26. März 2020 in Berlin


Data Protection Specifications

This data protection notice should inform you about how and for what purposes we, Coöperatieve Rabobank U.A., Frankfurt am Main branch (as part of the “Food Furore” event) process your personal data. We will also inform you about which rights arise for you from the applicable data protection law and who you can contact if you have any questions.

 

1. To whom do these data protection notices apply?

This data protection notice is aimed at visitors and participants of the “Food Furore” event as well as the “Food Furore” and FoodBytes!@Foodfurore website (www.foodfurore.de and www.foodbytesworld.com/applytofoodfurore/) and all other natural persons involved, e.g. Authorized representatives, legal guardians and representatives or employees of legal entities.

 

2. Who is responsible for the processing of my personal data?

Responsible for this data protection notice and the processing of your personal data is:

Coöperatieve Rabobank U.A., 
Zweigniederlassung Frankfurt am Main
Solmsstraße 83
60486 Frankfurt am Main
Phone: 069 130 260-0
Fax: 069 130 260-909
E-Mail: info@rabodirect.de

If you have any questions about this data protection notice, please contact datenschutz@rabobank.com or our data protection officer directly:

DPO Service GmbH
Bethmannstraße 50-54
60311 Frankfurt am Main
E-Mail: datenschutz@DPOservice.de

 

3. What personal data do we process?

We only process the personal data that we receive from visitors or participants themselves as part of the “Food Furore” event.

We process the following personal data:

a. Personal identification information:
Title, first name, last name, address, telephone number and email address as well as pictures and films. Insofar as you enter personal data as an applicant for the start-up competition, we will also process it.

b. Socio-demographic information:
Industry affilation / branch

 

4. What do we process your personal data for (purpose of processing) and on what legal basis?

We process your personal data for the following purposes:

a. Participants and visitors (Art. 6 Para. 1 a GDPR):

If you have given us your consent to the processing of personal data for specific purposes (title, first name, last name and email address as well as affiliation with the industry), the legality is given on the basis of your consent. A given consent can be revoked at any time. We process the personal data described above for the purpose of organizing the Food Furore event.

 

5. Cookies

Our website uses cookies as part of the offer. Cookies are small text files that are sent to your computer by a web server (strictly speaking: stored in your browser directory) as soon as you visit the website. Your IP address is also recorded by us when you visit our website. This information is used e.g. B. used to provide us as the operator of the website with statistical information about the use of the website. Details on the cookies used and their purposes can be found in the cookie information.

 

6. Automated decisions

No automatic decision-making that is based solely on automated processing, including profiling, and has a legal effect or affects you in a similar manner, is carried out.

 

7. Who gets my personal data?

Start-up: Food Bytes! Team and jury members (Coöperatieve Rabobank U.A., Hello Fresh International, WWF Germany Foundation, KitchenTown GmbH & Co KG)

Participants: Eventbrite, Inc.

Within the bank, only those places will get access to your personal data that they need to fulfill our contractual and legal obligations and to protect our legitimate interests. Under these conditions, recipients of your personal data are:

Processors:

In order to fulfill our purposes mentioned above, we work together with other companies, so-called contract processors. These include:

– Eventbrite, to carry out the ticket process for visitors
– Coöperatieve Rabobank U.A., Netherlands, the “Food Furore” event uses the registration form on the “FoodBytes!” Website for participants.

In this context, personal data is only passed on to the service providers mentioned for the processing of personal data by these service providers on our behalf and on the basis of our instructions (so-called “order processing“), insofar as this is necessary to achieve the above-mentioned purposes and to safeguard them our legitimate interests are required. The processors are subject to contractual obligations to implement appropriate technical and organizational measures to protect your personal data and process your personal data only in accordance with our instructions.

Data transfer to a third country

Your personal data will only be processed and used within the EU. In exceptional cases, your personal data may be transmitted to a recipient outside the EU (e.g. to technical service providers). This is always done in compliance with the applicable data protection law (Art. 45 Para. 1 GDPR). The third countries that maintain an adequate level of data protection from the perspective of European data protection law are Andorra, Argentina, Canada, Switzerland, Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Uruguay and Japan. Recipients in the United States may be partially registered under the EU-U.S. Privacy Shield are certified and can therefore be viewed from the perspective of European data protection law as third countries with an adequate level of data protection (Art. 45 Para. 1 GDPR). We maintain reasonable guarantees with respect to other recipients outside the EU; In particular, we conclude data transmission contracts concluded by the EU Commission with such recipients (e.g. standard data protection contracts (2010/87 / EU and / or 2004/915 / EC), Art. 46 Para. 2 lit. c GDPR) or provide for other measures to guarantee a level of data protection comparable to that of Europe (Art. 46 GDPR). We would be happy to provide you with a copy of the corresponding guarantee.

 

8. How long will my personal data be saved?

We do not store your personal data longer than we need it for the respective processing purposes, i.e. that is, to provide the requested service. If we no longer need your personal data to comply with contractual or legal obligations, we will delete them from our systems or anonymise them accordingly so that identification is not possible unless we have to keep information, including your personal data, in order to to comply with legal or official obligations to which we are subject, e.g. B. Statutory retention periods, which may arise from the Commercial Code or the Tax Code and can generally last 6 to 10 years, or if we have to secure evidence during the statutory limitation periods, which are usually 3 years but can be up to 30 years.

 

9. What rights do you have when it comes to the processing of your personal data?

If you have given your consent to the processing of your personal data, you can withdraw your consent at any time with future effect. Such a revocation does not affect the legality of the processing carried out based on the consent up to the revocation. According to applicable data protection law, you may have the right to (a) information, (b) correction, (c) deletion (“right to be forgotten”), (d) restriction of processing, (e) data portability and / or (f) to object the processing. The aforementioned rights may be restricted under national data protection law. To exercise these rights, please contact us as described in Section 2.

In detail:

a. Right to information (Art. 15 GDPR):

You may have the right to request confirmation from us as to whether your personal data is being processed and, if so, a right to information about this personal data. The right to information includes, among other things, the processing purposes, the categories of personal data that are processed and the recipients or categories of recipients to whom the personal data are disclosed. You may also have the right to receive a copy of the personal data that is the subject of the processing. However, this right is not unlimited, because the rights of other people can limit your right to receive a copy.

The right to information is restricted by § 34 BDSG, e.g. B. if the data (a) is only stored because it cannot be deleted due to statutory or statutory retention requirements, or (b) is used exclusively for data backup or data protection control purposes and the provision of information would require a disproportionate effort and processing is excluded for other purposes by suitable technical and organizational measures.

b. Right to Correction (Art. 16 GDPR):

You may have the right to request the correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

c. Right to erasure („Right to be forgotten“) (Art. GDPR):

Under certain conditions, you have the right to request that we delete your personal data and that we are obliged to delete personal data. The right to deletion exists e.g. B. according to § 35 BDSG, if a deletion in the case of non-automated data processing is not possible due to the special type of storage or only possible with disproportionate effort and the interest of the data subject in the deletion can be regarded as low. In this case, the deletion is replaced by the restriction of processing. The aforementioned exception does not apply if the personal data has been processed unlawfully.

d. Right to restriction of processing (Art. 18 GDPR):

Under certain conditions, you have the right to request that we restrict the processing of your personal data. In this case, the corresponding data will be marked and processed by us only for certain purposes.

e. Right to data portability (Art. 19 GDPR):

Under certain conditions, you have the right to receive the personal data relating to you that you have provided to us in a structured, common and machine-readable format, and you have the right to transmit this data to another person in charge without hindrance from us.

f. Right to object (Art. 21 GDPR):

Under certain conditions, you have the right to object to our processing of your personal data at any time for reasons that arise from your particular situation, and we may be obliged to no longer process your personal data. If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising.

If you believe that we are processing your personal data in an unauthorized manner, please contact us using the contact details provided in Section 2. You also have the right to contact a data protection supervisory authority. You can contact the data protection supervisory authority responsible for us as follows:

The Hessian Data Protection Officer
Mailbox 31 63
65021 Wiesbaden
Phone: +49 611 1408-0
Fax: +49 611 1408-900
E-Mail: poststelle@datenschutz.hessen.de