NKG Bloom

Privacy Policy

Data Privacy Statement of the Neumann Gruppe GmbH

Thank you for visiting our website. In this Policy, we would like to inform you about how we handle your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Controller

The Controller for the data processing operations described below is the office named in the imprint.

Usage Data

When you visit our website, our web server temporarily evaluates usage data for statistical purposes in order to improve the quality of our website. This data consists of the following data categories:

  • the name and address of the requested content,
  • the date and time of the query,
  • of the transferred data volume,
  • the access status (content transferred, content not found),
  • the description of the used web browser and operating system,
  • the referral link, which indicates from which page you reached ours,
  • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.

The above-mentioned log data will only be evaluated anonymously.

Anonymous Visitor Measurement

We carry out anonymous visitor measurement on our website. For this purpose, the web server data logs as well as the abbreviated IP address are evaluated.

No personal evaluations about you are possible.

Storage of IP Address for Security Purposes

We store the complete IP address transmitted by your web browser for a period of seven days in the interest of detecting, limiting and eliminating attacks on our web pages. After this period, we delete or anonymize the IP address.

The legal basis for this processing is Art. 6(1)(f) of the GDPR.

Data Security

We take technical and organizational measures to protect your data as comprehensively as possible from unwanted access. These measures include encryption procedures on our web pages. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption.

You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Necessary Cookies

On our website, we use cookies which are necessary in order for the site to function.

Cookies are small text files that can be placed on your computer or mobile device by websites that you visit.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

In some cases, these cookies only contain information on certain settings and cannot be linked to a person. They may also be necessary to enable user guidance, security and implementation of the site.

The legal basis for using these cookies is our legitimate interest according to Art. 6(1) (f) GDPR.

You can set your browser to inform you about the placement of cookies. This is in order to make the use of cookies transparent for you.

You can also delete cookies or prevent the setting of new cookies at any time by using the appropriate browser settings.

Please note that if you delete certain cookies, our web pages may not be displayed correctly and some functions may no longer be available.

Provider Purpose Storage period Appropriate Level of data protection
Borlabs Cookie Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie. 1 year Processing only within EU/EEA

 

Consent banner

We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR to provide you with our content according to your preferences and to be able to prove your consent(s). The settings you have made, the consents you have given and parts of your usage data are stored in a cookie. This ensures that it is kept for further website visits and that your consents continue to be traceable. You can find more information about this under the section “Necessary cookies”.

The provider of the consent management platform acts on our behalf and is strictly bound by our instructions (processor). A data processing agreement in accordance with Art. 28 GDPR has been concluded.

Matomo

We use the web analysis tool “Matomo” to design our websites in accordance with the needs of our visitors. Matomo creates user profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and accessed by us. This allows us to recognise returning visitors and count them as such.

The data processing is based on your consent if you have given your consent via our cookie banner. You can revoke your consent at any time. Please follow this link and make the appropriate settings via our banner.

The cookies set are deleted or no longer processed after 13 months or after you withdrew your consent.

Contact Form

You may contact us third-party via our contact form. In order to use our contact form, we will require you to provide the data marked as mandatory.
The legal basis for this processing is Art. 6 (1) (f) GDPR, being our legitimate interest to respond to your request.

You can decide whether or not you would like to provide us with further information. This information is provided voluntarily and is not required to contact us.

We process your voluntary details on the basis of your consent in accordance with Art. 6 (1) 1a) GDPR. Your data will only be processed to process your request. We will delete your data if they are no longer required and there are no legal obligations to retain them.

Where the processing of your data which is transmitted via the contact form is based on legitimate interest in accordance with   Art. 6 (1) (f) GDPR, you have the right to object to that processing at any time. To do so, please use the email address provided in the imprint.

In addition, you can withdraw your consent to the processing of your voluntarily provided information at any time.  To do so, please use the email address provided in the imprint.

Social Plugins

We enable the usage of social plugins on our website. However, for data protection reasons, we only integrate these social plugins e in a deactivated form. Therefore, when you visit our websites, no data is transmitted to social media services.

You can, however, activate and use the social plugins integrated in our websites. For this purpose, we use a solution by which our web server provides all data and functions required to display the social plugin in the first step. Only after you choose to activate the respective social plugin by clicking on the corresponding preview image or icon, will your browser establish a connection to the servers of the provider of the respective social media service as a second step.

If you activate a plugin, the social media service receives in particular your IP address and, among other things, information about your visit to our websites. This happens regardless of whether you have registered an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile.

Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create user profiles based on your data and use them for the purpose of personalized advertising. Furthermore, your data will be used to inform other users of the social media service about your activities on our websites.

The legal basis for this integration is your consent according to Art. 6 (1) (a) GDPR or §15 S. 3 Nr. 1 German Telemedia Act (TMG), if you have given your consent by clicking on the preview image. Please note that the integration of many social plugins means that your data is processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance g purposes without you being informed or having the right to appeal.

If we use providers in third countries without an adequate level of protection and you give your consent, the transfer to this third country is based on Art. 49 (1) (a) GDPR.

If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by not clicking on the preview image or icon of the respective Social Plugin.

Provider Data Retention Adequate Data Protection Level Withdrawal of Consent
Meta Platforms Ireland Limited (Instagram) 1 year For transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework). If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by not clicking on the preview image or icon of the respective Social Plugin.
Vimeo.com, Inc. 1 year For transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework). If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by not clicking on the preview image or icon of the respective Social Plugin.

Newsletter Registration and Delivery

You may register to receive our newsletter on our website. Please note that we require certain data (your e-mail address at the minimum) to complete the newsletter registration.

We will only send the you the newsletter if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. After you have completed the newsletter registration on our website, you will receive a confirmation e-mail at the e-mail address you provided (double opt-in).

You may withdraw your consent at any time. An easy way to withdraw your consent is, for example, to use the unsubscribe link provided in every newsletter.

As part of the newsletter registration process, we store certain data in addition to the above-mentioned data, as far as it is necessary to prove so that you have registered for our newsletter. This may include storing the complete IP address at the time of the registration or confirmation of the newsletter, as well as a copy of the confirmation mail sent by us.

The legal basis for the data processing is our legitimate interest to be able to account for the legality of the newsletter delivery according to Art. 6 (1) (a) GDPR.

If you register for our newsletter, we ask you to agree to further newsletter tracking as part of the registration process.

If you give us the appropriate consent in accordance with Art. 6 (1) (a) GDPR, we will include individual tracking pixels in our newsletters, with which we can recognize when the newsletter sent to you was accessed or opened and individualize the links in the newsletter to determine when you clicked on which link.

Provider Data Retention Adequate Data Protection Level Withdrawal of Consent
Mailchimp (The Rocket Science Group LLC) 1 year For transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework). To withdraw your consent, please use the link provided in each newsletter to unsubscribe or adjust your consent preferences.

Direct Marketing

Where we receive your e-mail address in connection with the sale of a product or service, we will use the e-mail address for direct marketing of our own similar goods or services, unless you have objected to the processing. During the collection of the email address and for each use, we clearly point out that you can object to the use at any time without incurring any costs other than the transmission costs according to the basic rates.

The legal basis for the data processing is our legitimate interest to be able to promote the sale of our goods or services according to Art. 6 (1) (f) GDPR.

An uncomplicated method to object to this processing is provided e.g. by the cancellation link provided in every e-mail.

Map Services

On our web sites, we embed map services which are not stored on our servers.

To ensure that calling up our websites with embedded map services does not automatically lead to the reloading of content of the third-party provider, in a first step, we only display locally stored preview images of the maps in a first step. This does not provide the third-party provider with any information.

Only after clicking on the preview image the content of the third-party provider will be reloaded. The third-party provider is therefore able to obtain the information that you have accessed our site as well as the usage data that is technically required in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us permission that contents from the third-party provider are reloaded.

The embedding is based on your consent, provided you have given your consent by clicking on the preview image.

Please note that the embedding of some map services results in that your data will be processed outside the EU or EEA (in particular the USA). If data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information about the level of data protection in the following table.

Provider Data Retention Adequate Data Protection Level Withdrawal of Consent
Google LLC (USA) 1 year For transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework). If you have clicked on a preview image, the content of the third-party provider is immediately downloaded. To avoid this downloading on other sites, please do not click on the preview image.

Embedding of additional technical third-party content and functions

We use functions and content of the third-party providers listed below to enhance our websites.

Calling up our pages leads to the content of the third-party provider being reloaded, who provides these functions and content. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context.

We have no influence on the further data processing by the third-party provider.

The data processing is based on your consent, provided that you have previously given your consent via our consent banner.

Please note that the use of third-party content and features may result in your data being processed outside the EU or EEA (in particular in the US). For transfers to the USA, an adequate level of data protection is ensured due to the adequacy decision (EU-U.S. Data Privacy Framework).

Provider Purpose Appropriate Level of data protection
MyFonts by Monotype GmbH (fast.fonts.net) Cookie to track font licensing of MyFonts based on site impressions Processing in the EU / EEA and for transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework).
MyFonts by Monotype GmbH (fast.fonts.net) Loading web fonts provided by MyFonts (Monotype GmbH) to display texts and fonts correctly Processing in the EU / EEA and for transfers to the USA, an adequate level of data protection is guaranteed due to the provider’s certification under the adequacy decision (EU-U.S. Data Privacy Framework).

Data Processors

We transfer your data to service providers who support us in the operation of our websites and related processes. These service providers are usually data processors within the meaning of Art. 28 GDPR. Our service providers are strictly bound by contracts and our instructions.

Any processors who may not have been previously disclosed are listed below. If data is transferred outside the EU or the EEA, we will also provide information on the adequate level of data protection.

Processor Purpose Appropriate level of data protection
All-connect Data Communications GmbH Hosting of Website Processing only within EU/EEA

 

Retention Periods

Unless otherwise specified, we will delete your personal data if they are no longer required for the relevant processing purposes and no legal retention obligations oppose deletion.

Your rights as a data subject

When processing your personal data, the GDPR grants you certain rights as a data subject:

Right of access by the data subject (Art. 15 GDPR)
You have the right to obtain confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right to be informed of this personal data and to receive the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)
You have the right to rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement without delay.

Right to erasure (Art. 17 GDPR)
You have the right to obtain the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of our examination.

Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, or to request that this data be transferred to a third party.

Right to withdraw consent (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.

Right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 (1) 1 f GDPR (data processing for the purpose of our legitimate interests) or on the basis of Art. 6 (1) 1 e GDPR (data processing for the purpose of protecting public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or if data is still needed for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. This right may be asserted in particular with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.
 
Asserting your rights
Unless otherwise described above, please contact us to assert your rights. You will find our contact details in our imprint.
 

Contact for questions about data protection

If you have any questions regarding the processing of your personal data, you can contact dataprotection@nkg.coffee.

When contacting our data protection officer, please specify the name of the company, stated in our imprint.

Version: January 2024, Neumann Gruppe GmbH

Cookie Opt-Out

If you would like to opt-out to the cookie use on our site, please click here:

Change cookie preferences

External Partners