information about your end device
  • –         Time of your visit to the website.
In addition, Cookiebot stores a cookie in your browser to ensure the consent(s) you have given or revoked is related to you personally. The data collected in this way will be stored until you ask us to delete it, you delete the cookie itself or the reason for storing the data no longer applies. Our statutory retention obligations remain unaffected.
We use Cookiebot to comply with our legal requirement to obtain consent for the use of cookies under Article 6(1)(c) of the GDPR.
We have signed a data processing agreement with Cookiebot, as required by data protection law, which guarantees that Cookiebot processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.
 

4. Hosting

We use hosting services provided by tecRacer GmbH & Co. KG for the provision of the following services: infrastructure and platform services, computing capacity, storage and database services, email distribution, security and technical maintenance services that we use to offer our services online. 
We or our hosting provider process inventory data, contact details, content data, contract details, usage data, metadata and communication data of customers, and data of visitors to this website based on our legitimate interest in providing an efficient and secure website pursuant to Article 6(1)(f) of the GDPR in conjunction with Article 28 thereof (conclusion of a data processing agreement).
 

5. Categories of data recipients

Your personal data will be shared with only those of our employees who need such data to fulfil our contractual and legal obligations. We will also share your personal data with other recipients who provide services to us in connection with our website, to the extent permitted or required by law or to the extent that your consent allows. Therefore, your personal data will be shared only to the extent that is necessary. In some cases, our service providers will receive your personal data as contracted data processors, which are strictly bound by our instructions when processing your personal data. In some cases, the recipients act independently with your data that we share with them.
The categories of recipients of your personal data are as follows:
  • –         Affiliated companies within our group of companies, provided they act as service providers for us and provide IT services or the like, insofar as this is necessary for us to perform our services or if and insofar as they require such data to fulfil our contractual and legal obligations or on the basis of our legitimate interests. Such interests may be commercial, administrative or other internal business purposes, unless your interests or fundamental rights and freedoms that require your personal data to be protected prevail.
  • –         Private bodies outside of our group of companies, such as:
  •                  – payment service providers and banks to collect outstanding payments from accounts or to pay out reimbursements
  •                  – agencies (e.g. online and offline), printing companies and lettershops that help us with advertising (e.g. competitions, promotions, mailing of invitations and letters, etc.).
  • –         IT service providers, which store data and support us in administering and maintaining systems, archiving, shredding, etc.
  • –         logistics service providers to deliver goods, etc.
  • –         credit information agencies to obtain credit information
  • –         collection agencies and legal advisors
  • –         service providers to produce adverse event reports.
 

6. Transferring data to a third country

Data is transferred to countries outside the EU or EEA (“third countries”) only if this is necessary within our contractual relationships or is permitted or required by law (e.g. tax reporting obligations), or if you have given us consent or this forms part of our data processing agreement. If we engage service providers in a third country, these are obliged to comply with the level of data protection level required in Europe by agreeing the EU standard contractual clauses. Alternatively, we will forward the data on the basis of an adequacy decision set forth by the European Commission. For more information, please contact our Data Protection Officer.
 

7. Contact form

a. Nature and purpose of processing
The data you enter into the contact form is stored for the purpose of communicating with you personally. A valid email address and your name are required for this, so we may assign the query and respond to it accordingly. The provision of any further additional data is optional.
In addition, if you contact us by email or by telephone, we will process the contact data that you provide to respond to your enquiry.

b. Legal basis of the processing
Your personal data is processed on the basis of a legitimate interest (Article 6(1)(f) of the GDPR). We provide a contact form to make it easy for you to contact us. Your information will be stored for the purpose of processing your enquiry, as well as for answering any follow-up questions. If you contact us to request a quote, the data you provide will be processed for the purpose of carrying out pre-contractual measures (Article 6(1)(b) of the GDPR).

C. Categories of data
IP address, contact data and your message

d. Retention periods
Data will be deleted no later than 6 months after processing the request. If we enter into a contractual relationship, we are subject to the statutory retention periods under the German Commercial Code (Handelsgesetzbuch - HGB) and will delete your data after these periods have expired.

e. Statutory/contractual requirements
The provision of your personal data is voluntary. However, we can only process your enquiry if you provide us with your name, email address and the reason for the request.

f. Right to object
You also have the right to object to our use of your personal data at any time. You can inform us at any time of your objection using the contact details indicated at the top of this privacy policy.


g. Automated decision-making or profiling
As a responsible company, we do not use automated decision-making or profiling for this data processing.
 

8. Sending the newsletter

(1) Your personal data is exclusively used to send you the newsletter you have subscribed to via email. Your name is used to address you in person in the newsletter and, if necessary, to identify you in case you want to exercise your rights as an affected person. Providing your email address is all that is required to receive the newsletter. The data you provide when signing up to receive the newsletter is exclusively used for this purpose. Subscribers may also be informed of circumstances which are relevant for the service or registration by email (for example, changes to the newsletter offering or technical conditions). We require a valid email address in order to effectively complete the registration. We apply a “double opt-in” procedure to verify that a registration has actually been conducted by the owner of an email address. To do so, we log the sign-up to the newsletter, the dispatch of a confirmation email and the receipt of the response requested in such an email. No further data is collected. The data is used exclusively to dispatch the newsletter. We will only provide your data to our service provider (“Mailchimp”) which sends the newsletter on our behalf in accordance with Article 28 of the EU General Data Protection Regulation (GDPR). Your personal data will not be forwarded to third parties.
(2) On the basis of your explicitly provided consent (Art. 6 Section 1 lit. a GDPR), or based on a legitimate interest (Art. 6 Sentence 1 lit. f GDPR), we will send you our newsletter or similar information via email on a regular basis to the email address you have specified. You may object to this processing and/or revoke your consent at any time.
 

9. Use of the website

a. Nature and purpose of processing
Unless you register or otherwise specifically transmit information to us, information of a general nature is automatically collected when you access our website. This information (server log files) includes type of browser, operating system used, internet service provider (ISP) domain name, your IP address and the like. The information collected in this regard cannot be related back to you personally. Such data is processed in particular for the following purposes:
  • –         to ensure a smooth connection to the website
  • –         to ensuring smooth use of our website
  • –         to evaluate system security and stability for further administrative purposes.
We do not relate the information collected in this regard back to you personally. Information of this kind may be statistically evaluated by us, if necessary, in order to optimise our website and the technology underlying it.

b. Lawful basis of the processing
Processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

C. Categories of data
Device, browser, operating system, location and IP address

d. Retention periods
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For data used to provide the website, this is always the case when the browsing session has ended.

e. Statutory/contractual requirements
The provision of the aforementioned personal data is neither legally nor contractually required. Without the IP address, however, we cannot guarantee the service and functionality of our website. Moreover, individual services and services may not be available or may be restricted.

f. Right to object
You also have the right to object to our processing of your personal data at any time. You can inform us of your objection at any time using the contact details indicated at the top of this privacy policy.

g. Automated decision-making or profiling
As a responsible company, we do not use automated decision-making or profiling for this data processing.
 

10. Online shop

a. Nature and purpose of processing
Each online shop user can set up a password-protected customer account during the order process. This includes an overview of orders placed and the status of orders in progress. 
In addition, you must provide further personal data in order to conclude the contract under which we process your order. Information that is mandatory for processing the contract is marked separately; additional information is provided voluntarily. We use various payment service providers to process payments. You may choose between the following service providers:
PayPal Pte. Ltd., 5 Temasek Boulevard, #09-01 Suntec Tower Five, Singapore 038985
Novalnet AG, Zahlungsinstitut (ZAG), Feringastrse 4, 85774 Unterföhring, Germany.

Furthermore, you have the option of registering for our newsletter during the ordering process. For more information, see the Newsletter section.

b. Lawful basis of the processing
The personal data you submit is processed in order to perform a contact (Article 6(1)(b) of the GDPR).

c. Categories of data
Device, browser, operating system, location and IP address

d. Retention periods
Data will only be processed for this purpose for as long as it is necessary to fulfil the purpose. After that, the data will be deleted, unless we are under a legal obligation to retain it. If you wish to contact us in relation to this, please use the contact details indicated at the top of this privacy policy.

e. Statutory/contractual requirements
You must provide your personal data in order for us to process the contract. 

f. Automated decision-making or profiling
As a responsible company, we do not use automated decision-making or profiling for this data processing.
 

11. Use of cookies

a. Nature and purpose of the processing
We use cookies on our website.
Cookies are basic files that store information about our website and how you use it. These small optional files are created automatically by your browser when you use our website and are stored locally on your device. However, this does not mean that we can use cookies to identify you personally. We use cookies to provide you with a better experience when using our website.

Most cookies that we use are so-called session cookies, which are automatically deleted after your visit. Other cookies will be stored on your device for longer. These cookies allow us to identify your browser the next time you visit.

We distinguish between cookies that are technically essential and non-essential:

Technically essential cookies (first-party cookies)
These are needed to operate website and are essential for browsing it and using its functions.

Non-essential cookies are mostly performance, marketing and third-party cookies, which allow the number of visitors and traffic sources to be recorded and counted, e.g. in order to measure and improve website performance. They are also used to determine whether certain pages are experiencing any problems or errors, which pages are most popular and how visitors navigate the site.

Performance cookies are used to track visits and individual activity on websites, so usage can be statistically recorded and evaluated.
Marketing and third-party cookies are typically used by external advertising companies to collect information about the websites visited by the user, e.g. to create advertising targeted at the user.
The list of cookies we use can be found in our cookie banner.

b. Legal basis of the processing
The use of technically essential cookies (first-party cookies) does not require the website user’s consent and is subject to a legitimate interest in the economic operation and optimisation of our website and services pursuant to Article 6(1)(f) of the GDPR.

The use of technically non-essential cookies such as performance, marketing and third-party cookies is subject to the website user’s consent according to pursuant to Article 6(1)(a) of the GDPR.

c. Categories of data
  • –         IP address
  • –         Browser used
  • –         Operating system and device used
  • –         Internet connection
  • –         Session ID of the cookie
  • –         Time of visit
  •  
d. Retention periods
Users can adjust their browser settings to disable cookies or to be asked every time for their consent to cookies being stored. Once cookies have been installed, users can delete them at any time. For an explanation of how to do this, please see your browser’s help section.
Disabling all cookies may prevent certain features on this website from working.
Cookies can be also restricted or disabled with the help of plug-ins such as https://www.ghostery.com/.

e. Statutory/contractual requirements
In the case of non-essential cookies, providing your personal data in cookies is optional and solely on the basis of your consent (opt-in cookies). You can also disable preset, technically essential cookies (opt-out cookies) by adjusting your browser settings. Without your consent, however, we cannot guarantee the service and functionality of our website. Moreover, individual services and services may not be available or may be restricted.

f. Revoking your consent
You can revoke your consent to any subsequent cookies at any time in your browser settings or in the cookie banner. The link to the cookie banner can be found in section 7.

g. Automated decision-making or profiling
As a responsible company, we do not use automated decision-making or profiling for this data processing.
 

12. Google Tag Manager

a. Nature and purpose of processing
Use of Google Tag Manager: Google Tag Manager is a solution that allows marketers to manage website tags through an interface. The Tag Manager tool itself, which adds the tags, is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not have access to this data. If a domain or cookie has been disabled, it will remain active for all tracking tags added with Google Tag Manager: https://www.google.com/analytics/terms/tag-manager/.

b. Legal basis of the processing
The data entered is processed in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the functionality of our website.

c. Categories of data
Website interactions

d. Retention periods
Data will only be processed for this purpose for as long as it is necessary. After that, the data will be deleted, unless we are under a legal obligation to retain it. If you wish to contact us in relation to this, please use the contact details indicated at the top of this privacy policy.

e. Statutory/contractual requirements
You can object to the data processing at any time. However, this may result in restricted functionality on the website.

f. Profiling
The behaviour of website visitors can be evaluated and their interests analysed using Google Tag Manager.
 

13. Google reCAPTCHA

a. Nature and purpose of processing
We use the Google reCAPTCHA service on some of the forms on this website to protect against misuse of our webforms and against spam. By verifying an entry requiring manual input, this service prevents automated software (bots) from spamming the website. This serves to balance our legitimate interest in protecting our website from abuse, as well to ensure the continuity of our online service.
Google reCAPTCHA uses a JavaScript through a code incorporated into the website as a verification method, which allows your usage of the website to be analysed, such as through cookies. The information that is automatically collected about your use of this website, including your IP address, is generally transmitted to a Google server in the US and stored there. In addition, other cookies stored in your browser by Google services are evaluated by Google reCAPTCHA.
No personal data from the form input fields can be accessed or stored.

b. Legal basis of the processing
Processing is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in improving the security and functionality of our website.

c. Categories of data
Website interactions

d. Retention periods
The data collected for this purpose will be deleted once it is no longer required for use by Google reCAPTCHA.

e. Statutory/contractual requirements
The provision of your personal data is based on our legitimate interest. If you do not provide your personal data, we cannot grant you access to our available content and services.

f. Revoking your consent
You can prevent Google from collecting data on your use of the website generated by JavaScript or the cookie (including your IP address) as well as from processing this data by preventing JavaScripts from running or adjusting your cookie settings in your browser. Please note that this may limit the functionality of our website.
To view Google’s Privacy Policy, click here: https://policies.google.com/privacy

g. Automated decision-making or profiling
As a responsible company, we do not use automated decision-making or profiling for this data processing.
 

14. YouTube

a. Nature and purpose of processing
We embed YouTube videos into some parts of our website. The plug-ins are operated by YouTube, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. When you visit a page with the YouTube plug-in, it connects to YouTube servers and tells YouTube which pages you visit. When you are logged in to your YouTube account, YouTube can relate your browsing activity to you personally. You can prevent this by logging out of your YouTube account beforehand. When you open a YouTube video, the provider uses cookies that collect information about your user behaviour. For more information on the purpose and scope of the data collection and processing by YouTube, please see the provider’s data protection policies, where you will also find further information on your rights and settings to protect your privacy (https://policies.google.com/privacy).

b. Legal basis of the processing
By granting us your consent, you provide us with a legal basis for integrating YouTube and transferring data to Google, in accordance with Article 6(1)(a) of the GDPR.

c. Categories of data
Device information, IP Address, referrer URL and videos watched

d. Retention periods
If you have disabled the storage of cookies by Google, cookies will not be stored when viewing YouTube videos. YouTube also stores non-personal information about usage in other cookies. To prevent this, you must disable the storage of cookies in your browser. For further information on data protection by YouTube, refer to the Google Privacy Policy at: https://policies.google.com/privacy?hl=en&gl=en

e. Statutory/contractual requirements
The provision of your personal data is voluntary and solely on the basis of your consent. However, this may result in restricted functionality on the website.

f. Revoking your consent
You can revoke your consent to #storage of your data at any time with effect for the future. 

g. Automated decision-making or profiling
As a responsible company, we do not use automated decision-making or profiling for this data processing.
 

15. Google Ads remarketing

a. Nature and purpose of the processing
We use the remarketing or similar-audience targeting function of Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”) on our website. If you reside in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the Data Controller. In other words, Google Ireland Limited is the Google affiliate that is responsible for processing your data and for complying with applicable privacy laws. The purpose of this is to analyse visitor behaviour and interests. Google uses cookies to analyse website usage, which forms the basis for creating personalised ads. Cookies are used to record visits to the website, as well as anonymised data about the use of the website. No personal data is stored regarding visitors to the website. If you subsequently visit another website on the Google Display network, you are likely to see advertisements that reflect products and information that you have previously accessed.

b. Legal basis of the processing
By providing your consent, you provide us with a legal basis for processing the data you submit, in accordance with Article 6(1)(a) of the GDPR.

c. Categories of data
Browser language, browser type, ads clicked, cookie ID, cookie information, date and time of visit, IP address, referrer URL, usage data and web enquiry

d. Retention periods
Data will only be processed for this purpose for as long as the corresponding consent is provided. After that, the data will be deleted, unless we are under a legal obligation to retain it. If you wish to contact us in relation to this, please use the contact details indicated at the top of this privacy policy.

e. Statutory/contractual requirements
The provision of your personal data is voluntary and solely on the basis of your consent. However, this may result in restricted functionality on the website.

f. Revoking your consent
You can revoke your consent to any storage of your personal data at any time with effect for the future. 
You can prevent cookies from being stored by adjusting your browser settings; however, in this case, you may not be able to take full advantage of all the functions of this website.

g. Automated decision-making or profiling
The behaviour of website visitors can be evaluated and their interests analysed using a tracking tool. To do this, we create a pseudonymous user profile.
 

16. Google Ads Conversion Tracking

a. Nature and purpose of the processing
We use Google Ads and conversion tracking (to evaluate visitor actions) on our website. Google Conversion Tracking is an analysis service provided by Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). If you reside in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the Data Controller. In other words, Google Ireland Limited is the Google affiliate that is responsible for processing your data and for complying with applicable privacy laws. When you click on a Google-enabled ad, a conversion tracking cookie is placed on your computer. These cookies are stored for a limited period, do not contain any personal data and therefore cannot be used to identify you personally. If you visit certain pages on our website and the cookie has not expired, we and Google can recognise that you have clicked on the ad and have been redirected to that page. Each Google Ads customer receives a different cookie. Cookies therefore cannot be tracked via the websites of Ads customers. The information obtained by the conversion cookie is used to generate conversion statistics. This tells us the total number of users who have clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.

b. Legal basis of the processing
By providing your consent, you provide us with a legal basis for processing the data you submit, in accordance with Article 6(1)(a) of the GDPR.

c. Categories of data
Browser language, browser type, ads clicked, cookie ID, cookie information, date and time of visit, IP address, referrer URL, usage data and web enquiry

d. Retention periods
Data will only be processed for this purpose for as long as the corresponding consent is provided. After that, the data will be deleted, unless we are under a legal obligation to retain it. If you wish to contact us in relation to this, please use the contact details indicated at the top of this privacy policy.

e. Statutory/contractual requirements
The provision of your personal data is voluntary and solely on the basis of your consent. However, this may result in restricted functionality on the website.

f. Revoking your consent
You can revoke your consent to any storage of your personal data at any time with effect for the future. 
You can prevent cookies from being stored by adjusting your browser settings; however, in this case, you may not be able to take full advantage of all the functions of this website.

g. Automated decision-making or profiling
The behaviour of website visitors can be evaluated and their interests analysed using a tracking tool. To do this, we create a pseudonymous user profile.
 

17. Facebook, Custom Audiences and Facebook Marketing Services

a. Nature and purpose of the processing
The Facebook Pixel (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (“Facebook”) is used to analyse, optimise and operate our online services.

The Facebook Pixel allows Facebook to determine who visits our website and create a target group for ads (“Facebook Ads”). We use the Facebook Pixel to only display the Facebook Ads we have activated to those Facebook users who have also shown an interest in our website or who meet certain criteria (e.g. interests in certain topics or products determined by the websites visited) that we share with Facebook (“Custom Audiences”). We also use the Facebook Pixel to ensure that our Facebook Ads match the potential interest of the users rather than annoying them. The Facebook Pixel also helps us track the effectiveness of Facebook Ads for statistical and market research purposes by checking whether users were redirected to our website after clicking on a Facebook Ad (“conversion”).
The Facebook Pixel is installed by Facebook, including in the form of a cookie, i.e. a small file on your device, once you provide your consent. If you subsequently log in to Facebook or visit Facebook when logged in, your visit to our website will be recorded in your profile. The data collected about you is anonymous for us, so we cannot identify any users personally. However, the data is stored and processed by Facebook and this data may be linked to the respective user profile and can be used by Facebook for its own market research and advertising purposes. If we share data with Facebook for comparison purposes as part of the Pixel process, this data is encrypted locally in the browser before it is sent to Facebook via a secure https connection. This is done solely for the purpose of a comparison with data that is encrypted by Facebook.
 
b. Legal basis of the processing
The legal basis for processing the data in accordance with Article 6(1)(a) of the GDPR is based on the user’s consent.

c. Categories of data
Browser language, browser type, ads clicked, cookie ID, cookie information, date and time of visit, IP address, referrer URL, usage data and web requests

d. Retention periods
Data will only be processed for this purpose for as long as consent is provided. After that, the data will be deleted, unless we are under a legal obligation to retain it. If you wish to contact us in relation to this, please use the contact details indicated at the top of this privacy policy.

e. Statutory/contractual requirements
The provision of your personal data is voluntary and solely on the basis of your consent. However, this may result in restricted functionality on the website.

f. Revoking your consent
You can revoke your consent to any storage of your personal data at any time with effect for the future. You can inform us of your objection at any time using the contact details indicated at the top of this privacy policy.
You can prevent cookies from being stored by adjusting your browser settings; however, in this case, you may not be able to take full advantage of all the functions of this website.

f. Profiling
The behaviour of website visitors can be evaluated and their interests analysed using Google Tag Manager.
 

18. Online presence in social media

We maintain an online presence on social networks to keep users up to date about our services and communicate directly with them, if they are interested, through these platforms. We currently have a presence on the following networks:

Facebook (https://www.facebook.com/MySteviaSweet.ch)
YouTube (https://www.youtube.com/channel/UC732uqUccUVJo8hdJtmBITQ)
Instagram (https://www.instagram.com/mysteviasweet)

All of our social media channels can only be accessed by visitors to the website via an external link. We do not use any plug-ins or other interfaces offered by those networks to embed the offers on our website.
We have no influence on how data is collected and used by social media networks. Therefore, we cannot determine the extent, location and duration of the data storage, the extent to which these networks comply with their obligations to delete data, what evaluations are made and connections are established with the data are made and with whom the data is shared. We expressly point out that the user data (e.g. personal information and IP address) is stored by the network operators in accordance with their data usage guidelines and used for commercial purposes.
We process the data of visitors to our social media channels who leave comments or contact us by direct message.
The legal basis for the processing of these users’ data is provided by Article 6(1)(b) and (f) of the GDPR.

Facebook/Instagram
  • YouTube
You can access Facebook social media network via external links on our website. All features on this social media network are provided by Facebook, 4 Grand Canal Square, Dublin 2, Ireland. Facebook channels can only be accessed via an external link. If you are logged into Facebook with your own profile and access our social media channel, Facebook can link your visit to the profile with which you are logged in. If you do not wish for your user account to be linked your IP address, please log out of your Facebook account prior to using our website.
For more information on how we process your data, refer to the Facebook Privacy Policy: https://www.facebook.com/privacy/explanation and our Facebook fan page data policy, which you can find below. 

No functions and contents provided by YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) are included on our website. Our YouTube channels can only be accessed via an external link. If a visitor to the website is registered on YouTube, YouTube can link the access to the social media channel to the user’s profile if the user visits our YouTube page when logged in. Please note that we have no influence on the content or extent of use of the data collected by YouTube. For further information, refer to YouTube’s Privacy Policy: https://policies.google.com/privacy?hl=en&gl=en. We would also like to point out that you can adjust your YouTube account settings to protect your privacy.
 
 

19. Facebook fan page data policy

Hermes Sweeteners Ltd. maintains an online presence on Facebook in the form of a Facebook fan page. The following information on how data is processed also applies to visits to our fan page. For information about Facebook’s Privacy Policy in general, refer to https://www.facebook.com/about/privacy.

1. Joint responsibility, contact data and Data Protection Officer:
We and Facebook are jointly responsible for the management of our fan page, pursuant to Article 26 of the GDPR. To this end, we have concluded an agreement with Facebook stipulating who will fulfil which obligations regarding data protection, which can be found here: https://www.facebook.com/legal/terms/page_controller_addendum Facebook is primarily responsible for providing the Data Subject with information about the joint processing and enabling them to exercise their data protection rights. Regardless of this, you can find information about your visit to our fan page below.
Our contact details are:
I
You can contact Facebook at:
Facebook Ireland Ltd.
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Ireland
Web: https://www.facebook.com/help/contact/2061665240770586
Our Data Protection Officer can be contacted at:

The Facebook Privacy Officer can be contacted at:
https://www.facebook.com/help/contact/540977946302970.

2. Collection and storage of personal data as well as nature and purpose of use:
a) Data collected by Facebook:
If you are a Facebook user, Facebook collects the information stated in the Facebook Data Policy under “What kinds of information do we collect?”. If you are not a Facebook user, cookies may still be installed in your browser with identifiers to track your user behaviour.
Generally, when you visit Facebook, user data is also processed by Facebook for market research and advertising purposes. User behaviour (including when visiting our fan page) is used to create complex user profiles that Facebook can use to deliver personalised ads to visitors inside and outside of Facebook. For more information, refer to the Facebook Data Policy.
If you do not agree with this, you may opt-out here.
b) Data used by us (Page Insights) and legal basis:
Facebook provides us with statistics and usage data, which we can use to analyse how our fan page is used (“Page Insights”). This allows us to continuously improve our presence on Facebook. As the operator, we do not make any decisions regarding how insights data is processed and all other information under Article 13 of the GDPR, such as the retention period of cookies on user devices. Facebook has primary responsibility for processing insights data pursuant to the GDPR and fulfils all obligations under the GDPR in that regard.
As a site administrator, we have no other option to evaluate user behaviour on our fan page, not even through user tracking. It is also not possible for us to identify visitors to the fan page on the basis of the Page Insights. In particular, we have no right under the agreement to require Facebook to disclose individual visitor data. Visitors may only be identified if we can assign “Like” to individual profile images, and only if our fan page has been liked by a visitor who has set their likes to “public”.
The information Facebook uses to create the Page Insights is available here.
In operating our Facebook fan page and using Page Insights, we have a legitimate interest in maintaining an effective external presence and efficient communication with our customers and stakeholders. This interest serves as justification for maintaining the page, both vis-à-vis the legitimate interests of Facebook users and vis-à-vis visitors of our fan page who do not have a Facebook account. A legal basis is there provided under Article 6(1)(f) of the GDPR.

3. Disclosing data to third parties:
Data collected by Facebook is shared and processed throughout the entire Facebook group. The Facebook group also includes Instagram, WhatsApp and Oculus. For example, information collected through Facebook is used to display personalised ads to users on Instagram, and WhatsApp information is used to take action against accounts that send spam through WhatsApp on Facebook. This information is available in the Facebook Data Policy under “How do the Facebook Companies work together?”.
When Facebook processes data, user data may be transferred outside the European Economic Area (EEA), in particular to the United States. 

4. Right to object:
If your personal data is processed based on a legitimate interest in accordance with Article 6(1)(f) of the GDPR, you have the right to object to use of your personal data in accordance with Article 21 of the GDPR for reasons that arise from your particular circumstances or if your objection is directed against direct mailing. In the latter case, you have a general right to object, which we will execute without you being required to provide a specific reason. If you wish to exercise your right to object or if you wish to revoke your consent, please send a corresponding email to us at info@mysteviasweet.com.

5. Data Subject rights:
You have the right to revoke your consent to us at any time. As a result, we may no longer continue to process data based on such consent in the future. In addition, you have the right of access according to Article 15 of the GDPR, the right to rectification according to Article 16 of the GDPR, the right to erasure according to Article 17 of the GDPR, the right to restrict processing according to Article 18 of the GDPR and the right to data portability under Article 21 of the GDPR. You also have a right to lodge a complaint with a competent data protection supervisory authority (Article 77 of the GDPR).
In principle, you can assert your rights as a Data Subject vis-à-vis both Facebook and us. However, because only Facebook has direct access to your user data, you can assert your rights most effectively vis-à-vis Facebook.
 
Status: 04.05.2021