Data Protection

 

1. Our privacy policy

 

Protecting your personal data is a top priority at Südwestdeutsche Salzwerke AG. With this in mind, we always treat your personal data as confidential and handle this information in accordance with the applicable provisions on data protection and privacy.


In principle, it is possible to use our website without providing any personal data. However, if you wish to make use of particular services provided by our company via our website as a website visitor, it may become necessary to process personal data.


Our privacy policy provides information on the nature, scope, and purpose of the personal data we collect, use, and process. This privacy policy also explains what rights data subjects have in conjunction with their personal data.


In our role as controller, we have taken numerous technical and organizational measures to ensure that the personal data processed via this website are protected to the fullest possible degree. Still, please note that Internet-based data transfers may involve security vulnerabilities in principle, so it is not possible to guarantee absolute protection.

 

2. Definitions

Our privacy policy uses terms that are also found in the EU General Data Protection Regulation (GDPR). To make it easier for you to read and understand this document, key terms are explained in the section below.

 

2.1 Personal data

“Personal data” means all information relating to an identified or identifiable natural person (the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

2.2 Data subject

“Data subject” means any identified or identifiable natural person whose personal data are processed by the controller.

 

2.3 Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

2.4 Restriction of processing

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

 

2.5 Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

 

2.6 Pseudonymization

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

 

2.7 Controller

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 

2.8 Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

2.9 Recipient

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.

 

2.10 Third party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

 

2.11 Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

3. Name and address of the controller

The controller within the meaning of the GDPR, other data protection acts applicable within the Member States of the European Union, and other provisions of a data protection and privacy nature is:

 

Südwestdeutsche Salzwerke AG
Salzgrund 67
74076 Heilbronn
Germany
 

4. Contact details of the data protection officer

The address of the data protection officer is:
 

Südwestdeutsche Salzwerke AG
Data Protection Officer
Salzgrund 67
74076 Heilbronn
Alternatively, you can also use the following e-mail address for your inquiries:
Datenschutz@salzwerke.de.


5. How we protect your data

We take protecting your personal data very seriously and implement appropriate technical and organizational measures to protect your data associated with the use of this website against access by unauthorized parties, manipulation, destruction, and loss. The security measures used are improved on an ongoing basis in keeping with advances in technology. For example, communication via our website is protected via HTTPS (HyperText Transfer Protocol Secure). This establishes a secure connection between the server and client that cannot be read by unauthorized parties. This serves to protect the transfer of confidential content such as inquiries that you submit to us as the operator of this site. Where service providers are involved in the handling or performance of services of our website and these service providers should be viewed as processors, we have entered into processing agreements within the meaning of Article 28 GDPR to govern these relationships with an eye to protecting your personal data.
 

6. Collection of general data and information during use of our website
 

Where our website is used for purely informational purposes, i.e., without registering for a customer account, using the contact form for inquiries, or placing an order in the online shop, we collect only those personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:

  • the IP address;
  • date and time of query;
  • the region (not the address) from which the IP address accesses the website;
  • the browser language, type (e.g., Chrome, Firefox, Safari), and version;
  • operating system;
  • device type (e.g., mobile device, desktop computer, tablet);
  • browsing behavior on the website (e.g., when was the website visited, which areas of the website were clicked, how much time was spent on the website); and
  • the website from which the request comes.

We process and store these data for purposes of ensuring the functionality of the website, improving the content of the website, and preparing statistical analyses based on aggregated data on surfing. We also process and store them to analyze the technical operation of the website and ensure the security of our information technology systems.

Our legitimate interest in data processing pursuant to point (f) of Article 6(1) GDPR lies in the necessity of displaying this website to you and ensuring stability, functionality, and security. The storage of server logfiles also serves the purpose of potential criminal prosecution with an eye to possible cyberattacks. With an eye to logfile rotation, logfiles and the IP addresses they contain are stored until a limit of 100 MB is reached and then automatically overwritten or deleted once that limit is passed. The duration of storage is 60 days.

 

7. Hosting of our website

We host our website via our hosting partner exclusively in Germany as a server location (server(s) in Germany). In keeping with the provisions of data protection and privacy law, we have entered into an agreement on processing of data on another entity’s behalf pursuant to Article 28 GDPR. Connection data are processed for the purpose of providing and delivering the website. The data are not stored beyond the visit itself for the mere purpose of delivering and providing the website. However, our processor does store the connection data for security purposes. The duration of processing for security purposes is variable and ends when there is no longer a need for the security measures in question.


8. Data in the context of use of a contact form offered on the website

If you have questions of any kind, we give you the option of contacting us using a form provided on the website or an online function that serves this purpose. Providing a valid e-mail address is required so that we know who sent the inquiry and can respond to it. Further required information is indicated with an asterisk (*) in the contact form. Depending on the topic, the nature of the data involved, and whether or not you are already a customer, the processing of the data is based on the contract with you, your consent, or your or our legitimate interest in clarifying the matter pursuant to points (a), (b), and (f) of Article 6(1) GDPR. We will erase your data concerning the inquiry where we are not legally obligated to continue to store or retain them. Where the data are still required to handle outstanding inquiries, they will not be erased until after these inquiries are settled. Your personal data are not shared with third parties.

 

 

9. Links to other websites and services of third parties

Our website may contain links to third-party websites, and some of our services may allow you to access the services of third parties (such as social networks) under some circumstances. We have no influence over how third-party websites and/or services process your personal data. We do not review or verify third-party websites or services, nor are we responsible for their data protection and privacy practices. Please read the privacy policies of the third-party websites and/or services you access via our website or services. Where our website includes other services, you will find explanatory information regarding this in this privacy policy.

 

10. Cookie policy

10.1 What are cookies?

Cookies are small text files in which a Web browser stores information transmitted by a Web server regarding the Internet sites that have been visited. This may be information on the site visit, such as duration, login details, user entries, and similar information.

These cookies are stored on your computer or mobile device when you visit a website. They take up hardly any storage space and are automatically deleted when they expire. Certain cookies expire at the end of your Internet session, while others are stored for a limited period.

10.2. Cookie consent through Cookiebot via “COOKIE GUIDE”

Our website uses cookie consent technology from Cookiebot to obtain your consent to the storage of certain cookies on your device and document this in a manner compliant with data protection and privacy law. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (“Cookiebot”).

When you enter our website, a connection is established to the Cookiebot servers to obtain your consent and other declarations regarding the use of cookies. Then Cookiebot stores a cookie on your browser to be able to associate the consent you have granted or withdrawn with you. The data collected in this way are stored until you request that we erase them or delete the Cookiebot cookie itself or the purpose of storing the data ceases to apply. Cookiebot is used in order to obtain the legally required consent to the use of cookies. The legal basis for this is point (c) of Article 6(1) GDPR.

Agreement on processing of data on another entity’s behalf

We have entered into an agreement on processing of data on another entity’s behalf with Cookiebot. This is an agreement required by data protection and privacy law that ensures that Cookiebot processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

10.3. COOKIE GUIDE

What kinds of cookies are there?

Strictly necessary cookies

Strictly necessary cookies help to make a website usable by enabling basic functions such as site navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Statistical cookies

Statistical cookies help website operators understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing cookies

Marketing cookies are used to track visitors on websites. The intention is to display ads that are relevant and appealing to the individual user and are therefore of greater value for publishers and third-party advertisers.

Preference cookies

Preference cookies enable a website to remember information that affects how a website behaves or looks, such as your preferred language or the region where you are located.

Why do we use cookies?

We use cookies primarily to make your visit to our website as user-friendly as possible. We also use cookies with which tracking on the website can be analyzed and for advertising purposes when you visit other websites in the future.

How you can manage cookies on our website

You can easily view your cookie settings at any time and make changes as needed. You can click the “Change consent” or “Withdraw consent” button to access the cookie banner and make the appropriate adjustments at any time.

10.4 Cookie policy updates
This cookie policy is subject to change. Please visit this website regularly to stay abreast of the current version.

 


11. Operation of a blog (“SalzBlog”)


Our website offers users the option to leave individual comments on specific blog posts via a blog. A blog is a portal maintained on a website, typically viewable by the public, in which one or more persons known as “bloggers” or “Web loggers” can post articles or their thoughts in what are known as blog posts. These blog posts can typically be commented on by third parties.

To use this function and leave comments on our SalzBlog, you are required to register using your e-mail address and a name or pseudonym. Point (a) of Article 6(1) GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific purpose of processing, such as in the case of use of our SalzBlog. By registering, you consent to the processing of your data. You are welcome to write your comment and leave it on our blog using the “Leave a comment” button. Enter a name or pseudonym under the “Name” button, then enter your e-mail address in the “e-mail” field, and finally click the “Submit” button. Our blog will display only your chosen pseudonym or name and the content of your comment. Your e-mail address will not be published or used for other purposes. In principle, blog comments remain visible as long as the blog article is posted on the website. When a blog article is removed from the website, all blog comments and the personal data associated with them are automatically erased. If you have any questions about SalzBlog, please contact digital@bad-reichenhaller.de directly.


Furthermore, the IP address assigned by the data subject’s Internet service provider (ISP) is also logged. The IP address is stored in this way for security reasons and in case a comment submitted by the data subject infringes the rights of third parties or contains unlawful content. These personal data are stored in the controller’s own interests and serve for purposes of its own legal defense. These personal data that have been collected are not shared with third parties except where such disclosure is required by law or serves the purpose of the controller’s legal defense.

 

12. Use of your personal data for sweepstakes and giveaways
By participating in a raffle/sweepstakes organized by Südwestdeutsche Salzwerke, the participant expressly declares that he or she agrees that Südwestdeutsche Salzwerke or the company or companies commissioned by it to carry out the raffle/sweepstakes is/are permitted to store the data necessary to this end for the period of the raffle/sweepstakes (consent within the meaning of point (a) of Article 6(1) GDPR. The data processed by us on this website in the context of sweepstakes or giveaway participation are used only to identify and notify the winners and then send the prizes to them. The data are erased afterward except where otherwise dictated by law.


Participants are free to withdraw consent to the storage or other use of their data at any time and thus withdraw from participation. Südwestdeutsche Salzwerke points out that all personal data of the participant arising from the raffle/sweepstakes are not made accessible to third parties (with the exception of the company or companies commissioned to carry out the raffle/sweepstakes).

13. Erasure and blocking of personal data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or to the extent that this has been provided by the European legislative and regulatory authorities or other legislative bodies in laws or regulations to which the controller is subject. 

If the purpose of storage ceases to apply or a storage time limit stipulated by the European legislative and regulatory authorities or another legislative body with jurisdiction expires, the personal data are blocked or erased in accordance with the statutory provisions.



14. Legal bases of processing of personal data
Point (a) of Article 6(1) GDPR serves our company as the legal basis for processing operations in whose case we obtain consent for a specific purpose of processing, such as in the case of use of a contact form included in the website.

If the processing of personal data is necessary in order to perform a contract to which the data subject is party, as is the case with processing operations that are necessary in order to deliver goods or perform another service or provide consideration, for example, then the processing is based on point (b) of Article 6(1) GDPR. The same applies to processing operations that are necessary in order to take steps prior to entering into a contract, such as in the case of inquiries concerning our products or services.

Where our company is under a legal obligation that necessitates processing of personal data, such as to fulfill tax obligations, the processing is based on point (c) of Article 6(1) GDPR. 

Processing operations may also be based on point (f) of Article 6(1) GDPR. This is the case where the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to engage in these kinds of processing operations, in particular, because they were mentioned specifically by the European legislature when the regulation was drafted. The legislature’s view in this regard was that it might be necessary to assume a legitimate interest where the data subject is a customer of the controller or is in the controller’s service
(Recital 47, second sentence, GDPR).

Where processing of personal data is based on point (f) of Article 6(1) GDPR, our legitimate interest consists in performing our business activity for the good of our shareholders while observing the legitimate interests of the data subjects. When weighing this interest, the focus is always on an appropriate relationship between the data subject and us as a company.

15. Duration of storage of personal data
The criterion for the duration of storage of personal data is statutory retention periods, which may arise from tax or commercial law and from further applicable legal provisions, wherever these legal provisions are applicable to your personal data. After the time limit expires, the relevant data are erased insofar as they are no longer required to perform a contract, take steps prior to entering into a contract, or maintain the business relationship. If no retention periods are applicable and you have given us your consent to the storage and use of your personal data, the data will be stored and used for the intended purpose for as long as indicated in the context of the consent or until you withdraw your consent to use for the future, as the case may be.



16. Statutory or contractual provisions on providing the personal data; necessity for entering into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide the personal data
Please note that providing personal data is required by law in some cases (tax regulations, for example) or may also arise from contractual provisions (such as information on the other party to the contract). In order to enter into a contract, it may be necessary for a data subject to provide us with personal data that subsequently must be processed by us. For example, the data subject is obligated to provide us with personal data if our company enters into a contract with him or her. Failure to provide the personal data would mean it would not be possible to enter into the contract with the data subject. 



17. Social media presence on social networks and platforms (Facebook, Instagram, Pinterest, YouTube, TikTok)

We maintain fan pages and channels within the following social networks and platforms:
- Facebook
- Instagram
- Pinterest
- YouTube

- TikTok

 

The objective of doing this is to communicate with the customers, potential customers, and users who are active there and inform them there about our services. The icons shown for this purpose in the navigation within our website are static links. This means that when our website loads, no automatic connection to these social networks is established. Only if you click the icon will you be taken to the website of the social network in question. This means this website can be shared quickly and easily in social networks while also protecting your privacy. 

Please note further that the relevant social networks or platforms always receive notification that the data subject has visited our website if the data subject is simultaneously logged in to the relevant social network (Facebook, Instagram, Pinterest, YouTube, or TikTok, for example) at the time of accessing our website and clicking the icon. The result is that data are stored independently of the devices used by the users. If you wish to prevent this, log out of the relevant social network beforehand.

Please note further that if you visit the websites of these social networks and platforms, your personal data may be processed outside the European Union, and this may give rise to risks for you (for example in enforcing your rights pursuant to European / German law). Please note that some U.S. providers are certified under the EU-U.S. Privacy Shield Framework, which means they have committed to upholding the EU’s data protection standards.

User data are typically processed for market research and advertising purposes. This makes it possible, for example, to create usage profiles based on usage behavior and the user interests revealed by that behavior. These usage profiles can be used in turn to serve ads that are presumed to match user interests on and off the platforms, for example. For these purposes, cookies are typically placed on users’ computers to store information on usage behavior and user interests. 

 

For further information on the processing of your personal data and your options for objecting, please consult the links to the relevant providers listed below. You can also contact these providers to assert your rights of access to information and other rights as a data subject, as they are the only parties that have direct access to user data and relevant information in this regard.

 

Facebook
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy: www.facebook.com/about/privacy/

Opt-out: www.facebook.com/settings and www.youronlinechoices.com

Privacy Shield: www.privacyshield.gov/participant.

 

Instagram
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, U.S.A.

Privacy policy / opt-out: instagram.com/about/legal/privacy/.

 

Pinterest
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

policy.pinterest.com/de/privacy-policy

 

YouTube
YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, U.S.A., represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.
https://policies.google.com/privacy?hl=de

 

TikTok

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Privacy policy | TikTok

You can reach TikTok’s data protection officer at:

www.tiktok.com/legal/report/DPO

 

18. Data protection and privacy information in conjunction with YouTube videos embedded directly into our website


Our site uses the provider YouTube LLC , 901 Cherry Avenue, San Bruno, CA 94066, U.S.A., represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A., to embed videos. Normally, your IP address is transmitted to YouTube and cookies are installed on your computer as soon as you access a page with embedded videos. However, we have embedded our YouTube videos in privacy enhanced mode (in this case, YouTube does still contact Google’s DoubleClick service, but according to Google’s privacy policy, personal data are not analyzed in the process). This means YouTube no longer stores any information about visitors unless they watch the video. If you click the video, your IP address is transmitted to YouTube, and YouTube learns that you have watched the video. If you are logged in to YouTube, this information is also associated with your user account (you can prevent this by logging out of YouTube before accessing the video).

 

We have no knowledge of or influence over any possible collection and use of your data by YouTube when this occurs. For further information, please see the YouTube privacy policy at: policies.google.com/privacy. With regard to general handling of cookies and how to deactivate them or withdraw consent, please also see the general information contained in this privacy policy, particularly the cookie policy section.


19. Data protection and privacy information on the use of the store finder function
 

We offer you a store finder service that you can use to show the retail locations where you can purchase our high-end Alpine salts using either your postal code or the name of a city or town. We have incorporated this service as an opt-in solution. This means we use this technology only with your express consent. When you visit our website, a cookie popup will open. You can use this popup to set your cookie preferences. If you consent, the service is activated, which means you can use it. If you decide not to use the service, the installation does not take place, and you will be unable to use this service on our website. The store finder function uses Google Maps to display the stores on maps. The Google Maps map service is integrated via an interface to do this.

 

The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A. To use the features of Google Maps, it is necessary to store your IP address. This information is typically transmitted to a Google server in the United States of America and stored there. We have no influence over this data transmission. For further information on the purpose and scope of the collection and use of data by plugin providers, please consult the provider’s privacy policies. You can also find further information there on your rights in this regard and your setting options in conjunction with protecting your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has subscribed to the EU-U.S. Privacy Shield Framework: www.privacyshield.gov/EU-US-Framework. You can object to this data processing, even after giving express consent in the context of the cookie popup, by disabling JavaScript in your browser settings. In this case, however, you will be unable to use the map services. With regard to general handling of cookies and how to deactivate them or withdraw consent, please also see the general information contained in this privacy policy, particularly the cookie policy section (Sec. 10).



20. Data protection and privacy provisions on the use of Google Analytics 4

Where you have given consent, this website uses Google Analytics 4, a Web analytics service of Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We have entered into an agreement on processing of data on another entity’s behalf pursuant to Article 28 GDPR with Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Scope of processing

Google Analytics uses cookies that enable analysis of your use of our Web pages. The information on your use of this website collected via the cookies is typically transmitted to a Google server in the United States and stored there. We use the User-ID function. The User-ID function allows us to associate one or more sessions (and activity within these sessions) with a unique, permanent ID and analyze user behavior across devices.

With Google Analytics 4, anonymization of IP addresses is activated by default. Due to this IP anonymization, your IP address is truncated (shortened) by Google within Member States of the European Union or other states that are signatories to the Agreement on the European Economic Area. Only in isolated instances is the full IP address transmitted to a Google server in the United States and truncated there. According to Google, the IP address transmitted by your browser within the scope of Google Analytics is not combined with other Google data.

During your website visit, your user behavior is recorded in the form of “events.” Events include but are not limited to the following:

  • Page impressions
  • Initial visit to the website
  • Start of a session
  • Your “click path,” interaction with the website
  • Scrolls (whenever a user scrolls to the end of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Ads viewed / clicked
  • Language settings

The following information is also collected:

  • Your approximate location (data on country, region, city)
  • Your IP address (in truncated (anonymized) form)
  • Technical information on your browser and the devices you use (e.g., language settings, screen resolution)
  • Your Internet provider
  • Referrer URL (via which website or ad you arrived at this website)

Purposes of processing

On behalf of the operator of this website, Google will use this information to analyze your website use and compile reports on website activity. The reports provided by Google Analytics serve to analyze our website’s performance and the success of our marketing campaigns.

Recipients

The recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (in the role of processor pursuant to Article 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.
  • Alphabet Inc., 1600 Amphitheatre Parkway. Mountain View, CA 94043, U.S.A.

It is not impossible that U.S. government agencies or other authorities may access the data stored by Google.

Third country transfers

Where data are processed outside the EU/EEA and there is no level of data protection commensurate with the European standard, we have entered into EU standard contractual clauses with the service provider to establish an adequate level of data protection. The parent company of Google Ireland, Google LLC, is headquartered in California, U.S.A. It is not impossible that data will be transmitted to the United States, or that U.S. government agencies or other authorities may access the data stored by Google. The United States is currently considered a third country from the standpoint of European data protection and privacy law. You do not have the same rights there as you do within the EU/EEA. You may have no legal remedies against access by government agencies or other authorities.

Duration of storage

The data transmitted by us and linked to cookies are automatically erased after 14 months. Data that have reached the end of their retention period are automatically erased once a month.

Legal basis

The legal basis for this data processing is your consent pursuant to point (a) of Article 6(1) GDPR.

Withdrawal of consent

You can withdraw your consent at any time with effect for the future by accessing the cookie settings via the COOKIE GUIDE and changing your selection there (see Sec. 10.3.). This will not change the lawfulness of the processing that has taken place based on your consent up until the time of withdrawal.

You can also prevent cookies from being stored from the outset by adjusting your browser settings accordingly. If you configure your browser to reject all cookies, however, the functions of this and other websites may be restricted as a result. You can also prevent the data generated by the cookie concerning your use of the website (including your IP address) from being collected and transmitted to Google and the processing of these data by Google by not consenting to the placement of cookies.

For further information on the terms of use of Google Analytics and privacy at Google, please visit https://marketingplatform.google.com/intl/de/about/analytics/ and https://policies.google.com/privacy?hl=en.

 

21. Data protection and privacy information on the use of Facebook Pixel

This website uses the “Facebook Pixel” from the social network Facebook of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the following purposes:

We use the Facebook Pixel for remarketing purposes to be able to contact you again within 180 days. As a result, interest-based ads (“Facebook ads”) can be shown to users of the website in the context of visiting the Facebook social network or other websites that also use this method. By doing this, we are pursuing our interest in displaying ads to you that are of interest to you in order to make our website and/or offerings more interesting to you.

Facebook conversion

By using the Facebook Pixel, we also aim to ensure that our Facebook ads are aligned with users’ potential interest and are not perceived as bothersome. With the help of the Facebook Pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking a Facebook ad (known as “conversion”).

Based on the marketing tools used (Facebook Pixel), your browser automatically establishes a direct connection with the Facebook server as soon as you have consented to the use of cookies for which consent is required. Through the inclusion of the Facebook Pixel, Facebook receives a notification that you have accessed the relevant page of our website or clicked one of our ads. If you are logged in to any Facebook service, Facebook can associate the visit with your account.

The processing of the data by Facebook takes place within the scope of Facebook’s data policy. You can also consult the Facebook help section for specific information and details regarding the Facebook Pixel and how it works.

We (Südwestdeutsche Salzwerke AG) share the status of controller with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) with regard to the collection and transmission of the data within the scope of this process. This applies to the following purposes:

Creation of individualized or suitable ads and optimization thereof
Delivery of commercial and transaction-related messages (e.g., via messenger)
Therefore, the following processing operations are not covered by this joint controller status:

Meta alone is the controller responsible for any and all processing that takes place after collection and transmission of the data.

We have entered into a corresponding agreement with Facebook with regard to our joint controller status, which is accessible here: https://www.facebook.com/legal/controller_addendum. This document stipulates the relevant responsibilities as controller with regard to fulfilling the obligations arising from the GDPR as regards our joint controller status.

The contact details of the company responsible as controller and the Facebook data protection officer are available here: https://www.facebook.com/about/privacy. We have agreed with Meta that Meta can be contacted as the first point of contact for data subjects seeking to assert their rights. Nothing in this arrangement restricts the areas of responsibility for the rights of data subjects.

For further information on how Meta processes personal data, including the legal basis therefor and additional information on the rights of data subjects, please click here: https://www.facebook.com/about/privacy. We transmit the data within the scope of our joint status as controller on the basis of our legitimate interest pursuant to point (f) of Article 6(1) GDPR.

Information on data security terms is available here: https://www.facebook.com/legal/terms/data_security_terms, and information on processing operations based on standard contractual clauses is available here:   https://www.facebook.com/legal/EU_data_transfer_addendum.

You can deactivate the tool via the cookie settings, which you can manage using the COOKIE GUIDE, here and, for users who are logged in, at  https://www.facebook.com/settings/?tab=ads#.

Life span of cookies: up to 180 days after the last interaction. This applies only to cookies placed via this website.

 

22. Overview of your rights as a data subject
Pursuant to the provisions of the GDPR, a data subject has individual rights that can be asserted by request in connection with that person’s personal data. For example, there are rights of access to information and rights to rectification, erasure, restriction of processing, and data portability, along with individual rights to object and the right to lodge a complaint with a supervisory authority. This section presents an overview of the individual rights and the time limits that apply to them.

22.1 Time limits for rights assertable by request as stipulated in Articles 15–21 GDPR
In our role as controller, we will respond to the data subject regarding any requests pursuant to Articles 15–21 GDPR within a time limit of one month after receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In that case, we will notify you within one month after receipt of your request that we are making use of this extension. Where the data subject makes the request by electronic means, we will respond to it by electronic means where possible, unless you request otherwise.

22.2 Request channels
You can submit requests by mail or e-mail. You can find the contact address in Sec. 4 of this privacy policy.
All requests pursuant to Articles 15–21 GDPR in conjunction with SalzBlog should be addressed directly to the e-mail address indicated under the heading “Operation of a blog (‘SalzBlog’).”

22.3 Right of access by the data subject pursuant to Article 15 GDPR  

A data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and further information as described in Article 15 GDPR.

Please note that the controller can provide information only if there are no objections or concerns regarding the data subject’s identity. The controller is required to use all reasonable means to verify the identity of a data subject seeking access to information.


22.4 Right to rectification pursuant to Article 16 GDPR  

A data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.


22.5 Right to erasure pursuant to Article 17 GDPR 

A data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller has the obligation to erase personal data without undue delay where the prerequisites listed in Article 17 GDPR are met.


22.6 Right to restriction of processing pursuant to Article 18 GDPR
A data subject has the right to obtain from the controller restriction of processing where the prerequisites stipulated in Article 18 GDPR are met.


22.7 Right to data portability pursuant to Article 20 GDPR

A data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a format as described in Article 20 GDPR and the right to have those data transmitted to another controller on the data subject’s instructions, where the prerequisites described in Article 20 GDPR are met. 


22.8 Right to object pursuant to Article 21 GDPR

 

A data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her where these data were collected based on point (e) of Article 6(1) GDPR (processing takes place for the performance of a task carried out by the controller in the public interest or in the exercise of official authority vested in the controller) or point (f) of Article 6(1) GDPR (processing takes place on the basis of a legitimate interest pursued by the controller or a third party).

The controller must no longer process the personal data in these cases unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing serves for the establishment, exercise or defense of legal claims.

Where personal data are processed by the controller for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. 


22.9 Right to object pursuant to point (c) of Article 13(2) GDPR


Where the processing of personal data of a data subject by the controller is based on point (a) of Article 6(1) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes) or point (a) of Article 9(2) GDPR (the data subject has given consent to the processing of special categories of personal data concerning him or her for one or more specific purposes), the data subject has the right to withdraw consent at any time without the lawfulness of the processing that has taken place based on consent up until the time of its withdrawal being affected thereby.

You can withdraw your consent by mail or e-mail. You can find the contact address in Sec. 4 of this privacy policy.

All requests pursuant to Articles 15–21 GDPR in conjunction with SalzBlog should be addressed directly to the e-mail address indicated under the heading “Operation of a blog (‘SalzBlog’).”


23. Right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR

 

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. You can typically contact the supervisory authority in the place of your habitual residence or place of work or the place of the company’s registered office to do this. 

The supervisory authority with which the complaint has been lodged is required to inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

The data protection supervisory authority with jurisdiction over us is:

The Baden-Württemberg State Commissioner for Data Protection and Freedom of Information
 

Address:                                                    Mailing address:
Lautenschlagerstr. 20                                Postfach 10 29 32
70173 Stuttgart                                         70025 Stuttgart
Germany                                                   Germany

Further information is available online at www.baden-wuerttemberg.datenschutz.de.


24. Current version of this privacy policy

 

It may be necessary to adjust our privacy policy for legal or technical reasons. We reserve the right to make such changes at any time and therefore request that you consult this privacy policy at regular intervals to stay informed of current developments.

 

Last updated: December 2023

 

Contact

Südwestdeutsche Salzwerke AG
Salzgrund 67
74076 Heilbronn

Email: datenschutz@salzwerke.de

To top