Privacy policy

Outdoorchef Privacy Policy

Thank you for visiting our website. We would like to inform you below about how we handle your personal data in accordance with Art. 19 of the Federal Act on Data Protection (FADP) and Art. 13 of the General Data Protection Regulation (GDPR).

1. Controller

The entity responsible for the data collection and data processing described below is

Outdoorchef AG
Eggbühlstrasse 28
8050 Zurich, Switzerland
E-mail address: marcom@outdoorchef.com
www.outdoorchef.com

These Outdoorchef subsidiaries may also be responsible. This is the case, for instance, if you apply to one of these companies or contact this subsidiary to order or complain about a product:

Germany:
Outdoorchef Deutschland GmbH
Ochsenmattstrasse 10
79618 Rheinfelden, Germany
E-mail address: marcom@outdoorchef.com

Benelux:
Outdoorchef Benelux B.V.
Databankweg 26
3821 AL Amersfoort, Netherlands
E-mail address: marcom@outdoorchef.com

Austria:
Outdoorchef Austria GmbH
Handelskai 94-96/23 und 24
1200 Vienna, Austria
E-mail address: marcom@outdoorchef.com

2. Overview of our data protection information

Outdoorchef Privacy Policy. 1

Controller. 1
Overview of our data protection information. 1
Data processing when operating our websites. 1

3.1. Usage data. 1

3.2. Cookie Consent Manager CCM19. 1

3.3. Use of cookies and similar technologies. 1

3.4. Google Tag Manager. 1

3.5. Website analysis and tracking services. 1

3.6. YouTube. 1

3.7. Google Web Fonts. 1

3.8. “Facebook/Meta pixel” (Facebook Custom Audiences, Facebook Ads, part of the company Meta Platforms). 1

3.9. Contact form... 1

3.10. The processing of your personal data is carried out in each case in accordance with the principles of Art. 6 to 8 FADP. The legal basis for this data processing is the fulfilment or initiation of contract in accordance with Art. 6(1b) GDPR.Newsletters and newsletter tracking, shopping basket reminder e-mails. 1

Data processing when operating our online shop. 1

4.1. Shopify cookies and local storage elements (technically necessary). 1

4.2. Guest order without registering. 1

4.3. Registration in the online shop – Customer account 1

4.4. If you are registered in our online shop as a legitimate representative as an employee of a company or an organisation, your data is processed in accordance with Art. 6(1)(f) GDPR.Fulfilment of contract 1

4.5. Legal defence. 1

4.6. Amendment of your data and erasure of your data and the customer account 1

Cross-departmental data processing. 1

5.1. Data processing in the case of product support 1

5.2. Selection and evaluation of electronic correspondence. 1

5.3. Data processing for advertising purposes. 1

5.4. Data processing in the case of surveys. 1

5.5. Data processing for the organisation of events. 1

5.6. Data processing when managing barbecue courses. 1

5.7. Data processing for communication handling by the customer service/telephone service. 1

5.8. The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data is Art. 6(1)(f) GDPR.Data processing for the establishment, exercise or defence of legal claims, collaboration with debt collection agencies. 1

5.9. Data processing to document compliance with data protection. 1

5.10. Data processing within application procedures. 1

5.11. Data processing to fulfil other legal obligations. 1

Data protection information for the Gourmet Check Pro app. 1

6.1. Controller. 1

6.2. Operation of the app. 1

6.3. Permissions and permission requests by the app. 1

6.4. Newsletter subscription. 1

Data protection information concerning the Outdoorchef 3D app. 1

7.1. Data processing by the app. 1

7.2. Cookies and similar technologies. 1

7.3. Use of Google Analytics for Firebase. 1

7.4. Permissions and permission requests by the app. 1

Recipients of personal data. 1
Storage period. 1
Voluntary nature of providing your data. 1
Your rights and legal claims in accordance with Art. 25 et seq. FADP and Art. 15 et seq. GDPR.. 1

11.1. Right of access (Art. 25 FADP, Art. 15 GDPR). 1

11.2. Right to rectification (Art. 32(1) FADP, Art. 16 GDPR). 1

11.3. Right to erasure (Art. 32(4) FADP, 17 GDPR). 1

11.4. Right to the restriction of processing (Art. 18 GDPR). 1

11.5. Right to data portability (Art. 28 FADP, Art. 20 GDPR). 1

11.6. Right to object (Art. 21 GDPR). 1

11.7. Right to withdraw consent (Art. 7(3)(1) GDPR). 1

11.8. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). 1

Contact details of the data protection officer. 1
Changes to this privacy policy. 1

3. Data processing when operating our websites

We would like to inform you below about how we handle your personal data when you visit our websites.

3.1. Usage data

When you visit our websites, what is known as usage data is temporarily processed on our web server to enable you to technically retrieve our websites.

This data set consists of

The name and address of the requested content,
The date and time of the query,
The amount of data transferred,
The access status (content transferred, content not found),
The description of the web browser and operating system used,
The referral link that states from which page you have reached our website,
The IP address of the requesting computer, which is shortened in such a way that no reference to a specific person can be made.

If we read data on your device when processing usage data, this takes place in accordance with the principles of Art. 6 to 8 FADP. Subsequent data processing is carried out in accordance with Art. 6 to 8 FADP and on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR to provide you with an appealing and functional website.

The data sets are then anonymised by shortening your IP address in order to evaluate them for statistical purposes to improve the quality of our websites and save them in a log.

3.2. Cookie Consent Manager CCM19

We use the consent management platform “CCM19” from provider Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany, on our websites to manage your consent to the use of cookies and similar technologies.

If we use optional cookies and similar technologies when incorporating the service or if data is saved onto or read from your device by the service, this takes place in accordance with the principles of Art. 6 to 8 FADP. Subsequent data processing is carried out in accordance with Art. 6 to 8 FADP and on the basis of Art. 6(1)(f) GDPR. The purpose and our legitimate interest lie in being able to use data protection-compliant cookies and similar technologies on our websites and enable you to easily withdraw your declarations of consent.

If you grant consent via our consent banner, CCM19 processes the following data:

The consent ID
The date and time of the consent,
The status of your consent or your withdrawal of consent
The display language of the banner
The description of the web browser and operating system used,
The address of the website from which your consent was sent,

This data is recorded on the servers of CCM19.

Your consent ID and your consent status are also saved both in the browser of your device in the cookie “ccm_consent” and also on the servers of CCM19 for a period of 1 year.

This enables our website to check your consent status for all subsequent and future page views and in accordance with your decision to activate or deactivate the use of cookies and other technologies for future page views.

The assessment takes place by comparing the consent key and consent status from the “ccm_consent” cookie with the values sent to CCM19 when submitting your consent in order to ensure that the status of your original consent has not changed.

Further information on the handling of personal data by CCM19 can be found at https://www.ccm19.de/en/privacyclarification.html.

Local storage:

Name	Expiration period	Description
ccm_consent	1 year	Used to save the cookie consent agreement, which sets down which cookies may be used.

Place of data processing: Bonn & Limburg, Germany.

3.3. Use of cookies and similar technologies

We use cookies and similar technologies on our websites. We explain to you below which they are and how you can control their use in your browser or via our consent banner.

3.3.1. Explanations

3.3.1.1. Cookies

Cookies are small text files that can be stored and read on your device.

A distinction is made between "session cookies", which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Information on the storage period of permanent cookies can be found in the following tables.

3.3.1.2. Local storage

Alongside cookies, we also use the local storage memory of your browser to save and read data there.

In many cases, you can configure your browser so that it notifies you whenever data is stored in the local storage memory. This makes the saving of this data transparent for you. In addition, you can delete the local storage memory using the corresponding browser settings if necessary and prevent new data from being saved.

3.3.1.3. Pixels

In addition, we may incorporate pixels into our websites. Pixels are small customised image files that are loaded when a page is loaded and can be used to track user activities.

In many cases, you can configure your browser so that it notifies you about pixels. This makes the saving of this data transparent for you. In addition, you can delete the downloads of pixels using the corresponding browser setting if necessary and prevent new data from being saved.

3.3.1.4. Tags

Finally, we use tags on our websites where necessary. Tags are small HTML or JavaScript code fragments or markings that enable services for website analysis or for user tracking to distinguish between or identify users and track certain user activities.

3.3.2. Control via browser settings and consent banners

You can configure your browser so that it notifies you whenever cookies are stored. You can also delete cookies via the corresponding browser settings and prevent new cookies from being saved.

In many cases, you can use browser extensions or add-ons, if necessary, to configure your browser so that it also notifies you whenever data is stored in the local storage memory or pixel tags are downloaded or executed.

This makes the saving, reading, downloading or executing of data in cookies and similar technologies transparent for you.

In addition, you can control the use of cookies and similar technologies on our websites via our consent banner by granting or withdrawing your consent there.

Please note that our websites may not be displayed correctly and some features may no longer be available for technical reasons without the use of certain cookies and similar technologies.

3.3.3. Categories

3.3.3.1. Technically necessary cookies and similar technologies

We use cookies and similar technologies on our websites, which are technically necessary for the use of our websites.

We do not use these technically necessary cookies and similar technologies for analysis, tracking or advertising purposes.

In some cases, these cookies and similar technologies only contain information about specific settings and are not linked to specific persons. They may also be necessary to enable the user guidance, security and displaying of our websites.

Technically necessary cookies and similar technologies in the “technically necessary” category are used in accordance with the principles of Art. 6 to 8 FADP. Subsequent data processing takes place on the basis of Art. 6(1)(f) GDPR in our legitimate interest to provide you with a functional and safe website.

Optional cookies and similar technologies in the corresponding categories are also used on the basis of the principles of Art. 6 to 8 FADP. Subsequent data processing is carried out on the basis of your consent in accordance with Art. 6(1)(a) GDPR.

Your consent regularly applies for a period of one year. It is saved in a cookie on your device and queried again after this cookie is deleted, following a withdrawal of consent or once a year has passed. Your consent is voluntary and can be withdrawn at any time using the gearwheel symbol at the bottom left of the website.

Your data can also be processed in states outside of the European Union (EU) and the European Economic Area (EEA) in third countries without an adequate data protection level. When transferring your data to third countries, especially to the USA, there is a risk that the authorities there will access your data for security or surveillance purposes without you being informed of this or being able to lodge an appeal.

We therefore use measures to ensure an adequate data protection level in accordance with Art. 44 et seq. GDPR when transferring data to third countries.

3.3.3.2. Cookies and similar technologies to control convenience functions and preferences

To make our websites appealing for you, we use cookies and similar technologies in which your personal settings for the displaying and use of our website are saved. The cookies ensure that your settings are automatically loaded again when opening our websites at a later time.

. Your personal data is processed in accordance with Art. 6 to 8 FADP and on the basis of your consent in accordance with Art. 6 FADP and Art. 6(1)(a) GDPR.

Your data can also be processed in states outside of the EU and the EEA in third countries without an adequate data protection level. When transferring your data to third countries, especially to the USA, there is a risk that the authorities there will access your data for security or surveillance purposes without you being informed of this or being able to lodge an appeal.

We therefore use measures to ensure an adequate data protection level in accordance with Art. 44 et seq. GDPR when transferring data to third countries.

3.3.3.3. Statistical cookies and similar technologies to analyse website visits

In order to design our websites according to your needs, we use cookies and similar technologies to create usage profiles on the basis of pseudonyms. To do this, information is stored on your device and read by us.

It is also possible for us to retrieve certain recognition features within your browser or device (e.g. a browser fingerprint or your unshortened IP address). In this way, we are able to identify and count returning visitors as such.

We therefore use measures to ensure an adequate data protection level in accordance with Art. 44 et seq. GDPR when transferring data to third countries.

3.3.3.4. Tracking cookies and similar tracking technologies

We use tracking cookies and similar tracking technologies so that cross-device, targeted advertising can be displayed to you on other operators’ websites based on your visit to our website and we can identify how effective our promotional measures were.

If you visit our websites, it is possible that the stated third-party providers will retrieve certain recognition features within your browser or device (e.g. a browser fingerprint), evaluate your IP address, save or read recognition features on your device (e.g. cookies or data in the local storage) or gain access to data via individual tracking pixels, web beacons or other tracking tags (markings).

The individual features can be used by third-party providers to recognise your device on other websites. We can commission the relevant third-party providers to display advertising based on which of our websites you have visited.

If you log in to the third-party provider with your own user credentials, the respective recognition features for various browsers and devices can be linked to each other. If the third-party provider has thus created separate recognition features for the laptop, desktop PC, smartphone or tablet you have used, these individual features can be assigned to each other as soon as you use a service from the third-party provider with your login details. In this way, the third-party provider can also control our advertising campaigns in a targeted way across various devices.

We therefore use measures to ensure an adequate data protection level in accordance with Art. 44 et seq. GDPR when transferring data to third countries.

3.3.4. Managing your settings – Withdrawing your consent

You can change the settings you have made via our cookie consent banner at any time in order to exercise your right to withdraw your consent in accordance with Art. 7(3) GDPR.

You can update your settings at any time using the gearwheel symbol at the bottom left of the website.

3.4. Google Tag Manager

We integrate the “Google Tag Manager” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, into our websites.

In the EU and in the EEA, Google Tag Manager is offered as a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tag management system (TMS) that enables us to integrate and manage other website content in JavaScript or HTML code.

In particular, we can use this to integrate and manage what are known as tags on our website. Tags are small code fragments or markings (web beacons, tracking pixels or similar markings) that enable services for website analysis or for user tracking to distinguish between or identify users.

The analysis of the website visits and user tracking takes place not via Google Tag Manager but via the services used for these purposes, such as Google Analytics or other third-party solutions. Instead, Google Tag Manager is only used to integrate and manage the markings necessary for analysis or tracking on our website.

As Google Tag Manager is provided by Google and is reloaded from its servers when the page is viewed, the usage data that is technically required to view the page is also transferred. In this respect, Google also receives your IP address if it is technically required to retrieve the content.

The data processing is carried out in accordance with the principles of Art. 6 to 8 FADP and on the basis of your consent in accordance with Art. 6(1)(a) GDPR if you have granted your consent via our consent banner. Your consent is voluntary and can be withdrawn at any time using the gearwheel symbol at the bottom left of the website.

Data processing can also take place outside of the EU or the EEA in third countries. There is a risk that the authorities in third countries will access the data for security or surveillance purposes without you being informed of this or being able to lodge an appeal.

We thus implement measures in accordance with Art. 44 et seq. GDPR in order to ensure an adequate data protection level despite this risk.

No adequacy decision by the European Commission currently applies to Google LLC (USA), which means there is also currently no data protection level comparable to that in the EU. Google has, however, concluded standard contractual clauses with data recipients in third countries in accordance with Art. 46(2)(c) GDPR, which oblige Google to comply with European data protection standards. Please contact our data protection officer if you would like to receive more information or copies.

We have no influence over further data processing by third-party providers.

Further information on the handling of personal data by Google can be found at https://policies.google.com/privacy?hl=en.

Cookies:

Name	Expiration period	Description
_gcl_au	4 months	The cookie is used by Google Tag Manager to track and save conversions.

Place of processing: European Union, United States of America.

3.5. Website analysis and tracking services

3.5.1. Google Analytics

We use the web analysis service “Google Analytics” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, to design our websites according to your needs.

In the European Union (EU) and in the European Economic Area (EEA), Google Analytics is offered as a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which supports us as a processor in accordance with Art. 28 GDPR.

Google Analytics creates usage profiles based on pseudonyms and usage data. User interactions such as button clicks, scroll depth and the use of filters and search functions are also recorded.

To do this, permanent cookies are stored on your device and read by us. In this way, we are able to identify and count returning visitors as such. This provides us with statistics on the use of the website (reach measurement) in order to analyse visitor behaviour and improve the user experience with the site.

The following data is collected for this:

Browser information (browser type, referrer/exit pages, the files displayed on our website, operating system, date/time stamp and/or clickstream data), usage data (views, clicks), IP address (we have activated IP anonymisation on the website (called IP masking), so that your IP address is shortened by Google within the EU and EEA before transfer to prevent conclusions from being drawn about individual persons. Only this anonymised IP address is sent to Google.) You can find more details here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Data processing can also take place outside of the EU or the EEA in third countries.

There is a risk that the authorities in third countries will access the data for security or surveillance purposes without you being informed of this or being able to lodge an appeal.

We thus implement measures in accordance with Art. 44 et seq. GDPR in order to ensure an adequate data protection level despite this risk.

Collected data is saved by us in Google Analytics for a period of 14 months.

We fundamentally have no influence over further data processing by third-party providers.

Further information on the handling of personal data by Google can be found at https://policies.google.com/privacy?hl=en.

In the current standard version, these cookies are processed:

Name	Expiration period	Description
_ga	24 months	Collection of statistics on the use of the website. (Reach measurement)
_gat	1 minute	Used to throttle the request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is given the name _dc_gtm_ .
_gid	24 hours	This cookie is used to collect user statistics for the website.
_gd	Session	Used to distinguish between visitors.
_ga_*	2 years	Statistical recording of page views.

In older versions:

Name	Expiration period	Description
_gat_gtag_UA_*	1 minute	Used to throttle the request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is given the name _dc_gtm_ .
__utma	2 years	This cookie is one of the 4 main cookies from Google Analytics that track what actions the user performs on the page and measure the performance of the page. The cookie distinguishes between users and sessions. It is used to calculate statistics for repeat visitors and is updated each time data is sent to Google Analytics.
__utmb	30 minutes	This cookie is one of the 4 main cookies from Google Analytics that track what actions the user performs on the page and measure the performance of the page. The cookie determines new sessions and visits by the user. It is updated each time data is sent to Google Analytics. Any activities by the visitor during the service life of the cookie are counted as the same visit, even if the visitor leaves the page and then retrieves it again. A visit after the end of the cookie’s service life counts as a new visit.
__utmc	Session	This cookie is one of the 4 main cookies from Google Analytics that track what actions the user performs on the page and measure the performance of the page. The cookie is no longer used on most pages, but is still saved to provide a function by older Analytics codes, also known as Urchin. In older versions, this was used together with __utmb to identify visitors.
__utmt	10 minutes	This cookie is saved by Google Analytics to reduce the view rate for Analytics and the collection of data on frequently visited pages.
__utmv	2 years	Used to save user-defined variable data at a visitor level. This cookie is created if a developer uses the _setCustomVar method with a user-defined variable at visitor level. This cookie was also used for the outdated _setVar method. This cookie is updated each time data is sent to Google Analytics.
__utmx	18 months	This cookie is saved by Google Analytics to deliver various versions of a website as part of an A/B split test.
__utmz	6 months	This cookie is one of the 4 main cookies from Google Analytics that track what users do and measure the performance of the page. The cookie identifies the place from which the visitor came to the page in order to inform the owner from where users retrieve the website and it is updated each time data is sent to Google Analytics.
_dc_gtm_UA-	1 minute	No description provided by the manufacturer
_gac_UA-	approx. 90 days	Contains campaign-related information for the user.

When using optional functions from Google Analytics, these cookies may also be processed:

Name	Expiration period	Description
test_cookie	365 days	Used to assess whether the user’s browser supports cookies.
IDE	365 days	Cookie for ad preferences for websites that do not belong to Google.
_gali	Session	Collection of statistics on the use of the website. (Reach measurement)
weird_get_top_level_domain	Session	The cookie determines the visitor’s preferred language and country setting. This enables the website to display content that is most relevant to this region and language.

Data processing locations are in the EU and USA.

3.5.2. Google Ads Conversion Tracking

We integrate “Google Ads Conversion Tracking” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, into our websites.

In the EU and in the EEA, Google Ads Conversion Tracking is offered as a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If an ad activated by us via Google Ads is displayed to you on other websites or you click on this, these other websites, on the basis of the consent you have granted on the other websites, save a Google Ad Conversion Tracking cookie on your device with a pseudonym assigned to us.

If you then visit our websites within the storage period of this cookie, this cookie is read by Google Ad Conversion Tracking on our website. This enables Google to identify that you were shown an ad activated by us or that you clicked on this and then visited our websites and, if applicable, how you then used our websites. In particular, whether you have purchased an advertised item in our online shop is recorded.

The implementation of an ad in an action by the website visitor is known as conversion.

Google Ads uses this information to create statistics for us, which enable us to ascertain how many users have responded to our ads and in what way. On the basis of these statistics, we can optimise the effectiveness of our advertising and control our advertising strategy.

The data processing is carried out in accordance with the principles of Art. 6 to 8 FADP and on the basis of your consent in accordance with Art. 6(1)(a) GDPR or if you have granted your consent via our consent banner.

Your consent is voluntary and can be withdrawn at any time using the gearwheel symbol at the bottom left of the website.

Data processing can also take place outside of the EU or the EEA in third countries.

There is a risk that the authorities in third countries will access the data for security or surveillance purposes without you being informed of this or being able to lodge an appeal.

We thus implement measures in accordance with Art. 44 et seq. GDPR in order to ensure an adequate data protection level despite this risk.

We have no influence over further data processing by third-party providers.

Further information on the handling of personal data by Google can be found at https://policies.google.com/privacy?hl=en.

3.5.3. Shopify Analysis

We use Shopify Analysis to enable us to also use the data obtained in connection with the use of our online shop for marketing purposes and, where applicable, suitable recommendations. This tracking tool is provided by Shopify Inc., 151 O’Connor Street, Ground floor, Ottawa, ON K2P 2L8, Canada, or its subsidiaries. A data processing agreement has been concluded with each of them. Where the processing takes place in Canada, an adequate data protection level is ensured due to the Decision in accordance with Art. 45 GDPR, https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32002D0002. Many types of data processing, services and support, about which you will find more detailed information in the subsections, are provided by various companies, who operate jointly as “Shopify”.

We have no influence over further data processing by third-party providers.

Information on data protection at Shopify and the precautions taken by Shopify to fulfil the GDPR requirements can be found at https://www.shopify.com/legal/privacy and at https://www.shopify.com/legal/privacy/customers.

Your consent is voluntary and can be withdrawn at any time using the gearwheel symbol at the bottom left of the website.

Please also note the following cookie list and https://www.shopify.com/legal/cookies.

Cookies:

Name	Expiration period	Description
_landing_page	2 weeks	Tracking of landing pages.
_orig_referrer	2 weeks	Tracking of landing pages.
_shopify_s	30 minutes	Shopify analyses.
_shopify_sa_p	30 minutes	Shopify analyses in relation to marketing and recommendations.
_shopify_sa_t	30 minutes	Shopify analyses in relation to marketing and recommendations.
_shopify_y	1 year	Shopify analyses.
_shopify_e	Session	Shopify analyses.
_s	30 minutes	Shopify analyses.
_y	1 year	Shopify analyses.
_shopify_e	Session	No further information from the manufacturer.
_shopify_evids	Session	No further information from the manufacturer.

3.6. YouTube

In addition to YouTube videos that are only linked, we integrate videos into our websites via the video platform “YouTube” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In the EU and in the European Economic Area (EEA), YouTube is offered as a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

As integrated videos are reloaded from the servers of the third-party provider’s video platform when the page is viewed, the usage data that is technically required to view the page is also transferred.

In this respect, the third-party provider also receives your IP address if it is technically required to retrieve the content.

The integration is carried out in accordance with the principles of Art. 6 to 8 FADP and on the basis of Art. 6(1)(f) GDPR in the interest of making our page as appealing and informative as possible.

When integrating videos, cookies and other technologies are also saved and read on your device by the providers of the video platforms. We have no influence over further data processing by third-party providers.

Data processing can also take place outside of the EU or the EEA in third countries.

There is a risk that the authorities in third countries will access the data for security or surveillance purposes without you being informed of this or being able to lodge an appeal.

We thus implement measures in accordance with Art. 44 et seq. GDPR in order to ensure an adequate data protection level despite this risk.

Further information on the handling of personal data by Google can be found at https://policies.google.com/privacy?hl=en.

3.7. Google Web Fonts

We integrate Google Web Fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, into our websites.

In the European Union (EU) and in the European Economic Area (EEA), Google Web Fonts is offered as a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

As Google Web Fonts is provided by Google and is reloaded from its servers when the page is viewed, the usage data that is technically required to view the page is also transferred. In this respect, Google also receives your IP address if it is technically required to retrieve the content.

The data processing is carried out in accordance with the principles of Art. 6 to 8 FADP and on the basis of Art. 6(1)(f) GDPR. The purpose and our legitimate interest lie in making our websites appealing.

Data processing can also take place outside of the EU or the EEA in third countries.

There is a risk that the authorities in third countries will access the data for security or surveillance purposes without you being informed of this or being able to lodge an appeal.

We thus implement measures in accordance with Art. 44 et seq. GDPR in order to ensure an adequate data protection level despite this risk.

We fundamentally have no influence over further data processing by third-party providers.

Further information on the handling of personal data by Google can be found at https://policies.google.com/privacy?hl=en.

3.8. “Facebook/Meta pixel” (Facebook Custom Audiences, Facebook Ads, part of the company Meta Platforms)

We use “Facebook pixel” from Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, on our websites. This takes place for the purpose of tracking your behaviour as a website visitor on our and other websites across devices, enabling us to assign you to a target group and, with the aid of the data obtained, then activating target group-oriented ads (“Facebook Ads”) via “Facebook Custom Audiences”.

In the European Union (EU) and in the European Economic Area (EEA), Facebook pixel, Facebook Custom Audiences and Facebook Ads are offered as services by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The data processing on our website, i.e. the collection and transfer of data to Facebook, is carried out in accordance with the principles of Art. 6 to 8 FADP and on the basis of your consent in accordance with Art. 6(1)(a) GDPR if you have granted this via our consent banner.

Your consent is voluntary and can be withdrawn at any time using the gearwheel symbol at the bottom left of the website.

In the event of your consent, your browser establishes a direct connection to the Meta servers when you view our website, enabling Meta to read a variety of personal data from your device and, if necessary, also to save data, particularly cookies, on your device.

By integrating the Facebook pixel, Meta obtains, in particular, the information that you have clicked on an ad that we have activated or you have loaded the corresponding page on our website.

With this information, Meta enables us to also track the effectiveness of our ads across a user’s various devices and allows us to activate target group-oriented advertising in a more targeted manner.

If you have registered for a service from Meta and are logged in, Meta can allocate the clicking on our ad and the visit to our website to your Facebook user account. Meta can link this data to other data from other sources and use this to create a comprehensive profile about you as a user across devices.

Even if you are not registered with or logged in to Facebook, it is possible that Meta will obtain and save your IP address and other identifying features.

In particular, the following data is collected and sent to Facebook via the Facebook pixel:

Usage data
Device information
Cookie data
Data on your activities and interactions on our website
Data on your activities on other websites, e.g. purchases made and ads viewed

Your data that is processed by us and Meta is used to assign you to a promotional target group, called a Facebook custom audience. This enables us to display ads in a targeted manner to Facebook users who have also shown an interest in our Internet offer. With the aid of the Facebook pixel, we also wish to ensure that our Facebook ads correspond to the potential interests of users and do not cause a nuisance.

We have no influence over the scope of any further processing of your data by Meta.

You can find more information on data processing by Meta at https://www.facebook.com/policies/cookies/.

Data processing can also take place outside of the EU or the EEA in third countries.

There is a risk that the authorities in third countries will access the data for security or surveillance purposes without you being informed of this or being able to lodge an appeal.

We thus implement measures in accordance with Art. 44 et seq. GDPR in order to ensure an adequate data protection level despite this risk.

Facebook/Meta (USA) is certified in accordance with the Data Privacy Framework. An adequacy decision by the European Commission in accordance with Art. 45(3) GDPR therefore exists and a data protection level comparable to the European Union is thus ensured.

3.9. Contact form

You have the possibility of contacting us via our contact form on various topics such as “Technical questions”, “Questions about an order” and “Other questions”.

To enable you to use this, we collect the data that is necessary in each case, such as title, first name, surname, street and house number, postcode, town, e-mail address and, for questions relating to an order, the order number.

Depending on the type of form used, we may process other mandatory information (customer name/customer e-mail address, order number/customer number, or information on what your enquiry is about). We use this data to respond to your enquiry.

The legal basis for data processing is our legitimate interest in accordance with Art. 6(1)(f) GDPR to be able to process and respond to your enquiry quickly and comprehensively.

In addition, depending on the form, you can decide for yourself whether you want to give us further information (telephone number, country of purchase, date of purchase, barbecue model, item number, serial number and receipt upload). This information is provided voluntarily and is not required for registering/submitting your contact request.

The legal basis for the processing of data provided voluntarily is your consent in accordance with Art. 6(1)(a) GDPR.

Your consent is voluntary and can be withdrawn freely at any time with effect for the future in accordance with Art. 7(3) GDPR. To do this, please contact the e-mail address stated above under “Controller”.

Alongside this, you can also complete the warranty form. We use this to collect the data required for processing: title, first name, surname, street and house number, postcode, town, e-mail, telephone number, date of purchase, item number, serial number and your uploaded receipt.

The legal basis for this data processing is the fulfilment of the warranty and contract in accordance with Art. 6(1b) GDPR.

Our event form is used to get in contact regarding our barbecue courses and events. We use this to collect the data required for further processing: title, first name, surname, company (voluntary), street and house number, postcode, town, e-mail address, telephone number, preferred date, alternative date, number of participants, start of event and location (at Outdoorchef or own location).

All of the forms require you to submit a message.

3.10. The processing of your personal data is carried out in each case in accordance with the principles of Art. 6 to 8 FADP. The legal basis for this data processing is the fulfilment or initiation of contract in accordance with Art. 6(1b) GDPR.Newsletters and newsletter tracking, shopping basket reminder e-mails

On our websites, we offer you the opportunity to subscribe to our newsletter and register to receive other electronic messages.

As part of the subscription and registration, we process your e-mail address to inform you via e-mail about our products, services, events and promotions in our online shop or other current promotions or products, such as those of other Group companies within the Diethelm Keller Brands.

In addition, as part of our newsletter tracking, we process data on the time you opened the newsletter and on your other interactions with the content of the newsletter, e.g. on clicks to related links or the percentage of our newsletter that you have read. We process this data to check the effectiveness of our newsletter dispatch and optimise our newsletter content.

The legal basis for data processing is your consent in accordance with Art. 6(1)(a) GDPR.

Your consent is voluntary and can be withdrawn freely at any time with effect for the future in accordance with Art. 7(3) GDPR.

If you no longer wish to receive newsletters in the future, you can unsubscribe at any time. To do this, use the unsubscribe link, which can be found in every newsletter e-mail.

Alternatively, you can also declare your withdrawal of consent in an e-mail to the e-mail address stated above under “Controller”.

Please note that, in addition to the newsletter, you may also receive emails from us if you have consented to us sending you shopping basket reminder e-mails or “abandoned shopping cart mails” to remind you that you have abandoned a purchase and to find out whether you are still interested in the goods.

The legal basis for data processing is your consent in accordance with Art. 6(1)(a) GDPR.

Your consent is voluntary and can be withdrawn freely at any time with effect for the future in accordance with Art. 7(3) GDPR.

If you no longer wish to receive these shopping basket reminder e-mails, you can use the unsubscribe link for this, which can be found in every shopping basket reminder e-mail.

In the case of sending and tracking newsletters and shopping basket reminder e-mails, we send your data, within the scope of commissioned data processing in accordance with Art. 28 GDPR, to the service provider “Klaviyo”, 225 Franklin St. Boston, Massachusetts 02110, USA, who is bound by our instructions and contractually obligated to us accordingly. Data processing can also take place outside of the EU or the EEA in third countries.

There is a risk that the authorities in third countries will access the data for security or surveillance purposes without you being informed of this or being able to lodge an appeal.

We thus implement measures in accordance with Art. 44 et seq. GDPR in order to ensure an adequate data protection level despite this risk.

Klaviyo (USA) is certified in accordance with the EU-US Data Privacy Framework. An adequacy decision by the European Commission in accordance with Art. 45(3) GDPR therefore exists and a data protection level comparable to the European Union is thus ensured. We have no influence over further data processing by any third-party providers.

4. Data processing when operating our online shop

We would like to inform you below about how we handle your personal data when you use our online shop.

Our online shop is hosted and made available as a Shopify Plus shop by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. This acts for us as a central service provider for the online shop and, if necessary, also sends personal data to the parent company, Shopify Inc., 151 O’Connor Street, Ground floor, Ottawa, ON K2P 2L8, Canada, to the extent necessary within the scope of its activities. A data processing agreement has been concluded with each of them. If the processing takes place in Canada, an adequate data protection level is ensured due to the Decision in accordance with Art. 45 GDPR, https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32002D0002.

Many types of data processing, services and support, about which you will find more detailed information in the subsections, are provided by various companies, who operate jointly as “Shopify”.

Data processing can also take place outside of the EU or the EEA in third countries.

There is a risk that the authorities in third countries will access the data for security or surveillance purposes without you being informed of this or being able to lodge an appeal.

4.1. Shopify cookies and local storage elements (technically necessary)

Various types of data processing of cookies and local storage elements take place within the framework of the online shop via our website.

These are technically necessary to offer you the various necessary functions that are required so that you can complete your purchase, such as saving your shopping basket content or the selected currency.

Cookies:

Name	Expiration period	Description
cart_currency	Unknown	Saves the shopping basket currency
_ab	Unknown	Used in connection with access to admin
_secure_session_id	Unknown	Used in connection with the navigation process on the website.
Cart	Unknown	Used in connection with the shopping basket.
cart_sig	Unknown	Used in connection with the checkout.
cart_ts	Unknown	Used in connection with the checkout.
checkout_token	Unknown	Used in connection with the checkout.
Secret	Unknown	Used in connection with the checkout.
Secure_customer_sig	Unknown	Used in connection with the visitor/customer login.
storefront_digest	Unknown	Used in connection with the visitor/customer login.
_shopify_u	Unknown	Used in connection with the updating of visitor/customer accounts.
_brochure_session	Unknown	Used in connection with the viewed pages within the visit period.
_shopify_country	Session	Used in connection with the checkout.
_shopify_m	1 year	Used for managing customer privacy settings.
_shopify_tm	30 minutes	Used for managing customer privacy settings.
_shopify_tw	2 weeks	Used for managing customer privacy settings.
_storefront_u	1 minute	Used to facilitate updating customer account information.
_tracking_consent	1 year	Tracking settings
c	1 year	Used in connection with the checkout.
cart_ver	2 weeks	Used in connection with the shopping basket.
Checkout	4 weeks	Used in connection with the checkout.
dynamic_checkout_shown_on_cart	30 minutes	Used in connection with the checkout.
hide_shopify_pay_for_checkout	Session	Used in connection with the checkout.
keep_alive	2 weeks	Used in connection with buyer localisation.
master_device_id	2 years	Used in connection with merchant login.
previous_step	1 year	Used in connection with the checkout.
remember_me	1 year	Used in connection with the checkout.
shopify_pay	1 year	Used in connection with the checkout.
shopify_pay_redirect	30 minutes, 3 weeks or 1 year depending on value	Used in connection with the checkout.
tracked_start_checkout	1 year	Used in connection with the checkout.
secure_customer_sig	12 months	Used in connection with the user login.

The processing is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing this technically necessary data to actually offer you a purchase is the fulfilment or initiation of a contract in accordance with Art. 6(1)(b) GDPR.

4.2. Guest order without registering

You have the opportunity to order in our online shop without prior registration.

In this case, we only process the data required for conclusion of contract and contract fulfilment or, if necessary, for the termination of the contract and rescission as well as the data required to ship your order as shown below under “Conclusion of contract and fulfilment, contract termination, rescission and shipping”.

You are not able to save any billing or delivery addresses or payment details for guest orders. You are also unable to view your previous orders or any barbecues that are already registered to you.

4.3. Registration in the online shop – Customer account

If you want to manage your billing and delivery addresses, save payment details or access data on your previous orders, you can also register for a customer account in our online shop.

Via your customer account, we also offer you helpful services such as the ability to view your previous orders and an overview of the barbecues you have already registered.

Within the framework of the registration, we process your first name and surname, your e-mail address and title and your address with your postcode and country.

The processing is carried out in each case in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data is Art. 6(1)(b) GDPR.

4.4. If you are registered in our online shop as a legitimate representative as an employee of a company or an organisation, your data is processed in accordance with Art. 6(1)(f) GDPR.Fulfilment of contract

4.4.1. Conclusion of contract and fulfilment, contract termination, rescission and shipping

In addition to the data above, we process other data that we use to fulfil and, if necessary, rescind the purchase contract within the scope of contract termination, to ship the goods and to provide information on the status of the order if you decide to purchase products.

This other data is title, first name, surname, address and telephone number.

Furthermore, within the scope of implementing an order, an order number is also allocated for administration purposes and processed as part of fulfilling and, if necessary, rescinding the purchase contract in the event of contract termination.

As the order may be shipped by a forwarding agent or – if you have ordered this – a service provider may assemble the barbecue for you (assembly service), we pass on your contact details to the necessary transport service providers so that they can contact you for shipment archiving.

The processing is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data is Art. 6(1)(b) GDPR.

4.4.2. Payment processing

We also process personal data on the basis of Art. 6(1)(a) and (b) GDPR within the framework of payment processing, depending on the payment method you have chosen.

4.4.2.1. PayPal

If you use PayPal, we process your PayPal username and the data on your order that is necessary to process the payment.

We send this data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

PayPal (Europe) S.à r.l. et Cie, S.C.A. then processes your data under its own responsibility for its own purposes, such as a credit check.

More information about data processing by PayPal (Europe) S.à r.l. et Cie, S.C.A. can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.

The processing is carried out in each case in accordance with the principles of Art. 6 to 8 FADP. The legal basis for sending your data to PayPal (Europe) S.à r.l. et Cie, S.C.A. is your consent in accordance with Art. 6(1)(a) GDPR.

Your consent is voluntary and can fundamentally be withdrawn freely at any time with effect for the future.

A data transfer carried out immediately after the purchase confirmation in the order process thus also remains legal when exercising your right to withdraw consent.

4.4.2.2. Shopify Payments

If you use Shopify Payments, we process your Shopify Payments username and the data on your order that is necessary to process the payment.

We send this data to Shopify, which then processes your data under its own responsibility for its own purposes, such as a credit check.

The processing is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for sending your data is your consent in accordance with Art. 6(1)(a) GDPR.

Your consent is voluntary and can fundamentally be withdrawn freely at any time with effect for the future.

A data transfer carried out immediately after the purchase confirmation in the order process thus also remains legal when exercising your right to withdraw consent.

4.4.2.3. Klarna

If you select “Klarna” as a payment option, the data required for the further processing of the payment is sent to Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.

Klarna Bank AB (publ) then processes your data under its own responsibility for its own purposes, such as determining your identity or a credit check.

If you choose Klarna’s payment services, we ask for your consent to send Klarna the data required to process the payment and conduct an identity and credit check. In Germany, the credit agencies stated in Klarna’s privacy policy can be used for the identity and credit check. You can withdraw your consent to this use of personal data at any time.

The processing is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for sending your data is your consent in accordance with Art. 6(1)(a) GDPR.

Your consent is voluntary and can fundamentally be withdrawn freely at any time with effect for the future.

A data transfer carried out immediately after the purchase confirmation in the order process thus also remains legal when exercising your right to withdraw consent.

4.4.2.4. Credit card payment

In the case of credit cards, we process data on your credit card provider, the card number, the name of the card holder, the expiry date and the card validation code.

We send this data to your bank or your credit card provider and to Shopify if you order in Germany, Austria or Benelux or to PostFinance Mingerstrasse 20, 3030 Bern, Switzerland, if you order in Switzerland.

These service providers help us with payment processing and with the processes associated with this.

The processing is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for sending your data is Art. 6(1)(b) GDPR.

4.4.2.5. Bank transfer

In the event of manual bank transfers, we process the name of the account holder, IBAN and BIC.

The processing is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for sending your data is Art. 6(1)(b) GDPR.

4.4.2.6. Purchase on account

In the event of a purchase on account (this is only offered for orders from Switzerland and Germany), we process the name of the account holder, IBAN and BIC.

As our service provider Shopify collaborates with Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, for orders from Germany, your data is sent to Klarna.

Klarna Bank AB (publ) then processes your data under its own responsibility for its own purposes, such as a credit check.

Further information on data processing by Klarna Bank AB (publ) can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_gb/privacy. The processing is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for sending your data to Shopify or to Klarna Bank AB (publ) is your consent in accordance with Art. 6(1)(a) GDPR.

Your consent is voluntary and can fundamentally be withdrawn freely at any time with effect for the future.

For orders from Switzerland, you then receive an invoice from Outdoorchef AG.

4.4.2.7. Other means of payment

If you use other means of payment such as E-Finance, Postcard, Visa, Mastercard or Twint, identification data (particularly name, address, date of birth), financial data, and order and transaction data is above all processed by PostFinance AG, Mingerstrasse 20, 3030 Bern, Switzerland, depending on the payment method.

PostFinance then processes your data under its own responsibility for its own purposes, such as a credit check.

You can find more information via PostFinance AG at https://www.postfinance.ch/en/detail/data-protection/general-privacy-policy.html

The processing is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for sending your data to Shopify or to PostFinance AG is your consent in accordance with Art. 6(1)(a) GDPR.

Your consent is voluntary and can fundamentally be withdrawn freely at any time with effect for the future.

4.4.2.8. Invoice request

If you have selected the payment method “invoice” and have not settled outstanding invoices, we send your name, job title, address, telephone number and e-mail address as well as the invoice details to debt collection agencies, who then collect the outstanding money. The processing is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for sending your data is Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring that outstanding invoices are paid.

We use Intrum AB, Sicklastråket 4, 131 54 Nacka, Sweden, as a debt collection agency. According to Intrum, transfers are possible within the Intrum Group and to third-party providers in countries outside the EU or EEA, whereby, according to information from Intrum, a data protection level comparable to that in the EU should be ensured.

You can find more information via Intrum AB at

https://www.intrum.ch/de/losungen-fur-unternehmen/uber-intrum/datenschutz-und-geschaftsbedingungen/

4.4.3. Credit checks

If you order something via our customer service in the online shop and decide to purchase on account, we may carry out a credit check for new customers or depending on the total price of the ordered goods and send and process the personal data required for the credit check and assessment.

We process saved address and credit rating data including data on the statistical likelihood of a default in order to make a considered decision on the establishment, implementation or termination of the contractual relationship.

The credit report can include likelihood values (score values) that are calculated on the basis of scientifically recognised mathematical and statistical procedures and for the calculation of which address details, among others, are also used.

The processing takes place for the purpose and in the interest of enabling your creditworthiness to be assessed by a credit agency and thus enabling us to estimate the financial risk presented to us by a purchase on account.

The processing is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data is Art. 6(1)(f) GDPR.

4.5. Legal defence

In individual cases, we also process your data for the purpose and in the interest of asserting legal claims, such as to enforce our claims based on unpaid invoices.

Finally, in individual cases, we process your data for the purpose and in the interest of defending legal claims enforced against us, such as the assertion of claims regarding liability for material defects.

The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data is Art. 6(1)(f) GDPR.

If necessary, on an individual basis, your data is sent within the necessary scope to investigating authorities, debt collection agencies, lawyers, experts, courts of law or bailiffs.

Amendment of your data and erasure of your data and the customer account

You can delete the data contained in your customer account at any time or even delete your account. You can request amendments or erasure at any time via marcom@outdoorchef.com.

4.6. Amendment of your data and erasure of your data and the customer account

You can delete the data contained in your customer account at any time or even delete your account. You can request amendments or erasure at any time via marcom@outdoorchef.com.

5. Cross-departmental data processing

We would like to inform you below about how we handle your personal data outside of our websites, our online shop and our stores.

5.1. Data processing in the case of product support

To provide you with support and assistance with regard to the products from our online shop as an additional service and to fulfill your claims under warranty law, we process personal data such as name, address, telephone number, e-mail address and the ticket number for your enquiry or your support order. The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data is Art. 6(1)(b) GDPR.

5.2. Selection and evaluation of electronic correspondence

To train our service personnel and to ensure and improve the quality of our customer service, we process your personal data from electronic correspondence and conversations between you and us from e-mails in order to select suitable examples at random or based on specific events. The selected examples are anonymised before further use.

The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data is Art. 6(1)(f) GDPR.

5.3. Data processing for advertising purposes

In addition, provided that the data protection requirements are met, we process your personal data to get in contact with you by post, telephone and e-mail and to send you or your company offers individually tailored to you.

If we publish images and videos of you on TikTok to advertise our products, this only takes place on the basis of your consent in accordance with Art. 6(1)(a) GDPR or if you have concluded a corresponding contract (called a model contract) with us in accordance with Art. 6(1)(b) GDPR. Data is sent to TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (https://www.tiktok.com).

TikTok reserves the right to process customer data for its own legitimate business purposes and send it to the following third countries: Canada, UK, Israel, Japan, South Korea, Brazil, China, Malaysia, Philippines, Singapore and the USA. Within the scope in which TikTok processes data in connection with the legitimate business purposes, TikTok is an independent controller for these processing activities and, as such, is responsible for compliance with all applicable data protection regulations. If you require information about the processing by TikTok, please consult the corresponding TikTok privacy policy.

https://www.tiktok.com/legal/page/eea/privacy-policy/en

We have no influence over further data processing by any third-party providers.

5.4. Data processing in the case of surveys

We also process personal data from you as part of surveys, where applicable. These surveys are conducted in our legitimate interest in finding out what you like about our products and what we could improve further in your view.

We use SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland, for our surveys. This collects, e.g., device information or log data such as your IP address to prevent abuse and for troubleshooting and also uses tracking technologies such as cookies or page tags (called web beacons). Further information about this and about data protection at Survey Monkey can be found in the privacy policy https://www.surveymonkey.co.uk/mp/legal/privacy/ and https://www.surveymonkey.co.uk/mp/legal/survey-page-cookies/.

The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for this is Art. 6(1)(f) GDPR or your consent, which can be withdrawn at any time with effect for the future, in accordance with Art. 6(1)(a) GDPR, depending on the survey and specific design.

There is a risk that the authorities in third countries will access the data for security or surveillance purposes without you being informed of this or being able to lodge an appeal. We thus implement measures in accordance with Art. 44 et seq. GDPR in order to ensure an adequate data protection level despite this risk.

We use Jotform, which can mean that the name of the survey participant is also processed, depending on the design of the survey. No adequacy decision by the European Commission currently applies to Jotform (USA), which means there is also currently no data protection level comparable to that in the EU. Jotform has, however, concluded standard contractual clauses with data recipients in third countries in accordance with Art. 46(2)(c) GDPR, which oblige Jotform to comply with European data protection standards. Please contact our data protection officer if you would like to receive more information or copies.

We have no influence over further data processing by any third-party providers.

5.5. Data processing for the organisation of events

To organise and schedule our events, your name, address, e-mail address and other data that you provide voluntarily and/or which enables the respective user to be identified is processed by the company Eventbrite.

Data processing can also take place outside of the EU or the EEA.

Eventbrite (USA) is certified in accordance with the Data Privacy Framework. An adequacy decision by the European Commission in accordance with Art. 45(3) GDPR therefore exists and a data protection level comparable to the European Union is thus ensured for transfers into the USA.

More information about this and about data protection at Eventbrite can be found in the privacy policy https://www.eventbrite.co.uk/help/en-gb/articles/460838/[slug]/

We have no influence over further data processing by any third-party providers.

5.6. Data processing when managing barbecue courses

In order to manage and organise our barbecue courses, your personal data can be processed by IPM iPark-Media GmbH, Am Heuskamp 35, DE 31832.

The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for this is Art. 6(1)(f) GDPR, depending on the survey and specific design.

5.7. Data processing for communication handling by the customer service/telephone service

If, outside the aforementioned processing operations and without reference to the purposes of processing, you contact us by post, telephone, e-mail or another communication method, we process your personal data associated with the use of the means of communication and which you give us when contacting us for the purpose and in the interest of responding to your enquiry in the most simple, prompt and customer-oriented manner possible.

5.8. The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data is Art. 6(1)(f) GDPR.Data processing for the establishment, exercise or defence of legal claims, collaboration with debt collection agencies

In individual cases, we also process your data for the purpose and in the interest of establishing, exercising and defending legal claims, where your data is relevant to a legal dispute.

The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data is Art. 6(1)(f) GDPR.

If necessary, on an individual basis, your data is sent within the necessary scope to debt collection agencies, investigating authorities, lawyers, experts, courts of law or bailiffs.

5.9. Data processing to document compliance with data protection

If you send us a declaration of consent on our websites, we process your personal data in order to prove that you have consented to the data processing in question as part of our accountability obligation in accordance with Art. 5(2) GDPR.

If your exercise your data subject rights from FADP or GDPR against us, we also process your personal data in order to prove as part of the accountability obligation in accordance with Art. 5(2) GDPR that we have complied with GDPR when processing your enquiry.

In addition, we may pass on your personal data in connection with your enquiry to our company data protection officer at datenschutz süd GmbH, Wörthstraße 15, 97082 Würzburg, who advises us on all data protection matters and supports us in particular with the processing of enquiries from data subjects in connection with the assertion of the rights stated below in section 9.

The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for the processing is Art. 6(1)(c) GDPR.

To document the data protection-compliant processing of your concern and fulfil the accountability obligation in accordance with Art. 5(2) GDPR, we or datenschutz süd GmbH fundamentally save the data required for this for three years from the end of the year in which your request is answered.

5.10. Data processing within application procedures

As part of our application procedure, the following data from you can be collected: surname, first name, address, date of birth, nationality, cover letter, voluntary information such as photo, title, salary expectation, start of work, specific additional questions on the job advertisement and publicly accessible data (e.g. on job portals such as LinkedIn, comments and ratings).

For our application procedure, we use the platform onlyfy, which is operated by the company Xing by New York SE (Am Strandkai 1, 20457 Hamburg).

The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data is Art. 6(1)(b) GDPR.

5.11. Data processing to fulfil other legal obligations

Finally, we process personal data where this is necessary to fulfil a legal obligation.

The processing of your data is carried out in accordance with the principles of Art. 6 to 8 FADP. The legal basis for processing your data in these cases is Art. 6(1)(c) GDPR in conjunction with the respective legal norm that imposes such an obligation on us.

If necessary, on an individual basis, your data is sent within the necessary scope to auditors, financial or investigating authorities, lawyers, experts or courts of law.

6. Data protection information for the Gourmet Check Pro app

6.1. Controller

The following is responsible for data processing:

Outdoorchef AG, Eggbühlstrasse 28, 8050 Zurich, Switzerland

E-mail address: marcom@outdoorchef.com

www.outdoorchef.com.

6.2. Operation of the app

The data processed as part of operating the app is not used for purposes other than operating the app.

The Gourmet Check Pro app enables the information required for your optimum barbecue enjoyment to not only be read on the Gourmet Check Pro device connected to the app but also on your smartphone. In addition, you can thus use your smartphone, for instance, to receive signals when the core temperature is reached, control functions of the Gourmet Check Pro device or set a timer.

We do not process personal data (such as IP address, device ID) for this. Furthermore, we have limited the permissions and permission requests by the app to the scope that is actually required to fulfil the basic functions of the app. We have also provided you with explanations on this below for information.

We have no way of influencing data processing that may be carried out by the provider of the download platforms on which we offer this app. Please refer to their respective privacy policies for any data processing that may be carried out by them (https://policies.google.com/privacy?hl=en and https://www.apple.com/legal/privacy/en-ww/).

6.3. Permissions and permission requests by the app

We have listed information for you below regarding for what purposes it is necessary to grant permissions within the scope of using the app. No processing or saving of personal data is carried out by us or by third parties via the app.

6.3.1. Bluetooth and, if necessary, additional location sharing (Android)

The app requires the activation and approval of Bluetooth to connect to the Gourmet Check Pro device. It is not possible to use the app without an active Bluetooth connection with the Gourmet Check Pro device as otherwise no data or information from Gourmet Check Pro can be sent to your smartphone.

Depending on which version of Android you are using, it is necessary to activate location sharing for a Bluetooth connection. Only then is it possible for a Bluetooth connection to be established with your Gourmet Check Pro in the corresponding version of Android. Without location sharing, your Gourmet Check Pro cannot be found in the respective Android apps and the corresponding app functions are not available. This permission is automatically requested in individual versions of the Android operating system (whenever Bluetooth should be used) when a service is looking for available Bluetooth devices. Neither the data from the Bluetooth search nor the location of your smartphone or other personal data from you are processed or saved as part of this.

6.3.2. Notifications, alarm function, miscellaneous

You can optionally allow notifications via the app. Without this permission, you cannot use essential functions when the app is running in the background. The notification permission is used for the temperature alarm and timer reminder function. Refusing this permission means that the app cannot receive notifications in good time when, for example, it is running in the background.

Access to network or WiFi connections is necessary if you want to download and/or share recipes from our website, for example, via corresponding links in the app.

6.4. Newsletter subscription

In our app, we also offer you the opportunity to subscribe to our newsletter via a link to our website.

We thus do not process any personal data via the app.

Please note the Newsletter area in our privacy policy for data processing in connection with the newsletter subscription.

7. Data protection information concerning the Outdoorchef 3D app

7.1. Data processing by the app

With the help of our Outdoorchef 3D app, you can use augmented reality (AR) technology to virtually place three-dimensional models of our barbecue equipment in your garden or home.

We have limited the permissions and permission requests by the app to the scope that is actually required to fulfil the basic functions of the app.

7.2. Cookies and similar technologies

We also use cookies and similar technologies for our AR app. Please note the corresponding passage in our privacy policy on data processing using cookies and similar technologies.

7.3. Use of Google Analytics for Firebase

We use Google Analytics for Firebase, a service from Google Inc., (“Google”), for usage analysis and reach measurement. Google Analytics for Firebase (“Google Analytics”) uses third-party provider cookies to identify the frequency of the use of certain areas of the app and preferences. The information about your use of our app (including your shortened IP address) collected via the cookie is transferred to a server belonging to Google in the USA and stored there. Google will use this information on our behalf and on the basis of a data processing agreement to evaluate your use of our app, to compile reports for us on the app usage activities and to provide other services associated with the use of the service and the Internet.

The legal basis for the use of services for usage analysis and reach measurement, such as Google Analytics, is Article 6(1)(f) GDPR; our legitimate interest in this respect results from the purposes of use described above, in particular in the analysis, optimisation and economic operation of our app.

Further information on data protection and the security of Google Analytics for Firebase can be found here: https://firebase.google.com/support/privacy/.

Data processing can also take place outside of the EU or the EEA in third countries.

We save collected data in Google Analytics for Firebase for a period of 14 months.

7.4. Permissions and permission requests by the app

7.4.1. Camera

The technology used only works via access to your camera. No data is saved for this. However, without camera access, it is not possible to integrate our 3D models so that they are shown to you virtually in your surroundings.

7.4.2. Memory and photos/media/files or file system

Access to your memory and photos/media/files and your file system is required so that you can save and, if need be, share images you have taken directly via the Outdoorchef 3D app. Access is limited to the “Outdoorchef 3D” folder, which is created in this case.

7.4.3. Miscellaneous

The permissions listed under “Miscellaneous” are necessary from a technical viewpoint in order to guarantee the functionality of the app and a satisfactory user experience. These, for example, enable you to reach the provider’s website directly from the app or prevent your mobile telephone from switching into sleep mode when the app is being used. These are standard permissions that are not actively requested from the user.

7.4.3.1. Microphone

The microphone is integrated into the app code for technical purposes, specifically the functioning of the AR technology, and can thus be listed by App Store providers, such as Google or Apple, as a permission. However, the microphone is actually not actively used during the use of the app and is therefore not actively requested.

8. Recipients of personal data

As already stated for the individual types of data processing, we send your data to various recipients and service providers, who support us, for instance, in operating our websites, our online shop and other data processing services and processes associated with this (e.g. also transport, debt collection, etc.). Where necessary, we have concluded data processing agreements with these recipients in accordance with Art. 28 GDPR or contracts for data processing in accordance with Art. 9(1)(1) FADP. Personal data is transferred to states outside of Switzerland exclusively when a data protection level comparable to that of the European Union is ensured or the contractual obligation to uphold an adequate data protection level exists.

For example, we use the cloud software Microsoft Dynamics 365 from Microsoft Inc. to manage your customer data as well as your orders and communication, and we use Microsoft IT to operate our infrastructure, including for client management, M365, Azure Cloud Services and backup services. Microsoft is certified in accordance with the Data Privacy Framework. An adequacy decision by the European Commission in accordance with Art. 45(3) GDPR therefore exists and a data protection level comparable to the European Union is thus ensured.

Provided the requirements under data protection law have been fulfilled, we send data from you to our Group companies within the Diethelm Keller Group in the countries in which our brand is represented, if necessary.

We may transfer personal customer data to purchasers for the purpose of and in the interest of preparing and implementing the sale of individual legal assets of our company or individual parts of the company to realise profits. The legal basis for this is Art. 6(1)(f) GDPR.

9. Storage period

Insofar as a specific storage period is not stated separately for the types of data processing shown above, we process your data if is fundamentally necessary to achieve the aforementioned purposes or where a separately granted declaration of consent to a longer storage period exists.

We then delete your data from all of our operational systems.

We proceed in the same manner if, in the case of processing on the basis of consent granted to us in accordance with Art. 6(1)(a) GDPR, you exercise your right to withdraw consent in accordance with Art. 7(3) GDPR or, in the case of processing on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR, you exercise your right to object in accordance with Art. 21 GDPR and the requirements stated therein are fulfilled.

This would continue to be permitted in particular if, in the case of your objection, there are verifiable compelling legitimate grounds for further processing by us that outweigh your interests, rights and freedoms as a data subject. The same applies if the processing is for the purpose of establishing, exercising or defending legal claims by us.

If erasure is not possible due to the fulfilment of a legal obligation to retain the data imposed on us, we transfer the data concerned to archives and restrict further processing for the duration of the retention period. In this case, the data is only permanently erased once the retention period has elapsed.

10. Voluntary nature of providing your data

The provision of your personal data is not required by law or contract.

However, it is necessary in certain cases so that you can make use of the services offered on our websites.

The non-provision of personal data may mean that the function of our websites may be limited or you are unable to make use of the services offered.

11. Your rights and legal claims in accordance with Art. 25 et seq. FADP and Art. 15 et seq. GDPR

GDPR grants you certain rights with regard to the processing of your personal data:

11.1. Right of access (Art. 25 FADP, Art. 15 GDPR)

You have the right to request confirmation as to whether personal data relating to you is being processed; if this is the case, you have the right to access this personal data and the information specified in Art. 25 FADP and Art. 15 GDPR.

11.2. Right to rectification (Art. 32(1) FADP, Art. 16 GDPR)

You have the right to request the rectification without delay of incorrect personal data concerning you and, where appropriate, the completion of incomplete personal data.

11.3. Right to erasure (Art. 32(4) FADP, 17 GDPR)

You also have the right to demand that personal data relating to you be deleted immediately if one of the reasons specified in Art. 17 GDPR applies, e.g. if the data is no longer required for the stated purposes or if a complaint situation exists in accordance with Art. 32(4) FADP.

11.4. Right to the restriction of processing (Art. 18 GDPR)

You have the right to demand the restriction of the processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have filed an objection against the processing in accordance with Art. 21 GDPR or for the duration of any audit to assess whether our legitimate interests outweigh your interests as a data subject.

11.5. Right to data portability (Art. 28 FADP, Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 28 FADP and Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transfer of this data to a third party.

11.6. Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6(1)(f) GDPR (processing necessary for the purposes of legitimate interests), you have the right to object to such processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are verifiable compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing takes place for the purpose of establishing, exercising or defending legal claims.

11.7. Right to withdraw consent (Art. 7(3)(1) GDPR)

If your personal data is processed on the basis of consent in accordance with Art. 6(6)(7) FADP and Art. 6(1)(a) GDPR, you have the right to withdraw your consent in accordance with Art. 7(3)(1) GDPR. You can withdraw your consent at any time with effect for the future.

11.8. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of the data concerning you violates data protection provisions. This right of appeal may, in particular, be exercised before a supervisory authority in the Member State in which you reside, work or in which the suspected infringement occurred.

12. Contact details of the data protection officer

Our company's data protection officer will be happy to provide you with information or suggestions on the subject of data protection. For more information, please contact:

datenschutz süd GmbH

Keyword: “Outdoorchef AG”

Wörthstraße 15

97082 Würzburg

E-mail: office@datenschutz-sued.de

Telephone: 0931 304 976 0

Web: www.datenschutz-nord-gruppe.de

E-mail: office@datenschutz-sued.de

13. Changes to this privacy policy

This privacy policy was last updated on 31.08.2023.