I. Introduction and Terms
1. GENERAL
By operating our website with the URL www.ebbeundfood.eu (hereinafter referred to as ‘Website’), we process personal data. This data is treated confidentially and processed in compliance with applicable laws – particularly the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications-Telemedia Data Protection Act (TTDSG).
With this Privacy Policy, we aim to inform you about the personal data we collect from you, the purposes for which we use it, the legal basis for its processing, and, if applicable, the parties to whom we disclose it. Furthermore, we will explain the rights you have to protect and enforce your privacy.
2. TERMS
Our Privacy Policy includes technical terms defined in the GDPR and the BDSG. To help you better understand, we would like to explain these terms in simple words in advance:
2.1 Personal Data
Personal data’ refers to any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Information about an identified person can include, for example, their name or email address. Personal data also includes information where the identity is not immediately apparent but can be determined by combining it with other information, whether owned or obtained from external sources, thus identifying the individual. A person can be identified, for instance, through their address or bank account details, date of birth, username, IP address, and/or location data. Essentially, any information that in any way allows for a conclusion about a person is considered relevant.
2.2 Processing
According to Art. 4 No. 2 GDPR, ‘processing’ refers to any operation performed on personal data. This includes, in particular, collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, transmitting, disseminating or otherwise making available, aligning or combining, restricting, erasing, or destroying personal data.
II. Controller and Data Protection Officer
3. CONTROLLER
The entity responsible for data processing is:
Company: Ebbe & Food GmbH (‘we’)
Legal Representative: Marlon Harms
Address: Cremon 11, 20457 Hamburg
Phone: +49 40 2383040 20
Email: contact@ebbeundfood.eu
4. DATA PROTECTION OFFICER
We have appointed an external Data Protection Officer for our company. You can reach them at:
Name: Arne Platzbecker
Address: HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg
Phone: 040/ 46008966
Fax: 040/ 46008977
Email: datenschutz@habewi.de
III. Processing framework
5. PROCESSING FRAMEWORK: WEBSITE
Within the scope of the website, we process the personal data listed in detail in Section IV below. We only process data that you actively provide on the website (e.g., by filling out forms) or that you automatically make available when using our services.
Your data is processed exclusively by us and is generally not sold, rented, or shared with third parties. If we use the assistance of external service providers for processing your personal data, this is done within the framework of so-called commissioned processing, in which we, as the client, have the authority to issue instructions to our contractors.
For operating our website, we use external service providers for hosting, as well as for maintenance, care, and further development. Our website is hosted by the external provider Hetzner (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany) at the data center location in Falkenstein, Germany. If additional external service providers are used for certain processing activities listed in Section IV, they will be named there.
We do not transfer data to third countries and do not plan to do so. Exceptions to this principle will be disclosed in the processing descriptions below. Any data transfers to third countries will then be based on the so-called EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/) or the so-called EU Standard Contractual Clauses.
IV. The processing in detail
6. PROVISION OF THE WEBSITE AND SERVER LOG FILES
6.1 Description of Processing
Each time the website is accessed, we automatically collect information that your browser transmits to our server. This includes the following data:
- IP address
- The date and time of the website access
These data are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to deliver our website to the user’s device. For this purpose, the user’s IP address must be stored for the duration of the session. The IP address recorded in the log files is shortened by removing the last three digits.
6.2 Purpose
The processing is carried out to enable access to the website and to ensure its stability and security. In addition, the processing serves the statistical evaluation and improvement of our online offer.
6.3 Legal Basis
The processing is necessary to safeguard the legitimate interests of the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose described in section 6.2.
6.4 Storage Period
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of data collection for providing the website, this is when the respective session ends. The log files are deleted after 30 days.
7. COOKIES AND OTHER TRACKING TECHNOLOGIES
7.1 Description of Processing
Our website uses cookies. Cookies are small text files that are stored on the user’s device when visiting a website. Cookies contain information that enables the recognition of a device and possibly certain functions of a website. We differentiate between our own cookies and external, so-called third-party cookies. On our site, we use so-called “session cookies” and “persistent cookies.” Session cookies are automatically deleted when you end your internet session and close the browser. Persistent cookies remain stored on your device for a longer period.
In addition to cookies, we also use other tracking technologies such as pixels or so-called fingerprinting. If cookies are technically necessary for the operation of our site, your consent is not required. All other non-technically necessary cookies and tracking technologies are only set after you have actively consented to their use via our consent tool.
To obtain and document consents, we use the self-hosted service “Borlabs.” The consent tool itself stores your selection in a cookie on your device. This means you do not need to make a decision about cookies again on a subsequent visit to our website.
7.2 Purpose
We use cookies/tracking technologies to make our website more user-friendly and to provide the functions described in section 7.1.
7.3 Legal Basis
Processing is necessary with regard to technically required cookies as well as the use of the consent tool to safeguard the legitimate interests of the controller (Art. 6(1)(f) GDPR in conjunction with § 25(2) TDDDG). Our legitimate interest lies in the purpose stated in section 7.2. For processing all other—i.e., non-technically necessary—cookies/tracking technologies, the legal basis is consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG). Such consent is voluntary.
7.4 Storage Duration, Withdrawal of Consent
Cookies are automatically deleted at the end of a session or upon expiry of the specified storage duration. Since cookies are stored on your device, you as a user have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted, also automatically. If cookies/tracking technologies are disabled, deleted, or restricted for our website, some functions of our website may no longer be fully available. You can revoke any consents you have given regarding the use of cookies at any time in the settings of the consent tool at www.ebbeundfood.eu with effect for the future.
7.5 Recipients
When using cookies/tracking technologies, data may be transmitted to the respective providers of these third-party services. This may also include transfers to third countries outside the European Union or the European Economic Area. Information about recipients of data and data transfers to third countries is provided in the consent tool settings or in the relevant passage about the third-party service in these privacy policies.
8. CONTACT FORM AND CONTACT VIA EMAIL
8.1 Description of Processing
We provide a contact form on our website for you to get in touch. In this form, you are asked to enter your email address, name, and a message. When you click the “Submit” button, the data is transmitted to us using SSL encryption (see section 16). The contact form can only be submitted if you confirm that you have read these privacy policies by ticking the corresponding checkbox. You can also contact us via the email addresses provided on the website. In this case, the personal data transmitted with the email will be processed by us.
8.2 Purpose
By providing a contact form on our website, we want to offer you a convenient way to contact us. The data transmitted with and in the contact form or your email will be used exclusively to process and respond to your inquiry.
8.3 Legal Basis
Processing is necessary to safeguard the legitimate interests of the controller (Art. 6(1)(f) GDPR). Our legitimate interest lies in the purpose described in section 8.2. If the email contact aims at concluding or fulfilling a contract, data processing is done for contract fulfillment (Art. 6(1)(b) GDPR).
8.4 Storage Duration
We delete the data as soon as it is no longer necessary to achieve the purpose for which it was collected. This is usually the case when communication with you has ended. Communication is considered ended when it is apparent from the circumstances that your concern has been finally clarified. If statutory retention periods prevent deletion, the data will be deleted immediately after the expiration of the retention period.
8.5 Recipients and Data Transfer to Third Countries
To manage and provide our contact form, we use the services of HubSpot. This is done under commissioned processing. HubSpot is a service provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA. More information on data protection at HubSpot can be found at https://legal.hubspot.com/de/privacy-policy. HubSpot also processes your personal data in the USA.
9. GOOGLE ANALYTICS
9.1 Description of Processing
Our website uses “Google Analytics,” a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Google Analytics uses cookies (see section 7) to enable analysis of your use of our services. We use Google Analytics in the offered version “Universal Analytics,” which allows cross-device analysis by assigning data to a pseudonymous user ID. The information generated by the cookies is usually transmitted to and stored on a Google server in the USA. However, we use Google Analytics only with IP anonymization. This means your IP address is truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The statistics generated by Google Analytics show, in particular, how many users visit our website, from which country or city the access occurs, which subpages are visited, and through which links or search terms visitors arrive at our website. The terms of use of Google Analytics can be found at www.google.com/analytics/terms/de.html. An overview of data protection with Google Analytics is available at www.google.com/intl/de/analytics/learn/privacy.html. Google’s privacy policy can be viewed at www.google.de/intl/de/policies/privacy.
9.2 Purpose
The processing is carried out to analyze the use of our website. The information gained is used to improve and tailor our online presence.
9.3 Legal Basis
Processing is based on consent according to Art. 6(1)(a) GDPR. This consent is obtained by us via the consent tool (see section 7.1). Such consent is voluntary.
9.4 Storage Duration and Right to Object, Withdrawal of Consent
The storage duration as well as your control and settings options regarding cookies have been explained in section 7.4. You can revoke the consent you have given regarding Google Analytics at any time in the settings of the consent tool with effect for the future. Alternatively, you can object to the data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at tools.google.com/dlpage/gaoptout?hl=de. The analytical data processed and stored by Google Analytics will be automatically deleted by us after 14 months.
9.5 Recipients and Transfer to Third Countries
According to the German data protection supervisory authorities (Data Protection Conference), Google Analytics acts in joint responsibility with us in data processing. Against this background, we have also concluded the “Google Measurement Controller-Controller Data Protection Terms” with Google. Google processes your personal data also in the USA.
10. FONT REPLACEMENT
When displaying our website, the standard fonts of your device are replaced by font types to make the text on our website more readable and visually appealing. For the font replacement, we have chosen a privacy-friendly solution. We do not embed external services such as Google Fonts or Adobe Fonts. Instead, we store the fonts locally on our server. This has the advantage that no requests from your browser to external font providers occur when visiting our site, thus no data, especially not your IP address in connection with our website address, is transmitted to third parties.
11. GOOGLE MAPS
11.1 Description of processing
Our website uses the map service “Google Maps,” operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“Google”). Google Maps allows the visual display of geographic information and interactive maps directly on our website. When you visit the pages where Google Maps is embedded, information (including your IP address) is transmitted to Google servers in the USA and stored there. It is possible that Google links this data with further information from your Google account if you are logged in there. We have no influence on the specific data processing by Google.
11.2 Purpose
The processing serves to provide you with an interactive map function and to make our company’s location easier to find.
11.3 Legal basis
The processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the purpose described in section 11.2. If consent is requested (e.g., via a cookie banner), processing occurs exclusively based on Art. 6(1)(a) GDPR; consent can be revoked at any time.
11.4 Recipients and transfer to third countries
Recipients of the data are Google LLC. Google processes personal data also in the USA. Google is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection. Further information on data protection at Google can be found at: https://policies.google.com/privacy?hl=de .
12. GOOGLE ADS CONVERSION
12.1 Description of processing
Our website uses the advertising service “Google Ads Conversion,” operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). With Google Ads Conversion, we can place advertisements on external websites to draw your attention to our offers. Furthermore, it allows us to measure the reach and success of individual advertising campaigns. Google delivers our ads via “Ad Server” cookies, which measure certain parameters such as ad impressions or user clicks. When you access our website through a Google ad, a Google Ads cookie is stored on your device (see section 7). These cookies are not intended to personally identify you. They store data such as a unique cookie ID, frequency of ad impressions, last impression, and opt-out information. Cookies enable Google to recognize your browser. If you visit a Google Ads customer website and the cookie has not expired, Google and the customer can identify that you clicked on the ad and visited our site. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across Google Ads customers. We do not process personal data ourselves with Google Ads campaigns; Google only provides us with statistical evaluations. Through Google Ads Conversion integration, Google receives information about which page of our website you visited or which ad you clicked. If you are logged into a Google service, Google may associate the visit with your account. Even if you are not logged in, Google may collect and store your IP address. More privacy information is available here: policies.google.com/privacy?hl=de and services.google.com/sitestats/de.html .
12.2 Purpose
The processing serves to conduct targeted online advertising for our own offers and evaluate their effectiveness and reach.
12.3 Legal basis
Processing is based on your consent under Art. 6(1)(a) GDPR, obtained via the consent tool “Borlabs” (see section 7.1). Consent is voluntary.
12.4 Storage duration, right to object, withdrawal of consent
Storage duration and your options regarding cookies are described in section 7. You can object to data processing by Google Ads Conversion at any time here: www.google.com/ads/preferences. Consent given via the consent tool can also be withdrawn at any time with future effect.
12.5 Recipients and transfer to third countries
By using Google Ads Conversion, personal data may be transferred to Google. Google processes your personal data in the USA.
13. CONTENT DELIVERY NETWORK (CDN)
13.1 Description of processing
Our website uses Content Delivery Networks (CDNs). CDNs reduce the loading time of common JavaScript and CSS libraries, as well as image icons, by delivering files from fast, geographically close, or less busy servers of external providers. Compared to local storage on our server, the external providers regularly check these files for security and keep them up to date. We have integrated some JavaScript and CSS libraries from external providers. When you visit our website, your browser connects to these providers’ servers, transmitting which website you are visiting, and possibly your IP address. You can prevent JavaScript execution by installing a JavaScript blocker in your browser.
13.2 Purpose
The processing serves to reduce the loading time of our website and ensure quick and secure integration of JavaScript and CSS libraries and image icons.
13.3 Legal basis
Processing is necessary to protect the legitimate interests of the controller (Art. 6(1)(f) GDPR). Our legitimate interest is described in section 13.2.
13.4 Recipients and transfer to third countries
Data may be transmitted to the CDNs listed below:
14. CLOUDFLARE
14.1 Description of processing
Our website uses services from the Content Delivery Network Cloudflare, operated by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. CDNs reduce the loading time of the website by delivering files from fast, geographically close or less busy servers. CDNs also provide security functions. Our website is distributed globally via Cloudflare to reduce access times and prepare for high traffic during product launches.
14.2 Purpose
The processing serves to reduce loading times, distribute loads, and implement a digital waiting room.
14.3 Legal basis
Processing is necessary to protect the legitimate interests of the controller (Art. 6(1)(f) GDPR), as described in section 14.2.
14.4 Recipients and transfer to third countries
By using the CDN, your data is transferred to Cloudflare, Inc. Further information can be found in Cloudflare’s privacy policy at www.cloudflare.com/security-policy/.
15. GOOGLE RECAPTCHA
15.1 Description of processing
Our website uses “reCAPTCHA,” a service operated by Google LLC. reCAPTCHA helps us verify whether form input is made by a human or automated software (bots) to protect our website from spam and abuse. Data such as your IP address, time spent on the site, mouse movements, and other necessary information are transmitted to Google. More information on Google’s privacy can be found at policies.google.com/privacy?hl=en.
15.2 Purpose
The processing is used to protect forms on our website from abuse and spam.
15.3 Legal basis
Processing is based on the legitimate interest of the controller (Art. 6(1)(f) GDPR), described in section 15.2.
15.4 Recipients and transfer to third countries
Google processes your personal data in the USA.
16. SALESVIEWER
16.1 Description of processing
Our website uses SalesViewer technology from SalesViewer GmbH, Bongardstraße 2, 44787 Bochum, Germany. SalesViewer collects company-related data from visitors using a pseudonymized method based on JavaScript. It identifies companies visiting our website using publicly available data (e.g., IP address linked with company directories). No personal data is collected or processed.
16.2 Purpose
The processing serves to analyze visitor behavior on our website, optimize our online presence, and target companies for marketing purposes.
16.3 Legal basis
Processing is based on legitimate interests under Art. 6(1)(f) GDPR. Our legitimate interest lies in targeted B2B marketing, website improvement, and identification of potential business customers.
16.4 Recipients and transfer to third countries
The recipient is SalesViewer GmbH. No personal data transfer to third countries takes place as no personal data is processed. Further information at https://www.salesviewer.com/datenschutz.
16.5 Right to object
You can object to data collection and storage by SalesViewer at any time with future effect by visiting: https://www.salesviewer.com/opt-out.
V. Safety measurements
17. SAFETY MEASUREMENTS
To protect your personal data from unauthorized access, we have secured our website with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security.” These protocols encrypt the communication of data between a website and the user’s device. You can recognize an active SSL or TLS encryption by a small lock icon displayed at the far left of the browser’s address bar.
VI. Your rights
18. DATA SUBJECT RIGHTS
With regard to the data processing described above by our company, you have the following rights as a data subject:
18.1 Right of Access (Art. 15 GDPR)
You have the right to obtain from us confirmation as to whether we process personal data concerning you. If this is the case, you have the right to access the personal data and the information specified in Art. 15 GDPR, subject to the conditions set out therein.
18.2 Right to Rectification (Art. 16 GDPR)
You have the right to request that we promptly correct any inaccurate personal data concerning you and, where applicable, to complete incomplete personal data.
18.3 Right to Erasure (Art. 17 GDPR)
You have the right to request the immediate deletion of personal data concerning you, provided that one of the grounds listed in Art. 17 GDPR applies, for example, if your data is no longer necessary for the purposes for which we process it.
18.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request that we restrict the processing of your personal data if one of the conditions set forth in Art. 18 GDPR applies. For example, if you dispute the accuracy of your data, the processing will be restricted for the period necessary for us to verify the accuracy.
18.5 Right to Data Portability (Art. 20 GDPR)
Under the conditions listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
18.6 Right to Withdraw Consent (Art. 7 (3) GDPR)
If the processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal shall take effect from the time it is asserted and shall apply to the future. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
18.7 Right to Lodge a Complaint (Art. 77 GDPR)
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right with a supervisory authority in the EU member state of your residence, workplace, or the place of the alleged infringement.
18.8 Prohibition of Automated Decision-Making/Profiling (Art. 22 GDPR)
Decisions that have legal effects or significantly affect you shall not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
18.9 Right to Object (Art. 21 GDPR)
If we process personal data based on Art. 6 (1) lit. f GDPR (legitimate interests), you have the right to object under the conditions set out in Art. 21 GDPR. This right applies only if the objection is based on grounds arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. Regardless of any particular situation, you have the right to object at any time to the processing of your personal data for direct marketing purposes.
June 2025