Privacy Policy
The use of our website is possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done, as far as possible, on a voluntary basis. This data will not be passed on to third parties without your consent. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps.
(1) Information on the collection of personal data
(1) In the following we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour. (2) The responsible party pursuant to Article 4 (7) of the EU General Data Protection Regulation (DS-GVO) is Chocoversum GmbH Meßberg 1, 20095 Hamburg Tel.: (040) 41 91 23 00 Fax: (040) 41 91 23 0 – 20 E-mail: service@chocoversum.de (see our imprint). You can reach our data protection officer at: Attorney Bertold Frick Datenschutz-Metropol GmbH Baumwollbörse, Wachtstraße 17/24, 28195 Bremen Tel: (0421) 339 53 50 Fax: (0421) 339 53 55 E-mail: frick@trinity-metropol.de (3) When you contact us by e-mail, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations. (4) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
2. Your rights
(1) You have the following rights vis-à-vis us with regard to the personal data concerning you: – In accordance with Art. 15 DSGVO, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its use. request the correction of inaccurate or incomplete personal data stored by us without undue delay in accordance with Art. 16 DSGVO; – request the deletion of your personal data in accordance with Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims; – in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you require it for the assertion, exercise or defence of legal claims, or you object to the processing of your personal data in accordance with Art. to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller and – to lodge a complaint with a supervisory authority pursuant to Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of our company for this purpose. To assert your rights, please contact: frick@trinity-metropol.de (2) If you wish to complain to the data protection supervisory authority responsible for our company’s registered office about the processing of your personal data by us, please contact: The Hamburg Commissioner for Data Protection and Freedom of Information Klosterwall 6 (Block C), 20095 Hamburg Tel.: (040) 4 28 54 – 40 40 E-Fax: (040) 4 279 – 11811 E-mail: mailbox@datenschutz.hamburg.de
3. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1).
In the case of direct advertising (marketing), you also have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.
4. Collection of personal data when visiting our website
(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO): – IP address – date and time of the request – time zone difference to Greenwich Mean Time (GMT) – content of the request (specific page) – access status/HTTP status code – amount of data transferred in each case – website from which the request came – browser – operating system and its interface – language and version of the browser software.
5. Data security
(1) We secure our website and other systems by technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. However, despite regular checks, complete protection against all dangers is not possible. The website uses the industry standard SSL (Secure Sockets Layer) for encryption in some places. This ensures the confidentiality of your personal information over the internet.
6. Social plugins
(1) Social plugins from social networks are used on this website. Separate data protection and liability regulations apply to the social networks and, in general, to third-party websites. The storage and use of personal data by the respective site operator (service provider), which accrue when using their services, may exceed the scope of this privacy policy. The CHOCOVERSUM has no influence on what data an activated plugin collects and how it is used by the provider. The CHOCOVERSUM itself does not collect any personal data by means of the social plugins or through their use. (2) In order to increase the protection of your data, the plugins are not integrated into the page without restriction, but only using an HTML link (so-called “Shariff solution” from c’t). This integration ensures that when the page containing such plugins is called up, no connection is yet established with the servers of the provider of the respective social network. If you click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider, on which you can (if necessary after entering your login data) click on the Like or Share button, for example. For the purpose and scope of the data collection and the further processing and use of the data by the providers on their pages, as well as your rights in this respect and setting options for protecting your privacy, please refer to the data protection notices of the providers. Facebook: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Website: www.facebook.com Data protection: http://www.facebook.com/policy.php.
Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Website: https://www.instagram.com Privacy: https://help.instagram.com/155833707900388. Tripadvisor : TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494 USA Website: https://www.tripadvisor.de Privacy: https://tripadvisor.mediaroom.com/DE-privacy-policy
7. Facebook and Instagram Fanpages and Facebook Insights
We offer so-called fanpages in the social networks Facebook and Instagram. The operating company of Facebook and Instagram is Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If the data subjects live or reside in the European Union, the data controller is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta Ireland”). Personal data is processed when you visit our fan pages. We and Meta Ireland are jointly responsible for the collection and transmission of personal data to Meta Ireland when you visit our Facebook fan page. Meta also uses its “Facebook Insights” service on our Facebook pages. Insofar as you give your consent to tracking on our website by opting in, your data will be collected for our Facebook fan page. We receive anonymised data to gain insights into how people interact with our fan page and related content. You can exercise your data subject rights with Meta Ireland as well as with us. The primary responsibility under the GDPR for processing insights data lies with Meta Ireland. Meta Ireland complies with all obligations under the GDPR with respect to the processing of Insights Data and provides the essentials of the Page Insights Supplement to data subjects (see below). As the operator of our fan pages, we do not make any decisions regarding the processing of Insights data and the other information resulting from Art. 13 of the GDPR, including the legal basis, the identity of the responsible person and the storage period of cookies on user end devices. For more information on the Page Insights supplements regarding the Facebook controller, please visit https://de-de.facebook.com/legal/terms/page_controller_addendum.
8. Cookies
(1) So-called cookies are used on our pages. Cookies are small text files that are stored in the cache of your internet browser for the duration of your browser session (so-called session cookies) or for a certain period of time (so-called permanent cookies) on your hard drive. The cookies enable the recognition of the internet browser so that you can be provided with content tailored to your needs and wishes more quickly and in a more targeted manner during future visits to our website. We therefore use technically necessary cookies in order to be able to offer our website and our services as well as to ensure the proper functioning of the website. (2) The storage and reading of technically necessary cookies is carried out in accordance with § 25 para. 2 no. 2 TTDSG. Further processing is carried out on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in providing and maintaining the functions of our website, in particular to meet the needs of our visitors. (3) If we want to use marketing, tracking or analysis cookies in addition to the technically necessary cookies, your prior express consent is required. We ask for this via the cookie banner that appears on our website at the start of use, which informs you of our cookie policy and where you have the option of refusing or granting your consent for all or certain types of cookies. (4) The storage and reading of non-essential cookies is carried out on the basis of Section 25 (1) TTDSG and thus on the basis of your consent. The associated further processing of personal data is also based on your consent. If you give us your consent, the legal basis for the processing of personal data is Art. 6 para. 1 lit. a DSGVO. You can change your cookie settings or revoke your consent via the blue button at the bottom right edge of your browser window.
9. Google Analytics 4 (1) This website uses Google Analytics 4, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Universal Analytics also uses cookies. If personal data of European persons are processed, the provider of the service is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Your express consent is required for the use of Google Universal Analytics. For this purpose, you have the option at the beginning of the usage process to refuse or grant your consent via the cookie banner and to inform yourself about the data protection rules of our company. (2) If you give us your consent, the legal basis for the processing of personal data is Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time and without giving reasons. To do so, send an e-mail to: service@chocoversum.de. In the imprint you will find further contact details to which you can send the revocation. (3) The information generated by the cookie about your use of the website is usually transmitted to a Google server in the USA and stored there. We use IP anonymisation on our website, which means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. No adequacy decision exists for the transfer of personal data to companies in the USA. However, Google is certified under the Privacy Shield framework published by the US Department of Commerce. Through this certification, the company has undertaken to comply with higher data protection standards than are customary in the USA. In addition, we have concluded an order processing agreement with Google and Google Ireland has undertaken to agree on so-called standard data protection clauses for the transfer of data, through which data protection principles and the security of your data are safeguarded. However, there remains a risk that US authorities may gain access to personal data. If your personal data is transferred to the USA, this will be done solely on the basis of your express consent pursuant to Art. 49 (1) sentence 1 lit. a DSGVO. You can revoke your consent at any time by opening the cookie box and moving the corresponding slider to “Off”.
10. Facebook Remarketing
(1) The remarketing function “Custom Audiences” of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”) is used on our website. This enables us to present interest-based advertisements (“Facebook Ads”) to visitors to our website when they visit the social network Facebook. Via the Meta remarketing tag (cookie) implemented on our website, a direct connection to the Meta servers is established when you visit the website and it is transmitted to the Meta server that you have visited this website. Meta assigns this information to your personal Facebook user account. For more information on the collection and use of data by Facebook, as well as your rights in this regard and options for protecting your privacy, please refer to Facebook’s privacy policy at https://www.facebook.com/about/privacy/. (2) Your express consent is required for the use of tracking and marketing cookies. For this purpose, you have the option at the beginning of the usage process to refuse or give your consent via the cookie banner and to inform yourself about the data protection rules of our company. (3) Cookies are stored on the basis of § 25 para. 1 TTDSG and thus on the basis of your consent. The further processing of your personal data is also based on your consent. If you give us your consent, the legal basis is therefore Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time and without giving reasons. To do so, send an e-mail to: info@chocoversum.de. In the imprint you will find further contact details to which you can send the revocation. The data collected in this context may be transferred by Meta Ireland to a Meta server in the USA for evaluation and stored there. There is currently no adequacy decision by the European Commission for the transfer of data to companies in the USA. However, Meta is certified under the Privacy Shield framework. Through the certification, the company has undertaken to comply with higher data protection standards than are customary in the USA. In addition, we have concluded an order processing agreement with Meta Ireland and Meta Ireland has undertaken to agree on so-called standard data protection clauses for the transfer of data, through which data protection principles and the security of your data are safeguarded. However, there remains a risk that US authorities may gain access to personal data. If your personal data is transferred to the USA, this will be done solely on the basis of your express consent pursuant to Art. 49 (1) sentence 1 lit. a DSGVO. You can revoke your consent at any time by opening the cookie settings and moving the corresponding slider to “Off”. You can also object to the use of the cookie at any time and deactivate the “Custom Audiences” remarketing function. In addition, you can make settings on Facebook itself under the following link: https://www.facebook.com/settings/?tab=ads#_=_. You must be logged in to Facebook to do this.
11. Facebook “Visitor Action Pixel”
(1) Within our online offer, the so-called “Visitor Action Pixel” of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is used for the purpose of analysis, optimisation and economic operation of our online offer. This allows the behaviour of users to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This procedure is used to evaluate the effectiveness of the Facebook ads for statistical and market research purposes and can help to optimise future advertising measures. The collected data is anonymous for us, so it does not offer us any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). This only applies to users who have an account with Facebook and are logged into the Facebook member area. Users who are not members of Facebook are not affected by this data processing. (2) Your express consent is required for the use of tracking and marketing cookies. For this purpose, you have the option at the beginning of the usage process to refuse or give your consent via the cookie banner and to inform yourself about the data protection rules of our company. The cookies are stored on the basis of § 25 para. 1 TTDSG and thus on the basis of your consent. The further processing of your personal data is also based on your consent. If you give us your consent, the legal basis is therefore Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time and without giving reasons. To do so, send an e-mail to: service@chocoversum.de. In the imprint you will find further contact details to which you can send the revocation. The data collected in this context may be transferred by Meta Ireland to a Meta server in the USA for evaluation and stored there. There is currently no adequacy decision by the European Commission for the transfer of data to companies in the USA. However, Meta is certified under the Privacy Shield framework. Through the certification, the company has undertaken to comply with higher data protection standards than are customary in the USA. In addition, we have concluded an order processing agreement with Meta Ireland and Meta Ireland has undertaken to agree on so-called standard data protection clauses for the transfer of data, through which data protection principles and the security of your data are safeguarded. However, there remains a risk that US authorities may gain access to personal data. If your personal data is transferred to the USA, this will be done solely on the basis of your express consent pursuant to Art. 49 (1) sentence 1 lit. a DSGVO. You can revoke your consent at any time by opening the cookie box and moving the corresponding slider to “Off”. You can also object to the use of the cookie at any time and deactivate the function. In addition, you can make settings on Facebook itself under the following link: https://www.facebook.com/settings/?tab=ads#. You must be logged in to Facebook to do this.
12. Newsletter
(1) On our website you have the option of registering for our newsletter. To do this, we need your name, date of birth and email address in order to send you the newsletter.
(2) The legal basis for this is consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). When registering for the newsletter, you consent to us sending a newsletter to your email address. When registering, you agree to the following consent text: ‘I hereby consent to [name] sending me emails to the email address I have provided for the purpose of […]. I have the right to revoke this consent at any time with effect for the future. I have taken note of the privacy policy with further information on data processing.’
(3) You can revoke this consent at any time for the future by unsubscribing from the newsletter. To do this, you will find a link at the end of every newsletter you receive, which you can use to unsubscribe from the newsletter. Your subscription will then be deleted automatically.
(4) Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. The time of registration and confirmation as well as the IP address are stored as proof of registration for the newsletter.
(5) The statistical collection, analysis and logging of the registration process is carried out on the basis of legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR). The legitimate interest here is the proper and technically flawless execution of the e-mail dispatch.
(6) We will only store your email address, which you provided when you subscribed to the newsletter, for as long as you remain subscribed to the newsletter. As soon as you have cancelled your subscription to the newsletter, we will delete your e-mail address.
(7) We use the Rapidmail software (https://www.rapidmail.de/) to send newsletters. Your data will be transmitted to rapidmail GmbH. Rapidmail is prohibited from selling your data and using it for purposes other than sending newsletters. Rapidmail is a German, certified provider that has been selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act.
(8) We use the Brevo CRM system for newsletter management and the systematic processing of newsletters. Your data is transmitted to the provider of the tool, Sendinblue SAS (106 Boulevard Haussmann, 75008 Paris, France). We use the tool to design the newsletter and manage subscribers. We have concluded a corresponding order processing contract with Sendinblue to ensure that your personal data is processed in accordance with the requirements of the GDPR.
(9) We do not pass on the email address you provide to us to third parties.
13. E-Mail Marketing
We process your personal data for the purpose of sending you emails to advertise our services and products. As a rule, we process your first name and date of birth in addition to your e-mail address for e-mail marketing.
Email marketing takes place in two forms: On the one hand, we process your personal data as part of the newsletter subscription if you have registered to receive newsletters and have consented to the processing of your personal data (Art. 6 para. 1 sentence 1 lit. a GDPR). You can find more information on this processing in section 11.
We also process your personal data to send you emails following your order in our shop. We have a legitimate interest in promoting our products and services to our customers, informing them about them and maintaining the customer relationship. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. We send such emails until you object to the sending of advertising. You have the right to object to processing for marketing purposes at any time (Art. 21 para. 2 GDPR). At the end of each email, you will receive a corresponding option to object to the sending of further emails by clicking on a link.
For email marketing, we use the Brevo software from Sendinblue SAS (106 Boulevard Haussmann, 75008 Paris, France). Your personal data is transmitted to the provider. We have concluded an order processing contract with the provider, through which the provider undertakes to comply with the requirements of the General Data Protection Regulation.
13. Waiting List
(1) If you register for a waiting list in the “Events” section, the data provided here will be collected, stored, processed and used. The legal basis for this is consent (Art. 6 para. 1 p. 1 lit. a) DS-GVO). When registering for a waiting list, you consent to us sending an email to your email address with information on your waiting list topic. (2) As soon as the next information on your waiting list topic is available, you will receive an e-mail at the address you provided. Your data will then be deleted. (3) You can revoke your consent to the storage of your data, e-mail address and their use for sending waiting list notifications at any time by sending an e-mail to service@chocoversum.de.
14. Contact forms – school classes and companies
On our website we offer you the possibility to register school classes or companies by means of an online form and to request a corresponding offer. When using these forms, you provide the name, e-mail and telephone number or, in the case of school classes, the telephone number of an accompanying adult. The processing of this data is based on Art. 6 para. 1 lit. f) DS-GVO and serves our legitimate interests to provide you with another possibility to contact us specifically and to get a contact person already before submitting an offer. This data is only stored insofar as it is necessary for the preparation of the offer and the implementation of the booked event.
15. Google Maps
The CHOCOVERSUM website has integrated the Google Maps service in order to illustrate and display the contact address. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When used, Google collects and processes data about the user’s use of the map function. Further information on data processing can be found in the Google privacy policy (https://policies.google.com/privacy?hl=de)
16. Google Tag Manager Our website uses the Google Tag Manager. Google Tag Manager is a solution with which marketers can manage website tags via an interface. It is operated by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. The Tag Manager is used to load other services on our website in a centralised manner. The Tag Manager establishes a connection to Google servers in the USA and sends your IP address to Google. The data transfer of the IP is technically necessary. The legal basis for the processing of your personal data is your consent pursuant to Art. 6 Para. 1 lit. a DSGVO. The legal basis for the transfer of your IP address to Google in the USA is your express consent pursuant to Art. 49 (1) lit. a DSGVO. Google is certified under the Privacy Shield Framework (https://www.privacyshield.gov/EU-US-Framework). The company has thereby undertaken to comply with higher data protection standards than are customary in the USA and which are intended to come close to those of the European Union. In addition, we have concluded so-called standard contractual clauses with Google, through which Google contractually undertakes to comply with high data protection standards. Nevertheless, there remains a risk that US authorities may access data of data subjects. You can revoke your consent at any time without giving reasons. To do so, go to the cookie settings to revoke your consent. You can find more information about Google’s processing in the provider’s privacy policy: https://www.google.de/policies/privacy/.
17. Gravatar (1) The Gravatar service is used on our website. Provider is. Aut O’Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland B(“Automattic”). Cookies are also set in this process. The service enables our internet users to leave comments on our website using avatars. To do this, users must register with Gravatar and provide profile pictures and their email address. If you are registered with Gravatar and have deposited your e-mail address and a profile picture there and register with us using this e-mail address, your profile picture will be played on our website. For matching purposes, the email address you provided when you registered is transmitted to Automattic. Due to the integration of the images deposited with Gravatar on our website, Gravatar also takes note of the IP address of registered users of our website. (2) Your express consent is required for the use of cookies. To this end, at the beginning of the usage process, you have the opportunity to refuse or give your consent via the cookie banner and to inform yourself about our company’s data protection rules. The cookies are stored on the basis of § 25 para. 1 TTDSG and thus on the basis of your consent. The further processing of your personal data is also based on your consent. If you give us your consent, the legal basis is therefore Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time by opening the cookie settings and moving the corresponding slider to “Off”.
18. Mouseflow
(1) To optimise our offer, we use the analysis tool Mouseflow. The provider is Mouseflow Inc, Flaesketorvet 68, 1711 Copenhagen V, Denmark. Mouseflow analyses your usage behaviour on our website. This includes the use of your mouse (clicks, movements, use of scroll wheel etc.) as well as which fields/functions you use on our website. In addition, Mouseflow collects technical data of the end device used. Cookies are used to analyse the data. (2) Your express consent is required for the use of tracking and marketing cookies. For this purpose, you have the possibility at the beginning of the usage process to refuse or give your consent via the cookie banner and to inform yourself about the data protection rules of our company. The cookies are stored on the basis of § 25 para. 1 TTDSG and thus on the basis of your consent. The further processing of your personal data is also based on your consent. If you give us your consent, the legal basis is therefore Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time without giving reasons. To do this, call up the cookie settings to revoke your consent. (3) We have concluded an order processing agreement with the provider to ensure that your personal data is processed in a legally compliant and secure manner.
19. Integration and linking of videos via YouTube
For the integration and linking of videos, we use the social network YouTube. The provider of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. YouTube video integration We embed our videos in the so-called “extended data protection mode” in order to provide you with a data protection-friendly view. However, like most online presences, YouTube also uses cookies to collect information about visitors to its online presence. YouTube uses these to collect video statistics, prevent fraud and improve the user experience, among other things. This also leads to a connection with the Google Double Click Network. So if you play videos on our website, this could trigger further data processing operations. Unfortunately, we have no control over this. If you do not want YouTube to be able to associate your visit to our online presence with your YouTube user account when you play a video, please log out of your YouTube user account before clicking on the play button. By streaming a YouTube video, your personal data will be processed by Google. The processing is usually for marketing and analysis purposes, for which Google is responsible. For more information on processing, please refer to Google’s privacy policy, which can be found at https://policies.google.com/privacy?hl=de.
YouTube linking Links to the social network YouTube are integrated on our online presence. You can recognise the YouTube links by the YouTube logo on our online presence. If you click on one of the YouTube “buttons” while you are logged into your YouTube account with the same browser, YouTube can assign your visit to our online presence to your user account. We would like to point out that we, as the provider of the online presence, have no knowledge of the content of the transmitted data or its use by YouTube. If you do not want YouTube to be able to assign your visit to our online presence to your YouTube user account after clicking on one of the YouTube buttons, please log out of your YouTube user account before clicking on the YouTube “button”. For further information on the handling of your personal data when visiting the YouTube website and playing YouTube videos, please refer to the YouTube privacy policy. YouTube processing When YouTube is activated, cookies are set and personal data is processed. The storage of the cookies and the processing of your personal data is based on your consent. The legal basis for the processing is Art. 6 para. 1 lit. a DSGVO. You can give your consent in the cookie box or by playing the video. You can revoke your consent at any time by opening the cookie box and moving the corresponding slider to “Off”. With the playback of the video, personal data may be transmitted from Google Ireland to Google Inc. in the USA and processed there by Google. This includes in particular your IP address, technical data of the terminal device and the information that you have called up the corresponding sub-page of our website. No adequacy decision exists for the transfer of personal data to companies in the USA. However, Google is certified under the Privacy Shield framework published by the US Department of Commerce. Through the certification, the company has undertaken to comply with higher data protection standards than are customary in the USA. In addition, we have concluded an order processing agreement with Google Ireland and Google Ireland has undertaken to agree on so-called standard data protection clauses for the transfer of data, through which data protection principles and the security of your data are safeguarded. However, there remains a risk that US authorities may gain access to personal data.
20. Welcoming guests in our foyer
We process personal data for welcoming individual guests if there are special occasions or if this is requested by guests. For this purpose, the name and information relating to the occasion (such as the guest’s birthday and age) are displayed on a screen in the foyer. The processing is carried out on the basis of Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests and the interests of the data subject. The data controller would like to offer its guests a special experience and enable them to have a pleasant stay. This also includes a personal approach to highlight the special nature of the visit and to welcome the respective guest in a highlighted manner. This ensures our interest in providing service-oriented, customer-oriented services. As a rule, only the employees of the responsible persons and the guests of the respective group have the possibility to see the display in the foyer. Viewing by unauthorised third parties is generally excluded. The personal data used to greet the guest will be deleted after the event has taken place, provided that there are no legal storage obligations to the contrary.
21. Contact forms
On our website we offer a contact form to answer your requests personally. Here you must provide your personal data. The required information is marked with an asterisk. The data will be processed in order to deal with your enquiry and to identify serious requests. The processing is based on your consent. The legal basis is Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time and without giving reasons. To do so, send an e-mail to: service@chocoversum.de. In the imprint you will find further contact details to which you can send the revocation.
22. Chatbot
For service requests, we offer you the possibility to obtain information on our website via chat bot, to be informed about self-care solutions and to establish contact with our messenger service. Our technical service provider for the chat bot service is knowhere GmbH, Steinhöft 9, 20459 Hamburg. Information on data protection can be found at https://www.moin.ai/chatbots-dsgvo No further information from you is required to use the chat bot. To optimise the artificial intelligence of the chat bot, log files and chat histories are stored for 30 days. Local storage keys are stored in the web browser to store and recognise users. The legal basis for this is § 25 para. 2 no. 2 TTDSG. The storage is technically necessary for the use of the chatbot. We would like to point out in particular that you do not have to provide any personal data. Further information can be found in our terms of use for the messenger or the chat bot. Contract-related service requests are an exception. If you would like to make use of this service, you can provide our customer service with an e-mail address. Data processing is based on our legitimate interests pursuant to Art. 6 para. 1 p. 1 letter f) DSGVO 19. Advertising to us We hereby expressly object to the use by third parties of contact data published within the scope of the imprint obligation for the purpose of sending advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam mails.
Status October 2024