Privacy Policy
We are pleased that you are visiting our website. Protecting and securing your personal information when you use our website is very important to us. We would therefore like to inform you here which of your personal data we collect when you visit our website and for what purposes it is used.
This Privacy Policy applies to our online offering, which is accessible under this domain and the various subdomains (“our website”).
Objection to advertising emails
The use of contact data published on this website as part of the legal notice obligation, the privacy notice and other information is hereby objected to for the purpose of sending advertising and informational materials that have not been expressly requested. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example via spam emails.
Who is responsible and how can I contact you?
Controller
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
Milchproduktenhandel Oberland eG
Am Windfeld 44
83714 Miesbach
Data Protection Officer
Stephan Krischke, datenschutz@oberland-eg.de
What is this about?
This Privacy Policy meets the legal requirements for transparency in the processing of personal data. This includes all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behaviour when visiting a website. Information that we cannot (or can only with disproportionate effort) relate to your person, e.g. through anonymisation, is not personal data. The processing of personal data (e.g. collection, querying, use, storage or disclosure) always requires a legal basis and a defined purpose.
Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no lawful reasons for further retention of the data. We will inform you about the specific retention periods or criteria for storage in the individual processing operations. Irrespective of this, in individual cases we store your personal data for the assertion, exercise or defence of legal claims and where statutory retention obligations apply.
Who receives my data?
Your personal data will not be transferred to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
- you have given us your express consent to do so in accordance with Art. 6(1)(a) GDPR,
- the disclosure is permitted under Art. 6(1)(f) GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
- in the event that there is a legal obligation for the disclosure under Art. 6(1)(c) GDPR, and
- this is legally permissible and required under Art. 6(1)(b) GDPR for the performance of contractual relationships with you.
To protect your data and, where applicable, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission’s Standard Contractual Clauses. If the Standard Contractual Clauses are not sufficient to ensure an adequate level of security, your consent pursuant to Art. 49(1)(a) GDPR may serve as the legal basis for transfers to third countries. This does not apply, among other things, to transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.
As part of the processing operations described in this Privacy Policy, personal data may be transferred to the USA. In particular, US investigative authorities may oblige US companies to hand over or disclose personal data without the data subjects being able to take effective legal action against this. This means that, in principle, your personal data may be processed by US investigative authorities. We have no influence over these processing activities. Data transfers to the USA are carried out pursuant to Art. 45(1) GDPR on the basis of the European Commission’s adequacy decision. The US companies involved and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision by the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are the EU Commission’s Standard Contractual Clauses pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these Standard Contractual Clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. If the Standard Contractual Clauses are not sufficient to ensure an adequate level of security, or if it is not possible to conclude the Standard Contractual Clauses, your consent pursuant to Art. 49(1)(a) GDPR may serve as the legal basis for the transfer.
Do you use cookies?
Cookies are small text files that are sent by us to your device’s browser during your visit to our websites and stored there. As an alternative to using cookies, information can also be stored in your browser’s local storage. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, however, enable us to carry out various analyses, so that, for example, we are able to recognise the browser you use when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our online offering more user-friendly and effective for you by, for example, tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your device. They cannot run programs and do not contain viruses.
We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information about the cookies used can be found in the cookie settings or in this website’s Consent Manager.
What rights do I have?
Subject to the requirements of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:
- Right of access pursuant to Art. 15 GDPR to the data stored about you in the form of meaningful information about the details of the processing, as well as a copy of your data;
- Right to rectification pursuant to Art. 16 GDPR of incorrect or incomplete data stored by us;
- Right to erasure pursuant to Art. 17 GDPR of the data stored by us, insofar as the processing is not necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
- Right to restriction of processing pursuant to Art. 18 GDPR, insofar as the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you oppose its deletion because you need it for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.
- Right to data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data on the basis of consent pursuant to Art. 6(1)(a) GDPR or on the basis of a contract pursuant to Art. 6(1)(b) GDPR and this data has been processed by us using automated procedures. You will receive your data in a structured, commonly used and machine-readable format, or we will transfer the data directly to another controller where technically feasible.
- Right to object pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this is carried out on the basis of Art. 6(1)(e) or (f) GDPR and there are reasons for doing so arising from your particular situation, or where the objection is directed against direct marketing. The right to object does not apply if overriding, compelling legitimate grounds for the processing are demonstrated or if the processing serves the establishment, exercise or defence of legal claims. Where the right to object does not apply to individual processing operations, this is stated there.
- Right to withdraw consent pursuant to Art. 7(3) GDPR, with effect for the future.
- Right to lodge a complaint pursuant to Art. 77 GDPR with a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your habitual residence, your place of work, or our company headquarters.
How is my data processed in detail?
Below, we inform you about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data, and the respective retention period. No automated decision-making in individual cases, including profiling, takes place.
Provision of the website
Type and scope of processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- Browser used and, if applicable, your computer’s operating system, as well as the name of your access provider
Our website is not hosted by us, but by a service provider that processes the aforementioned data on our behalf for this purpose in accordance with Art. 28 GDPR.
Purpose and legal basis
Processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6(1)(f) GDPR. The collection of data and storage in log files is essential for the operation of the website. Due to the exception under Art. 21(1) GDPR, there is no right to object to the processing. Insofar as further storage of the log files is required by law, processing is carried out on the basis of Art. 6(1)(c) GDPR. There is no legal or contractual obligation to provide the data; however, accessing our website is technically not possible without providing the data.
Retention period
The aforementioned data is stored for the duration of the website display and— for technical reasons—beyond that for a maximum of 7 days.
Hosting
We host our website with DomainFactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning (hereinafter “DomainFactory”). When you visit our website, your personal data (e.g. IP addresses in log files) is processed on DomainFactory’s servers. Further information on DomainFactory’s data protection provisions can be found at: https://www.df.eu/de/datenschutz/
Contacting us
Type and scope of processing
When you contact us (e.g. via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. In addition, you may voluntarily provide additional information that you consider necessary for processing your enquiry.
When using the contact form, your personal data is not passed on to third parties.
Purpose and legal basis
Your data is processed through the use of our contact form for the purpose of communication and handling your enquiry on the basis of your consent pursuant to Art. 6(1)(a) GDPR. If your enquiry relates to an existing contractual relationship with us, processing is carried out for the purpose of fulfilling the contract on the basis of Art. 6(1)(b) GDPR. There is no legal or contractual obligation to provide your data; however, it is not possible to process your enquiry without providing the information in the mandatory fields. If you do not wish to provide this data, please contact us by other means.
Retention period
If you use the contact form on the basis of your consent, we store the data collected for each enquiry for a period of three years, starting from the completion of your enquiry or until you withdraw your consent.
If you use the contact form as part of a contractual relationship, we store the data collected for each enquiry for a period of three years from the end of the contractual relationship.
Handling applicant data
Type and scope of processing
We collect and process applicants’ personal data. Such data processing may also take place electronically, for example if applicants submit application documents to us by email or via a web form on our website. On our website, we offer you the option of submitting applications for advertised job vacancies to us by email.
Any storage of your data in an applicant database beyond the current application process will also only take place if you have given us your separate consent to do so.
Purpose and legal basis
The legal basis for processing your personal data in this application process is primarily Art. 6(1)(b) GDPR. Accordingly, the processing of data is permissible if it is necessary in connection with the decision on the establishment of an employment relationship. This also includes, if available, the use of the online applicant portal. If special categories of personal data within the meaning of Art. 9 GDPR are processed (e.g. health data), the legal basis is Section 26(3) BDSG or Art. 9(2)(b) GDPR in conjunction with Art. 6(1)(b) GDPR. In the event that your application documents are passed on to third parties, in particular to companies affiliated with us, and if your data is stored beyond the current application process, your data will be processed on the basis of Art. 6(1) sentence 1(a) GDPR in conjunction with Section 26(2) BDSG. There is no legal or contractual obligation to provide your data; however, it is not possible to process your application without providing the information.
Retention period
In the event of a rejection, applicant data will be deleted after 6 months. If you have consented to further storage of your personal data, we will include your data in our applicant pool. There, the data will be deleted after 24 months.
Technology
SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact enquiries that you send to us as the operator. You can recognise an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the padlock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Google Analytics
Type and scope of processing
We use Google Analytics on our websites, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
In this context, pseudonymised user profiles are created and cookies (see section “Cookies”) are used. The information generated by the cookie about your use of this website may include, among other things:
- short-term collection of the IP address without permanent storage (IP anonymisation is enabled)
- Location data
- Browser type/version
- Operating system used
- Referrer URL (previously visited page)
- Time of the server request
The pseudonymised data may be transferred by Google to a server in the USA and stored there.
The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website and internet usage for the purposes of market research and tailoring these websites to user needs. This information may also be transferred to third parties where required by law or where third parties process this data on behalf of Google.
Purpose and legal basis
These processing operations are carried out exclusively upon granting explicit consent pursuant to Art. 6(1)(a) GDPR.
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Retention period
The data retention period set by Google is 14 months. Otherwise, personal data is retained for as long as necessary to fulfil the purpose of processing. The data is deleted as soon as it is no longer required to achieve the purpose. Further information on data protection when using GA4 can be found at: https://support.google.com/analytics/answer/12017362?hl=de.
Real Cookie Banner
Type and scope of processing
This website uses cookie consent technology (“Real Cookie Banner”) to obtain your consent for storing certain cookies on your device or for using certain technologies, and to document this in compliance with data protection requirements.
The provider of this technology is devowl.io GmbH, Tannet 12, 94539 Grafling.
The following personal data is transferred to Real Cookie Banner, among other things:
- Your consent(s) or the withdrawal of your consent(s)
- Your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website
The functionality of the website cannot be ensured without the processing.
Purpose and legal basis
The service is used on the basis of obtaining the legally required consent for the use of cookies pursuant to Art. 6(1)(c) GDPR.
Retention period
In addition, Real Cookie Banner stores a cookie in your browser in order to be able to assign the consents you have given or their withdrawal. The data collected in this way is stored until you request deletion, delete the Real Cookie Banner cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected. Further information about data processing by Devowl can be found at: https://devowl.io/de/wordpress-real-cookie-banner/.
April 2026