Privacy policy

Privacy Policy

The data controller is:

HistaFit GmbH Haasemannstr. 6 30449 Hannover

We appreciate your interest in our online shop. The protection of your privacy is very important to us. Below we provide detailed information about how we handle your data.

1. Access Data and Hosting

You can visit our website without providing any personal information. Each time a webpage is accessed, the web server automatically stores a server log file containing, for example, the name of the requested file, your IP address, date and time of access, amount of data transferred, and the requesting provider (access data), and documents the access.

This access data is evaluated exclusively to ensure trouble-free operation of the website and to improve our services. This serves to protect our legitimate interests in the correct presentation of our services pursuant to Art. 6(1)(f) GDPR. All access data is deleted no later than seven days after your visit ends.

1.1 Hosting

The services for hosting and displaying the website are partially provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected through forms on this website are processed on their servers. For questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

Our service providers are located in and/or use servers in countries outside the EU and EEA. There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on the European Commission's Standard Contractual Clauses.

Our service providers are located in and/or use servers in the following countries for which the European Commission has established an adequate level of data protection: Canada.

Our service providers are located in and/or use servers in the USA and other countries outside the EU and EEA. There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on the European Commission's Standard Contractual Clauses.

1.2 Content Delivery Network

To reduce loading times, we use a Content Delivery Network ("CDN") for some services. With this service, content such as large media files is delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the service providers' servers. Our service providers act as processors on our behalf.

Our service providers are located in and/or use servers in countries outside the EU and EEA. There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on the European Commission's Standard Contractual Clauses. For questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

2. Data Processing for Contract Fulfillment, Contact, and Customer Account Creation

2.1 Data Processing for Contract Fulfillment

For the purpose of contract fulfillment (including inquiries about and handling of any warranty and performance claims as well as any statutory update obligations) pursuant to Art. 6(1)(b) GDPR, we collect personal data that you voluntarily provide to us as part of your order. Mandatory fields are marked as such because we require this data for contract fulfillment and cannot ship your order without it. The data collected is evident from the respective input forms.

Further information on the processing of your data, particularly on disclosure to our service providers for order, payment, and shipping processing, can be found in the following sections of this privacy policy. After complete fulfillment of the contract, your data will be restricted for further processing and deleted after expiration of tax and commercial law retention periods pursuant to Art. 6(1)(c) GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6(1)(a) GDPR or we reserve the right to further data use that is permitted by law and about which we inform you in this policy.

Enterprise Resource Planning System

For order and contract processing, we use enterprise resource planning systems from external service providers. Our service providers act as processors on our behalf. For questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

2.2 Customer Account

If you have given your consent pursuant to Art. 6(1)(a) GDPR by choosing to open a customer account, we use your data for the purpose of opening a customer account and storing your data for future orders on our website. You can delete your customer account at any time by sending a message to the contact details provided in this privacy policy or by using a dedicated function in your customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data pursuant to Art. 6(1)(a) GDPR or we reserve the right to further data use that is permitted by law and about which we inform you in this policy.

2.3 Contact

In the context of customer communication, we collect personal data pursuant to Art. 6(1)(b) GDPR to process your inquiries when you voluntarily provide them to us when contacting us (e.g., via contact form or email). Mandatory fields are marked as such because we require this data to process your inquiry. The data collected is evident from the respective input forms. After complete processing of your inquiry, your data will be deleted unless you have expressly consented to further use of your data pursuant to Art. 6(1)(a) GDPR or we reserve the right to further data use that is permitted by law and about which we inform you in this policy.

3. Data Processing for Shipping

For contract fulfillment pursuant to Art. 6(1)(b) GDPR, we share your data with the shipping service provider commissioned with delivery, insofar as this is necessary for the delivery of ordered goods.

Data Sharing with Shipping Service Providers for Delivery Notification

If you have given us your express consent during or after your order, we will share your email address and telephone number with the selected shipping service provider pursuant to Art. 6(1)(a) GDPR so that they can contact you before delivery for delivery notification or coordination purposes.

Consent can be revoked at any time by sending a message to the contact details provided in this privacy policy or directly to the shipping service provider at the contact addresses listed below. After revocation, we will delete the data you provided for this purpose unless you have expressly consented to further use of your data or we reserve the right to further data use that is permitted by law and about which we inform you in this policy.

  • United Parcel Service Deutschland S.à r.l. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany
  • Hermes Germany GmbH, Essener Straße 89, D-22419 Hamburg, Germany
  • General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1-7, DE-36286 Neuenstein, Germany
  • DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany
  • DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
  • Schenker Deutschland AG, Lyoner Straße 15, 60528 Frankfurt am Main, Germany

4. Data Processing for Payment Processing

For payment processing in our online shop, we work with the following partners: technical service providers, credit institutions, and payment service providers.

4.1 Data Processing for Transaction Processing

Depending on the selected payment method, we share the data necessary for processing the payment transaction with our technical service providers acting as processors on our behalf, or with the commissioned credit institutions or the selected payment service provider, insofar as this is necessary for payment processing. This serves contract fulfillment pursuant to Art. 6(1)(b) GDPR. In some cases, payment service providers collect the data required for payment processing themselves, e.g., on their own website or via technical integration in the ordering process. The privacy policy of the respective payment service provider applies.

For questions about our payment processing partners and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

4.2 Data Processing for Fraud Prevention and Payment Process Optimization

Where applicable, we share additional data with our service providers who, together with the data necessary for payment processing, use it as our processors for fraud prevention and payment process optimization (e.g., invoicing, handling disputed payments, accounting support). This serves pursuant to Art. 6(1)(f) GDPR to protect our legitimate interests in securing ourselves against fraud and efficient payment management.

5. Email Newsletter and Postal Advertising

HistaFit GmbH offers you the opportunity to sign up for our email newsletters at www.histafood.eu. We send newsletters via Klaviyo, emails, and other electronic notifications (hereinafter "Newsletter") only with the consent of recipients or with legal permission. A newsletter via Klaviyo is only sent after you have consented to receive it by providing your email address. This consent can be revoked at any time with effect for the future at info@histafood.eu or at the end of each email.

To sign up for our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal addressing in the newsletters, or other information if required for the purposes of the newsletter.

Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact details described below or via a designated link in the newsletter.

After unsubscribing, we will delete your email address from the recipient list unless you have expressly consented to further use of your data pursuant to Art. 6(1)(a) GDPR or we reserve the right to further data use that is permitted by law and about which we inform you in this policy.

Email Advertising Without Newsletter Registration and Your Right to Object

If we received your email address in connection with the sale of goods or services and you have not objected, we reserve the right to send you occasional advertising, trends, and news about similar products from our range related to your purchase by email pursuant to § 7(3) UWG. You can object to this use of your email address at any time at info@histafood.eu.

Double Opt-In Procedure: Registration for our newsletter generally takes place using the so-called double opt-in procedure. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else's email address. Newsletter registrations are logged in order to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to prove previously given consent. The processing of this data is limited to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist (so-called "blacklist").

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper execution. If we commission a service provider to send emails, this is based on our legitimate interests in an efficient and secure mailing system.

Notes on Legal Bases: The newsletters are sent based on the recipients' consent or, if consent is not required, based on our legitimate interests in direct marketing, insofar as and to the extent that this is legally permitted, e.g., in the case of existing customer advertising. If we commission a service provider to send emails, this is based on our legitimate interests. The registration process is recorded based on our legitimate interests to prove that it was conducted in accordance with the law.

Content: Information about HistaFit GmbH and our brands HistaFit, HistaNutri, and HistaFood, our services, promotions, and offers, as well as other information about histamine intolerance and low-histamine nutrition.

Analysis and Performance Measurement: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or from the server of our mailing service provider if we use one. As part of this retrieval, technical information such as browser and system information, as well as your IP address and time of retrieval, are initially collected.

This information is used for the technical improvement of our newsletter based on technical data or target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the mailing service provider, to observe individual users. The evaluations serve us rather to recognize the reading habits of our users and to adapt our content to them or to send different content according to our users' interests.

The evaluation of the newsletter and performance measurement are carried out, subject to express consent from users, based on our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves both our business interests and meets user expectations.

A separate revocation of performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled or objected to.

Types of Data Processed: Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers), meta/communication data (e.g., device information, IP addresses), usage data (e.g., websites visited, interest in content, access times).

Data Subjects: Communication partners.

Purposes of Processing: Direct marketing (e.g., by email or post).

Legal Bases: Consent (Art. 6(1)(a) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR).

Opt-Out Option: You can cancel receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options stated above, preferably email.

Promotional Communication via Email, Post, Fax, or Telephone

We process personal data for promotional communication purposes, which may take place via various channels such as email, telephone, post, or fax in accordance with legal requirements.

Recipients have the right to revoke consent at any time or to object to promotional communication at any time.

After revocation or objection, we may store data required to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data is limited to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

Types of Data Processed: Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers).

Data Subjects: Communication partners.

Purposes of Processing: Direct marketing (e.g., by email or post).

Legal Bases: Consent (Art. 6(1)(a) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR).

Competitions and Contests

HistaFit GmbH processes personal data of participants in competitions and contests from brands such as HistaFit, HistaFood, and HistaNutri and competition partners only in compliance with relevant data protection regulations, insofar as processing is contractually required for the provision, execution, and handling of the competition, participants have consented to processing, or processing serves our legitimate interests (e.g., security of the competition or protection of our interests against misuse through possible collection of IP addresses when submitting competition entries).

If participants' entries are published as part of competitions (e.g., as part of a vote or presentation of competition entries or winners or reporting on the competition), we point out that participants' names may also be published in this context. Participants can object to this at any time.

If the competition takes place within an online platform or social network (e.g., Facebook or Instagram, hereinafter referred to as "online platform"), the terms of use and privacy policies of the respective platforms also apply. In these cases, we point out that we are responsible for the information provided by participants in the context of the competition and that inquiries regarding the competition should be directed to us.

Participants' data will be deleted as soon as the competition or contest has ended and the data is no longer required to inform winners or because questions about the competition are expected. In principle, participants' data is deleted no later than 6 months after the end of the competition. Winners' data may be retained longer, e.g., to answer questions about prizes or fulfill prize services; in this case, the retention period depends on the type of prize and is, for example, up to three years for goods or services in order to handle warranty cases. Furthermore, participants' data may be stored longer, e.g., in the form of reporting on the competition in online and offline media.

If data was also collected for other purposes as part of the competition, its processing and retention period are governed by the privacy notices for that use (e.g., in the case of newsletter registration as part of a competition).

Types of Data Processed: Inventory data (e.g., names, addresses), content data (e.g., text entries, photographs, videos).

Data Subjects: Competition and contest participants.

Purposes of Processing: Conducting competitions and contests.

Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR).

5.2 Newsletter Dispatch

The newsletter and the newsletter tracking described above may also be sent by our service providers (Klaviyo) as part of processing on our behalf. For questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

6. Cookies and Other Technologies

6.1 General Information

To make your visit to our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the browser session ends, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (persistent cookies). We use such technologies that are essential for the use of certain functions of our website (e.g., shopping cart function). Through these technologies, IP address, time of visit, device and browser information, and information about your use of our website (e.g., information about shopping cart content) are collected and processed. This serves our legitimate interests in an optimized presentation of our services pursuant to Art. 6(1)(f) GDPR.

We also use technologies to fulfill legal obligations to which we are subject (e.g., to prove consent to the processing of your personal data) as well as for web analytics and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

Cookie settings for your browser can be found at the following links:

  • Microsoft Edge™
  • Safari™
  • Chrome™
  • Firefox™
  • Opera™

Insofar as you have consented to the use of technologies pursuant to Art. 6(1)(a) GDPR, you can revoke your consent at any time here or by sending a message to the contact details described in the privacy policy.

6.2 Cookiebot Consent Management Platform

On our website, we use Cookiebot to inform you about the cookies and other technologies we use on our website, and to obtain, manage, and document your consent to the processing of your personal data by these technologies where required. This is necessary pursuant to Art. 6(1)(c) GDPR to fulfill our legal obligation pursuant to Art. 7(1) GDPR to prove your consent to the processing of your personal data. Cookiebot is a service of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, which processes your data on our behalf.

After submitting your cookie declaration on our website, Cookiebot's web server stores your anonymized IP address, date and time of your declaration, browser information, the URL from which the declaration was sent, information about your consent behavior, and an anonymous random key. Additionally, a cookie is set that contains the information about your consent behavior and the key. Your data will be deleted after twelve months unless you have expressly consented to further use of your data pursuant to Art. 6(1)(a) GDPR or we reserve the right to further data use that is permitted by law and about which we inform you in this policy.

7. Use of Cookies and Other Technologies for Advertising Analysis and Advertising Purposes

Insofar as you have given your consent pursuant to Art. 6(1)(a) GDPR, we use the following cookies and other technologies from third-party providers on our website. After the purpose has been fulfilled and our use of the respective technology ends, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the "Cookies and Other Technologies" section. Further information, including the basis of our cooperation with individual providers, can be found for each technology. For questions about providers and the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

7.1 Use of Google Services for Web Analytics and Advertising Purposes

We use the technologies described below from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Information about your use of our website automatically collected by Google technologies is usually transferred to and stored on a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on the European Commission's Standard Contractual Clauses. If your IP address is collected via Google technologies, it will be truncated before being stored on Google servers by activating IP anonymization. Only in exceptional cases will the full IP address be transferred to a Google server and truncated there. Unless otherwise stated for individual technologies, data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy notices.

Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. Your IP address is generally not merged with other Google data. Data processing is based on an agreement on commissioned processing by Google.

For the purpose of optimized marketing of our website, we have activated the data sharing settings for "Google products and services." This allows Google to access the data collected and processed by Google Analytics and subsequently use it to improve Google services. Data sharing with Google under these data sharing settings is based on an additional agreement between controllers. We have no influence on subsequent data processing by Google.

For creating and conducting tests, we also use the Google Analytics extension function Google Optimize.

For the purpose of optimized marketing of our website, we use the so-called User-ID function. With this function, we can assign a unique, permanent ID to your interaction data from one or more sessions on our online presence and thus analyze your user behavior across devices and sessions.

For web analysis, the Google Analytics extension function Google Signals enables so-called "Cross-Device Tracking." If your internet-enabled devices are linked to your Google account and you have activated the "personalized advertising" setting in your Google account, Google can create reports on your usage behavior (especially cross-device user numbers), even if you switch devices. We do not process personal data in this regard; we only receive statistics created based on Google Signals.

For web analysis and advertising purposes, the Google Analytics extension function uses the so-called DoubleClick cookie to enable recognition of your browser when visiting other websites. Google will use this information to compile reports on website activity and to provide other services related to website use.

Google AdSense

Our website markets space for third-party advertisements via Google AdSense. These advertisements are displayed to you at various locations on this website. Via the so-called DoubleClick cookie, interest-based advertising is enabled through the collection and processing of data (IP address, time of visit, device and browser information, and information about your use of our website) and automatic assignment of a pseudonymous UserID, which is used to determine interests based on visits to this and other websites.

Google Ads

For advertising purposes in Google search results and on third-party websites, the so-called Google Remarketing Cookie is set when you visit our website, which automatically enables interest-based advertising through the collection and processing of data (IP address, time of visit, device and browser information, and information about your use of our website) using a pseudonymous CookieID based on the pages you visited. Further data processing only takes place if you have activated the "personalized advertising" setting in your Google account. If you are logged into Google while visiting our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing.

For website analysis and event tracking, we measure your subsequent usage behavior via Google Ads Conversion Tracking if you reached our website via a Google Ads advertisement. Cookies may be used and data (IP address, time of visit, device and browser information, and information about your use of our website based on events we specify, such as visiting a website or newsletter registration) may be collected, from which user profiles are created using pseudonyms.

Google Maps

For the visual display of geographic information, Google Maps collects data about your use of Maps functions, particularly IP address and location data, which is transmitted to and subsequently processed by Google. We have no influence on this subsequent data processing.

Google reCAPTCHA

For the purpose of protection against misuse of our web forms and spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information, and information about your use of our website) and analyzes your use of our website using so-called JavaScript and cookies. In addition, other cookies stored in your browser by Google services are evaluated. Personal data from the input fields of the respective form is not read or stored.

Google Fonts

For uniform display of content on our website, the "Google Fonts" script code collects data (IP address, time of visit, device and browser information), which is transmitted to and subsequently processed by Google. We have no influence on this subsequent data processing.

YouTube Video Plugin

For embedding third-party content, the YouTube Video Plugin in the enhanced privacy mode we use collects data (IP address, time of visit, device and browser information), which is transmitted to and subsequently processed by Google, only when you play a video.

7.2 Use of Facebook Services for Web Analytics and Advertising Purposes

Use of Facebook Pixel

We use the Facebook Pixel within the technologies described below from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook (by Meta)" or "Meta Platforms Ireland"). With the Facebook Pixel, data (IP address, time of visit, device and browser information, and information about your use of our website based on events we specify, such as visiting a website or newsletter registration) is automatically collected and stored, from which user profiles are created using pseudonyms.

As part of the so-called advanced matching, additional information is collected and stored in hashed form for matching purposes, with which individuals can be identified (e.g., names, email addresses, and telephone numbers).

For this purpose, when you visit our website, a cookie is automatically set by the Facebook Pixel that automatically enables recognition of your browser when visiting other websites using a pseudonymous CookieID. Facebook (by Meta) will merge this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website use, particularly personalized and group-based advertising. Information about your use of our website automatically collected by Facebook (by Meta) technologies is usually transferred to and stored on a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. There is no adequacy decision by the European Commission for the USA. Insofar as data transfer to the USA falls within our responsibility, our cooperation is based on the European Commission's Standard Contractual Clauses. Further information about data processing by Facebook can be found in Meta's privacy notices.

Facebook Analytics

As part of Facebook Business Tools, statistics on visitor activities on our website are created from data collected about your use of our website with the Facebook Pixel. Data processing is based on an agreement on commissioned processing by Facebook (by Meta). Your analysis serves the optimal presentation and marketing of our website.

Facebook Ads (Ads Manager)

We advertise this website on Facebook (by Meta) and other platforms via Facebook Ads. We determine the parameters of each advertising campaign. Facebook (by Meta) is responsible for the exact implementation, particularly the decision on ad placement for individual users. Unless otherwise stated for individual technologies, data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. The joint responsibility is limited to the collection of data and its transmission to Meta Platforms Ireland. Subsequent data processing by Meta Platforms Ireland is not covered by this.

Based on the statistics on visitor activities on our website created via Facebook Pixel, we conduct group-based advertising on Facebook (by Meta) via Facebook Custom Audience by defining the characteristics of the respective target group.

Within the advanced matching that takes place to define the respective target group (see above), Facebook (by Meta) acts as our processor.

Based on the pseudonymous cookie ID set by the Facebook Pixel and the collected data about your usage behavior on our website, we conduct personalized advertising via Facebook Pixel Remarketing.

Via Facebook Pixel Conversions, we measure your subsequent usage behavior for web analysis and event tracking if you reached our website via a Facebook Ads advertisement. Data processing is based on an agreement on commissioned processing by Facebook (by Meta).

7.3 Other Providers of Web Analytics and Online Marketing Services

Use of Hotjar for Web Analytics

For the purpose of website analysis, technologies from Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta ("Hotjar") automatically collect and store data (IP address, time of visit, device and browser information, and information about your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. The pseudonymized user profiles are not merged with personal data about the holder of the pseudonym without separately granted, express consent. Hotjar acts on our behalf.

Use of Vimeo Video Plugin for Embedding Third-Party Content

For embedding third-party content, data (IP address, time of visit, device and browser information) is collected via the video plugin from Vimeo LLC, 555 West 18th Street, New York 10011, USA ("Vimeo"), transmitted to Vimeo, and subsequently processed by Vimeo. Data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Google Analytics is automatically integrated in the Vimeo Video Plugin. For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. Google Analytics is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Information automatically collected by Google about your use of our website is usually transferred to and stored on a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Your IP address is truncated before storage on Google servers by activating IP anonymization. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. We have no influence on or access to data processing by Vimeo, including Google Analytics settings and results. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on the European Commission's Standard Contractual Clauses.

Klar! Insights - Attribution

We use the services of Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany, a SaaS provider for business intelligence solutions for eCommerce companies. Klar Insights GmbH collects, processes, and stores data on this website and its subpages (user and session IDs, email address, IP address, online identifiers (cookie ID, device ID)) for reach measurement and statistical analysis on our behalf. We have concluded a data processing agreement with Klar Insights GmbH. The collection of personal data is based on the legal basis of consent pursuant to Art. 6(1)(a) GDPR. If consent is given by the user, the data to be processed is collected on a user-specific basis in accordance with § 25(1) sentence 1 TDDDG. The following cookies are used for the aforementioned different collection types to ensure the respective collection type: september_id, september_has_consent, september_do_not_track (in case of objection).

Cookie Objection: To object to the use of Klar! Insights in general, please use this link. This will set a cookie named "september_do_not_track" from the domain "histafood.eu." Please do not delete this cookie, otherwise it cannot be guaranteed that you will not be tracked by Klar. Information on data protection and data use by Klar can be found at the following website: https://app.getklar.com/legal/data-protection

8. Social Media

8.1 Social Plugins from Facebook (by Meta), Twitter, Instagram (by Meta), Pinterest, Xing, Addthis, Whatsapp

Social buttons from social networks are used on our website. These are only embedded in the page as HTML links, so that when you access our website, no connection is established with the servers of the respective provider. If you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There you can, for example, press the Like or Share button.

8.2 Our Online Presence on Facebook (by Meta), Twitter, Instagram (by Meta), YouTube, Pinterest

Insofar as you have given your consent to the respective social media operator pursuant to Art. 6(1)(a) GDPR, when you visit our online presence on the social media mentioned above, your data is automatically collected and stored for market research and advertising purposes, from which user profiles are created using pseudonyms. These can be used to, for example, display advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as contact options and your rights and settings options to protect your privacy, please refer to the privacy notices of the providers linked below. If you still need assistance in this regard, you can contact us.

Facebook (by Meta) is a service of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Meta Platforms Ireland"). Information about your use of our online presence on Facebook (by Meta) automatically collected by Meta Platforms Ireland is usually transferred to and stored on a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on the European Commission's Standard Contractual Clauses. Data processing in connection with visiting a Facebook (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information on Insights data) can be found here.

Twitter is a service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). Information about your use of our online presence on Twitter automatically collected by Twitter is usually transferred to and stored on a server of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on the European Commission's Standard Contractual Clauses.

Instagram (by Meta) is a service of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Meta Platforms Ireland"). Information about your use of our online presence on Instagram automatically collected by Meta Platforms Ireland is usually transferred to and stored on a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on the European Commission's Standard Contractual Clauses. Data processing in connection with visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information on Insights data) can be found here.

YouTube is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Information about your use of our online presence on YouTube automatically collected by Google is usually transferred to and stored on a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on the European Commission's Standard Contractual Clauses.

Pinterest is a service of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). Information about your use of our online presence on Pinterest automatically collected by Pinterest is usually transferred to and stored on a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA. There is no adequacy decision by the European Commission for the USA. Our cooperation with them is based on the European Commission's Standard Contractual Clauses.

9. Contact Options and Your Rights

9.1 Your Rights

As a data subject, you have the following rights:

  • Pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
  • Pursuant to Art. 16 GDPR, the right to request immediate correction of inaccurate or completion of your personal data stored by us;
  • Pursuant to Art. 17 GDPR, the right to request deletion of your personal data stored by us, unless further processing is necessary to exercise the right to freedom of expression and information; to fulfill a legal obligation; for reasons of public interest; or for the assertion, exercise, or defense of legal claims;
  • Pursuant to Art. 18 GDPR, the right to request restriction of processing of your personal data, insofar as the accuracy of the data is disputed by you; the processing is unlawful but you refuse deletion; we no longer need the data but you need it for the assertion, exercise, or defense of legal claims; or you have objected to processing pursuant to Art. 21 GDPR;
  • Pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller;
  • Pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. Generally, you can contact the supervisory authority of your usual place of residence or workplace or of our company headquarters.

Right to Object

Insofar as we process personal data as explained above to protect our legitimate interests that prevail in a balancing of interests, you can object to this processing with effect for the future. If the processing is for direct marketing purposes, you can exercise this right at any time as described above. Insofar as the processing is for other purposes, you have a right to object only if there are grounds arising from your particular situation. After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if processing serves to assert, exercise, or defend legal claims. This does not apply if processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.

9.2 Contact Options

For questions about the collection, processing, or use of your personal data, for information, correction, restriction, or deletion of data, as well as revocation of consent or objection to a specific use of data, please contact us directly using the contact details in our legal notice (Impressum).