SUPPORT US

Privacy Policy

Privacy Policy

This privacy policy informs you about the nature, scope, and purpose of processing personal data (hereinafter referred to as “data”) within the scope of our services, as well as in relation to our online presence and associated social media profiles (hereinafter collectively referred to as “online services”). For definitions of terms such as “processing” or “controller,” please refer to Article 4 of the General Data Protection Regulation (GDPR).

Controller

Dr. Markus Uhle
Bergmannstr. 100, 10961 Berlin
Phone: +49 151 59206207
Email: webmaster [@] permafoodforest.com

Types of Data Processed

  • Inventory data (e.g., personal details, names, or addresses)
  • Contact data (e.g., email, phone numbers)
  • Content data (e.g., text inputs, photographs, videos)
  • Usage data (e.g., visited websites, interests in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)

Categories of Data Subjects

Visitors and users of the online services (hereinafter collectively referred to as “users”).

Purpose of Processing

  • Providing the online services, its features, and content
  • Responding to contact requests and communicating with users
  • Implementing security measures
  • Reach measurement/marketing

Definitions of Terms

Personal Data: Refers to any information related to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is considered identifiable if they can be identified directly or indirectly, particularly by association with an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Processing: Refers to any operation or set of operations performed on personal data, whether by automated means or not. The term is broad and covers virtually any handling of data.

Pseudonymization: Refers to the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.

Profiling: Refers to any form of automated processing of personal data involving the use of such data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that person.

Controller: Refers to the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.

Processor: Refers to a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Legal Basis for Processing

According to Article 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in this privacy policy, the following applies:

  • The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR.
  • The legal basis for processing for the fulfillment of our services and performance of contractual measures, as well as responding to inquiries, is Article 6(1)(b) GDPR.
  • The legal basis for processing for the fulfillment of our legal obligations is Article 6(1)(c) GDPR.
  • In cases where processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.
  • The legal basis for processing to perform a task carried out in the public interest or in the exercise of official authority vested in the controller is Article 6(1)(e) GDPR.
  • The legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) GDPR.

If the processing of data is for purposes other than those for which they were collected, it is governed by the requirements of Article 6(4) GDPR.
Processing of special categories of data (according to Article 9(1) GDPR) is governed by the requirements of Article 9(2) GDPR.

Security Measures

In accordance with legal requirements, we implement appropriate technical and organizational measures to ensure a level of protection that is appropriate to the risk, considering the state of technology, the costs of implementation, the nature, scope, context, and purposes of processing, and the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

These measures include securing the confidentiality, integrity, and availability of data through controls on physical access to data and managing access to it, input, transmission, and ensuring its security. Additionally, we have implemented procedures to ensure the exercise of data subject rights, deletion of data, and response to data threats. We also consider data protection during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Collaboration with Processors, Joint Controllers, and Third Parties

If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers, or third parties), transmit it to them, or otherwise grant them access to the data, this will only be done based on legal permission (e.g., if the data is transmitted to third parties, such as payment service providers, for contractual fulfillment), user consent, a legal obligation, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

If we disclose data to other companies in our group, transmit it, or otherwise grant access, this is done primarily for administrative purposes and on the basis of a legitimate interest and beyond that, based on a legal basis.

Data Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU), European Economic Area (EEA), or Switzerland) or if it is processed in the course of using third-party services or disclosure, or transmission of data to other persons or companies, this will only be done if it is necessary to fulfill our contractual or pre-contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only where there are recognized data protection guarantees in place (e.g., certification under the “Privacy Shield” in the US) or on the basis of standard contractual clauses approved by the EU Commission.

Rights of Data Subjects

Right to Access: You have the right to request confirmation of whether data concerning you is being processed and to obtain information about this data and other details, as well as a copy of the data in accordance with the law.

Right to Rectification: You have the right, in accordance with the law, to request the completion or correction of your data.

Right to Deletion and Restriction of Processing: You have the right, under the law, to request that data concerning you be deleted without delay or to request a restriction of processing.

Right to Data Portability: You have the right to receive data that you have provided to us in a structured, commonly used, and machine-readable format, in accordance with the law, or to request its transmission to another controller.

Right to Lodge a Complaint: You also have the right to lodge a complaint with the competent supervisory authority in accordance with the law.

Right to Withdraw Consent

You have the right to withdraw any consent given with effect for the future.

Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object to the processing at any time for such marketing, including profiling related to direct marketing.

Cookies and Right to Object to Direct Marketing

Cookies are small files that are stored on the user’s devices. Cookies can store various types of information. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, also known as “session cookies” or “transient cookies,” are deleted after a user leaves the online service and closes their browser. For example, such a cookie may store the contents of a shopping cart in an online store or a login status. Permanent or “persistent” cookies remain stored even after the browser is closed. For example, a login status can be stored if users return to the site after several days. Likewise, users’ interests can be stored in such cookies, which are used for reach measurement or marketing purposes.

“Third-party cookies” are cookies offered by providers other than the controller, who operates the online service (otherwise, if only the controller’s cookies are used, they are referred to as “first-party cookies”).

We may use temporary and permanent cookies and provide information about this in our privacy policy.

If we ask users for consent to use cookies (e.g., in the context of a cookie consent banner), the legal basis for processing is Article 6(1)(a) GDPR. Otherwise, personal data will be processed using cookies based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online services) under Article 6(1)(f) GDPR, or if the use of cookies is necessary to fulfill our contractual obligations under Article 6(1)(b) GDPR.

If users do not want cookies stored on their device, they are asked to disable the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional limitations of this online service.

Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to limitations in the functionality of this online service.

A general objection to the use of cookies for online marketing purposes, especially in cases of tracking, can be declared through various services, particularly via the U.S. page http://www.aboutads.info/choices or the EU page http://www.youronlinechoices.com. Additionally, the storage of cookies can be disabled through your browser settings. Please note that disabling cookies may result in the limited functionality of this online service.

Deletion of Data

Data processed by us will be deleted or restricted in accordance with legal requirements. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose, and there are no legal obligations to retain them.

If the data are not deleted because they are required for other legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

Changes and Updates to the Privacy Policy

We ask you to regularly review the content of our privacy policy. We will adapt the privacy policy as soon as changes in our data processing practices make this necessary. We will inform you if changes require your cooperation (e.g., consent) or if other individual notifications become necessary.

Contacting Us

When contacting us (e.g., via contact form, email, telephone, or social media), the user’s information will be processed for the purpose of handling the contact request and its processing according to Art. 6(1)(b) GDPR (within the context of contractual/pre-contractual relationships), and Art. 6(1)(f) GDPR (in other inquiries). The user’s information may be stored in a customer relationship management system (CRM) or comparable inquiry management system.

We delete inquiries once they are no longer necessary. We review the necessity of this process every two years. Additionally, the statutory archiving obligations apply.

 

This translation was generated using AI.