Newsletter
Contact

 

Data Protection Declaration

Südzucker AG is committed to protecting your privacy and your personal data and ensuring that this information remains secure. This is why Südzucker AG collects, processes and uses your personal data solely in accordance with the principles described below and the provisions of the EU General Data Protection Regulation (GDPR) and the national data protection and privacy laws applicable to Südzucker AG (German Federal Data Protection Act [BDSG], Telecommunications Telemedia Data Protection Act [TDDDG]).

Table of contents

I. Name and address of the Controller
The Controller as defined by the GDPR and other national data protection laws of the EU member states as well as other applicable data protection regulations for the operation of the website www.suedzucker.com (hereinafter referred to as “website”) is:

Südzucker AG
Maximilianstraße 10
68165 Mannheim, Germany

Tel.: +49 (0) 621 421-0
Fax: +49 (0) 621 421-234
E-Mail: info@suedzuckergroup.com
Website: https://www.suedzucker.com

represented by the

Supervisory Board Chairman: Dr. Stefan Streng
Executive Board: Dr. Niels Pörksen (CEO), Stephan Büttner, Hans-Peter Gai, Thomas Kölbl, Dr. Stephan Meeder
District Court, Mannheim, HRB 0042

(hereinafter referred to as “Südzucker”, “us” or “we”).

If you wish to object to the collection, processing or use of your data by us in accordance with this Data Privacy Policy as a whole or for individual measures, you may send your objection by e-mail, fax or letter using the contact details provided above or to our Data Protection Officer. You may also receive information on your personal data at any time and free of charge using the contact details provided above.

II. Name and address of the Data Protection Officer
The Controller’s Data Protection Officer may be contacted at:

Südzucker AG
Data Protection Officer
Maximilianstraße 10
68165 Mannheim

Email: datenschutz@suedzucker.de.

III. Your personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the “Data Subject”). Südzucker only processes your personal data insofar as this is necessary to provide you with a functioning website. We only collect personal data such as your name and e-mail address if you provide it to us voluntarily or if you have consented to its collection. For more information on technically required data, please refer to the explanations outlined under “Provision of the Website and creation of log files/protocol files” and“VI. Use of cookies”.

IV. General information on data processing
1. Scope of the processing of personal data
We process the personal data (hereinafter also referred to as “data”) of Data Subjects, i.e. visitors to the website, via our website to the extent necessary to provide a functioning website along with our content and services. We only process our users’ personal data after they have given their consent to the processing of their data. Exceptions include cases where the processing of data is permitted by law, required to fulfil a contract or technically necessary.

2. Legal basis for the processing of personal data
If we have obtained the consent of the Data Subject for processing operations involving personal data, Art. 6 (1) (a) GDPR serves as the legal basis.
As for the processing of personal data which is required for the performance of a contract to which the Data Subject is party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

If the processing of personal data is required in order to protect the vital interests of the Data Subject or of another natural person, Art. 6 (1) (d) GDPR serves as the legal basis.

If processing is required to safeguard the legitimate interests of our company or of a third party, and such interests are not outweighed by the interests or fundamental rights and freedoms of the Data Subject, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

The storage of information on a Data Subject’s devices or access to information which is already stored on a device only takes place on the basis of the Data Subject’s consent pursuant to Section 25 (1) TDDDG, unless the storage of information on the Data Subject’s device or the access to information we have already stored on the device is absolutely necessary (Section 25 (2) TDDDG) in order to provide the desired content or service to the Data Subject.

3. Data erasure and storage period
The Data Subject’s personal data will be erased or deleted as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by European or national legislators in EU directives, laws or other regulations to which the Controller is subject. Blocking of further data processing or erasure of data also takes place if a legally prescribed storage period has expired, unless there is a need for further data storage for fulfilment of the contract.

V. Provision of the website and creation of log files
1. Description and scope of data processing
When the website is used solely for information purposes, we only collect the personal data that your browser transmits to our server or provider and that is technically necessary for the purpose of displaying our website to you and ensuring its stability and security.

We have contracted Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany (hereinafter referred to as “Mittwald”) for the hosting and technical provision of our website. We have concluded an agreement with Mittwald governing the processing of personal data as required under data protection law pursuant to Art. 28 GDPR. According to this agreement, Mittwald undertakes to guarantee the necessary protection of your data and to process it exclusively on our behalf and as instructed by us in accordance with the applicable data protection provisions. Further information on Mittwald is available on their website at: https://www.mittwald.de/.

The following data is included in log files provided by Mittwald within the framework of hosting:

(1) The type of browser used and the browser version, provided that you have consented to transmission within your browser settings,
(2) The operating system and the user’s Internet service provider,
(3) The date and time of the server request,
(4) The number of visits,
(5) the length of time spent on the website,
(6) Previously visited website, only if it has linked to our website and the visitor has clicked on this link,
(7) The user’s IP address, anonymized by Mittwald in the system before it is stored.
(8) The volume of sent/transferred data
(9) The geographical origin of access.

Mittwald stores the data ((1) – (9)) on servers hosted in Germany. Mittwald uses this information for the stated purpose on our behalf. There is no independent use of data by Mittwald or unauthorized disclosure to third parties. This data is not stored together with any of the user’s other personal information.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR in conjunction with Section 25 (2) (2) TDDDG.

3. Purpose of data processing
Temporary storage of the IP address by the system is required to deliver the website or content to the user’s device. To do this, the user’s IP address must be stored for the duration of the session.
All the above information ((1) – (9)) is stored in log files to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. We also have a legitimate interest in processing data for these purposes pursuant to Art. 6 (1) (f) GDPR in conjunction with Section 25 (2) (2) TDDDG.

4. Storage period
User’s IP addresses are anonymized as soon as they are no longer required to achieve the purpose for which they were collected. This is the case at the end of the user’s respective session. It is then no longer possible to associate the IP address with the client that accessed the information.
Log files will not be stored for the purposes listed above for a period of more than 60 days.

5. Objection and removal option
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

VI. Use of cookies
1. Description and scope of data processing
We use cookies to make your visit to our website more convenient. Cookies are small text files that are stored on your device and enable us to recognize your browser, among other things. Cookies enable us to improve the comfort and quality of the services provided on the website. Cookies are also used to analyze the use of the website in anonymized form.

Some of the cookies we use are deleted when your browser session ends, i.e. after you close your browser (so-called “session cookies”). Other cookies remain on your device during their respective validity period (see below) and enable us to recognize your browser on your next visit.

When users access our website, we inform them by means of a cookie banner (see section “Privacy settings with Cookiebot”) about the use of cookies (technically necessary cookies, preference cookies, statistics cookies and marketing cookies) and have technically set up the consent required under data protection law to set the cookies for which consent is necessary. With the exception of technically necessary cookies, consent must always be granted in advance for cookies to be set on the user’s device. Users are also made aware of this Data Privacy Policy via an info banner.
In the following, we provide you with an overview of the cookies used, their validity period and the respective opt-out options. Please note that you can adjust your cookie settings at any time and revoke your consent at any time with future effect. You will also find a detailed list of all cookies, including the purpose, provider and validity period, in our cookie banner.

Technically necessary cookies (essential):
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser remain identifiable even after the user moves to another page. Technically necessary (essential) cookies are used to ensure that your visit to our website goes smoothly This includes, for example, the security of our website as well as the prevention of unwanted, automated access in the form of spam, viruses and malware or the storage of your individual cookie settings for our website. These cookies are necessary to ensure you are able to safely visit our website and cannot be disabled.
The following technically necessary cookies are stored on your device and transmitted to us each time a page is viewed:

(1) CookieConsent: Stores user’s consent status for cookies on the current domains (validity: 1 year).
(2) szUserSelect: Technical and essential cookies containing the session code (Validity: session).

These cookies do not contain any personal data and are therefore not used for personal identification.

Statistics cookies:
We also use cookies on our website that allow us to analyze the browsing behavior of our users.
The following data can be transmitted in this way:
(1) Entered search terms
(2) Frequency of page views
(3) Use of website function
(4) Duration of visit
User data collected in this way is anonymized via technical precautions. As a result, it is no longer possible to associate this data with the user who viewed the page. This data is not stored together with any of the user’s other personal data.
Statistics cookies are used for the purpose of improving the quality of our website and its content. Using statistics cookies enables us to learn how our website is used so that we can continue to optimize our services. For further information on technical measures and third-party providers, please refer to “Website analysis services”.

Marketing cookies:
In addition, third-party providers may set so-called third-party cookies on your device due to the use of various plugins on our website. We use our YouTube plugins for incorporating a YouTube video, exclusively on the basis of your existing consent via our cookie banner, i.e. YouTube, as third-party provider, can only use cookies or obtain information on your visit to our website if you have given your consent via our cookie banner. For a description of cookies, how they work, their purpose and options for refusing them, please refer to the explanations under “Use of YouTube”.

2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies (see (a)) is Art. 6 (1) (f) GDPR in conjunction with Section 25 (2) (2) TDDDG.
The legal basis for the processing of personal data using cookies for statistical or marketing purposes or for storing preferences (see (b) – (d)) is your consent granted via the cookie banner pursuant to Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG.

3. Purpose of data processing
The purpose of using technically necessary cookies is to enable you to use our website. Some functions on our website cannot be provided without using cookies. For these it is necessary for the browser to be recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.
The use of the statistics and personalization cookies is for the purpose of improving the quality of our website and its content based on the consent you have granted. Using cookies enables us to learn how our website is used so that we can continue to optimize our services.
For information on the purpose and objection options for cookies used for statistical and marketing purposes and for storing your preferences (see (b) – (d)), please refer to the explanations under ““Website analysis services” and ““Plugins and tools”.

4. Storage period, objection and removal option
Cookies are stored on the user’s device, which transmits them to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. In addition, we offer you the option to change the settings made via our cookie banner at any time or to revoke consent you have granted with future effect via the link to the cookie settings (“Cookie Settings”) on our website. It is also possible to use our website without optional cookies. However, this may lead to certain restrictions in the functions and user-friendliness of our services on the website. If cookies are disabled for the website, it may no longer be possible to fully use all functions of the website.

VII. Communication

VII.1 General contact requests and use of the contact form
1. Description and scope of data processing
Visitors to our website may contact us via an e-mail address or a contact form. In all cases, the transmitted personal data of the user is stored. The scope of the processed personal data as well as which personal data is processed in each individual case may vary depending on the form or contact request. This includes the following data in particular:
(1) Your first and last name;
(2) Your company and details of your position;
(3) Your address (country);
(4) Your contact details (e-mail address, phone number);
(5) Resulting correspondence (product information, purpose of the request and message).

Your data and/or the resulting correspondence will be processed solely by us. Beyond this, the data will not be forwarded to third parties. The data is used exclusively for the conversation initiated by the user to contact you by phone, mail, fax or e-mail regarding your request. Mandatory information (*) and voluntary information is identified in the contact forms.

2. Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an e-mail or via the contact form is Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG. If the user’s e-mail is intended to facilitate the conclusion of a contract, then the legal basis for processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing
We process personal data that you send voluntarily by e-mail or by completing the contact form solely for the purpose of contacting you or answering your questions about our products.

4. Storage period
The system does not store the contact requests on our web server. All contact requests are forwarded to the responsible contact person within Südzucker AG.
The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent via e-mail or via the contact form, this is the case when the conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter concerned has been finally resolved.

5. Revocation and removal option
Users can revoke their consent to the processing of personal data at any time. If users contact us by e-mail or via the contact form, they can object to the storage of their personal data at any time. In such cases, the conversation cannot be continued. Revocation can take place at any time using the contact details under I. and II. and the following e-mail address datenschutz@suedzucker.de. All personal data stored in the course of contacting us will be erased in this case.

VII.2 Newsletter
1. Description and scope of data processing
It is possible to subscribe to our e-mail newsletter via our website. When you subscribe to our newsletter, we use the necessary data and data you disclose to send you our e-mail newsletter based on your consent. We send newsletters at regular intervals based on your selection in order to provide you with news, offers and information about Südzucker AG and our products.
When you subscribe to an electronic newsletter, we process the following data in particular:
(1) Your first* and last name*,
(2) Your e-mail address*,
(3) Company name,
(4) Industry,
(5) Country of origin*,
(6) Whether you have consented to or objected to receiving such communications, including date and time*.
If you have subscribed to our newsletter, we only collect and process the data you have provided to send the newsletter. Mandatory information (*) and voluntary information is identified when the data is collected.
To safeguard your personal data and to detect and prevent interactions on our website via automated access, e.g. through so-called ‘bots’, we use Friendly Captcha when processing subscriptions to our newsletter. For more information on Friendly Captcha, please refer to the section “Fraud prevention – Using Friendly Captcha”.

For the technical implementation of dispatch and the provision and supervision of our marketing automation system (see section “Use of marketing automation system Net-Results”), we have engaged the agency Interface Marketing BV, Waterstraat 67, 2970 Schilde, Belgium (in the following referred to as “Interface Marketing”), which processes the supplied data on our behalf in accordance with the necessary data security measures as a processor within the meaning of Art. 28 GDPR. The contractual basis has been agreed. The data is used by Interface Marketing solely for the purpose of sending our newsletter via our Marketing Automation System and for the evaluation of the success of our newsletter.
Further information on Interface Marketing is available on the website at: www.interface-marketing.com.

Registration for the e-mail newsletter is via a double opt-in procedure set up by the system. This means that once you have provided your data, you will receive an e-mail with a confirmation link. This confirmation e-mail is used to authorize the receipt of the newsletter by the owner of the e-mail address provided. The e-mail address will only be included in the mailing list after confirmation has been completed. The following information is stored: registration data, login, confirmation, logout time, IP address and changes to the stored data. The collection of this data is required to be able to trace any misuse of the e-mail address of the Data Subjects and to protect the Controller.

To further improve our newsletter services, data on the use of our newsletter and your response to it is collected in order to create non-personal statistics. For this purpose, the distributed newsletters contain web beacons or tracking pixels (in the following referred to as “tracking measures”). The tracking measures are used to collect access status, the volume of data transferred, the number of openings and clicks, mailshots received, the browser, the operating system and its interface. This information is associated with your e-mail address and linked to a separate ID. Conversion tracking can also be used to analyze whether a previously defined action (e.g. linking to an event) has taken place after clicking on the link in the newsletter. The collected data is merged in our marketing automation system with the information collected on our website (see “Use of marketing automation system Net-Results”).

2. Legal basis for data processing
The legal basis for processing data transmitted in the course of granting consent for the sending of our newsletter and for the temporary storage of data for the evaluation of performance is Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG. We have an interest in direct advertising and evaluating your response to the content of the newsletter in order to be able to compete successfully in the marketplace.

3. Purpose of data processing
Personal data is processed by us and our service provider Interface Marketing solely for the purpose of processing and sending our newsletter and evaluating the success of a particular newsletter. Anonymized statistics about your use and response to our newsletter help us tailor our services to the interests of our subscribers. This also constitutes the necessary legitimate interest in the processing of the data.

4. Storage period
Your data is stored on hosted servers of Interface Marketing at Net-Results. Interface Marketing uses this information solely to send the newsletter and evaluate newsletter use on our behalf. There is no independent use of the data by Interface Marketing, e.g. for making contact or forwarding to third parties.
The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected. For personal data that you have provided us with for the purpose of applying for and sending the newsletter, this is then the case if your consent to processing has been revoked. After unsubscribing from the newsletter, all stored data will be erased.

5. Objection and removal option
You may cancel your subscription to the newsletter at any time
via our website by providing your contact details (e-mail address and first and last name). You can also do this by sending an e-mail to us at (info@suedzuckergroup.com) or via the unsubscribe link provided in the newsletter.

VII.3 Provision of information materials for download

1. Description and scope of data processing
Upon request, we will provide you with information material, such as white papers on Südzucker products. You can provide the information required for sending it via a form embedded in our website.

Specifically, the following data is collected via the form:
(1) Your first and last name;
(2) Your company and information about your position;
(3) Your country of origin (country);
(4) Your e-mail address.

After you have provided us with your data, we will send you an e-mail with a download link.

However, please note that we use the data provided in connection with your download of our information materials for direct advertising about similar products from us. We send this information regardless of whether you have subscribed to our newsletter or not. Your data will not be forwarded to third parties, not even within the Südzucker Group.
If you do not wish to receive this information about similar products, you can informally object to this at any time using the contact details provided above, without incurring any transmission costs. Alternatively, you can also use the unsubscribe link contained in each email.

For the technical implementation of the mailing and the provision of the download link, we use our Marketing Automation System (see section “Use of marketing automation system Net-Results”), in which the collected data is also stored. The data is used exclusively for the provision of the download link and for sending our direct advertising.

2. Purpose and legal basis for data processing
The processing of your data is necessary for sending the respective download material via a download link to your e-mail address (Art. 6 (1) (1) (b) GDPR).

The processing of your data for the purpose of sending you information by e-mail about similar goods, products or services of Südzucker AG is carried out in compliance with Section 7 (3) of the German Unfair Competition Act (UWG).

3. Storage period
The system does not store requests for our download material on our web server. All requests are processed exclusively in our marketing automation system.

The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected. For personal data collected for the purpose of direct marketing, this is the case if the respective addressee has objected to the processing. We will retain your data for a maximum of 1 year after an objection has been made.

4. Objection and removal option
The user has the right to object at any time to the processing of personal data for the purpose of direct marketing. If users contact us by e-mail or via an unsubscribe link provided for this purpose in the e-mail, they can object to the storage of their personal data at any time. Revocation can take place at any time using the contact details under I. and II. and the following e-mail address info@suedzuckergroup.com. All personal data stored in the course of downloading the information materials will be erased in this case.

The objection does not lead to the termination of the service relationship of the download material.

VIII. Website analysis services

Matomo / Piwik
1. Description and scope of data processing
We have integrated the open source web analysis service Matomo (formerly Piwik) on our website.
We use cookies on our website that allow us to analyze the browsing behavior of our users. This enables us to analyze how frequently webpages are viewed or website functions are used. The user data collected in this way is anonymized during collection by a technical precaution that has been set up. As a result, it is no longer possible to associate this data with the user who viewed the page. This anonymized data is not stored together with any of the user’s personal data.

If individual pages of our website are accessed, the following data is automatically transmitted to our web server by means of the integrated script via the Internet browser used on your end device:

  • IP address of the user’s accessing system
  • The website accessed and the time of the call
  • The website from which the user came to the website accessed (referrer)
  • The subpages viewed from the website accessed
  • The length of time spent on the website
  • The frequency of access to the website
  • Country of origin – the device, operating system and browser used

Following analysis – Cookies are set on your device:

(1) _pk_id: Differentiation between users and sessions. Validity 13 months,
(2) _pk_ref: Determination of traffic source. Validity 6 months,
(3) _pk_ses: Identification of visitors. Validity 30 minutes.

2. Statistics cookies are used for the purpose of improving the quality of our website and its contents. By using statistics cookies, we can find out how our website is used and continually optimize our services.
The legal basis for the processing of personal data using cookies for statistical or marketing purposes (tracking cookies) is, based on the consent you have granted, Art. 6 (1) (1) (a) GDPR in conjunction with Section 25 (1) TDDDG.

3. Revocation, objection and removal option
You can object to the collection, storage and use of information by Matomo at any time with future effect using the following methods:
a) You can prevent the storage of cookies set by Matomo by setting your browser software accordingly.
b) You can revoke your consent to the collection of your data by Matomo at any time by deactivating it in our consent banner (CMP) .
However, please note that if you deactivate or opt-out, you may not be able to use all the functions of the website to their full extent.

For more information about Matomo’s open source project and the software’s privacy settings, visit matomo.org/privacy.

IX. Plugins & Tools

We use extensions, plugins and offers from third-party providers on our website for its uniform presentation, to ensure the necessary security of our information technology systems and to provide our cookie banner. Personal data is often passed on to third parties or transmitted automatically in the process. The following lists and explains the nature, scope and purpose of this processing of personal data:

IX.1 Use of the WordPress extension Wordfence
1. Description and scope of data processing
On our website we use a WordPress extension (hereinafter referred to as “WP Plugin”). The WP Plugin “Wordfence Security”, a product from Defiant Inc. 800 5th Avenue, Suite 4100, Seattle, WA 98104, USA (hereinafter referred to as “Wordfence”), is used to secure our website, i.e. to protect against viruses, malware, spam and to defend against cyber attacks (e.g. brute force or DDoS attacks). We have concluded the agreement required under data protection law with Wordfence on the basis of the valid standard contractual clauses. Wordfence establishes whether the visitor to our website is a human being or a bot/robot. In individual cases, technically necessary cookies will be placed on your device and IP address, browser and device information, date and time of the website visit and information on the operating system will be collected by Wordfence and stored on the servers hosted by Wordfence. Harmless IP addresses, including other collected data, are marked and released with each visit – questionable IP addresses are blocked by Wordfence. Wordfence uses the CDN Cloudflare, a product from Cloudflare, Inc. 101 Townsend St., San Francisco, CA 94107, USA, to execute scripts.
Further information on data processing by Wordfence Security can be found in the data privacy policy at https://www.wordfence.com/terms-of-use-and-privacy-policy/.

2. Legal basis and purpose of the data processing
The legal basis for the use of Wordfence is Art. 6 (1) (f) GDPR in conjunction with Section 25 (2) (2) TDDDG. We have a legitimate interest in the security of our Internet presence and in preventing unwanted, automated access in the form of spam, viruses and malware and also directly in the security of visitors to our website.

3. Objection and removal option
The processing of data to secure our website and to provide the functions is essential for operating the website. Consequently, there is no possibility of objection on the part of the user.

IX.2 Fraud prevention – Use of Friendly Captcha
1. Description and scope of data processing
On our website – in particular here also within our newsletter form embedded in the website – we use a service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany (hereinafter referred to as “Friendly Captcha”) to check and avoid interactions on our website by automated accesses.

Friendly Captcha is used to check whether the data entered on the website was entered by a human or by an automated program (hereinafter also referred to as “bot”). To do this, a widget embedded on our website loads a puzzle request via a Friendly Captcha server and displays it to the user. Based on the user’s interaction with the puzzle, the provider can identify whether it is a malicious user.

Friendly Captcha stores the following log data as part of the process:

(1) The request headers User-Agent, Origin and Referrer,
(2) The puzzle itself, which contains information about our Südzucker account and the website key of our website to which the puzzle refers,
(3) The version of the widget,
(4) A timestamp.

Friendly Captcha also stores one anonymized counter per IP address for analysis. Friendly Captcha stores the anonymized counter separately from the rest of the information collected, so that no cross-site comparison can take place. For the display of the puzzle within the widget, the processing of your IP address is necessary. For this purpose, however, the provider uses a set-up anonymization of the IP address by means of one-way hashing.

We have concluded the data protection agreement on commissioned processing (as defined in Article 28 GDPR) with Friendly Captcha, in which Friendly Captcha undertakes to protect our users’ data and to process it exclusively on our behalf.
Further information on data processing by Friendly Captcha can be found at https://friendlycaptcha.com/en/legal/privacy-end-users/. Friendly Captcha provides a transparent breakdown of all data processing information to end users via the link.

2. Purpose and legal basis for data processing
The legal basis for the use of Friendly Captcha is Section 25 (2) TDDDG and Art. 6 (1) (f) GDPR. Our legitimate interest lies in the security of our website as well as our newsletter form and in the defense against unwanted, automated access in the form of spam or similar by bots and thus also serves to provide visitors to our website with a secure browsing experience.

3. Option of objection and elimination
The collection of the information is absolutely essential in order to provide functions of Friendly Captcha and for the purposes described. Consequently, there is no possibility of objection on the part of the user.

IX.3 Privacy settings with Cookiebot
1. Description and scope of data processing
We use the cookiebot.com services provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”) on our website for the provision of our cookie banner. The system manages the use of third-party providers, technical measures and cookies by means of granted or refused consent.

We have concluded the required data protection agreement with Cookiebot for processing pursuant to Art. 28 DSGVO. According to this agreement, Cookiebot undertakes to guarantee the necessary protection of your data and to process it exclusively on our behalf and as instructed by us in accordance with the applicable data protection provisions.

Cookiebot processes the following data to provide and manage the CMP:
(1) Your IP address, anonymized by Cookiebot during collection (the last three digits are set to “0”);
(2) Other information on the browser and version used;
(3) Date and time of your visit to our website and the settings you have made via our cookie banner;
(4) The URL of the accessed website;
(5) An anonymous, random and encrypted key (ID);
(6) Your given consent or individual privacy settings;
and uses the local storage on your end device and the placement of cookies (see section “Use of cookies”) to store this information locally in your browser. For this purpose, your individual settings as well as your ID are stored in a cookie so that the settings made are taken into account the next time you visit our website.

The retention period is the period of time during which the data processed by the cookie banner is stored for the purpose of consent management. Consent data (granting and revoking of consent) is kept for one year. No new consent is required within this period, unless new systems are introduced or a new legal or regulatory framework makes it necessary to obtain new consent. You can find further information on data processing by Cookiebot in Cookiebot’s data privacy policy at https://usercentrics.com/privacy-policy/.

2. Purpose and legal basis for data processing
The purpose of the data processing by Cookiebot is to provide and manage the consents granted by our website visitors in such a way that the management of consent is data protection-compliant. Cookiebot is used for verifying granted and non-granted consent and managing the individual privacy settings of our users. Processing is carried out for the purpose of obtaining the website visitor’s consent, providing revocation and objection options, providing evidence that the consent has been obtained (time of consent, end device used) and identifying the user in order to manage their individual privacy settings.

The use of a cookie banner and the management and storage of your consent to the processing of your personal data is based on our legal obligation to provide a data protection-compliant website (Art. 6 (1) (c) GDPR in conjunction with Section 26 TDDDG). The legal basis for the use of the Cookiebot service provider is also Art. 6 (1) (f) GDPR in conjunction with Section 25 (2) (2) TDDDG. We have a legitimate interest in legally compliant documentation and verifiability of consent as well as the control of our analysis campaigns based on your consent through the use of specialized contract processors and the associated technical implementation.

3. Objection and removal option
The processing of data to provide a cookie banner is essential for operating the website. The user has no possibility to object as long as Südzucker is legally obligated to obtain the user’s consent to certain data processing operations.

IX.4 Use of the marketing automation system Net-Results
1. Description and scope of data processing
On our website we have incorporated functions of our marketing automation system “Net-Results”, a service offered by Forward I.T. Solutions LLC. dba Net-Results, 1738 Wynkoop Street, Suite 201, Denver, CO 80202, USA (hereinafter referred to as “Net-Results”).
For the technical provision and supervision of our marketing automation system, we have engaged the agency Interface Marketing BV, Waterstraat 67, 2970 Schilde, Belgium (hereinafter referred to as “Interface Marketing”), which processes the provided data in accordance with the necessary data security measures as a contract processor within the meaning of Art. 28 GDPR. The contractual basis has been agreed.
Net-Results uses “cookies” or “third-party cookies”. These are text files stored on your computer or the end device you use (tablet, smart phone, etc.) which enable your use of our website to be analyzed (see VI. “Use of cookies”).
The following cookies are set by our marketing automation system:
(1) _acuuid (Validity: 1 day),
(2) _mauuid (Validity: 2 years).
(3) laravel_session (Validity: session).
(4) XSRF_Token (Validity: 1 day).

The features provided in our marketing automation system enable us or our contractor, Interface Marketing, to identify which email channels our website visitors and newsletter subscribers use to access our website. This enables us to improve our newsletter as well as the information we offer on our website and tailor it to the needs of our newsletter subscribers and website visitors.

The data generated by the cookie contains information on how you use this website (including your IP address) and is transmitted to a Net-Results server in the USA where it is saved. Net-Results will use this information to evaluate reports on website activity.
You can find more information on the Net-Results marketing automation system at https://www.net-results.com/.

2. Purpose and legal basis for data processing
The legal basis for the processing of personal data using cookies for marketing purposes by applying our marketing automation system is the consent you have provided via the cookie settings or our cookie banner pursuant to Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG.
Furthermore, we have a legitimate interest in the aforementioned processing purposes (Art. 6 (1) (f) GDPR) in conjunction with Section 25 (2) (2) TDDDG). It is important for the Controller to make our website and newsletter attractive and increase interaction with visitors and registered newsletter subscribers with the aid of our marketing automation system.

3. Storage period
Your data is stored on Net-Results servers in the USA. Interface Marketing uses this information solely to send the newsletter and evaluate newsletter use on our behalf and to improve our newsletter and the range of information on our website and tailor them to the needs of our newsletter subscribers and website visitors. There is no independent use of the data by Interface Marketing or Net-Results or forwarding to third parties.

The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected. For personal data that you have provided us with for the purpose of applying for and sending the newsletter, this is then the case if your consent to processing has been revoked. After unsubscribing from the newsletter, all stored data in our Marketing Automation System will be erased.
The information collected via cookies is erased from Net-Results servers after two years at the latest.

4. Revocation, objection and removal option
You can revoke your consent to the processing of personal data for our marketing automation system at any time.
a) You can prevent the storage of cookies used by Net-Results by setting your browser software accordingly.
b) You can revoke your consent to the recording of your data by Net-Results at any time by deactivating the check mark under the cluster “Marketing” in our cookie settings.
c) Consent can be revoked any time using the contact details under I. and II. and the following e-mail address datenschutz@suedzucker.de . All personal data stored in our marketing automation system will be erased in this case.
However, please note that if you deactivate or opt-out, you may not be able to use all the functions of the website (e.g. to apply for our newsletter) to their full extent.

IX.5 Use of YouTube
1. Description and scope of data processing
To integrate videos, we use a plugin from the provider YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA or Google Ireland Limited, Gordon House, 4 Barrow St, Dublin 4, Ireland (hereinafter referred to as “YouTube” or “Google”) on our website. YouTube / Google is certified under the Data Privacy Framework. You can find proof of this in the list of US companies voluntarily certified under this.
The content of the plugin is transmitted directly from YouTube to your browser through a connection to the YouTube servers and incorporated into the website. This will transmit your visit to the website to YouTube together with your IP address.
If you are logged into YouTube with your user account, YouTube can assign the information obtained to your account by using the plugin. In this case, the information is transferred to your personal user account at YouTube and stored there by YouTube. Cookies (see section “Use of cookies”) are set by the following providers:
(1) Doubleclick.net
(2) Google.com
(3) Youtube.com
You can find a detailed list of the cookies set by Google and YouTube, including their purpose and validity period, in our cookie banner. Since YouTube collects data in particular via cookies, we also recommend that you delete all cookies via the security settings of your browser.
We integrate the plugin exclusively on the basis of the consent you have granted via our cookie banner, i.e. YouTube can only set cookies or obtain information on your visit to our website if you have given your consent to the use of YouTube plugins via our cookie banner. If you have rejected the “Marketing” cluster in our cookie banner, we refer you to our cookie settings instead of the embedded video. No data is transferred to YouTube by simply visiting our website.

Through the use of YouTube and your visit to our website, on which the plug-in for the integration of YouTube content is used, data (including the date and time of your visit to our website, location information, URL of the accessed website, search terms) is generally collected, processed and stored. When you access the YouTube video on our website, YouTube or Google independently stores cookies via your browser on your computer or mobile device. In addition, Google can store and evaluate your IP address and our website, as a starting point, via an interface. For more information on the processing of data by YouTube or Google, we refer to Google’s privacy policy. We have no influence over the data collected and data processing operations performed by YouTube, nor is the full extent of the data collection, the purposes of processing, the storage periods or the storage location known. We also have no information on the erasure of the data collected by YouTube.
Further information and the applicable data protection provisions of the operator can be found at https://www.youtube.com/t/terms and https://policies.google.com/privacy?hl=en.

In order to avoid an unauthorized and uncontrolled flow of data from the time you visit our website, we integrate the plug-in with what is known as a consent solution, i.e. YouTube and Google may only set cookies or receive information about your visit to our website if you have actively clicked on the plug-in to play the YouTube video or have consented to the display of YouTube videos via our cookie banner. By visiting our website without confirmation on your part by way of the consent solution, no data is transmitted to YouTube or Google.

By default, we have embedded our YouTube videos with “extended data protection mode”. This means that YouTube or Google cannot set any third-party cookies on your device via the plugin. We have no influence on the data and data processing operations collected by YouTube or Google, nor is the full extent of the data collection, the purposes of the processing, the storage periods or the storage location known. We also have no information on the erasure of data collected by the provider.

2. Legal basis for the processing of personal data
The legal basis for the processing of personal data is based on your consent in this regard by voluntarily using or clicking on the provided plugin content or consent via the cookie banner provided by Cookiebot Art. 6 (1) (a) DSGVO in conjunction with Section 25 (1) TDDDG.
Furthermore, we have a legitimate interest in the aforementioned processing purposes (Art. 6 (1) (1) (f) GDPR) in conjunction with Section 25 (2) (2) TDDDG). It is important for the Controller to make the website attractive and increase interaction with visitors and registered users with the help of the plugin. The use of YouTube improves the functionality of the website.

3. Revocation, objection and removal option
You can object to the collection, storage and use of information by YouTube or revoke your consent at any time with future effect using the following methods:
a) Under European and German law, you have a right to object to the creation of user profiles or association with user profiles; you must contact the plugin provider or YouTube directly to exercise this right;
b) In addition, please note that you can prevent this association a by logging out of your YouTube profile before visiting the website and erasing the cookies used by YouTube. Alternatively, you can prevent the storage of cookies used by YouTube by setting your browser software accordingly.
c) You can revoke your consent to the recording of your data by YouTube at any time by deactivating the check mark under the cluster “Marketing” in our cookie settings.
However, please note that if you deactivate or opt-out, you may not be able to use all the functions of the website to their full extent.

X. Rights of the Data Subject
When your personal data is processed, you are a Data Subject within the meaning of the GDPR and have the following rights with respect to the Controller:

1. Right to information
You may request the Controller to confirm whether we process your personal data.
If such processing occurs, you can request the following information from the Controller:
(1) The purpose for which the personal data is processed;
(2) The categories of personal data being processed;
(3) The recipients or categories of recipients to whom the personal data have been or will be disclosed;
(4) The planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) The existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
(6) The existence of the right to lodge a complaint with a supervisory authority;
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request information about the appropriate safeguards relating to the transfer pursuant to Art. 46 GDPR.
To exercise your right to free information, please contact us directly via the contact details in our Imprint or contact our Data Protection Officer (see sections I and II).

2. Right to rectification
You have a right to rectification and/or completion with respect to the Controller if your processed personal data is incorrect or incomplete. The Controller must rectify the data without undue delay.

3. Right to restriction of processing
You may request the restriction of processing of your personal data under the following conditions:
(1) If you contest the accuracy of your personal data for a period enabling the Controller to verify the accuracy of your personal data;
(2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) The Controller no longer needs the personal data for the purposes of the processing, but you require them for the assertion, exercise or defense of legal claims;
(4) If you have objected to processing pursuant to Article 21 (1) GDPR and it is not yet certain whether the legitimate interests of the Controller outweigh your interests.
If processing of your personal data has been restricted, this data may – with the exception of data storage – only be used with your consent or for the purpose of assertion, exercise or defense of legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the processing has been restricted according to the aforementioned conditions, you will be informed by the Controller before the restriction of processing is lifted.

4. Right to erasure
a) Obligation to erase
You may request that the Controller erase your personal data without undue delay, and the Controller is obligated to do so immediately if one of the following applies:
(1) Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent on which the processing is based pursuant to Art. 6 (1) (a) and there is no other legal basis for processing the data.
(3) According to Art. 21 (1) GDPR, you object to the processing of the data and there are no overriding legitimate grounds for processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) Your personal data has been unlawfully processed.
(5) Your personal data must be erased in order to ensure compliance with a legal obligation in Union or Member State law, to which the Controller is subject.
(6) Your personal data was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.
b) Information to third parties
Where the Controller has made your personal data public and is obligated to erase the personal data pursuant to Art. 17 (1) GDPR, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you, as the Data Subject, have requested the erasure by such controllers of any links to, or copy or replication of, such personal data
c) Exceptions
The right to erasure does not exist if the processing is necessary;
(1) For exercising the right of freedom of expression and information;
(2) For compliance with a legal obligation which requires processing by Union or Member State law, to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
(3) For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Section 89 (1) GDPR, where the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
(4) For the assertion, exercise or defense of legal claims.

5. Right to information
If you have asserted the right of rectification, erasure or restriction of processing over the Controller, the Controller is obligated to notify all recipients to whom your personal data has been disclosed of the rectification or erasure of the data or restriction of processing, unless this proves to be impossible or involves an unreasonable amount of effort.
You reserve the right to be informed about the recipients of your data by the Controller.

6. You have the right to receive your personal data provided to the Controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit data on to another Controller without hindrance by the Controller to whom the personal data was provided, provided that
(1) The processing is based on consent pursuant to Art. 6 (1) (a) GDPR and
(2) The processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the Controller.

7. Right to object
You have the right to object, at any time, to the processing of your personal data for reasons that arise from your particular situation pursuant to Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.

In addition, you have the right to object at any time to the processing of your personal data for direct marketing purposes; this also includes profiling to the extent that it is related to such direct marketing.
The Controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of assertion, exercise or defense of legal claims.

8. Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. Revocation of consent does not affect the legality of the processing carried out on the basis of the consent until it was revoked.

9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, workplace or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

The data protection authority responsible for us is Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit [Baden-Wuerttemberg State Commissioner for Data Protection and Freedom of Information], address: Lautenschlagerstraße 20, 70173 Stuttgart, Germany, postal address: Postfach 10 29 32, 70025 Stuttgart, Germany, further information can be found at www.baden-wuerttemberg.datenschutz.de.

XI. Automated decision-making and profiling
As a responsible company, we do not use your data for profiling or automated decision-making

XII. Links to other websites
This Data Privacy Policy applies exclusively to the Internet presence of Südzucker AG. Certain webpages on this website may contain links to third-party websites or social media platforms. Our Data Privacy Policy does not cover these websites or providers. When you leave the website, we recommend that you carefully read the privacy policies of every website that collects personal data.

XIII. Security
We take the necessary security measures to protect your personal data from unlawful or unintended access or erasure, modification or loss or unauthorized disclosure. We encrypt your data during transmission via our website and use SSL (Secure Socket Layer) and TLS (Transport Layer Security) connections. We protect our website and our other systems and personal data by means of appropriate technical and organizational measures against, in particular, loss, destruction, unauthorized access, modification or disclosure to third parties.

XIV. Availability and changes
You can view this Data Privacy Policy at any time at https://www.suedzucker.com/privacy. You can also save or print out this Data Privacy Policy by using the corresponding functions of your browser.

We reserve the right to amend this Data Privacy Policy from time to time or to adapt it to legal requirements and therefore request that you check the current status of our Data Privacy Policy each time you visit our website.

Version: May 2024

How can we help you?

    Buy online
    If you are interested in buying our products online, please select your country.
    You will be forwarded to our online shop.
    If your country isn't listed, please contact us.