Our data protection principles
We handle the data transferred to us in a trusting and responsible manner and observe the legal provisions on data protection, in particular, the General Data Protection Regulation (GDPR).
- Personal data is only collected by us if and to the extent that you yourself provide it to us with your knowledge.
- We do not sell, lend or give away your personal data. We only pass on your data to third parties without your consent if we are legally entitled to do so, e.g. in the event of a corresponding court order.
- We use state-of-the-art security technologies to protect your data from misuse.
- We want to provide you with a safe, smooth, efficient and personal user experience.
We do not use automated decision-making or profiling.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us, and we take the necessary steps to remove that information from our server.
Our website may contain links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.
Keyword Chef LLC a company established in New Hampshire, USA
Overview of processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
- Inventory data (e.g. names, addresses).
- Content data (e.g. text entries, photographs, videos).
- Contact data (e.g. email).
- Meta/communication data (e.g. device information, IP addresses).
- Usage data (e.g. websites visited, interest in content, access times).
- Contract data (e.g. subject matter of the contract, term, customer category).
- Payment data (e.g. bank details, invoices, payment history).
Categories of data subjects
- Business and contractual partners.
- Interested parties.
- Communication partners.
- Users (e.g. website visitors, users of online services).
Relevant legal basis
- Consent (Art. 6 para. 1 p. 1 lit. a GDPR) – The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
- Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the data subject’s request.
- Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Protection of vital interests (Art. 6(1)(1)(d) GDPR) – Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
- Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR) – Processing is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
Rights of users
With regard to the data processing described in more detail below, users and data subjects have the right to
- to confirmation as to whether data relating to them is being processed,
- to information about the data processed, to further information about the data processing and to copies of the data;
- to correction or completion of incorrect or incomplete data;
- to immediate erasure of the data concerning them;
- to receive the data concerning them and provided by them and to transfer this data to other providers/controllers;
- to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions.
In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or restriction of processing that takes place. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.
Likewise, users and data subjects have the right to object to the future processing of data concerning them, insofar as the data is processed by the provider. In particular, an objection to data processing for the purpose of direct advertising is permissible.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information.
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects’ rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
SSL encryption (https)
In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.
Transmission and disclosure of personal data
In the course of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a web site. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
Data processing in third countries
If we process data in a third country (i.e., outside the United States) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses, in the presence of certifications or binding internal data protection regulations.
Commercial and business services
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer inquiries.
We inform the contractual partners which data is required for the aforementioned purposes before or in the course of data collection, e.g. in online forms, by means of special labeling (e.g. colors) or symbols (e.g. asterisks or similar), or in person.
We delete the data after the expiry of legal warranty and comparable obligations, i.e. generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be kept for legal archiving reasons (e.g. for tax purposes generally 10 years). We delete data disclosed to us by the contractual partner within the scope of an order in accordance with the specifications of the order, generally after the end of the order.
If we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply in the relationship between the users and the providers.
User account / registration
It is also possible for you to register an account. For this purpose, you will need to provide us with the following: First Name, Last Name, Email, Password. Providing those will enable you to log in more easily without having to enter your data again when you use our services next. Keyword Chef stores the data you enter to set up a customer account. We will hold your data for further orders as long as you maintain your registration. You have the right to access, correct, or delete your registration data at any time. The legal basis for the storage is your consent.
Online Payment, Secure data transmission, and Credit card information
The transmission of your personal information during an order transaction is encrypted using industry standard Secure Socket Layer (“SSL”) technology, (SSL encryption version 3). Any credit card information you provide will not be stored by us, but will be encrypted and collected directly from our payment service provider via hypertext transfer protocol secure (“https”). We may share information with our payment service provider, and you may need to provide credit or debit card information directly to the provider in order to process payment details and authorize payment following a secure link. The information which you supply to in such cases is not within our control and is subject to our payment service provider’s own Privacy Notice and Terms and Conditions.
Economic analyzes and market research
For business reasons and in order to be able to recognize market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our online offer.
The analyzes are carried out for the purpose of business evaluations, marketing, and market research (e.g. to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g. regarding services used. The analyzes serve us alone and are not disclosed externally, unless they are anonymous analyzes with summarized, i.e. anonymized values. Furthermore, we take the privacy of the users into consideration and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g. as summarized data).
Provision of the online offer and web hosting
In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed in the course of providing the hosting service may include all information relating to the users of our online service that is generated in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or websites.
Collection of access data and log files
We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the websites and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses, and the requesting provider.
The server log files may be used for security purposes, e.g. to avoid overloading the servers (especially in the event of abusive attacks, so-called DDoS attacks) and to ensure the utilization of the servers and their stability.
Newsletters and electronic notifications
We send newsletters, e-mails and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or a legal permission. If the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. In addition, our newsletters contain information about our services and us.
In order to subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name, for the purpose of personal address in the newsletter, or further details, if these are necessary for the purposes of the newsletter.
The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.
Notes on legal basis: The newsletter is sent on the basis of the recipients’ consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of advertising to existing customers. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to demonstrate that it has been carried out in accordance with the law.
The newsletters may contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server or, if we use a dispatch service provider, from their server when the newsletter is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the retrieval, are initially collected.
This information is used for the technical improvement of our newsletter on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The evaluations serve us rather to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The evaluation of the newsletter and the measurement of success are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of the users.
Unfortunately, a separate revocation of the performance measurement is not possible; in this case, the entire newsletter subscription must be canceled or revoked.
Web analysis, monitoring, and optimization
Web analysis (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can, for example, recognize at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas need optimization.
In addition to web analysis, we may also use test procedures, e.g. to test and optimize different versions of our online offer or its components.
For these purposes, so-called user profiles may be created and stored in a file (so-called “cookie”) or similar procedures may be used with the same purpose. This information may include, for example, content viewed, websites visited and elements used there and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider.
The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing, and optimization, but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.
We process personal data for online marketing purposes, which may include, in particular, marketing advertising space or displaying promotional and other content (collectively, “content”) based on potential user interests and measuring its effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this may also be processed.
The IP addresses of users are also stored. However, we use available IP masking procedures (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored within the scope of the online marketing process, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can generally also be read later on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.
Exceptionally, clear data can be assigned to the profiles. This is the case if, for example, the users are members of a social network whose online marketing procedure we use and the network links the users’ profiles with the aforementioned data. We ask you to note that users may enter into additional agreements with the providers, e.g. by giving their consent as part of the registration process.
In principle, we only receive access to summarized information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.
We use Google Analytics to display the ads placed within advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called “Remarketing Audiences”, or “Google Analytics Audiences”). With the help of Remarketing Audiences, we also want to ensure that our advertisements correspond to the potential interest of the users.
We use Google Analytics in the form of Universal Analytics “Universal Analytics” refers to a method of Google Analytics in which user analysis is carried out on the basis of a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of different devices (so-called “cross-device tracking”).
The data you enter on our social media pages and our Facebook Group, such as comments, videos, pictures, likes, public messages, etc. are published by Facebook and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of Facebook and communicate with you via Facebook. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication.
If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on Facebook, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the option of sending us confidential inquiries to our address stated in the imprint.
As already stated, where Facebook gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that Facebook makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.
Data processing by Facebook
Facebook uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with Facebook. As already explained, we can unfortunately hardly influence the web tracking methods of Facebook. We cannot, for example, switch this off.
Please be aware: It cannot be ruled out that the provider of Facebook uses your profile and behavioral data, for example, to evaluate your habits, personal relationships, preferences, etc. We have no influence on this. In this respect, we have no influence on the processing of your data by Facebook.
Protection of personal data
The security of your personal data is of particular concern to us. We, therefore, take appropriate technical and organizational measures, taking into account the state of the art, the implementation costs and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of, and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data, and response to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware and software, in accordance with the principle of data protection through technology design and through data protection-friendly default settings. We also transfer our understanding of security to those processors used by us.
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfill the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.
You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Legal defense and enforcement of our rights
The legal basis for the processing of your personal data in the context of legal defense and enforcement of our rights is our legitimate interest.
The purpose of processing your personal data in the context of legal defense and enforcement of our rights is the defense against unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
The processing of your personal data in the context of legal defense and enforcement is mandatory for legal defense and enforcement of our rights. Consequently, there is no possibility for you to object.
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not necessary for the purpose).
If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.
Further information on the deletion of personal data can also be found in the individual privacy policies of this privacy statement.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us.