Privacy Policy

1. General information

Melitta Single Portions GmbH & Co. Kommanditgesellschaft (hereinafter referred to as “Melitta” or “we”) takes your privacy very seriously. This is why we take great care with your personal data. This Privacy Policy will provide you with information about data processing when you use our website avoury.com and individual communication channels, such as our hotline or our chat function.

It is not usually necessary for you to directly provide us with personal data when using our services, in particular our website. However, there may be individual cases where your name and address and possibly other details are needed so that the requested service can be provided. We will inform you accordingly if that is the case.

2. Who is responsible for processing data?

Melitta Single Portions GmbH & Co. Kommanditgesellschaft

Marienstraße 88

32425 Minden, Germany

Director: Holger Feldmann

Personally liable partner:

Melitta Single Portions Beteiligungs GmbH

Registered office: Minden, District Court Bad Oeynhausen HRB 14802

3. Data Protection Officer’s contact details

Our data protection office can be contacted at:

Melitta Data Protection Office

Ringstr. 99

32427 Minden, Deutschland

Email: data-protection@melitta.com

4. What categories of personal data do we process?

Inventory data (e.g. names, addresses, dates of birth etc.)
Contact data (e.g. email address, phone/fax numbers etc.)
Content data (e.g. text input, chat transcripts etc.)
Payment data (e.g. bank account details)
Usage data (e.g. log files, access data, user behaviour, interests)
Meta/communication data (e.g. IP address, access data)

5. General collection of data when accessing our website

If you are merely using the website for information purposes, i.e. without registering or otherwise transferring any information to us, we will only collect the personal data that your browser transfers to our server. If you want to view our website, we will collect the following technical information (log file data):

Operating system used
Information about the type of browser used as well as the referral type and the specific referrer, where applicable
Internet service provider
Your IP address
Date and duration of the visit
Where applicable, manufacturer and type of smartphone, tablet or other device
URL of the website last visited before coming to our website (referrer)
URL of the (sub-)page you access on the website

We need this data for technical reasons to display our website to you and ensure the stability and security of the website. The legal basis for collecting this data is our legitimate interest as per Article 6 (1) (f) of the General Data Protection Regulation (GDPR).

As part of balancing the interests as required by Article 6 (1) (f) GDPR, we have considered and weighed up our interest in you providing us with your personal data against your interest in us processing this data in a manner compliant with data protection law. The data is sometimes required for technical purposes to provide our service as it enables us to offer you our website as well as to ensure its stability and security and in particular to protect it against misuse. We have therefore come to the conclusion that – with safeguards in place based on state-of-the-art technology to ensure data security – we can process this data while also taking account of your interest in your data being processed in manner complaint with data protection law. Neither we nor our service providers are normally aware of the identity of the person behind an IP address. Our support service provider has access to the log files and stores them for 7 days in an aggregated form. After this period, the log files will be erased.

Collecting data to make the website available and the storing of data in log files is absolutely necessary for website operation. Therefore, the user does not have the option of objection.

6. Data processing activities6.1 Contact

When you contact us by email, by using the contact form or when you call our hotline, we will store the following data provided by you:

Email: Email address and possibly your name
Contact form: Name, email address, phone number (optional), reason for contacting us, your message
Hotline: Name and phone number

This allows us to answer your questions and deal with your request. Article 6 (1) (f) GDPR is the legal basis for processing this data.

If you are asked on our contact form to provide any details that are not required to get in touch with you, these will always be marked as optional. Such details are useful for refining your query and will help us deal with your request more efficiently. Any such information is provided explicitly on a voluntary basis and with your consent, as required under Article 6 (1) (a) GDPR. Where such information refers to communication channels (for instance email address, phone number), you also consent to us contacting you via these communication channels, if necessary, in order to respond to your request. You may, of course, withdraw that consent at any time with effect for the future.

Any data that we receive from you in the process of establishing contact will be erased as soon as it is no longer required to fulfil the purpose for which it was collected, your request has been fully dealt with and no further communication with you is required or requested by you, unless statutory retention periods apply which prevent us from erasing said data. 

Apart from that, we will anonymise this data as well as date and time of the messages and replies and information regarding the communication channel used, and we will then process these details for internal purposes, such as managing and improving our business and service processes (Article 6 (1) (f) GDPR).

6.2 Chat

If you contact us via the chat function, we will store the following data provided by you:

Name
Reason for contacting us
and your email address (optional)
Chat content

This data is stored by us and will be linked to your customer account, if you are already registered with us, to enable us to answer your questions and deal with your request. The legal basis for this is Article 6 (1) (f) GDPR and our legitimate interest is to facilitate the provision of communication.

Any data that we receive from you in the process of establishing contact will be erased as soon as it is no longer required to fulfil the purpose for which it was collected, your request has been dealt with and no further communication with you is required or requested by you, unless statutory retention periods apply which prevent us from erasing said data.

6.3 NPS/Evaluation of service agents

After completion of a service request we send a satisfaction survey to our existing customers. Using a scale from one to five stars, you can specify how satisfied you were with the service. We will store the data processed in order to deal with your request (see above), the details provided by you in the survey and information on the communication channel used. The legal basis for this is Article 6 (1) (f) GDPR and our legitimate interest is to carry out a satisfaction survey in order to continually improve our offers and services.

The result of the satisfaction survey will be erased when it is no longer required to fulfil the purpose for which the data was collected and provided that no statutory retention periods prevent us from erasing it. The data will, however, be anonymised and processed for internal purposes, such as managing and improving our business and service processes (Article 6 (1) (f) GDPR).

You can unsubscribe from the satisfaction survey at any time by clicking on the corresponding link in the email or by sending an email to support@avoury.com.

6.4 What’s up, Avoury? – newsletter service

Our newsletter “What’s up, Avoury?” will provide you with regular information about current tea trends, exclusive products and special offers.

The legal basis for sending you the newsletter is your consent in accordance with Article 6 (1) (a) GDPR in conjunction with point (3) of Section 7 (2) of the German Act Against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb, UWG] and/or the statutory permission as per Section 7 (3) UWG.

We use the what is called the double-opt-in procedure for registration to our newsletter. This means that after you have registered on our website for our “What’s up, Avoury?” newsletter, we will send you an email to the email address you provided. In this email you will be asked to confirm that you wish to receive the newsletter. Only after confirming the confirmation link included in this email will you receive our newsletter. If you do not confirm your registration, your information will be automatically erased after 3 days.

The only mandatory pieces of information that we need to send you the newsletter are your email address, first name and surname are optional data. After receiving your confirmation, we will store your email address so that we can send the newsletter to you until you withdraw your consent. We will also store your current IP address (as at the time of your registration), the date and time of your registration and the confirmation for up to three years after your registration (limitation period). The purpose of this process is to be able to provide proof of your registration in cases of doubt and to clear up any cases of misuse of your personal data. The legal basis for logging your registration is our legitimate interest as per Article 6 (1) (f) GDPR in proving your consent given at the time; see also Article 7 (1) GDPR.

You may withdraw your consent to be sent the newsletter and unsubscribe from the service at any time. You may withdraw your consent by clicking on the link provided in each newsletter email or by sending an email to support@avoury.com.

In this respect, the data provided when you registered to receive the newsletter will be erased 48 hours after you unsubscribe from the service.

6.5 Newsletter tracking

Please note that when sending you our newsletter we will analyse your user behaviour. The service provider we use for this analysis is Salesforce, and your data will be forwarded to it. Salesforce is a cloud-based application represented by Salesforce.com Germany GmbH (Erika-Mann-Str. 63, 80636 Munich, Germany) and the USA parent company (The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA).

To facilitate this analysis, the emails sent to you include web beacons or tracking pixels which are stored on our website. The above-mentioned data and the web beacons are linked to your email address and an individual ID to perform the analyses. The links in the newsletter also contain this ID.

The data obtained in this way allows us to create a user profile, which will then enable us to tailor the newsletter to your specific personal interests. We collect information such as when you read our newsletter and what links you click on; this enables us to conclude what your personal interests are. We will link this data to your activities on our website. The legal basis for processing data in this way is your consent, Article 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future by clicking on the separate link provided in every email.

This kind of tracking cannot be done if you have deactivated the display of images by default in your email program. In this case, you will not see the newsletter in full and may not be able to use all the functions. If you manually allow the images to be displayed the tracking described above will be performed.

The information obtained from tracking will be stored for as long as you have a subscription to our newsletter. We will keep the data we store for the purpose of sending you our newsletter until you are removed from the newsletter service and the data will then be erased after your cancellation. Data that we store for other purposes remains unaffected by this.

For more information on data processing by Salesforce please go to https://www.salesforce.com/de/company/privacy/.

6.6 Registration

You can register yourself on our website and create a customer account. You may also contact our staff by phone to have a customer account created for you. The following data will be collected and stored by us for the purpose of registration: Name, first name and email address, password. You may also provide your date of birth and your phone number as voluntary information. These fields are marked as “optional” on the registration form.

This customer account allows you to use our personal services – where offered – such as checking tea consumption or making changes to your subscription. The privacy settings in your customer account help you manage the declarations of consent you have given (to receive promotional emails, subscription reminders, descaler alerts).

We will store your data required for contract performance, including information on the method of payment (where applicable), until you permanently delete your log in. We will also store any additional data you provided for as long as you are using the customer account, unless you delete that data at an earlier time. You can manage and change all details provided in the secure customer area.

You can delete your customer account at any time. Simply send an email to our AvouryTeam at support@avoury.com or use our contact form. Upon deletion of the account all personal data that is not covered by a statutory duty of retention or by Article 17 (3) GDPR will also be erased.

Article 6 (1) (a), (b), (c) and (f) GDPR is the legal basis for this processing of data.

6.7 Orders

When you place an order online on our website or by phone, we will collect the data required to enter into a contract with you. This data will be stored for the term of the contract and in accordance with our statutory duties. Where required for the performance of the order, we will forward your address details to a shipping service provider. The legal basis for concluding and performing a contract is Article 6 (1) (b) GDPR.

We use different payment service providers, who are always clearly marked as such and who receive the details you enter. It is therefore these payment service providers who are the recipients of your personal data collected in connection with the payment transaction. The legal basis for using payment service providers is again the performance of the contract as set out in Article 6 (1) (b) GDPR.

6.8 Machine registration

If you register your machine on our website, we will collect the data required for registration (name of the machine, serial number and date of purchase). The purpose of collecting this data is to enable us to provide you with a personalised service for your machine. Article 6 (1) (f) GDPR is the legal basis for this. The machine data will be stored for as a long as necessary to fulfil the purpose of its collection and will be erased no later than when the relationship with you as our customer ends, unless other statutory retention periods apply.

6.9 Promotional communication via e-mail, mail, fax or telephone

We process personal data for the purpose of promotional communication, which may take place via various channels, such as e-mail, telephone, mail or fax, in accordance with legal requirements.

The recipients have the right to revoke consent given or to object to the promotional communication at any time.

After revocation or objection, we may store the data required to prove consent for up to two years based on our legitimate interests before deleting it. The processing of this data is limited to the purpose of a possible defense against legal claims.

•Types of data processed: master data, contact details.

•Data subjects: Communication partners.

•Purposes of processing: direct marketing.

•Legal basis: Consent (Art. 6 para. 1 lit. a DSGVO ), Legitimate interests (Art. 6 para. 1 lit. f DSGVO ).

7. Salesforce – Marketing Cloud and Commerce Cloud

We use the customer relationship management tools “Salesforce Marketing Cloud” and “Salesforce Commerce Cloud” (Salesforce.com Germany GmbH Erika-Mann-Str. 63, 80636 Munich, Germany, and the USA parent company The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA) to provide customer service and support. With the headquarters of Salesforce located in the USA, it cannot be ruled out that data will be processed on Salesforce servers in the United States. Salesforce.com is subject to the EU-US Privacy Shield.

This website is stored on the servers of Salesforce via services provided by the Salesforce Commerce Cloud. The legal basis is Article 6 (1) (f) GDPR and the legitimate interest is to provide you with services on this website.

In the context of the Salesforce Marketing Cloud service, we process your customer data, for instance within the scope of the chat functions and data entered in your basket, and set the cookies required for this; Article 6 (1) (f) GDPR is the legal basis here and our legitimate interest is to be able to deal with your requests quickly and efficiently.

For more information on data processing by Salesforce please go to https://www.salesforce.com/de/company/privacy/.

8. Cookies, analysis services and marketing

8.1 Cookies

Our website uses cookies. Cookies are data placed on your computer by a website when you visit that website. Cookies allow the website to recognise your browser on subsequent visits. The cookies send information to the website that placed the cookies. Cookies can store various kinds of information, such as your language setting, the duration of your visit to our website and the data you input on our website. One advantage of storing this information is to save you the trouble of having to re-enter required data on forms every time you use our website. The information stored in the cookies can also be used to recognise preferences and tailor content in accordance with areas of interest.

There are different types of cookies: Session cookies are datasets which are only temporarily stored in your computer's working memory and deleted as soon as you close your browser.

Persistent cookies are automatically deleted after a specified period of time, which may vary, depending on the cookie. With this type of cookie, the information may also be stored in text files on your computer. However, you may also delete these cookies at any time via your browser settings.

First-party cookies are set by the website you are visiting. Only that website is allowed to read the information from these cookies.

Third-party cookies are set by organisations who are not the operator of the website you are visiting. These cookies are used by marketing companies, for instance.

The legal bases for any processing of personal data with the help of cookies and the duration of their storage may vary. Where you have given us your consent, Article 6 (1) (a) GDPR is the legal basis. Where data processing is based on our overriding legitimate interests, the legal basis for this processing is Article 6 (1) (f) GDPR. The specified purpose of processing is then our legitimate interest.

We use cookies in order to ensure the proper functioning of our website, provide fundamental functionalities and tailor our services to suit preferred areas of interest.

You may delete cookies already stored on your device at any time. If you want to prevent the storage of cookies you can do so by changing the settings in your web browser accordingly. For a guide to changing the settings in commonly used browsers please refer to: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install what is known as ad blockers. Please note that individual functions of our website may not be available to you if you deactivate the use of cookies.

In addition, on visiting our website, a banner notice appears which informs all users of our website of our use of cookies and refers them to this Privacy Policy. You, as the user of our website, will then be asked to consent to the use of cookies, in particular those cookies which help us personalise our services and which are relevant to marketing campaigns. Under “cookie settings” in the footer of our website you may withdraw any consent once given with effect for the future.

8.2 Analysis services

8.2.1 Google Analytics

This website uses Google Analytics, a web analysis service provided by Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The data controller for users located in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The use of this service includes the operating mode Universal Analytics. This allows a pseudonymous user-ID to be allocated to data, sessions and interactions on several devices, making it possible to analyse the activities of a user across these devices.

Google Analytics uses cookies that allow your use of the website to be analysed. The information generated by the cookie regarding your use of this website is usually transferred to Google's server in the U.S. and stored there. However, because IP anonymisation is activated on this website, your IP address will first be truncated by Google within Member States of the European Union or in other states which are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the U.S. and truncated there.

Personal data is transferred to the U.S. under the EU-US Privacy Shield on the basis of an adequacy decision by the European Commission. You can retrieve the certificate HERE.

Google will not link the IP address transmitted by your browser through Google Analytics with any other data held by Google. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on the website activities and provide the website operator with further services associated with the use of the website and the internet. Article 6 (1) (a) GDPR is the legal basis for our use of Google Analytics.

Data sent by us and linked with cookies or user identifications (e.g. user ID) will be erased automatically after 14 months. The data that have reached the end of their retention period are deleted automatically once a month.

You can prevent cookies from being stored on your computer by selecting the appropriate browser settings; however, please note that if you do so, you may not be able to make full use of all the features of this website. Furthermore, you can prevent Google from collecting the data generated by cookies related to your usage of the website (including your IP address) and from processing such data by downloading and installing the following add-on: https://tools.google.com/dlpage/gaoptout?hl=de.

Opt-out cookies prevent your data from being collected in future when you visit this website. To prevent collection of data by Universal Analytics across different devices you need to exercise the opt-out option on all systems being used by you. Click here to set the opt-out cookie: http://www.avoury.com/privacy#cookiemodal

For further information on the terms of service of Google Analytics and on data privacy at Google please go to: https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.

8.2.2 Google Tag Manager

For the purposes of transparency, we would like to note that we also use Google Tag Manager provided by Google Ireland Limited (company number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements which are used, among other things, for measuring traffic and visitor behaviour, capturing the impact of online advertising and social channels, setting up remarketing and target group focusing as well as testing and optimising web pages. We use Tag Manager for Google’s Analytics service. If you have deactivated that service, Google Tag Manager will respect the deactivation. For further information on Google Tag Manager please go to: https://www.google.com/intl/de/tagmanager/use-policy.html.

8.2.3 Google Ads (formerly Google AdWords), remarketing and conversion tracking

We use the service Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This means that we place adverts using Google Ads and also use Google remarketing and conversion tracking when placing such ads. The ads are displayed after searches on websites belonging to the Google advertising network. We also use Ads remarketing lists for search ads. This allows us to customise search ads campaigns for users who have previously visited our website. These services make it possible for us to combine our ads with specific search terms or display ads to previous visitors which advertise services that these visitors viewed on our website. This means that we can show interest-based ads to users of our website on other websites within the Google advertising network (as “Google Ads” in the context of Google searches or on other websites).

To be able to show interest-based offers, it is necessary to analyse online user behaviour. Google uses cookies to perform this analysis. When users click on an ad or visit our website, Google sets a cookie on the user’s computer. These cookies are active for 90 days. The information collected by the respective cookie is used to display targeted ads to the visitor during later searches. For further information on the cookie technology used, you may also consult Google’s notes on the website statistics and Google’s Privacy Policy. With this technology, Google and ourselves, as its customer, are informed of the fact that a user has clicked on an ad and has been forwarded to our website. The information obtained in this way is only used for statistical analysis in order to optimise our advertising. We do not receive any information which could be used to personally identify the visitor. Your IP address is transferred to Google, but only in an anonymised form because we use Google’s IP masking as part of our use of Google Analytics on this website. The statistics provided by Google include the total number of users who clicked on one of our ads and, where applicable, information as to whether these users were forwarded to a page on our website which has a conversion tag. These statistics enable us to understand what search terms led to the highest number of clicks on one of our ads and what ads result in the user contacting us via the contact form.

For more information on data protection in the context of Google Ads, please go to: https://policies.google.com/technologies/ads?hl=de.

Personal data is transferred to the U.S. under the EU-US Privacy Shield on the basis of an adequacy decision by the European Commission. You can retrieve the certificate here: 

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

If you do not want your data to be processed in this way, you can prevent the placing of the cookie required for these technologies by changing your browser settings, for example. If you do so, your visit will not be included in the user statistics.

You may also use ads settings (https://adssettings.google.com/authenticated?hl=de) to select the types of Google Ads or deactivate interest-based ads on Google. Alternatively, you may deactivate the use of cookies by third parties by visiting the Network Advertising Initiative’s deactivation page. We and Google will, however, continue to receive statistical information, such as how many users visited the website and when. If you do not wish to be included in these statistics you may prevent this with the help of additional programs for your browser (such as the add-on Privacy Badger).

8.2.4 Google Maps plug-in

This website uses the map service Google Maps. Google Maps is a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, information, including the IP address and address(es) entered as part of the route function, may be transferred to the provider’s servers. This information is usually transferred to a Google server in the USA and stored there. When a website is visited which contains Google Maps, your browser establishes a direct connection to Google’s servers and the map content is sent to your browser and incorporated by it. The provider of this website has no influence on this data transfer. Based on current information available to us, the data transferred comprises the following:

Date and time of the visit to the website in question,
Internet address or URL of the accessed web page,
IP address, (starting point) address entered as part of route planning.

Use of Google Maps serves the purpose of ensuring an attractive presentation of our online services and helping users easily find the locations indicated on the website. If you do not wish data to be processed by Google as part of this service, you can deactivate the use of JavaScript in your browser settings. Please note that you will not be able to use the interactive map function of Google Maps in that case.

For more information on how user data is handled please refer to Google’s Privacy Policy: https://www.google.de/intl/de/policies/privacy/.

8.2.5 Criteo

This website uses technologies offered by the provider Criteo, with its registered office in 32 Rue Blanche, 75009 Paris, France.

Criteo enables us to collect information about the browsing behaviour of visitors to our website in anonymised and pseudonymised form for advertising and marketing purposes. Using cookies and/or advertising IDs the service collects data on browsing behaviour which provides the following information:

Events related to your activity on our website (e.g. the number of pages viewed, the products viewed on this website, the searches you carried out on this website);
Information regarding your device (device type, operating system, version);
Non-specific information on your location and information derived from your truncated IP address to enable us to show you only those products which are actually available in your country, region or town/city;
Events related to the delivery of ads by Criteo, such as the number of ads displayed to you.

The data collected in this way enables us to create user profiles under a pseudonym.

For more information on how data is handled and for how long it is stored please refer to Criteo’s Privacy Policy at: https://www.criteo.com/de/privacy/. You may also use this link to prevent the collection of data for “Criteo Dynamic Retargeting” and “Criteo Sponsored Products” by selecting the corresponding settings.

In addition, you can deactivate the Criteo services using the link provided below. The platforms specified here allow interest-based advertising from registered members to be deactivated in the browser currently used.

In the USA:

Network Advertising Initiative platform for opt-out

DAA Opt-Out platform

In Europe:

To deactivate the services provided by Criteo in your Facebook account please select the corresponding settings on Facebook: Facebook settings.

8.2.6 Use of social plug-ins

This website uses social plug-ins of the providers:

Facebook (operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA

The plug-ins are indicated by a Facebook logo or Instagram logo, for instance, in the form of an “Instagram camera icon”.

These plug-ins usually collect data about you by default and transfer this data to the relevant provider’s servers. To protect your privacy, we have taken technical measures that ensure that the providers of the respective plug-in cannot collect your data without your consent. When you request a page where the plug-ins are embedded, they are initially deactivated. Only by clicking on the respective symbol will the plug-in be activated and by clicking on it you consent to the transfer of your data to the respective provider. The legal basis for using the plug-ins is Article 6 (1) (a) and (f) GDPR.

After their activation, the plug-ins also collect personal data, such as your IP address and send this data to the respective provider’s servers, where they are stored. Activated social plug-ins also set a cookie with a unique ID when the respective web page is accessed. This allows the providers to also create profiles on your user behaviour. These profiles will even be created if you are not a member of the respective provider’s social network. If you are a member of the provider’s social network and you are logged in to the social network while you are visiting this website, your data and information about the visit to this website may be linked with your profile on the social network. We have no influence over the exact scope of the data collected about you by the respective provider. For more information on the scope, type and purpose of data processing and on your rights and the configuration options available to protect your privacy, please go to the privacy notices of the respective social network provider. These can be accessed as follows:

Facebook: https://www.facebook.com/policy.php

Instagram: https://instagram.com/about/legal/privacy/

8.2.7 Facebook Custom Audiences / Facebook pixel

As part of use-based online advertising we use the service Custom Audiences provided by Facebook Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA). For this purpose, we define target groups of users based on specific attributes in the Facebook Ads Manager and ads are then displayed to these groups within the Facebook network. The users are selected by Facebook on the basis of the profile information provided by you and other data provided through the use of Facebook. When users click on an ad and are then directed to our website, Facebook receives the information that the user clicked on the advertising banner via the Facebook pixel installed on our website.

In general, a non-reversible and non-personal checksum (hash value) is generated from your usage data which is transferred to Facebook for analysis and marketing purposes. A Facebook cookie is set as part of this process. This cookie collects information on your activities on our website (e.g. browsing behaviour, sub-pages visited etc.). Your IP address is stored and used to enable the geographical fine-tuning of advertisements. We do not use Facebook Custom Audiences via a customer list nor do we use the advanced matching function.

For further information on the purpose and scope of data collection and further processing and use of data by Facebook and your configuration options to protect your privacy, please refer to Facebook’s Data Policy. In the Facebook account settings, you can select settings that determine which ads will be displayed to you on Facebook.

The transfer of data to the USA is permitted under Article 45 GDPR because Facebook is certified according to the EU-US Privacy Shield, which means that there is an adequate level of protection for personal data as set out in Commission Implementing Decision (EU) 2016/1250(https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active .

For further information on the Custom Audiences service provided by Facebook, please go to:

https://de-de.facebook.com/business/help/449542958510885.

Further information on data processing and length of storage is available from the provider or at https://www.facebook.com/about/privacy.

Users who are logged in to Facebook can deactivate the function “Facebook Custom Audiences” at https://www.facebook.com/settings/?tab=ads#_.

You can also prevent all cookies from being stored by changing the corresponding setting in your browser. However, we would like to point out that, if you do so, you may not be able to make full use of all the features of our website. Other ways to deactivate cookies provided by third parties can be found at www.networkadvertising.org/managing/opt_out.asp or on the Digital Advertising Alliance opt-out platform at http://optout.aboutads.info/?c=2&lang=en.

8.2.8 Cloudinary

We use the service Cloudinary to be able to play individualised versions of our videos after a purchase. Cloudinary is a cloud-based optimisation tool provided by Cloudinary Ltd., (111 W Evelyn Ave, Suite 206, Sunnyvale, CA 94086, USA). To show the video, Cloudinary sets a cookie that asks for your IP address and your user agent. This data is then transferred to Cloudinary’s servers in the USA. Article 6 (1) (a) GDPR is the legal basis for this.

For further information on data processing and length of storage please consult the provider or go to: https://cloudinary.com/privacy

8.2.9 Sizmek

We use the services of the company Sizmec Inc, c/o Privacy, 2000 Seaport Blvd, Pacific Shores Center, Redwood City, CA 94063 USA. These services collect statistical data on the use of the website.

Sizmek and its third-party partners use cookies and pixels to recognise behaviour patterns which enable us to show users more tailored online advertising banners in future. The information collected includes data about your device, such as IP address, unique device ID, browser type and language, the server your computer is registered with as well as operating system information. Sizmek can match its anonymous IDs with anonymous IDs of its partners. This process is called “cookie matching”. It is used to simplify the online placing of ads by synchronising two IDs of different companies.

Sizmek stores the data collected, which is assigned to an anonymous ID, in its own database. After 90 days of inactivity, this data will be erased. The cookies used, which are placed on the users’ devices, automatically expire after 13 months. Other data held for the purposes of reporting, assignment and identification of fraud may be stored for up to 30 months.

For more information on how data is processed by the provider please go to: https://www.sizmek.com/privacy-policy-de/optedin/#options.

You can prevent the collection of user data by the provider by using the following link: https://www.sizmek.com/privacy-policy-de/optedin/#options.

8.2.10 [m]Insights

We use [m]Insights, which is a marketing tool offered by the provider GroupM (Derendorfer Allee 26, 40476, Düsseldorf, Germany). [m]Insights creates pseudonymised user profiles which are used to play advertisements and evaluate the played advertisements. The purposes of processing the data are marketing and optimisation.

The following categories of data are collected by [m]insights:

IP address, which will not be processed any longer than absolutely necessary for technical reasons (i.e. to set and read the cookie) (the IP address is filtered by a third party and cannot be entered in the systems of GroupM without being truncated)
Cookie IDs and IDs for mobile ads (e.g. IDFAs and Google Advertising IDs) and the [m]Insights proxy IDs for such IDs
Date and time of the online activity

The data collected by [m]Insights is only processed and stored within the European Union.

GroupM stores the data collected by [m]Insights in a non-aggregated (i.e. in pseudonymised) form in user profiles for a maximum of 53 days after the last contact of the cookie set in a user’s browser with a website that uses [m]Insights. If no such contact takes place, the corresponding user profile will be deleted. For further information please refer to the Privacy Policy of MGroup: https://www.groupm.com/markets/germany.

8.2.11 Pinterest

In the context of usage-based online advertising, we use the target-group targeting service of Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Streen, Dublin 2, Ireland). For this purpose, we define target groups of users in the Pinterest-Ad-Manager on the basis of certain characteristics, which are displayed ads on Pinterest. Users are selected by Pinterest based on the profile information they provide and other data provided through their use of Pinterest. If a user clicks on an advertisement and subsequently arrives on our website, Pinterest receives the information that the user has clicked on the advertising banner via the Pinterest tag embedded on our website.

Basically, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Pinterest for analysis and marketing purposes. A Pinterest cookie is set in the process. The cookie collects information about your activities on our website (e.g. surfing behavior, subpages visited, etc.). For the geographic targeting of advertising, your IP address is also stored and used. Pinterest audience targeting via the customer list is not used by us, nor is Pinterest "advanced matching". The information collected is stored for one year. The legal basis for this data processing is your consent according to Art. 6 (1) lit. a DSGVO.

If you have consented to the processing of your personal data by using the Pinterest cookie and you wish to withdraw your consent at a later date, you can do so by clicking here.

If you log in to your Pinterest account after visiting our website or if you visit our website while logged in, it is possible that this data will be stored and processed by Pinterest, which we would like to inform you about here. Pinterest may possibly link this data to your Pinterest account and also use it for its own advertising purposes. You can deactivate settings regarding which advertisements are displayed to you on Pinterest in the profile settings (there, under "Individual customization", deactivate the button "Use info from our partners to better tailor the recommendations and ads on Pinterest to you") or at https://help.pinterest.com/de/article/personalization-and-data#info-ad (there, deactivate the checkbox under "Individual customization").

For more information about the purpose and scope of data collection and the further processing and use of data by Pinterest, please refer to Pinterest's privacy policy.

8.2.12 Teads Pixel

Subject to your consent, our website uses a pixel provided by Teads (Teads, 5 rue de la Boucherie, L-1247 Luxembourg) to optimize our advertising campaigns. This pixel collects information about the URL address, type of terminal, browser and operating system that you are currently using. For more information, please read Teads' privacy policy: https://www.teads.com/privacy-policy/.

Please also note that you have the right to obtain information about the personal data Teads holds about you and to request that your personal data be corrected, deleted or transferred. You may also have the right to object to certain processing or to request that Teads restricts such processing. You can exercise these rights by contacting Teads at dpo@teads.com.

8.3 Outbrain

We use Outbrain, a web advertising platform, on our website. The service provider is the British company Outbrain UK Limited, 5th Floor, The Place, 175 High Holborn, London, WC1V 7AA, United Kingdom. Through the use of Outbrain, our users are directed to further content within our websites and on third-party websites that may be of interest to you. The content displayed in the Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology.

The reading recommendations integrated within an article are determined based on the previous content read by the user. To display this interest-based content, Outbrain uses cookies that are stored on the user's device or browser. Outbrain collects the device source, browser type, as well as the user's IP address, which is anonymized.

The legal basis for this data processing is Article 6 (1) a) DSGVO (consent). You may refuse the use of cookies by selecting the appropriate settings on your browser software or by selecting the appropriate settings on the Outbrain website ("Opt-Out"), however, in this case you may not be able to use the full functionality of this website.

Information on data processing by Outbrain can be found at: https://www.outbrain.com/legal/privacy#privacy-policy

8.4 Serverside Tracking

We use server side tracking and process your personal data on our own servers in Germany. We anonymise your data and forward it in the next step to the server of the provider of the tracking tool. We only use first party cookies and do not use third party cookies. No personal data is transmitted to tracking providers or tracking tools; we retain control over your data. We ensure that there is never a direct connection between your personal data and our tracking service providers.

9. Data transfer

Your personal data is generally not transferred to third parties, unless we are obliged by law to do so or the data must be transferred in order to perform the contract or you have given your express prior consent for the transfer of your data.

Possible recipients of your data are consultants, auditors, courts and public authorities. Your data is also passed on to our affiliated company Melitta Europa GmbH & Co. KG.

External providers, such as payment service providers, transport companies as well as shipping companies engaged to deliver products to you and support service providers, will receive your data if and to the extent necessary for processing your order. However, only the minimum amount of data necessary will be transferred to them in any of these cases. In addition to the aforementioned service providers, we use other service providers for order processing (these include IT service providers, marketing companies and companies providing customer support). Where our service providers process your personal data on our behalf, we will ensure that they, as contract data processors who process data on our behalf as laid down in Article 28 GDPR, comply with the provisions of the data protections law in the same way do. Please also note the privacy notices of the respective service providers.

It is important to us that your data is processed within the EU/EEA. However, it may be the case that we use service providers who process data outside the EU/EEA. If this is the case, we will ensure that an adequate level of protection which is comparable to the standards applicable within the EU is established at the recipient of the data before your personal data is transferred to them. This may be achieved, for example, by using an EU standard agreement or binding corporate rules or by way of a special agreement such as the EU Privacy Shield, whose rules the company can consent to and uphold.

10. Your rights

Provided the respective statutory requirements are met, you have the following rights regarding the processing of your personal data:

10.1 Right of access, Article 15 GDPR

You have the right to obtain confirmation from us as to whether or not personal data concerning you is processed by us. If this is the case, you have the right to request information about the processing as well as a copy of the data processed. You can use our contact form for this: https://www.avoury.com/en/service#contact

10.2 Right of rectification, Article 16 GDPR

You have the right to request the rectification of inaccurate data or to have incomplete personal data completed. If you would like to have inaccurate personal data rectified or incomplete data completed, you can do so in your online self-service area: https://www.avoury.com/en/customer-account

10.3 Right to erasure, Article 17 GDPR

Provided the requirements of Article 17 GDPR are met, you may request that your personal data be erased. Your right of erasure will depend, among other things, on whether there are any legal or contractual retention periods or other statutory rights or obligations that we must comply with which require us to continue storing your data. Please use our form if you wish to request the erasure for your data: https://www.avoury.com/en/customer-account

10.4 Right to restriction of processing, Article 18 GDPR

You have the right to request that the processing of your data be restricted. Please use our form for your request: https://www.avoury.com/en/customer-account

10.5 Right to object to processing, Article 21 GDPR

You have the right to object at any time to the processing of your personal data if our processing of your personal data is based on the protection of our legitimate interests as per Article 6 (1) (f) GDPR and if we are sending direct marketing to you, as an existing customer. You can file your objection informally and are welcome to use our Kontaktformular https://www.avoury.com/en/service#contact for this purpose.

10.6 Right to withdraw consent, Article 7 (3) GDPR

You have the right to withdraw your consent to the processing of your personal data at any time with effect for the future. The processing of your personal data until the time when you withdraw your consent will remain unaffected. You can withdraw your consent informally by contacting us at the address provided in section 2, e.g. by using the contact form.

If you are registered with us, you can configure your own data sharing settings under the tab “My data sharing”. There, you can withdraw your consent to receive advertising mails (advertising mail opt-in/opt-out) and manage push notifications.

We will also always inform you of how you can withdraw your consent whenever we ask you to provide the respective consent.

10.7. Right to data portability, Article 20 GDPR

You have the right to receive your personal data in a structured, commonly used and machine-readable format and to ask for that data to be transmitted to another controller.

10.8. Right to lodge a complaint, Article 77 GDPR

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your data infringes your rights and/or the GDPR.

11. How long will my data be stored?

Personal data processed by us will be erased as soon as it is no longer needed for the purpose for which it was collected and no statutory retention periods prevent its erasure. Therefore, personal data may be stored if that storage has been provided for by the European or national legislative authority in EU provisions, laws or other regulations to which the controller is subject. If the data is not erased because it is required for other purposes that are permitted by law, the processing of this data will be restricted, i.e. the data will be blocked and not processed for any other purposes.

App Privacy Policy

1. General information

2. Who is responsible for processing data?

Melitta Single Portions GmbH & Co. Kommanditgesellschaft

Marienstraße 88

32425 Minden, Germany

Director: Holger Feldmann

Personally liable partner:

Melitta Single Portions Beteiligungs GmbH

Registered office: Minden, District Court Bad Oeynhausen HRB 14802

3. Data Protection Officer’s contact details

Our data protection office can be contacted at:

Melitta Data Protection Office

Ringstr. 99

32427 Minden, Germany

Email: data-protection@melitta.com

4. What categories of personal data do we process?

Inventory data (e.g. names, addresses, dates of birth etc.)
Contact data (e.g. email address, phone/fax numbers etc.)
Content data (e.g. text input, chat transcripts etc.)
Payment data (e.g. bank account details)
Usage data (e.g. log files, access data, user behaviour, interests)
Meta/communication data (e.g. IP address, access data)

5. General collection of data when downloading the app

We may transfer the following data about you to the chosen app store (Google Play or Apple App Store) when you download the app:

Username
Email address
Customer number of your
accountDownload date/time
Payment informationIndividual device ID

The respective app store is solely responsible for this collection of data and we have no influence on the processing of data collected in this way.

6. Permissions

The app requires the following permissions to use smartphone functions:

At first, and sometimes later when using the relevant service, you will be asked to give the required access permissions.
Internet access: To be able to retrieve information about the app. Internet access is required so that we can offer you the app.
Push notifications: We use push notifications to keep you informed about specific events and interesting new features of the app. Push notifications are regular messages that appear on your screen to inform you about sales promotions, trends and other news. If you allow push notifications your mobile device will register with the respective push service (iOS – Apple Push Notification, Android – Google Cloud Messaging) and your device ID will be sent to that service. Push notifications can be activated at any time in the settings of your operating system.
Bluetooth: Access to Bluetooth is required so that we can offer you certain services, in particular for pairing your device with the machine and for receiving software updates. By allowing access to Bluetooth you are giving your express consent.

7. General collection of data when using the app

If you are merely using the app for information purposes, i.e. without registering or otherwise transferring any information to us, we will only collect the personal data that is required to use the app. If you want to view our app, we will collect the following data:

Device and card IDs (device ID, IMEI, IMSI, MSISDN, MAC address, name of the mobile device)
Your IP address
Operating system
Date and time

We need this data for technical reasons to display our app to you and ensure the stability and security of the app. The legal basis for collecting this data is our legitimate interest as per Article 6 (1) (f) of the General Data Protection Regulation (GDPR).

8. Data collection when registering in the app

You have the option to register in our app and create a customer account. When registering you will be asked to provide the following personal data:

Name
Street and house number (optional)
Postcode, town/city (optional)
Email
Password
Date of birth (optional)
Gender

The fields marked as optional on the registration form are “optional” fields for information that you may provide on a voluntary basis.

You can delete your customer account at any time. Upon deletion of the account all personal data that is not covered by a statutory duty of retention or by Article 17 (3) GDPR will also be erased.

Article 6 (1) (a), (b), (c) and (f) GDPR is the legal basis for this processing of data.

9. Other data processing activities9.1 Contact

When you contact us by email, by using the contact form or when you call our hotline, we will store the following data provided by you:

Email: Email address and possibly your name
Contact form: Name, email address, phone number (optional), reason for contacting us, your message
Hotline: Name and phone number

This allows us to answer your questions and deal with your request. Article 6 (1) (f) GDPR is the legal basis for processing this data.

9.2 Chat

If you contact us via the chat function, we will store the following data provided by you:

Name
Reason for contacting us
and your email address (optional)
Chat content

Any data that we receive from you in the process of establishing contact will be erased as soon as it is no longer required to fulfil the purpose for which it was collected, your request has been dealt with and no further communication with you is required or requested by you, unless statutory retention periods apply which prevent us from erasing said data.

9.3 NPS/Evaluation of service agents

You can unsubscribe from the satisfaction survey at any time by clicking on the corresponding link in the email or by sending an email to support@avoury.com.

9.4 What’s up, Avoury? – newsletter service

Our newsletter “What’s up, Avoury?” will provide you with regular information about current tea trends, exclusive products and special offers.

The only mandatory pieces of information that we need to send you the newsletter are your email address, first name and surname. After receiving your confirmation we will store your email address so that we can send the newsletter to you until you withdraw your consent. We will also store your current IP address (as at the time of your registration), the date and time of your registration and the confirmation for up to three years after your registration (limitation period). The purpose of this process is to be able to provide proof of your registration in cases of doubt and to clear up any cases of misuse of your personal data. The legal basis for logging your registration is our legitimate interest as per Article 6 (1) (f) GDPR in proving your consent given at the time; see also Article 7 (1) GDPR.

In this respect, the data provided when you registered to receive the newsletter will be erased 48 hours after you unsubscribe from the service.

9.5 Newsletter tracking

To facilitate this analysis, the emails sent to you include web beacons or tracking pixels which are stored on our website. The above mentioned data and the web beacons are linked to your email address and an individual ID to perform the analyses. The links in the newsletter also contain this ID.

For more information on data processing by Salesforce please go to https://www.salesforce.com/de/company/privacy/.

9.5 Registration

You can delete your customer account at any time. Upon deletion of the account all personal data that is not covered by a statutory duty of retention or by Article 17 (3) GDPR will also be erased.

Article 6 (1) (a), (b), (c) and (f) GDPR is the legal basis for this processing of data.

9.6 Orders

9.7 Machine registration

10. Salesforce – Marketing Cloud and Commerce Cloud

For more information on data processing by Salesforce please go to https://www.salesforce.com/de/company/privacy/.

11. Cookies, analysis services and marketing11.1 Cookies

There are different types of cookies: Session cookies are datasets which are only temporarily stored in your computer's working memory and deleted as soon as you close your browser.

First-party cookies are set by the website you are visiting. Only that website is allowed to read the information from these cookies.

Third-party cookies are set by organisations who are not the operator of the website you are visiting. These cookies are used by marketing companies, for instance.

We use cookies in order to ensure the proper functioning of our website, provide fundamental functionalities and tailor our services to suit preferred areas of interest.

11.2. Analysis services

11.2.1 Google Analytics

Personal data is transferred to the U.S. under the EU-US Privacy Shield on the basis of an adequacy decision by the European Commission. You can retrieve the certificate HERE.

Data sent by us and linked with cookies or user identifications (e.g. user ID) will be erased automatically after 14 months. Data that has reached the end of its retention period will be erased automatically once a month.

For further information on the terms of service of Google Analytics and on data privacy at Google please go to: https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.

11.2.2 Google Tag Manager

11.2.3 Google Ads (formerly Google AdWords), remarketing and conversion tracking

We use the service Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

For more information on data protection in the context of Google Ads, please go to: https://policies.google.com/technologies/ads?hl=de.

Personal data is transferred to the U.S. under the EU-US Privacy Shield on the basis of an adequacy decision by the European Commission. You can retrieve the certificate here: 

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

11.2.4 Google Maps plug-in

This website uses the map service Google Maps. Google Maps is a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, information, including the IP address and address(es) entered as part of the route function, may be transferred to the provider’s servers. This information is usually transferred to a Google server in the U.S. and stored there. When a website is visited which contains Google Maps, your browser establishes a direct connection to Google’s servers and the map content is sent to your browser and incorporated by it. The provider of this website has no influence on this data transfer. Based on current information available to us, the data transferred comprises the following:

Date and time of the visit to the website in question,
Internet address or URL of the accessed web page,
IP address, (starting point) address entered as part of route planning.

The purpose of using Google Maps is to ensure an attractive presentation of our online services and to help users easily find the locations indicated on the website. If you do not wish data to be processed by Google as part of this service, you can deactivate the use of JavaScript in your browser settings. Please note that you will not be able to use the interactive map function of Google Maps in that case.

For more information on how user data is handled please refer to Google’s Privacy Policy: https://www.google.de/intl/de/policies/privacy/.

11.2.5 Criteo

This website uses technologies offered by the provider Criteo, with its registered office in 32 Rue Blanche, 75009 Paris, France.

Events regarding your activity on our website (e.g. number of pages viewed, products viewed on this website, any searches you carried out on this website);
Information regarding your device (type of device, operating system, version);
Non-specific information on your location and information derived from your truncated IP address to enable us to show you only those products which are actually available in your country, region or town/city;
Events related to the delivery of ads by Criteo, such as the number of ads displayed to you.

The data collected in this way enables us to create user profiles under a pseudonym.

In the USA:

Network Advertising Initiative platform for opt-out

DAA Opt-Out platform

In Europe:

To deactivate the services provided by Criteo in your Facebook account please select the corresponding settings on Facebook: Facebook settings.

11.2.6 Use of social plug-ins

This website uses social plug-ins of the providers:

Facebook (operator: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA

The plug-ins are indicated by a Facebook logo or Instagram logo, for instance, in the form of an “Instagram camera icon”.

Facebook: https://www.facebook.com/policy.php

Instagram: https://instagram.com/about/legal/privacy/

11.2.7 Facebook Custom Audiences / Facebook pixel

For further information on the Custom Audiences service provided by Facebook, please go to:

https://de-de.facebook.com/business/help/449542958510885.

Further information on data processing and length of storage is available from the provider or at https://www.facebook.com/about/privacy.

Users who are logged in to Facebook can deactivate the function “Facebook Custom Audiences” at https://www.facebook.com/settings/?tab=ads#_.

11.2.8 Cloudinary

For further information on data processing and length of storage please consult the provider or go to: https://cloudinary.com/privacy

11.2.9 Sizmek

We use the services of the company Sizmec Inc, c/o Privacy, 2000 Seaport Blvd, Pacific Shores Center, Redwood City, CA 94063 USA. These services collect statistical data on the use of the website.

For more information on how data is processed by the provider please go to: https://www.sizmek.com/privacy-policy-de/optedin/#options

You can prevent the collection of user data by the provider by using the following link: https://www.sizmek.com/privacy-policy-de/optedin/#options.

11.2.10 [m]Insights

The following categories of data are collected by [m]insights:

IP address, which will not be processed any longer than absolutely necessary for technical reasons (i.e. to set and read the cookie) (the IP address is filtered by a third party and cannot be entered in the systems of GroupM without being truncated)
IDs and IDs for mobile ads (e.g. IDFAs and Google Advertising IDs) and the [m]Insights proxy IDs for such IDs
Date and time of the online activity

The data collected by [m]Insights is only processed and stored within the European Union.

11.3 Outbrain

Information on data processing by Outbrain can be found at: https://www.outbrain.com/legal/privacy#privacy-policy

12. Data transfer

Possible recipients of your data are consultants, auditors, courts and public authorities. Your data is also passed on to our affiliated company Melitta Europa GmbH & Co. KG.

13. Your rights

Provided the respective statutory requirements are met, you have the following rights regarding the processing of your personal data:

13.1 Right of access, Article 15 GDPR

13.2 Right of rectification, Article 16 GDPR

13.3 Right to erasure, Article 17 GDPR

13.4 Right to restriction of processing, Article 18 GDPR

You have the right to request that the processing of your data be restricted. Please use our form for your request: LINK Kontaktformular

13.5 Right to object to processing, Article 21 GDPR

13.6 Right to withdraw consent, Article 7 (3) GDPR

We will also always inform you of how you can withdraw your consent whenever we ask you to provide the respective consent.

13.7. Right to data portability, Article 20 GDPR

You have the right to receive your personal data in a structured, commonly used and machine-readable format and to ask for that data to be transmitted to another controller.

13.8. Right to lodge a complaint, Article 77 GDPR

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your data infringes your rights and/or the GDPR.

14. How long will my data be stored?