General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can personally identify you. Detailed information on data protection can be found in our privacy policy listed below this text.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Notice Regarding the Responsible Party” in this privacy policy.
How do we collect your data?
Your data is collected, on the one hand, when you provide it to us. This could, for example, be data you enter in a contact form.
Other data is collected automatically or after your consent when you visit the website by our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the data provided will also be processed for contractual offers, orders, or other inquiries.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Additionally, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time regarding this or any other questions on the subject of data protection.
Analysis Tools and Third-Party Tools
When visiting this website, your browsing behavior may be statistically analyzed. This is done primarily using so-called analysis programs. Detailed information on these analysis programs can be found in the following privacy policy.
External Hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include, in particular, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses, and other data generated via a website.
External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online offer securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR). If consent is requested, processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TTDSG. Consent can be revoked at any time.
Our host(s) will only process your data to the extent necessary to fulfill their service obligations and follow our instructions regarding this data.
We use the following host(s):
Hostinkos GmbH
Str. 28 Nëntori n.n., Dardani, 10 000 Prishtina, Republic of Kosovo
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above service. This is a data protection contract required by law, which ensures that the host processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Data Protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data are data that can personally identify you. This privacy policy explains which data we collect and what we use them for. It also explains how and for what purpose this happens.
Please note that data transmission over the internet (e.g., during communication via email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.
Notice Regarding the Responsible Party
The responsible party for data processing on this website is:
ER & S GmbH
Route de Chaulin 11
1822 Chernex, CH
Phone: +41 79 121 27 21
Email: goldysnacks.ks@gmail.com
The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Period
Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in such cases, the deletion takes place after these reasons cease to apply.
General Information on the Legal Basis of Data Processing on This Website
If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data under Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49(1)(a) GDPR. If you consented to the storage of cookies or to access information on your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25(1) TTDSG. Consent can be revoked at any time.
If your data are required for the fulfillment of a contract or for pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if this is necessary for the fulfillment of a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also occur based on our legitimate interest under Art. 6(1)(f) GDPR. Information about the relevant legal bases in each specific case is provided in this privacy policy.
Notice Regarding Data Transfer to Third Countries and US Companies Not Certified Under the DPF
We use tools from companies based in countries outside the EU that are not classified as safe under data protection laws, as well as US-based tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there.
Please note that no level of data protection comparable to that in the EU can be guaranteed in such countries. In the US, a comparable level of data protection generally exists when the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or provides appropriate additional safeguards.
Recipients of Personal Data
In the course of our business activities, we work with various external entities. This sometimes necessitates the transfer of personal data to these external entities. Personal data are only shared if required for contract performance, legally obligated (e.g., data sharing with tax authorities), based on legitimate interests under Art. 6(1)(f) GDPR, or otherwise legally permissible.
When we use processors, we transfer personal data of our customers only under a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke consent already given at any time. The legality of the data processing carried out until the revocation remains unaffected.
Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ARTICLE 6(1) LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE SPECIFIC LEGAL BASIS FOR THE PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING AT ANY TIME; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ARTICLE 21(2) GDPR).
Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement.
Right to Data Portability
You have the right to have data that we process based on your consent or in fulfillment of a contract automatically delivered to yourself or a third party in a standard, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.
Access, Correction, and Deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipients, and the purpose of the data processing and, if applicable, a right to correction or deletion of these data. For this and other questions about personal data, you can contact us at any time.
Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time to exercise this right. The right to restrict processing applies in the following cases:
If you have restricted the processing of your personal data, such data may only be processed (apart from being stored) with your consent or for asserting, exercising, or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator. You can recognize an encrypted connection by the address line of your browser changing from “http://” to “https://” and the lock symbol in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted Payment Transactions on This Website
If there is an obligation to transmit your payment data (e.g., account number for direct debit) to us after entering into a paid contract, these data are required for processing payments.
Payment transactions using common payment methods (e.g., Visa/MasterCard, direct debit) are exclusively processed via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the address line of your browser changing from “http://” to “https://” and the lock symbol in your browser line.
With encrypted communication, your payment data, which you transmit to us, cannot be read by third parties.
4.Data Collection on This Website
Cookies
Our websites use “cookies.” Cookies are small data packets that do no harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently stored (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them or they are automatically removed by your web browser.
Cookies can be from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).
Cookies serve different purposes. Many cookies are technically necessary as certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies are used to analyze user behavior or for advertising purposes.
Cookies that are necessary for carrying out electronic communications, providing certain functions requested by you (e.g., for the shopping cart function), or optimizing the website (e.g., cookies for measuring web traffic) are stored based on Article 6(1)(f) GDPR, unless a different legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure a technically error-free and optimized provision of its services. If consent for the storage of cookies and comparable recognition technologies has been requested, processing will be exclusively based on this consent (Article 6(1)(a) GDPR and § 25(1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG)); consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies, allow cookies only in specific cases, exclude the acceptance of cookies for certain cases or in general, and activate automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
You can find information about the cookies and services used on this website in this privacy policy.
Inquiries via Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.
The processing of this data is based on Article 6(1)(b) GDPR, if your request is related to the fulfillment of a contract or is necessary for carrying out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively handling the inquiries directed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if this was requested; consent can be revoked at any time.
The data you send to us via contact inquiries will remain with us until you request us to delete it, revoke your consent for storage, or the purpose for the data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions, particularly statutory retention periods, remain unaffected.
5.Social Media Integration
This website integrates elements of the social network Facebook. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Data collected by Facebook may also be transmitted to the USA and other third countries.
An overview of Facebook’s social media plugins can be found here: Facebook Plugins.
When the social media feature is active, a direct connection between your device and Facebook’s server is established. Facebook receives information about your visit to this website using your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link this website’s content to your Facebook profile. Consequently, Facebook can associate your visit with your account.
We inform users that we, as the website provider, have no knowledge of the content of the data transmitted to or used by Facebook. For more information, consult Facebook’s privacy policy: Facebook Privacy Policy.
The use of this service is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TTDSG, which can be withdrawn at any time.
Where data is collected via this tool and shared with Facebook, both this website and Meta Platforms Ireland Limited are jointly responsible for data processing (Article 26 GDPR). This joint responsibility only includes the data collection and transfer to Facebook, while Facebook’s subsequent processing is not part of the shared responsibility. The agreement text can be reviewed at: Joint Processing Addendum.
Facebook has been certified under the “EU-US Data Privacy Framework” (DPF), which ensures compliance with European data protection standards for data processed in the USA. More details are available here: EU-US DPF.
This website incorporates Instagram functionalities, also provided by Meta Platforms Ireland Limited. When active, the social media feature connects directly to Instagram servers, transmitting information about your website visit.
If logged into your Instagram account, you can link this website’s content to your Instagram profile. We emphasize that we do not have access to the transmitted data or its use by Instagram.
The use of Instagram services relies on your consent under Article 6(1)(a) GDPR and Section 25(1) TTDSG, which is revocable at any time. Shared responsibilities between this website and Meta Platforms Ireland Limited regarding data processing are addressed similarly to Facebook.
Instagram’s data handling policies can be reviewed here: Instagram Privacy Policy.
6.Analysis Tools and Advertising
Google Tag Manager
Google Tag Manager, provided by Google Ireland Limited, is used on this site. It manages tracking and statistics tools but does not create user profiles or store cookies. However, it captures your IP address, which may be transmitted to Google’s servers in the USA.
The use of Google Tag Manager is based on Article 6(1)(f) GDPR, reflecting the website operator’s legitimate interest in efficiently managing various tools. If consent is required (e.g., cookies or device fingerprinting), processing is based on Article 6(1)(a) GDPR. Consent can be revoked at any time.
Google is certified under the EU-US DPF. More details: EU-US DPF – Google.
Google Analytics
Google Analytics, provided by Google Ireland Limited, helps analyze website visitor behavior. Collected data (e.g., page views, session duration) is not tied to a user ID but to devices. Google may use modeling techniques and machine learning for analysis.
This service is based on your consent under Article 6(1)(a) GDPR and Section 25(1) TTDSG. Data transfer to the USA adheres to EU standard contractual clauses. More information: Google Controller Terms.
Google Fonts
This website uses Google Fonts to ensure consistent font presentation. When a page is accessed, your browser loads the necessary fonts into its cache to correctly display text and fonts.
To do so, your browser connects to Google servers, which informs Google that your IP address has accessed this website. The use of Google Fonts is based on GDPR Art. 6(1)(f), where the website operator has a legitimate interest in consistent font presentation. If consent is requested, the processing is exclusively based on GDPR Art. 6(1)(a) and § 25(1) TDDG, provided consent includes the storage of cookies or access to user device information (e.g., device fingerprinting) as defined by the TDDG. Consent can be revoked at any time.
If your browser does not support Google Fonts, a default font from your computer will be used.
More information about Google Fonts can be found at:
Google is certified under the “EU-US Data Privacy Framework” (DPF), which ensures compliance with European data protection standards in the U.S. For more information, visit: EU-US DPF.
Font Awesome
This website uses Font Awesome for consistent display of fonts and icons. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.
When accessing a page, your browser loads the necessary fonts into its cache to correctly display text, fonts, and icons. To do so, your browser connects to Font Awesome servers, informing them of your IP address accessing this website.
The use of Font Awesome is based on GDPR Art. 6(1)(f), where the website operator has a legitimate interest in consistent font presentation. If consent is requested, processing is exclusively based on GDPR Art. 6(1)(a) and § 25(1) TDDG, provided consent includes the storage of cookies or access to user device information (e.g., device fingerprinting). Consent can be revoked at any time.
If your browser does not support Font Awesome, a default font from your computer will be used.
More information can be found in Font Awesome’s privacy policy: Font Awesome Privacy Policy.
Google reCAPTCHA
This website uses “Google reCAPTCHA” (hereinafter “reCAPTCHA”). The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA verifies whether data entered on this website (e.g., in a contact form) is entered by a human or an automated program. To do this, reCAPTCHA analyzes website visitors’ behavior based on various characteristics. This analysis begins automatically when the visitor enters the website and evaluates data such as IP addresses, time spent on the website, and mouse movements. This data is then forwarded to Google.
The reCAPTCHA analyses run entirely in the background, and visitors are not informed that such an analysis is taking place.
The storage and analysis of data are based on GDPR Art. 6(1)(f), where the website operator has a legitimate interest in protecting its website from malicious automated activities such as spam. If consent is requested, the processing is exclusively based on GDPR Art. 6(1)(a) and § 25(1) TDDG, provided consent includes the storage of cookies or access to user device information (e.g., device fingerprinting). Consent can be revoked at any time.
For more information, see:
Google is certified under the “EU-US Data Privacy Framework” (DPF), which ensures compliance with European data protection standards in the U.S. For more information, visit: EU-US DPF.
Wordfence
This website uses Wordfence, provided by Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.
Wordfence protects this website against unauthorized access or malicious cyberattacks. For this purpose, a constant connection is established between the website and Wordfence servers to compare activities on the website with Wordfence’s databases and block suspicious activity if necessary.
The use of Wordfence is based on GDPR Art. 6(1)(f), where the website operator has a legitimate interest in effectively protecting their website against cyberattacks. If consent is requested, processing is exclusively based on GDPR Art. 6(1)(a) and § 25(1) TDDG, provided consent includes the storage of cookies or access to user device information (e.g., device fingerprinting). Consent can be revoked at any time.
Data transfers to the U.S. are based on the EU Commission’s standard contractual clauses. Details can be found here: Wordfence GDPR.
Processing Customer and Contract Data
We collect, process, and use personal customer and contract data to initiate, structure, and modify contractual relationships. We collect, process, and use personal data related to the use of this website (usage data) only to the extent necessary to provide or bill for the service. The legal basis for this is GDPR Art. 6(1)(b).
Customer data will be deleted after the contract is completed or the business relationship ends, subject to statutory retention periods.
Data Transfer for Online Shops, Merchants, and Shipping Services
If you order goods from us, your personal data will be shared with the shipping company responsible for delivery and the payment service provider responsible for payment processing. Only the data necessary for fulfilling these tasks will be shared.
The legal basis for this is GDPR Art. 6(1)(b), which permits data processing for contract fulfillment or pre-contractual actions.
If you provide consent under GDPR Art. 6(1)(a), your email address may be shared with the shipping company to notify you about your order’s shipping status. You can revoke your consent at any time.
Payment Services
We integrate third-party payment services on our website. When making a purchase, your payment data (e.g., name, payment amount, account details, credit card number) is processed by the respective payment service provider. The legal basis for this is GDPR Art. 6(1)(b) (contract fulfillment) and Art. 6(1)(f) (legitimate interest in secure payment processing).
If your consent is required for certain actions, GDPR Art. 6(1)(a) serves as the legal basis. Consent can be revoked at any time.
Payment services used:
PayPal
The provider of this payment service is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Further details can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as “Mastercard”).
Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
VISA
The provider of this payment service is Visa Europe Services Inc., branch office London, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as “VISA”).
The United Kingdom is considered a data protection safe third country, meaning it has a level of data protection that is comparable to the level in the European Union.
VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
Further information can be found in VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
Twint
Twint is a Switzerland-based payment service provider. Specific details are subject to Twint’s terms and privacy policies. More information can be found here: Data Privacy Statement TWINT AG » APP