Responsible Party:

Bäckerei Krause, Owner: René Krause, Lilienthalstraße 18, 01257 Dresden, Phone: 0351/2015627, Email: bestellung@baeckerei-krause.de.

1. Scope and Legal Basis

(1) This privacy policy informs you about the type, scope, and purpose of the processing of personal data within our online offering and its associated websites, features, and content.

(2) Regarding the terminology used, such as “personal data” or “processing,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

(3) The term “user” includes all categories of data subjects. These include our business partners, customers, prospective customers, and other visitors to our online offering.

(4) The personal data of users processed within this online offering includes:

• Inventory data (e.g., names and addresses of customers),
• Contact data (e.g., email address, phone number),
• Contract data (e.g., services used or products purchased, payment information),
• Usage data (e.g., websites visited within our online offering, interest in our services and products),
• Content data (e.g., information entered in contact forms), and
• Technical data (e.g., IP addresses, device information).

(5) The processing of users' personal data is particularly for the following purposes:

• Provision of the online offering, its contents, and functions,
• Provision of our contractual services and customer support,
• Customer care,
• Responding to contact inquiries and communication with users,
• Marketing, and
• Security of the online offering.

(6) We process personal data of users only in compliance with applicable data protection regulations. This means that data is processed only when permitted by law — particularly if processing is required for the fulfillment of our contractual obligations (e.g., processing orders), required by law, based on user consent, or justified by our legitimate interests (such as analysis, optimization, security, and the economic operation of our online services).

(7) The legal bases include Article 6(1)(a) and Article 7 GDPR for consent, Article 6(1)(b) GDPR for contract performance, Article 6(1)(c) GDPR for legal obligations, and Article 6(1)(f) GDPR for legitimate interests.

2. Security Measures

(1) We implement appropriate technical and organizational measures in accordance with Article 32 GDPR to ensure a level of protection appropriate to the risk, considering the state of the art, implementation costs, nature, scope, context, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of individuals. This includes the encrypted transmission of data between your browser and our server.

(2) We have also established procedures to ensure the exercise of data subject rights, data deletion, and response to data threats.

3. Disclosure of Data to Third Parties

(1) Data is only disclosed to third parties under lawful circumstances — for example, when required for contract performance, when consent has been given, when required by law, or based on legitimate interests (e.g., involving service providers or web hosts). For third-party payment services (Amazon Pay, PayPal, Sofortüberweisung), you must log in with your credentials during the checkout process. The terms and privacy policies of the respective providers apply.

(2) If data is processed in a third country (outside the EU/EEA), this is only done under the special conditions outlined in Articles 44 ff. GDPR (e.g., Privacy Shield certification, Standard Contractual Clauses).

(3) If data is processed on behalf of us by third parties, this is done based on a data processing agreement according to Article 28 GDPR.

4. Collection of Access Data and Log Files

(1) We collect server log file data based on legitimate interests under Article 6(1)(f) GDPR. This includes accessed page names, file names, date/time of access, data volume, success reports, browser and OS data, referrer URLs, and IP addresses.

(2) Log file data is stored for a maximum of seven days for security reasons and then deleted unless needed for evidence.

(3) Cookies and analytics/marketing services are used, which are explained in more detail in this policy.

5. Contractual Services

(1) We process inventory, contact, and contract data to fulfill our contractual obligations and provide services under Article 6(1)(b) GDPR. Required form fields are necessary for contract conclusion.

(2) Users may create accounts to view orders, etc. Data is deleted upon account termination unless retention is legally required.

(3) IP addresses and timestamps are logged during registration/use for security and user protection, stored for 7 days unless needed as evidence.

(4) Data is deleted after legal retention periods expire (6 years for commercial data, 10 years for tax records). Customer account data remains until deletion.

6. Contact

When contacting us (via form or email), your data (email, name, phone) is processed to handle the request under Article 6(1)(b) GDPR.

7. Cookies

(1) We use cookies — small text files stored in your browser — to enhance usability.

(2) We use both transient (session) and persistent cookies. Session cookies are deleted when the browser closes. Persistent cookies remain and track preferences/actions.

(3) You can delete or block cookies in your browser settings; doing so may limit functionality.

(4) You can opt out of cookies used for marketing/analytics via: Network Advertising Initiative, About Ads, or Your Online Choices.

8. Google Analytics

(1) Based on legitimate interests (Article 6(1)(f) GDPR), we use Google Analytics by Google LLC. Google is Privacy Shield certified.

(2) Google analyzes user activity, creates reports, and may use pseudonymized profiles.

(3) IP anonymization is active — IPs are shortened within the EU/EEA.

(4) Users can prevent cookie storage and data collection via browser settings or this plugin: Google Opt-Out.

(5) Provider: Google Ireland Ltd., Gordon House, Dublin 4, Ireland.

9. Google AdWords Conversion

(1) We use Google AdWords with conversion tracking (based on legitimate interests under Article 6(1)(f) GDPR).

(2) A cookie tracks ad interactions. Each advertiser receives a unique cookie, no personal identification possible.

(3) You can block tracking via browser settings or opt-out links: Google Ad Settings, About Ads, Browser Plugin.

(4) More on Google privacy: Google Privacy Policy, Site Stats.

10. YouTube Videos

(1) We embed YouTube videos in enhanced privacy mode — no data is transmitted unless the video is played.

(2) When played, YouTube receives site access data. If logged into Google, data is linked to your account. You can avoid this by logging out before playing.

(3) YouTube uses this data for advertising and analytics. You can object to such profiling via YouTube. More info: Privacy Policy.

11. Use of Google Fonts

(1) Based on legitimate interest (Article 6(1)(f) GDPR), we use Google Fonts from Google LLC.

(2) Fonts are loaded from Google servers, which requires sharing your IP address.

(3) More info: Privacy Policy, Opt-out: Google Ad Settings.

12. User Rights

(1) Users can request free access to their processed personal data.

(2) Users can request correction, restriction, deletion, data portability, or file complaints with authorities.

(3) Users may revoke consent at any time with future effect.

13. Data Deletion

(1) Data is deleted once no longer necessary, unless legal obligations require retention. In that case, data is restricted.

(2) Retention: 6 years (§257 HGB) for business letters, 10 years (§147 AO) for accounting documents.

14. Right to Object

Users may object to future data processing at any time, particularly for direct marketing.

15. Obligation to Provide Personal Data

Providing personal data may be legally or contractually required. If necessary data is not provided, contracts may not be fulfilled.

16. Automated Decision-Making

No automated decision-making or profiling as per Article 22 GDPR takes place.

17. Changes to the Privacy Policy

Users are encouraged to regularly check this privacy policy. We will notify users if changes require cooperation (e.g., renewed consent).