Last updated: [September 2023]
Please note that the use of third-party services that may be referenced on or accessed through the Website is subject only to the privacy policies of the respective third parties.
1. Data Controller
La Famiglia GmbH
Telephone: +49 160 91751949
2. Types of personal data and Purposes and legal bases for processing them
The reasons for processing your personal data may vary depending on the purpose of their collection. Down below, you can see the types of personal data relating to you that we may process as well as the corresponding purposes and legal bases.
2.1. Visiting our Website – Server Log Files
For the purpose of the technical provision of our website, it is necessary that we process certain data automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This data is automatically collected each time you visit our website and is automatically stored in so-called server log files. This concerns the following categories of data:
• Browser type und version
• Operating system (OS) used
• Website visited before accessing our Website (referrer URL)
• Accessing computer’s host name
• Date and time of Website access
• IP address of the computer requesting Website access
Hereinafter „Access Data“.
The storage of Access Data is necessary for technical reasons to provide a functional Website and to ensure system security. In addition to the above-mentioned purposes, we use this Access Data solely for the purpose of designing and optimizing our website in line with demand, purely statistically and without any inference to your person. This Access Data is not merged with other data sources or evaluated for marketing purposes.
The Access Data collected in the course of using our Website is only stored for the period of time for which this data is required to achieve the aforementioned purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.
If you visit our website in order to obtain information about our services or to use them, the legal basis for the temporary storage and processing of Access Data is Art. 6 (1) sentence 1 (b) GDPR, which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 (1) sentence 1 (f) GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest is to enable us to provide you with a technically operational and user-friendly website and to ensure the security of our systems.
2.3. Contacting us
You can contact us using the email address provided for this purpose on our Website. The personal data you transmitted via email is automatically stored in order to process your request. The legal basis for such processing and storage is Art. 6 (1) sentence 1 (c) GDPR.
2.4. Further purposes for data processing
2.4.1. Compliance with legal obligations
Insofar as we are subject to legal obligations for compliance with which the processing of your personal data is necessary, we rely on the legal basis in Art. 6 (1) sentence 1 (c) GDPR. For example, we are required by law to retain certain information that may contain personal data for a certain period of time.
2.4.2. Enforcement of rights
We also process your personal data to be able to assert our rights and enforce our legal claims, if necessary. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data insofar as this is necessary for the defense against or prosecution of criminal offenses. The processing of personal data in this case is carried out to protect our legitimate interests in accordance with the legal basis in Art. 6 (1) sentence 1 (f) GDPR.
3. Recipients of personal data
Within La Famiglia, access to your personal data is granted to those persons who need it to fulfill our contractual and legal obligations.
In some cases, the recipients receive your personal data in their function as data processors (hereinafter: “processor” or “processors”). If we transfer personal data to processors, it is contractually ensured that they process the personal data exclusively on our behalf in accordance with our instructions and have implemented appropriate technical and organizational measures to protect the personal data. The processors we use include, for example.
• IT-, cloud, or hosting service providers,
• marketing service providers, and
• CRM service providers.
However, we may also transfer personal data to recipients who do not act as our processors, such as auditors, tax consultants or lawyers. These recipients process personal data independently as data controllers and are also obliged to comply with the requirements of the GDPR and other data protection regulations. The transfer of personal data to auditors, tax advisors or lawyers takes place on the legal basis of Art. 6 (1) sentence 1 (c) GDPR to fulfill our legal obligations or Art. 6 (1) sentence 1 (f) GDPR to pursue our legitimate interests.
The same applies to bodies requesting information to which we must transmit personal data on the legal bases of Art. 6 (1) sentence 1 (c) GDPR or Art. 6 (1) sentence 1 (f) GDPR due to a legal obligation, a court order or an enforceable official order.
We do not transfer personal data to third parties for purposes other than those listed above.
4. Data transfers to third countries
In principle, your personal data is processed in Germany and other countries within the European Economic Area (EEA). However, in order to provide our services on the Website, we also use service providers that have their headquarters in a country outside the EEA, such as the USA. If there is a transfer of your personal data to recipients outside the EEA, we will ensure beforehand that each of these recipients undertakes to subject your personal data to appropriate safeguards so that it is afforded a level of protection comparable to that within the EEA. Unless an adequacy decision by the European Commission within the meaning of Art. 45 GDPR exists for a country outside the EEA, we ensure an adequate level of data protection through careful selection of the service provider and through contractual, technical and organizational measures. In particular, we conclude the standard contractual clauses approved by the European Commission (available here) with such service providers and/or ensure that the service providers we use in turn conclude them with service providers outside the EEA. Upon request, we will provide you with copies of contracts concluded between us and the respective service provider located outside the EEA regarding the protection of personal data.
5. Deletion of data and retention period
We initially process and store your personal data for the duration for which the respective processing purpose requires corresponding storage. In principle, this also includes the periods of the initiation of a contract (pre-contractual legal relationship) and the processing of a contract. On this basis, personal data is regularly deleted or pseudonymized within the framework of the fulfillment of our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:
• Fulfillment of statutory retention obligations, which arise, for example, from the German Commercial Code (sections 238, 257 (4) HGB) and the German Fiscal Code (section 147 (3), (4) AO). The periods specified there for retention or documentation can be up to ten years.
• Preservation of evidence taking into account the statute of limitations. According to Sections 194 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.
For more detailed information on data deletion and retention period in relation to certain personal data, please refer to section 2.
6. Data subject rights
You are entitled to the following rights as a data subject under the statutory requirements. To assert your rights, an informal communication, e.g. by e-mail to us, is sufficient.
6.1. Right of access
You are entitled at any time to request confirmation from us within the scope of Article 15 of the GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled within the scope of Article 15 of the GDPR to receive information about this personal data as well as certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards) and a copy of your data. The restrictions of § 34 BDSG apply.
6.2. Right to rectification
In accordance with Art. 16 GDPR, you are entitled to demand that we correct the personal data stored about you if it is inaccurate or incorrect.
6.3. Right to erasure
You have the right, under the conditions of Art. 17 GDPR, to demand that we erase personal data relating to you without undue delay. The right to erasure does not exist, among other things, if the processing of the personal data is necessary, for example, to comply with a legal obligation (such as statutory retention obligations) or to assert, exercise or defend legal claims. In addition, the restrictions of § 35 BDSG apply.
6.4. Right to resctriction of processing
You are entitled to demand that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.
6.5. Right to data portability
You are entitled, under the conditions of Art. 20 GDPR, to demand that we hand over to you the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.
6.6. Right of revocation
You can revoke your consent to the processing of personal data at any time. Please note that the revocation only affects future processing activities. A revoced consent still acts as a legal basis for any prior processing activities that relied on it.
6.7. Right to object
You have the right to object, on grounds relating to you or your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) sentence 1 (e) or (f) GDPR, pursuant to Art. 21 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
6.8. Right to lodge a complaint with a supervisory authority
Under the conditions of Art. 77 GDPR, you have a right of appeal to a supervisory authority. In particular, you can address a complaint to the supervisory authority of your usual place of residence or workplace or our registered office. The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information. A list of all data protection supervisory authorities and their contact details can be found here.
7. Data security
We protect personal data by means of appropriate technical and organizational measures to ensure an adequate level of protection and to safeguard the rights of the persons concerned. The measures taken serve, among other things, to prevent unauthorized access to the technical equipment used by us and to protect personal data from unauthorized disclosure by third parties. Nevertheless, we would like to point out that data transmission on the Internet can have security gaps. Complete protection of data against access by third parties is therefore not possible.
8. Automated decision-making/Profiling
We do not use any automated decision-making or profiling (meaning the automated analysis of your personal circumstances) on our Website.