Privacy policy

represented by the managing directors Annette Imhoff and Dr. Christian Unterberg-Imhoff

(hereinafter referred to as the "Chocolate Museum").

When you visit our website, data about your use is collected and stored for technical reasons.

The Chocolate Museum respects and protects your privacy when you use its services by striving for anonymous use of all offers.

If you have provided us with personal data, we collect, store and use it only to the extent necessary to answer your inquiries, to establish, process and execute contracts concluded with you or to provide the services and for technical administration.

You can find out more in this privacy policy below:

What data we collect when you visit the Chocolate Museum website, use one of the contact forms or use the Chocolate Museum Online Shop.
The purposes for which we process your data.
What rights and settings options you have, in particular how you can object to the processing of your data and revoke any consent you may have given.

1. which company is responsible for the Schokoladenmuseum Online Shop?
The company responsible within the meaning of the European General Data Protection Regulation (GDPR) for data processing in connection with your use of the Schokoladenmuseum Online Shop is

Chocolate Museum Cologne GmbH
Am Schokoladenmuseum 1a
50678 Cologne

In the following, "we", "us" or "Schokoladenmuseum" therefore refers to Schokoladenmuseum Köln GmbH as the operator of the Schokoladenmuseum Online Shop. Further details about our company and our contact details can be found in the Imprint.

You can reach our data protection officer at datenschutzbeauftragter@schokoladenmuseum.de or at our postal address above with the addition "Attn: Data Protection Officer".

2 What data does the Chocolate Museum collect?

2.1 When you visit our website

You can visit the website of the Chocolate Museum without providing any personal data. In this case, we collect the technical access data that your browser automatically transmits to our server when you access a page. The access data includes the following information in particular:

Date and time of access
Address of the website accessed and the requesting website
Content of the request (addresses and names of the requested files)
Information about the browser and operating system used (versions, language settings)
Online identifiers (e.g. IP address, device identifiers, session IDs)
any error messages (if the requested content cannot be displayed)
the page you previously visited from which you accessed a page of the Chocolate Museum Online Shop via a link

Your access data is automatically stored in the server log files of our server during your visit and then anonymized by shortening or deleting your IP address. It is then no longer possible to draw direct conclusions about your person from the server log files.

2.2 Cookies
We use cookies in the Chocolate Museum Online Shop. These may be cookies set by us ("Chocolate Museum cookies") and cookies from third-party providers. A cookie is a standardized text file that is stored by your browser for a period of validity specified in advance by the respective provider. Cookies enable the local storage of information such as language settings, shopping cart content and temporary identification features, which can be retrieved on subsequent website visits in order to reload the corresponding settings. You can view and delete the cookies used in the security settings of your browser. You can configure your browser settings according to your wishes and thus, for example, refuse to accept third-party cookies or all cookies. We would like to point out that in this case you may not be able to use all the functions of our website.

Our own chocolate museum cookies serve to make your visit to our website more user-friendly and secure.

We also use third-party cookies for web analysis and advertising purposes. You can find more information on this in sections 5 and 6 of this privacy policy.

2.3 If you register for a Chocolate Museum customer account
Of course, you can also shop in the Chocolate Museum online store as a guest without a personal Chocolate Museum customer account. However, registering in our online store can make it easier for you to shop with us in the future and provide you with an order history. For example, your address details will be preselected for your next order. With the customer account, we can also store your data (e.g. order data) in our customer database and show you personalized product recommendations and more relevant search results based on your previous shopping interests.

If you register for a Chocolate Museum customer account, we will set up password-protected direct access to your master data stored with us (e.g. name, address, e-mail address, company) and order data (products ordered, article numbers). The mandatory information required for registration is usually marked separately, e.g. with an asterisk ("*"). For security reasons, we also temporarily store the IP address you used during registration.

You can delete your Chocolate Museum customer account and the data stored in it at any time. To do so, simply send us an informal message, e.g. by e-mail to service@schokoladenmuseum.de or use our contact form. Please note: The deletion of your customer account does not automatically extend to the order processes and the personal data stored for this purpose (see section 8: How long will my data be stored?).

2.4 When you place an order in the Chocolate Museum Online Shop
We record which products you order. We also store data that arises in direct connection with the processing of your orders. Order data includes in particular

Details of the products ordered, such as item numbers and quantity
e-mail address
Billing and delivery address
payment details
order numbers

2.5 When you take part in surveys, competitions and promotions
We collect the information you provide when you take part in surveys, competitions and promotions.

For example, we occasionally conduct surveys to find out how our offers are used by our customers and to contact customer service.

In the case of competitions, we use your contact details for the purpose of notifying you of the prize and, if necessary, to prevent multiple entries.

You may find detailed information in separate data protection notices for the respective survey, competition or promotion.

2.6 When you contact us
If you contact us via the contact form on our website, by email, by telephone or by other means, we will record the communication data that is collected. Depending on the channel you use to contact us, this may include, for example, your contact details (such as your email address or telephone number) and the content of your message to us. Telephone conversations with the Chocolate Museum Service are not recorded.

We also use the services of social networks such as Facebook, Instagram, TripAdvisor and Twitter to communicate with our customers. Please note that Schokoladenmuseum has no influence on the terms of use of the social networks and their data processing practices. Therefore, please check carefully what personal data you share with us via the social networks.

2.7 If you subscribe to the Chocolate Museum newsletter
If you have registered for the Chocolate Museum newsletter, we will store the data you have provided for this purpose for the purpose of compiling and sending the newsletter.

2.7.1 Registration
When you register for the Chocolate Museum newsletter, we ask you to provide the following mandatory information:

E-mail address (for the newsletters: visitors, press, education, tourism)
Salutation (for the newsletter: Press)
Company (for the newsletter: Press)
Department (for the newsletter: Press)
Position (for the newsletter: Press)
Title (for the newsletter: Press)
First name (for the newsletter: Press)
Surname (for the newsletter: Press)

We need this information to send and personalize the Chocolate Museum newsletter in the respective category.

We also use your voluntary information to personalize the Chocolate Museum Newsletter.

In order to prevent the misuse of e-mail addresses, we generally ask you to confirm your registration by e-mail in an automated process (double opt-in procedure). Your registration and, if applicable, confirmation are logged, whereby the IP address used is also documented for verification purposes.

2.7.2 Unsubscribing
You can unsubscribe from the Chocolate Museum newsletter at any time. To unsubscribe, you can, for example, use the unsubscribe link in every Schokoladenmuseum newsletter or send an email to service@schokoladenmuseum.de.

2.7.3 Personalization
Each Chocolate Museum newsletter contains a randomly assigned identifier. Using this identifier, we can record whether and when a newsletter was opened and which links were clicked on, and create pseudonymous user profiles on this basis.

You do not want us to send you personalized offers?

If you do not want us to use your data for personalization in the manner described above, you can unsubscribe from the Chocolate Museum newsletter at any time. We will then delete the user profiles created. To unsubscribe, you can, for example, use the unsubscribe link in every Chocolate Museum newsletter or the contact form.

2.7.4 Use of newsletter service providers
We use technical service providers for the data processing described in this privacy policy. If we have to pass on your data to a service provider for this purpose, this is done as part of order processing in accordance with our instructions.

2.7.5 Legal bases and other important data protection information
The legal basis for the data processing described above is Article 6(1)(a) GDPR (consent).

3 For what purposes does the Chocolate Museum use my data?

3.1 Provision of the Chocolate Museum Online Shop
When you visit the websites of the Chocolate Museum or the Chocolate Museum Online Shop, we process the access data, server log files and cookies generated in order to provide you with our website and the content and functions you access and to ensure the stability and security of our IT systems and databases.

Legal basis:

If you use the Chocolate Museum Online Shop with your Chocolate Museum customer account, the legal basis is Article 6(1)(b) GDPR (performance of a contract and pre-contractual measures).

If you use the Chocolate Museum Online Shop without registering, the legal basis is Article 6(1)(f) GDPR (balancing of interests based on our legitimate interests mentioned above).

If you have consented to data processing, the primary legal basis is your consent (Article 6(1)(a) GDPR).

3.2 Contract fulfillment, in particular purchase processing
We process your data to execute the contracts concluded with you and to provide services at your request. The purposes are primarily based on the specific content of the contract or the purpose of the services you have requested. Details on the processing purposes can be found in the respective contract documents and terms and conditions, for example our General Terms and Conditions. Examples are

Setting up and providing your customer account
Execution of purchase contracts
Implementation of competitions
Non-commercial communication with you (e.g. security notices and contract-related changes)

Legal basis:

The legal basis for this data processing is Article 6(1)(b) GDPR (contract performance and pre-contractual measures).

3.3 Customer service and communication in the context of existing customer relationships
We process your data to provide our customer service. This includes, for example

Processing of your requests and inquiries by the visitor service
Non-commercial communication with you (e.g. security information and technical support)

Legal basis:

The legal basis for this data processing is Article 6(1)(b) GDPR (performance of a contract and pre-contractual measures).

3.4 Payment processing
Depending on the payment method agreed, we will pass on the data required for payment processing (e.g. credit card details) to the payment service provider commissioned with the payment. In some cases, the payment service providers also collect this data themselves under their own responsibility. In this respect, the data protection information of the respective payment service provider applies.

Your data is transmitted to the external payment service providers on the basis of Article 6(1)(b) GDPR (fulfillment of contract).

Our payment service provider for payments by credit card is the ePay payment platform of Transact Elektronische Zahlungssysteme GmbH (Transact).

The legal basis for this is Article 6(1)(f) GDPR on the basis of our legitimate interest. We do not store your real credit card details. You will have to enter your credit card details manually each time you make a purchase.

Our payment service provider for payments via PayPal is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal").
Our credit card acquirer for payments by Visa and Mastercard credit cards is BS PayOne GmbH Ferdinand Str. 13, D-44789 Bochum, Germany

3.5 Internal market research, optimization and further development of our offer
We use your access data and the data you provide (e.g. master data, order data) for internal statistical and market research purposes. Prior to this, we pseudonymize or anonymize your data, e.g. by deleting your name and other data suitable for identification from the statistics before they are processed further.

This allows us to determine, for example, which pages and products of our store are particularly popular, which devices our customers generally use or from which regions our website is accessed. This information helps us to continuously optimize our existing offering and develop new functions and services.

Legal basis:

The legal basis for this data processing is Article 6(1)(f) GDPR (balancing of interests based on our legitimate interests mentioned above).

3.6 Processing for consented purposes
If you have consented to the processing of your data for specific purposes, the legal basis for data processing for these purposes is primarily your consent (Article 6(1)(a) GDPR).

Revocation of consent

In accordance with Article 7(2) GDPR, you have the right to withdraw your consent at any time. As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

4. chocolate museum route planner (Google Maps)
Our website uses the map service Google Maps from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") for the "route planner" function. In order for the Google map material used by us to be integrated and displayed in your web browser, your web browser must establish a connection to a Google server, which may also be located in the USA, when you access the contact page. In the event that personal data is transferred to the USA, Google has signed up to the EU-US Privacy Shield subject to. As a result, Google receives the information that the contact page of our website has been accessed from the IP address of your device.

In the route planner, you can plan how to reach the Chocolate Museum using Google Maps. You can enter any address data (country, zip code, town and/or street name) to start the route planning from there.

The legal basis for this data processing is Article 6(1)(f) GDPR based on our legitimate interest in providing the route planner described above.

If you access the Google map service on our website while you are logged into your Google profile, Google can also link this event to your Google profile. If you do not wish to be associated with your Google profile, you must log out of Google before using our store locator. Google stores your data and uses it for the purposes of advertising, market research and personalized presentation of Google Maps. You can object to this data collection by Google.

You can find more information on this in the privacy policy from Google and the Additional Terms of Use for Google Maps.

5. web analysis

5.1 Google Analytics
Our website uses the web analysis service Google Analytics, which is offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies with a validity of 14 months to record your access data when you visit our website. The access data is summarized by Google on our behalf into pseudonymous user profiles and transmitted to a Google server in the USA. Your IP address is anonymized beforehand. We are therefore unable to determine which user profiles belong to a specific user. Based on the data collected by Google, we can therefore neither identify you nor determine how you use our website. In the event that personal data is exceptionally transferred to the USA, Google has also signed up to the EU-US Privacy Shield agreement. Google has thus undertaken to guarantee the European data protection principles and the local level of data protection even in the context of data processing taking place in the USA.

Google will use the information obtained from the cookies on our behalf to evaluate the use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. Further information on this can also be found in the Google Analytics privacy policy.

You can object to web analysis by Google at any time. You have several options to do this:

You can set your browser to block cookies from Google Analytics.
You can change your Google advertising settings with Google.
You can set an opt-out cookie by clicking here: Disable Google Analytics
You can deactivate the cookie set by Google at http://www.google.com/settings/ads/plugin in your Firefox, Internet Explorer or Chrome browsers (this variant does not work on mobile devices).

The legal basis for this data processing is Article 6(1)(f) GDPR (balancing of interests based on our legitimate interest in the analysis of general user behavior).

6. online advertising
The legal basis for the data processing described below is Article 6(1)(f) GDPR (balancing of interests based on our legitimate interest in the interest-based advertising of our products).

You have the option of preventing the storage of cookies from third-party providers, which are used to implement the data processing described below, by setting your browser accordingly (as explained in section 2.2). The following descriptions also contain further objection options.

6.1 Facebook
For marketing purposes, our websites use so-called conversion and retargeting tags (also "Facebook pixels") of the social network Facebook, a service of Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). We use Facebook pixels to analyze the general use of our websites and to track the effectiveness of Facebook advertising ("conversion"). We also use Facebook pixels to display personalized advertising messages based on your interest in our products ("retargeting"). For this purpose, Facebook processes data that the service collects via cookies and similar technologies on our websites.

The data collected in this context may be transferred by Facebook to a server in the USA for analysis and stored there. In the event that personal data is transferred to the USA, Facebook has signed up to the EU-US Privacy Shield subject to.

If you are a member of Facebook and have allowed Facebook to do so via the privacy settings of your account, Facebook can also link the information collected about your visit to our website to your member account and use it for the targeted placement of Facebook ads. The privacy settings of your Facebook profile can be viewed and changed at any time. If you are not a Facebook member, you can prevent Facebook from processing your data by going to the external TrustArc opt-out website by activating the deactivation switch for the provider "Facebook". You can also prevent data processing by clicking on the following button.

If you deactivate data processing by Facebook, Facebook will only display general Facebook ads that are not selected based on the information collected about you.

You can find more information on this in the data policy from Facebook.

6.2 Google Adwords and Adwords Remarketing
Our website uses the "AdWords Conversion Tracking" and "AdWords Remarketing" services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). "AdWords Conversion Tracking" is used to record and analyze customer actions defined by us (such as clicking on an ad, page views, downloads). We use "AdWords Remarketing" to show you individualized advertising messages for our products on Google partner websites. Both services use cookies and similar technologies for this purpose. The data collected in this context may be transferred by Google to a server in the USA for analysis and stored there. In the event that personal data is transferred to the USA, Google has signed up to the EU-US Privacy Shield subject to.

If you use a Google Account, Google may link your web and app browsing history to your Google Account and use information from your Google Account to personalize ads, depending on the settings stored in your Google Account. If you do not want this association with your Google account, you must log out of Google before visiting our website.

You can deactivate the processing of your data for personalized online advertising within the Google advertising network at any time. There are several ways to do this:

You can adjust your advertising settings on Google at https://www.google.de/settings/ads.
You can install the free deactivation plug-in from Google in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin (this does not work for browsers for mobile devices).
You can also opt out of personalized advertising from Google and many other providers that are part of the "Your Online Choices" self-regulation campaign centrally on the website http://www.youronlinechoices.eu.

Please note that if you deactivate personalized advertising, Google will only show you general advertising that has not been selected based on the access data collected about you.

6.3 Google Adwords and Adwords Remarketing
Our website uses plugins from the Tripadvisor site operated by Tripadvisor Inc. The operator of the pages is Tripadvisor Inc, 141 Needham Street, Newton, MA 02464, USA. When you visit one of our pages equipped with a Tripadvisor plugin, a connection to the Tripadvisor servers is established. The Tripadvisor server is informed which of our pages you have visited.

Further information on the handling of user data can be found in Tripadvisor's privacy policy at https://tripadvisor.mediaroom.com/DE-privacy-policy

7. to whom is my data passed on?
We only pass on your data if

you have given your express consent to this in accordance with Article 6(1)(a) GDPR,
the disclosure pursuant to Article 6(1)(f) GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
we are legally obliged to disclose your data in accordance with Article 6(1)(c) or (e) GDPR, in particular if we are obliged to provide information to an authority) or
the disclosure is permitted by law and required under Article 6(1)(b) GDPR for the performance of contractual relationships with you or for the implementation of pre-contractual measures taken at your request.

Some of the data processing described in this privacy policy may be carried out on our behalf by external service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centers that store and maintain our website and databases, IT service providers (e.g. Visitate GmbH & Co. KG) that maintain our systems.

If we pass on data to our service providers, they may only use the data to fulfill their tasks. Your data is processed by the commissioned service providers as part of order processing in accordance with Article 28 GDPR. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.

We do not disclose your data to any service provider based in a country outside the European Economic Area (EEA) beyond the scope of this privacy policy. If you have any questions, please contact our data protection officer.

8. how long will my data be stored?
Unless otherwise stated in this privacy policy, we will only store your data for as long as is necessary to fulfill our contractual or legal obligations or the purposes for which the data was originally collected, or as long as we have a legitimate interest in further storage.

In all other cases, we delete your personal data with the exception of data that we must continue to store in order to comply with statutory retention periods. However, in these cases we will restrict processing, i.e. your data will only be used to comply with legal obligations.

If you cancel your Chocolate Museum customer account or have it deleted, we will delete all the data stored about you. If complete deletion of your data is not possible or not necessary for legal reasons, the data in question will be restricted for further processing. As a rule, your order and payment data and any other data are subject to statutory retention obligations, for example under the German Commercial Code and the German Fiscal Code. We are therefore obliged to store this data for up to ten years.

Even if your data is not subject to any statutory retention obligation, we may refrain from deleting it in the cases permitted by law and block it instead. This applies in particular in cases where we may still need the data in question for the further processing of the contract or for legal prosecution or legal defense. In this respect, the statutory limitation periods are decisive for the duration of the blocking.

9. your data protection rights
To assert your statutory data protection rights described below, you can contact our data protection officer (see section 1) at any time:

You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing to you as part of the information request and provide you with an overview of the data stored about you.

If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected.

You can also request the deletion of your data. If deletion is not possible in exceptional cases due to other legal provisions, the data will be blocked so that it is only available for this legal purpose.

You can also have the processing of your data restricted, e.g. if you are of the opinion that the data stored by us is incorrect.

You have the right to data portability, i.e. we will send you a digital copy of the personal data you have provided to us on request.

You also have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestraße 2-4, 40213 Düsseldorf.

10. right of revocation and objection
If you wish to make use of your right of revocation or objection below, simply send an informal message to the contact details given in section 1 above.

Revocation of consent

In accordance with Article 7(2) GDPR, you have the right to withdraw your consent to us at any time. As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

Objection to the processing of your data

If we process your data on the basis of legitimate interests in accordance with Article 6(1)(f) GDPR, you have the right to object to the processing of your data in accordance with Article 21 GDPR if there are reasons for this arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without you having to give reasons.

11. data security
We maintain appropriate technical and organizational measures to ensure data security, in particular to protect your data from risks during data transmissions and from unauthorized access by third parties. These measures are adapted in line with the current state of the art. To secure the personal data you enter on our website, we use the Secure Sockets Layer (SSL), which encrypts the information you enter.

12. changes to this privacy policy

We occasionally update this privacy policy, for example when we adapt our website or when legal or regulatory requirements change. We will document significant changes in this privacy policy and, if necessary, obtain the consent of our customers.