Privacy policy

Information on data protection

Data protection is very important to us - LACASCARA Drinks GmbH. The use of our website is generally possible without providing any personal data.

However, if a person wishes to use our company's services via our website, processing of personal data may become necessary. If there is no legal basis for such processing and the processing of personal data is necessary, we generally obtain prior consent from the data subject.



Definitions

The data protection declaration of LACASCARA Drinks GmbH is based on the terms used by the European legislator when issuing the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for our customers, business partners and the public. We will explain the following terms to you.

We use the following terms, among others, in this data protection declaration:

a) “Personal data” means all information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if he or she can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that express the physical, physiological, genetic , psychological, economic, cultural or social identity of that natural person.

b) “Data subject” means any identifiable or identified natural person whose personal data are processed by the data controller.

c) “Processing” means any automated procedure or series of operations (with or without assistance) in connection with personal data, for example the collection, recording, structuring, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or other form of provision, alignment or combination, restriction, deletion or destruction.

d) “Consent” means any voluntary, informed and unequivocal expression of will by the data subject for the specific case, in the form of a statement or other clear affirmative action, by which the data subject indicates that he/she consents to the processing of his or her data consent to the personal data concerned.

e) “Profiling” is any type of automated processing of personal data, which consists in using these personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation , analyze or predict the health, personal preferences, interests, reliability, behavior, location or movements of that natural person.

f) “Restriction of processing” means the marking of stored personal data with the aim of restricting their future processing.

g) “Recipient” means a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

h) “Controller” or “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, decides on the purposes and means of processing personal data.

i) “Processor” is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the controller.

j) “Third party” means a natural or legal person, entity or body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.

k) “Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure: that the personal data is not assigned to an identified or identifiable natural person.

 

Data collection and data use

The processing of personal data, such as the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to LACASCARA Drinks GmbH. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed about the rights to which they are entitled using this data protection declaration.


(1) Collection of personal data when using the website

When you use the website purely for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.
The legal basis for storing the data is Article 6 Paragraph 1 Letter f GDPR.


(2) Collection of personal data upon registration

We offer you the opportunity to register on our website by providing personal data.
Depending on the type of contract concluded, we store the following data:

Names, first names
Address
Billing address Shipping address
E-mail address
Telephone number
As part of the registration process, you will be asked whether you have read the data protection declaration and agree to its validity, which you confirm by clicking on the field and ticking the appropriate box. By doing so, you consent to your personal data being used for the following purposes:

Processing orders
Sending direct advertising, e.g. by email, package insert or post, sending offers and vouchers
Sending review requests
Sending our newsletter
If you give your consent, the legal basis for processing the data is Art. 6 Para. 1 lit. a GDPR and, if the registration serves to fulfill a contract or carry out pre-contractual measures with you, additionally Art. b GDPR.



(3) Name and address of the person responsible for processing

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

LACASCARA Drinks GmbH
Wiesbadener Straße 74 B, 55252 Mainz-Kastel


Telephone number: (+49) 6134 58 44 560

Email: info@lacascara.de

Website: https://www.lacascara.de



(4) Contact details of the data protection officer

You can reach our data protection officer at:
Email: info@lacascara.de



Purposes of processing personal data

We only store your data for the following purposes:
To process orders (including payment processing and, if necessary, credit checks), to send us advertising and for customer service.

We store and process your personal data at our central company headquarters.

Your personal data will only be transferred to third parties if the transfer is necessary as part of contract processing or for billing or debt collection purposes (e.g. shipping companies or payment service providers) or if you have expressly consented.

The legal basis for the transmission of data to third parties for the purpose of contract processing or for billing purposes is Article 6 Paragraph 1 Letter b GDPR and for the transfer in the context of legally mandated cases Article 6 Paragraph 1 Letter c GDPR.


Duration of data storage

We store your data for as long as the respective purpose requires, taking into account your legitimate interests. If there is a tax retention period for certain data that is processed for the processing of sales contracts, the data will be stored for 6 or 10 years. During this period, the processing of data is restricted after 2 years, i.e. the data will only be used to comply with legal obligations. The retention obligation begins at the end of the calendar year in which the order was placed by the customer or the contract was fulfilled.



Transfer of personal data to third parties

We may share your personal data with the following companies/categories of people in accordance with legal requirements:


Tax auditing and other authorities

External service providers and professional consultants such as lawyers, auditors, accountants, credit agencies for credit checks, debt collection service providers,
Postal/shipping service providers, freight forwarders e.g. UPS, DHL, Deutsche Post
Payment providers such as PayPal (Europe) S.à r.l. et Cie, S.C.A, 22-24 Boulevard Royal, L-2449 Luxembourg; Klarna AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, (Amazon Pay) Amazon Payments Europe s.c.a., 5 Rue Plaetis, L-2338 Luxembourg; (Apple Pay) Apple Distribution International, Hollyhill Industrial Estate, Hollyhill Cork, Ireland; Shopify Payments, 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5; Google Pay (Europe), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

E-commerce platform Shopify. To operate our online shop, we use Shopify, a service provided by Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. This service provides an e-commerce platform through which we offer our goods for sale. The data transmitted as part of your order is stored on a Shopify server in the USA. Shopify is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. For further information on data protection, please see Shopify's data protection information at http://www.shopify.com/legal/privacy.

The legal basis for the transmission of data to third parties for the purpose of contract processing or for billing purposes is Article 6 Paragraph 1 Letter b GDPR and for the transfer in the context of legally mandated cases Article 6 Paragraph 1 Letter c GDPR.


Your rights

To exercise your rights, you can use the contact form https://www.lacascara.de/pages/contact or you can contact the data protection officer or the person responsible or you can contact us by email: info@lacascara.de



You have the following rights:

(1) Revocation of consent
You can revoke your consent to the processing of personal data at any time with future effect.
The contact options above are available to you for this purpose


(2) Other rights
You also have the following rights towards us with regard to your personal data:

right to information,
right to rectification,
Right to deletion or restriction of processing,
Right to object to processing,
Right to data portability,
You also have the right to complain to a data protection supervisory authority about our processing of your personal data. The Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Tel. 0611/ 1408-0, is responsible for this.


contact form

If you send us inquiries using the contact form, we will only use your data to process your request. This data will not be used for advertising purposes or passed on to third parties.

The legal basis for the processing of data transmitted via the contact form or when sending an email is Article 6 Paragraph 1 Letter f of the GDPR. If the contact is also aimed at concluding a contract, the additional legal basis for the processing is Article 6 (1) (b) GDPR.

The data you enter in the contact form will be stored by us until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies.

 

Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies. These are text files that your web browser receives when you visit our pages and stores on your computer. Some of the cookies are deleted immediately after closing the browser. Other cookies remain permanently on your computer and enable us to recognize you or your computer the next time you visit our website.
This site uses the following types of cookies, the scope and functionality of which are explained below:

a) Transient cookies, these are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, with which the various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

b) Persistent cookies, which are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in your browser's security settings.
You can influence the use of cookies by changing your browser settings. Most browsers have an option that allows you to restrict or prevent the storage of cookies. Each browser is unique in the way it manages cookie settings. This is described in the respective help menu of your browser.

You can find these for the respective browsers under the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/kb/ph21411?locale=de_DE
Please note, however, that deactivating cookies may mean that only limited functions of the website are available to you.
The legal basis for the use of cookies is Article 6 (1) (f) GDPR.


Analysis tools

Use of Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by using the browser plug-in available under the following link. Download and install in: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in abbreviated form, which means that any personal connection can be ruled out. If the data collected about you is personally related, this will be excluded immediately and the personal data will be deleted immediately.

We use Google Analytics to analyze the use of our website and to regularly improve it. We can use the statistics obtained to improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de .html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection declaration: http://www.google.de/intl/de/policies/privacy .


Right to object

You can object to the collection and storage of data for the purpose of usage analysis at any time with effect for the future by informing us of your objection: e.g. by email: info@lacascara.de

The legal basis for the use of analysis tools is Article 6 Paragraph 1 Sentence 1 Letter f GDPR.



Social media links

We link to the social media platform Instagram on our website. These are hyperlinks through which your data is not transmitted. If you click on the link, you will be immediately redirected to our Instagram social media presence. Your data will only be transmitted to the respective social media service if you are logged into your respective user account. In this case, the respective social media platform may receive information about what content you have viewed on our website.

Responsible for the Instagram social media services is Instagram, LLC, 1601 Willow Rd. Menlo Park, CA 94025, USA;



Remarketing / retargeting

(1) On our websites we use “Custom Audiences” from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) for retargeting or remarketing purposes. This service uses so-called tracking or remarketing pixels. These are pixel image files that enable log file analysis. By using the pixels, the service provider can see when and how many users have accessed the pixel, or whether and when an email was opened or a website was visited.

(2) With the help of this service, users of the website can be shown interest-based advertisements (“Facebook Ads”) when they visit the social network Facebook or other websites that also use the process. Our aim is to show you advertising that is of interest to you in order to make our website more interesting for you. When you visit our website, a direct connection to the Facebook servers is established via the pixel. This enables Facebook to identify you based on your browser ID, as this can be linked to your user account. We have no influence on the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of ours Visited our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features.

(3) Deactivating the “Facebook Custom Audiences” function is possible for logged in users at https://www.facebook.com/settings/?tab=ads#_.

(4) The legal basis for the processing of your data is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy/

Right to object

If you do not want to be shown advertising generated by the respective targeting service, you can object to the use of retargeting technology on our websites by sending us a message to info@lacascara.de.

 

Newsletter

(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

(2) The only mandatory information for sending the newsletter is your email address. Providing further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter a GDPR.

(3) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter email, by email to (info@lacascara.de) or by sending a message to the contact details provided in the legal notice.
To send our newsletters, we use the Automizley service from Aftership LTD, Hong Kong. The data you store when you register for the newsletter (email address, name if applicable, IP address, date and time of your registration) will be sent to a server operated by Aftership LTD. and stored there in compliance with the “U.S. Privacy Shield”. Further information on data protection at Klaviyo can be found at: https://www.automizely.com/legal/privacy.

(4) We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files that are stored on our website. For the evaluations, we link the data mentioned in Section 3 and the web beacons with your email address and an individual ID. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click in them and infer your personal interests.


You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact method, e.g. email: info@lacascara.de. The information will be stored for as long as you have subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your email program by default. In this case, the newsletter will not be displayed to you in its entirety and you may not be able to use all functions. If you display the images manually, the tracking mentioned above occurs.



ERP software

For the processing of our customer orders, we transmit personal data to Billbee if and to the extent that this is necessary as part of the contract processing, for example to the company entrusted with the delivery of the goods or the credit institution entrusted with the payment processing. The data will not be transmitted further or will only be transmitted if you have expressly agreed to the transmission.

The basis for data processing is Article 6 Paragraph 1 Letter b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.



Data security

We have taken a variety of security measures to protect your personal information. Our servers and databases are protected, among other things, by physical and technical measures.

When collecting and transmitting data via our website, we use standardized SSL encryption technology. Personal data is transmitted as part of the ordering process via SSL encryption, which can be recognized by the lock symbol in the browser and the addition “https://” in the address bar.

With encrypted communication, the payment details you transmit to us cannot be read by third parties. When communicating via email, 100% data security cannot be guaranteed.



Changes to this privacy policy

We can change this data protection declaration at any time. Any changes to this Privacy Policy will be posted on this website and will automatically take effect 30 days after being posted. We will inform you of any significant changes to this privacy policy by email.