Privacy Policy

The following Privacy Notice applies to the website of YOGI TEA GmbH.

As of October 6rd 2022

 

A. Privacy Notice

 

1. Who are we and what do we do?

We, YOGI TEA GmbH, Burchardstraße 24, 20095 Hamburg, telephone: +49 (0)40 - 42 30 11-0, e-mail: info.eu@yogiproducts.com are responsible within the meaning of the laws on data protection for processing data in connection with this Privacy Notice (hereafter also referred to as "YOGI TEA", "we" or "us").

For more than 40 years YOGI TEA has been synonymous with delicious herbal and spice teas based on unique Ayurveda tea recipes whose roots go back to the 3,000-year-old Indian philosophy of Ayurveda.

 

 

2. How can you contact our data protection officer?

Should you have any questions on this Privacy Notice or generally on the processing of your data by YOGI TEA, please refer to our data protection officer:

Tabea Knabe (managing director MACU Datenschutz UG), can be contacted through dataprotection.eu@yogiproducts.com

 

 

3. Which personal data do we process?

Personal data means "any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" (Article 4 no. 1 of the General Data Protection Regulation). Personal data includes for example name, e-mail address, address and data of birth.

When we process personal data, that means that we, for example, record, store, use, transmit to others or delete this data.

Registration data: We process firstly all data from you that you send us in connection with your registration to the Yogi Tea media data bank under https://www.yogitea.com/en/medialibrary/. These are the personal data that are necessary in order to justify and fulfil registration (e.g. name, company, e-mail address).

Competitions: We first process all your data that you send us in connection with participation in competitions. These are the personal data required in order to carry out the competition (e.g. name, company, e-mail address).

Data on online behaviour and preferences: We also process data such as IP addresses and information on visits to our website.

Customer complaints and compensation products: We process data from you that you send us in connection with a complaint. These are the personal data that are necessary in order to conduct and handle complaints as well as for the shipment of compensation products (e.g. name, e-mail address, address).

 

 

4. For which purposes and on which legal basis do we process your personal data?

We process your data for the following purposes and on the basis of the legal principles stated:

  • Orders for services in the media data bank, such as pictures of all the products in our range in various data formats as well as brochures and sales documents for downloading. Legal basis: fulfilment of a contract
  • Provision of services as part of competitions such as notification of prizes, their processing and dispatch. Legal basis: fulfilment of a contract
  • Orders for services with respect to customer complaints as well as compensation products, handling and shipment. Legal basis: legitimate interest (we have a legitimate interest in processing the data should our customers contact us in this respect as well as for the handling of such complaints)
  • Evaluation of your behaviour as an online user for purposes of market research and in order to improve what we offer (see also section 9 on this respect). Legal basis: legitimate interest (we have a legitimate interest in learning how you use our website in order to be able to improve our offer and to adapt this offer to our users)
  • Identification of malfunctions and ensuring the security of the system including the disclosure of and follow up on unauthorised access or attempted access to our Internet server. Legal basis: fulfilment of our legal obligations in the field of data security as well as weighing of interests (we have a legitimate interest in eliminating malfunctions, ensuring that the system is secure and the disclosure and follow up of unauthorised access attempts and access)
  • Safeguarding and defence of our rights. Legal basis: legitimate interest (we have a legitimate interest in asserting and defending our rights)

 

Please note your rights to object when data is processed for purposes of direct marketing or for personal reasons and your right to revoke your consent (see section What rights do you have? and the section Information on your rights to object).

 

 

5. Who receives your data and why (data recipients)?

 

5.1 General

As a matter of principle, we only give your data to third parties provided this is necessary in order to fulfil the contract, we or the third party have a legitimate interest in forwarding the data or you have given your consent to the data being forwarded. Should data be forwarded to a third party on the basis of a legitimate interest, this is explained in the Privacy Policy. Furthermore, data may be forwarded to third parties should this be required of us due to provisions of the law or enforceable orders by a public authority or court of law.

 

 

5.2 For what reasons do we forward your data to third parties?

We reserve the right to use service providers in recording or processing data. Service providers only receive personal data from us that they require for their specific function. Therefore, your e-mail address may be forwarded to a service provider, for example in order that it can deliver a newsletter you have ordered. Service providers may also be appointed to make server capacity available.

Specifically, the following types of service provider are involved:

  • IT service providers (technical support), Germany
  • Web design service providers, Germany
  • Media purchase service providers, Germany
  • Media purchase service providers, Ireland or USA
  • Business / helpdesk software providers, USA

 

 

5.3 When do we forward data to countries that do do not belong to the European Economic Area?

We may also share personal data with processors located in non-EEA countries (so-called third countries). These are processors in the USA and in Switzerland.

In such cases, we ensure that the recipient has an appropriate level of data protection in place. In the case of Switzerland, this is an adequacy decision pursuant to Article 45 of the GDPR. In the case of processors in the USA, these are the standard EU contractual clauses adopted by the European Commission (Article 46 of the GDPR) or explicit consent provided by the user.

You can obtain a summary from us of recipients in third countries and a copy of the specifically agreed rules in order to ensure an adequate level of data protection. Please use the information in the section Contact for this purpose.

 

 

6. How long do we store your data and which retention periods apply to this area?

We store your data for as long as this is required in order to provide our online offer and the related services or should we have a legitimate interest in continued storage. In all other cases, we delete your personal data with the exception of such data as we must continue to hold in fulfilment of legal (e.g. tax and commercial law) retention requirements (e.g. invoices). We block data subject to a retention period until the retention period ends expires.
The following exact retention periods apply:

Registration data: For as long as you are registered with our media data bank and after it has ended [immediate deletion]

Data derived from competitions: As long as the competition is being carried and processed after it has ended for [2 months]

Data relating to online behaviour and preferences: [2 years]

Data relating to complaints of customers: As long as the complaint is being handled by us and after it has been handled for 1 year.

 

 

7. What are log files and what do we use them for?

Every time you use the Internet, certain information is automatically transmitted from your Internet browser and stored by us in so called log files.

We store the log files for a period of seven to ten days in order to identify malfunctions and for security reasons (e.g. in order to clarify attempted attacks) and they are then deleted. Log files that are retained longer for purposes of proof are excluded from deletion until the case concerned is finally clarified and may in certain cases be forwarded to the investigating authorities.

The following information in particular is stored in the log files:

  • IP address (Internet protocol address) of the terminal from which the online offer was accessed;
  • Internet address of the website from which the online offer was visited in order to obtain the offer (so called origin or referrer URL);
  • Name of the service provider through which access to the online offer was made;
  • Name of the files or information visited;
  • Date and time as well as the length of the visit;
  • Quantity of data transmitted;
  • Operating system and information on the Internet browser used including add ons installed (e.g. for Flash Player);
  • http-status code (e.g. "Enquiry successful" or "Requested file not found").

 

Selected information derived from log-files (not the IP address) is also used in order to analyse the web. 

 

 

8. What are cookies and what do we use them for?

 

8.1 How do cookies function?

Cookies are small text files that are sent when a website is visited and stored in the browser. If this website is visited again, the user's browser returns the contents of the cookie and thus enables the user to be recognised again. Certain cookies are automatically deleted after the end of the browser session (so called session cookies), and others are stored for a specified length of time or stored permanently in the user's browser and then delete themselves automatically (so called temporary or permanent Cookies).

 

 

8.2 What data are stored in the cookies?

As a matter of principle, no personal data are stored in the cookies but only an online identification.

 

 

8.3 How can you prevent the storage of cookies or delete them?

You can deactivate the storage of cookies through your browser settings and delete cookies that are already stored in your browser at any time (see Technical advice). Please note however that without cookies this online offer might possibly not function or only function subject to limitations.
Please also note that objections to the creation of user profiles function partly through the use off a so called "opt out cookie". If you delete all cookies, an objection might not therefore be considered and you will have to submit the objection again.

 

 

8.4 What kind of cookies do we use?

Cookies that are absolutely necessary
Certain cookies are required so that we can provide our online offer securely. This category includes for example:

  • Cookies that serve to identify or authenticate our users;
  • Cookies that temporarily store certain user inputs (e.g. contents of a shopping basket or an online form);
  • Cookies that store certain user preferences (e.g. search or language preferences);
  • Cookies that store data in order to ensure the troublefree reproduction of video and audio contents.

 

Analysis cookies
We use analysis cookies in order to record the behaviour of our users (e.g. subpages visited, search enquiries entered) and to analyse this behaviour statistically 


We specifically use the following cookies: 

_ga (Google; HTTP Cookie):
Registers a unique ID to generate statistical data relating to user behaviour (24 months).

_gac_UA-* (Google; HTTP Cookie):
Used by Google AdWords to identify the device (3 months ).

_gcl_au (Google; HTTP Cookie):
Used by the campaign manager to highlight the actions of users who visit the website after an ad has been displayed or clicked on (3 months).

_gid (Google; HTTP Cookie):
Registers a unique ID that is used to generate statistical data relating to use of the website by the user (1 day).

_gat_gtag_UA_* (Google; HTTP Cookie):
Is used to throttle the request rate (1 day).

cookieNotice18 (YogiTea; HTTP Cookie):
Controls the display of the cookie banner. Once accepted by the user, the banner disappears (Session end).

 

 

9. In what form do we operate a web analysis?

 

9.1 What is a web analysis?

We require statistical information on the use of our online facility in order to make it more user friendly, to measure its reach and to be able to operate market research.

We use the following web analysis tools for this purpose. The user profiles created by these tools with the aid of cookies or through the evaluation of log files are not amalgamated with personal data.

The providers of the tools only process data as job processors in accordance with our instructions and not for their own purposes.

The tools either do not use the users' IP addresses at all or abbreviate them immediately after they have been recorded.

For each tool you will find information on the provider concerned and also how to object to the recording and processing of data by the tool.

It should be noted in the case of tools that work with opt out cookies, that the opt out function is equipment and browser based and only applies to the terminal or browser that is currently used. Should you use several terminals or browsers, you must set the opt out function on each terminal and on each browser used.

Moreover, you can prevent the creation of any user profiles by deactivating the use of cookies in general.

 

 

9.2 Google Analytics

Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Analytics with the additional function offered by Google to anonymise IP addresses: according to this function, Google generally abbreviates the IP address within the EU already and only in exceptional cases actually in the USA and in all cases only stores the IP address in abbreviated form.

You can object to the recording and evaluation of your data by this tool by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. 

 

 

10. Which social media platforms are we present on?

We are present on several social media platforms. These are individually listed below. Customers, interested parties and/or users can communicate with us via these platforms and inform themselves about our activities and products.

In this context, we draw your attention to the fact that this may result in the processing of user data outside the European Union. This can pose risks to users visiting our social media pages.
In general, social media platforms also utilise user data for the purposes of market research and advertising. User behaviour is utilised for personalised advertising, for example. This takes account of the user’s interests. In order to achieve this, cookies are stored on the user’s device that allow conclusions to be drawn regarding user behaviour and the user’s interests.
We process personal data on social media platforms on the basis of a legitimate interest pursuant to point (f) of Art. 6 (1) GDPR. Our aim is to ensure effective communication with users and to inform you of our activities and products. Where consent to data processing is required, such processing is carried out pursuant to Art. point (f) of Art. 6 (1) and Art. 7 GDPR.
We are unable to track all processing procedures on the social media platforms. You should therefore address any requests for information to the respective operator of the individual social networks. Only the operator has access to the user data and is thereby able to provide information or take the requisite measures in the event that you wish to assert your user rights. If you have any questions regarding data protection, however, you can also address these to us or our data protection officer.
For additional details and/or options for revoking your consent, we refer you to the individual sites:

 

 

10.1 Facebook

The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified in line with the EU-US Privacy Shield.
You can find Facebook’s data protection policy at:
https://www.facebook.com/about/privacy/

 

 

10.2 Instagram

The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
You can find Instagram’s data protection policy at:
https://help.instagram.com/519522125107875

 

 

10.3 Twitter

The provider is the Twitter International Company, One Cumberland Place, Fenian Street
Dublin 2, D02 AX07 IRELAND.
You can find Twitter’s data protection policy at:
https://twitter.com/de/privacy

 

 

11. What forms of marketing do we conduct?

 

 

11.1 Adform Conversion-Tracking

We use the Conversion-Tracking service provided by Adform Germany GmbH, Gr. Burstah 50-52, 20457 Hamburg Germany. We use this to measure the success of our advertising tools. We deliver advertising banners via the Adform network. In this context, cookies are stored when visiting websites within the advertising network. These cookies contain an advertising ID and are valid for 60 days. No personal identification can be made via the cookie. We can merely identify which advertising tool led to your visit to the website.

If you do not wish to use Adform, you can deactivate the cookie. Instructions can be found at https://site.adform.com/privacy-center/platform-privacy/opt-out/.

 

 

11.2 Google AdWords

We use Google Conversion-Tracking via the AdWords service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you click on an advert delivered by Google and are redirected to our website, Google AdWords stores a cookie in your browser. This conversion-tracking cookie is stored as soon as a user clicks on a Google ad.

The cookie allows us to see when a visitor to our website has clicked on a Google ad, when they have been redirected, and which pages the visitor has looked at. The cookie is individual, i.e. each AdWords customer is assigned their own cookie.

This functionality is used to generate conversion statistics that Google provides to its customers. These statistics show how many users have clicked on an ad. However, it isn’t possible to personally identify customers.

The legal basis for Google AdWords is the user’s consent pursuant to point (f) of Art. 6 (1) GDPR, i.e. you voluntarily provide your personal data. When visiting our website, your personal data are sent to Google in the USA and stored there; this particularly includes your IP address. Google may pass these data on to third parties. We have no influence on this. We ourselves do not receive any data to identify the data subject.

Cookies are only stored for 30 days.
Google guarantees that it processes data securely and has therefore committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

If you wish to prevent your data being processed by Google AdWords, you can do so via your browser settings. Here you can prevent the automatic storage of cookies / block cookies from the “googleadservices.com” domain. However, this can result in limited website functionality.

 

 

11.3 Google Remarketing

On our website, we use the Google Remarketing service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function serves the purpose of displaying adverts tailored to the user’s individual interests. For this purpose, cookies are stored on your computer that allow third-party providers, including Google, to record that you have visited our website with your browser. This information can then be used at a later date to present you with our adverts on other websites, e.g. during Google searches or on websites within the Google network.

The legal basis for Google Remarketing is the user’s consent pursuant to point (f) of Art. 6 (1) GDPR, i.e. you voluntarily provide your personal data. When visiting our website, your personal data may be sent to Google in the USA and stored there. However, Google states that no personal data of any description are recorded or stored during this processing. We have no influence on this and also do not receive any data via which a user may be personally identified.

You can find further information on data protection at Google and on the functionality of Remarketing in the Google data protection policy. Here too, you are able to deactivate the storage of cookies via your browser’s settings. You also have the option of preventing your data being recorded by Google Remarketing via the Google ad settings.

 

 

11.4 Conversion tracking with the Facebook Conversion Pixel

We use the “Conversion Pixel” / visitor action pixel from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). By accessing this pixel via your browser, Facebook can recognise whether a Facebook ad was successful, i.e. whether it resulted in a pageview, for example. For this purpose, Facebook provides us exclusively with anonymised statistical data. This allows us to record the effectiveness of our Facebook ads for statistical and market-research purposes. Furthermore, we draw your attention to Facebook’s data protection policy. You can withdraw your consent at https://www.facebook.com/ads/preferences/.
 

 

12. What are your rights and how can you assert them?

 

12.1 Asserting your rights

In order to assert your rights, please use the inform in the Contact section. When doing this, please ensure that we can identify who you are with absolute certainty.

 

 

12.2 Your rights to information and correction

You may demand that we confirm to you whether we process personal data relating to you and you are entitled to information with respect to which of your data we process. Should your data be incorrect or incomplete, you may demand that they be corrected or completed. Should we have forwarded your data to third parties, we inform them of the correction, to the extent that this is stipulated by law.

 

 

12.3 Your right to deletion

Provided the legal conditions apply, you may demand that we delete your personal data immediately. This is particularly the case if

  • your personal data are no longer required for the reasons for which they were recorded;
  • the legal basis for processing was solely your consent and you have revoked this consent;
  • you have objected to processing for advertising purposes ("objection to advertising");
  • you object to the processing on the legal grounds of a weighing of interests for personal reasons and should we be unable to prove that there are overriding legitimate grounds for processing;
  • your personal data were processed illegally; or
  • your personal data must be deleted in order to comply with legal requirements.

 

Should we have forwarded your data to third parties, we inform these third parties that the data have been deleted to the extent that this is stipulated by law.

Please note that your right to deletion is subject to limitations. For example, we must not and may not delete any information that we must continue to hold due to legal retention periods. Also your right to have data deleted does not apply to data that we require in order to assert, exercise or defend legal claims.

 

 

12.4 Your right to restrict processing

Provided that the legal conditions apply, you may demand that we restrict processing. This is particularly the case if:

  • you dispute the correctness of your personal data and then until we have the opportunity to verify its correctness;
  • processing is not being carried out legally and, instead of deletion (see the previous paragraph on this subject) you demand that their use be restricted;
  • we no longer need the data for the purposes of processing but you need this data in order to assert, exercise or defend your legal claims;
  • you have objected for personal reasons and then until it is clarified whether your interests are overriding.

 

In the event of right to restrict processing, we mark the data concerned in order in this way to ensure that these data are only processed within the strict limits that apply to restricted data (namely, in particular the defence of legal interests or with your consent).

 

 

12.5 Your rights to object

You have the right to object to our processing data for reasons relating to your particular situation provided that this is based on the legal grounds of a legitimate interest. You may also object to the processing of your data for advertising purposes ("objection to advertising"). Please also note in this context the section Information on your rights to object.

 

 

12.6 Your right to transfer data

You have the right to receive personal data, which you have given us in order to fulfil a contract or on the basis of consent, in a form that can be transferred. In this case, you may also demand that we transmit these data directly to a third party provided that this is technically feasible.

 

 

12.7 Your right to revoke consent

Should you have given us your consent to process your data, you may revoke this consent at any time to come into effect for the future. This does not affect the legality of any processing of your data that has taken place until the time consent is revoked.

 

 

12.8 Your right to complain to the regulatory authorities

You have the right to submit a complaint to a data protection authority. You may refer to the data protection authority that is responsible for your place of residence for this purpose. Alternatively, you may also refer to the data protection authority that is responsible for us, which is:

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg
E-Mail: mailbox@datenschutz.hamburg.de

 

 

13. Are you required to give us certain information?

You can also visit our website without providing us with any data on yourself. In order to register however you are required to give us the personal data (e.g. name, date of birth, e-mail address) needed in order to establish and implement the contract; we identity this compulsory information with *. Should you not wish to give us this information, we are unfortunately unable to register you as a member.

 

 

14. Do we make fully automated decision?

We do not make any fully automated decisions in connection with this data protection declaration in individual cases with legal or comparable consequences.

 

 

15. What data do we collect from third parties?

We do not collect any data on you from third parties (e.g. credit agencies or social networks)

 

 

16. Google reCAPTCHA

We monitor our homepage to see whether our contact form is being used by a real person or a machine/automated service. This monitoring is performed by the reCAPTCHA function offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). In this context, personal data (including the IP address) are sent to Google. These are processed on the basis of a legitimate interest pursuant to point (f) of Art. 6 (1) GDPR. Our interest is to avoid spam and the misuse of our homepage.

This processing may result in data being sent to Google LLC in the USA. Google guarantees that it adheres to the European data protection standard and is certified in accordance with the so-called “Privacy Shield” (https://www.privacyshield.gov/list). Additional information regarding the data protection policy of Google reCAPTCHA can be found at https://www.google.com/intl/de/policies/privacy/

 

Add store

It is sometimes the case that personal data are processed when entering the details of a store (e.g. name of the store, e-mail address, telephone number). The entered data are accessible to visitors of our homepage (“Store Locator”). By clicking on “Save”, you agree to this processing. The legal basis for this is your consent pursuant to point (a) of Art. 6 (1) GDPR. Furthermore, we draw your attention to our data protection policy.

17. Surveys

To conduct surveys, we use the SurveyMonkey application of Momentive Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland. This company is a subsidiary of Momentive Inc., based in the USA. When you voluntarily participate in our surveys, SurveyMonkey collects personal information. This includes in particular the IP address of the device you are using for this purpose and, in addition, device-specific information. SurveyMonkey also uses tracking services to collect user data and statistics. By participating in the survey, you consent to data processing pursuant to Article 6, paragraph 1, point (a), of the General Data Protection Regulation (GDPR) and Article 49, paragraph 1, point (a), of the GDPR (transfer to a third country). When SurveyMonkey is used, data is transmitted to the USA. In this context, we would like to expressly point out that the level of data protection in the USA does not correspond to that in the EU. There are certain risks in terms of data security. There is currently no data protection agreement between the EU and the USA. However, the provider assures European data protection standards and uses what are known as standard contractual clauses. These clauses were developed by the EU Commission. They specify the use of additional data protection measures, in particular encryption technologies. These can be found at https://www.surveymonkey.de/mp/legal/data-processingagreement/. That’s why we trust SurveyMonkey to process personal data securely. The privacy policy can be accessed at https://www.surveymonkey.de/mp/legal/privacy-basics/.

 

 

 

B. Information on your rights to object

 

 

Right to object to direct marketing

You may submit an objection to the processing of your personal data for advertising purposes at any time ("objection to advertising"). We will then cease processing your data for advertising purposes. Please bear in mind however that, for organisational reasons, there might be an overlap between your objection and use of the data as part of a campaign that is already in progress.

 

 

Right to object for personal reasons

You have a right to object to our processing personal data for reasons that relate to your particular situation, provided that this is based on the legal grounds of a legitimate interest. We will then cease processing your personal data, unless we are able to prove compelling reasons for continued processing that are worthy of protection, which override your rights or interests or are only processing this information in order to assert, exercise or defend legal claims.

Objections are not bound to any particular form. Please send your objection if possible to:

YOGI TEA GmbH
Burchardstraße 24
20095 Hamburg

Telephone: +49 (0)40 – 42 30 11-0
E-mail: dataprotection.eu@yogiproducts.com 

 

 

C. Technical advice

 

 

D. Privacy policy for applicants

 

Information about data collection pursuant to Article 13 GDPR

 

The controller is:

YOGI TEA GmbH
Managing directors: Michael Garcia Heermann, Nirvair Singh Khalsa
Burchardstrasse 24
20095 Hamburg, Germany
Phone: +49 (0) 40 42 30 11-0
Fax: +49 (0) 40 42 30 11-99
E-mail: dataprotection.eu@yogiproducts.com

 

Our external data protection officer is:

Tabea Knabe
MACU Datenschutz UG
Krokusweg 11
72525 Münsingen, Germany
E-mail: kontakt@macu-datenschutz.de

 

In accordance with Article 88 (1) of the European General Data Protection Regulation (GDPR) in conjunction with Section 26 (1) of the German Federal Data Protection Act (BDSG), YOGI TEA GmbH collects and processes the personal data of applicants in order to decide whether to establish an employment relationship.

 

‘Personal data’ refers to information about the personal or material circumstances of a specific or identifiable natural person. This includes information such as your name, address, phone number and date of birth, as well as information about your specific background etc. which can be attributed to a specific person with reasonable effort. On the other hand, personal data do not include information which cannot be (in)directly associated with your real identity.

 

It is necessary to provide personal data for the application and decision-making processes. Automated decision-making does not take place. If you apply to us electronically, i.e. by e-mail or the form on our website, then we will collect and process your personal data for the purposes of the application process and in order to take steps prior to entering into a contract. By submitting an application on our recruitment page, you are signifying your interest in employment with us. In connection with this, you will send us personal data that we will use and store for the sole purpose of your application / search for a job.

 

Only authorised people from Human Resources or who are involved in the application process will have access to your data. As we work closely with East West Tea Company, LLC, Eugene, Oregon, it is possible for application data to be sent to the USA. Your data will be encrypted in this process and stored there if your application is not considered.

 

By submitting an application, you agree to the potential transfer of your personal data to the USA. Without this consent, we might be unable to consider your application. You have the right to withdraw this consent at any time, without providing a reason. If you do so, however, we might no longer be able to consider your application.

 

We use application management software from Personio GmbH in our application processes. The data you provide as part of your application are sent via TLS encryption and stored in a database. This database is operated by Personio GmbH, which is a provider of personnel administration and applicant management software. In this context, Personio is our processor in the sense of Article 28 GDPR. Data processing in this context is based on a processing agreement between us, as the controller, and Personio. The legal notice of Personio GmbH is available here: https://www.personio.com/legal-notice/.

 

Where necessary for operational reasons, we engage the services of data processors with whom we might share your data. In particular, these might be HR consultancies or recruitment agencies. All processors are contractually obliged to treat your data as confidential and only process the data for the purposes of performing their service. We have concluded a data transfer agreement with East West Tea Company, LCC, that contains what are known as standard contractual clauses. These standard contractual clauses ensure an adequate level of data protection based on minimum European standards.

 

Your data will be stored for 180 days after the end of the application process. This is normally done in order to comply with legal obligations and/or defend against any claims based on statutory regulations. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as metadata, which do not relate directly to a person, for use in statistical evaluations (such as the gender ratio of applications or the number of applications per period).

 

Furthermore, we reserve the right to store your data for 180 days after the end of the application process, in order to add the data to our Talent Pool for the purposes of identifying other potentially interesting positions for you. By accepting our privacy policy, you consent to the continued storage of your data and the addition of your data to our Talent Pool. If, during the application process, you are offered a job with us and accept it, we will store the personal data we collected during the application process for the duration of your employment at least.

 

You have the right to object to the use of your data at any time. You also have the right to request information about what data concerning you we have stored. You have the right to request the rectification of inaccurate data. Likewise, you have the right to demand that we erase the data we are storing, provided that the erasure does not conflict with any statutory provisions. You are also entitled to demand that the processing of your data be restricted.

 

If you have any questions about data protection, you can contact us at any time, either by e-mail at dataprotection.eu@yogiproducts.com or by post at the address provided above. You can contact our external data protection officer by e-mail at kontakt@macu-datenschutz.de or by adding ‘Data Protection Officer’ to the postal address. Furthermore, you have the right to lodge a complaint with a supervisory authority. This is the Hamburg Commissioner for Data Protection and Freedom of Information. We reserve the right to update this privacy policy at any time in order to keep it consistent with the current legal requirements, reflect changes to the application process etc. If you revisit this recruitment page or submit a new application, the latest version of the privacy policy will then apply.

 

 

E. Contact

You can contact us as follows:

YOGI TEA GmbH
Burchardstraße 24
20095 Hamburg

Telephone: +49 (0)40 - 42 30 11-0
E-Mail: dataprotection.eu@yogiproducts.com