Data Processing Privacy Policy Veganz Stores
We, Veganz Retail Berlin Ltd & Co., Warschauer Strasse 32, 10243 Berlin, Telephone +49 (0)30 2936378 0, E-Mail: datenschutz@veganz.de (hereafter “Veganz”), take the protection of your personal data very seriously and comply with the legal provisions on data protection and privacy.
In the following, we would like to inform you of the data we collect from you when you visit our Veganz stores and what we use your data for.
Responsible Party Contact Details
Veganz Retail Berlin Ltd & Co., Warschauer Str. 32, 10243 Berlin
E-Mail: datenschutz@veganz.de
Telephone: +49 (0)30 2936378 0
Data Protection Officer Contact Details
DataCo GmbH, Dachauer Str. 65, 80335 München
E-Mail: datenschutz@dataguard.de
Telephone: +49 89 41207033
Legitimate Interests Pursued
Theft prevention and property protection
Purposes and Legal Basis of Data Processing
Legal basis is article 6 para. 1 p. 1 lit. f DS-GVO (Data Protection Regulation/DPR)
The legitimate interests pursued by Veganz Group Ltd. lie in the preservation of evidence and recording of security-relevant incidents, the protection of property and the enforcement of domestic law within the premises.
Storage and Technical Settings
Video surveillance exclusively in the corridors and the anteroom of the mgmt. offices. The cameras are active at the following times:
Mo-Fr from 00:00 until 07:00 and from 20:00 until 24:00
Sa-So from 00:00 until 24:00
In active times, the cameras record for 30 seconds as soon as any movement is registered.
Image only. Sound is deactivated. The videos are stored for 72 hours.
Recipient of Data
IT Department, Veganz Group, Ltd. & Co.
Information Pertaining to the Rights of Data Subjects
The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her is being processed; if this is the case, he or she has a right of access to such personal data and to the information specified in Article 15 of the DPR.
The data subject has the right to obtain immediate rectification from the controller of any inaccurate personal data concerning him or her and, where applicable, the completion of any incomplete personal data (Art. 16 DS-GVO/DPR).
The data subject has the right to request that the controller delete personal data concerning him or her without undue delay, provided that one of the reasons listed in detail in Article 17 of the Data Protection Regulation applies, e.g., if the data is no longer needed for the purposes pursued (right to erasure).
The data subject has the right to request that the controller restricts processing if one of the conditions listed in Art. 18 Data Protection Regulation applies, e.g., if the data subject has objected to the processing, for the duration of the controller’s review.
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her. The controller shall then no longer process the personal data, unless it can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims (Art. 21 DS-GVO/DPR).
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the Data Protection Regulation (Article 77 Data Protection Regulation). The data subject may assert this right before a supervisory authority in the member state of his or her residence, place of work or the place of the alleged infringement.
In Berlin, the competent supervisory authority is:
Berliner Beauftragter für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information)
Adress: Friedrichstr. 219, 10969 Berlin
Telephone: 030 13889 – 0
E-Mail: mailbox@datenschutz-berlin.de
Internet: http://www.datenschutz-berlin.de
Payment Methods
When you pay with your card, we as a merchant collect personal data via our payment terminal. We transmit data to the network operator. The network operator and the respective payment service providers (e.g., acquirer) process the data for the acceptance and settlement of payment transactions. This is done in particular for payment processing, to prevent card misuse, to limit the risk of payment defaults and for legally prescribed purposes, such as anti-money laundering and criminal prosecution. For these purposes, your data will also be transmitted to other responsible parties, such as your card-issuing bank.
Many steps are necessary so that you can pay securely with your card. We, as the merchant where you pay by card, therefore work with a network operator and – in the case of credit card payments – with one or more acquirers. We, the network operator and the acquirers, are separately responsible for the processing in each case and in their technical sphere of influence of the data as follows: We are responsible for the operation of the payment terminal at the checkout and, if necessary, for our internal network until the secure transmission via internet or telephone line to the network operator. Network operators are responsible for central network operation, local processing, recoding, risk assessment and further transmission. Acquirers are payment service providers regulated in accordance with the German Payment Services Supervision Act (Zahlungsdienstaufsichtsgesetz – ZAG) that accept and settle payment transactions on our behalf.
In the context of cashless payment of your purchase (e.g. by means of a bank card), depending on the method of payment, your corresponding payment data (IBAN or credit card number, card expiry date, card sequence number, credit card type, PIN, verification data of the card-issuing institution, date, time, amount of the payment, terminal identifier, i.e. location, company and branch) will be forwarded to the payment service providers responsible for this (network operators, acquirers and banks) exclusively for the purpose of payment processing. If you pay by credit card when making a purchase, the payment receipt (with your signature) can be passed on to the card-issuing institution. Neither a name nor an address will be passed on.
The forwarding of the payment data is necessary in order to complete the payment process and thus the purchase. If you do not wish the provision of your data for this purpose, you have the option to pay cash.
Legal basis for the processing of data: Article 6 (1) b) Data Protection Regulation (DSGVO) for the verification and processing of your payment to us as a merchant.