Our privacy statement

We are very pleased about your interest in our company. The protection of your data is especially of major importance for us.

1. General information

The processing of your personal data is carried out in compliance with the EU General Data Protection Regulation and with the country-specific data protection provisions that are applicable for us. With our privacy statement we would like, among others, to inform you about the collection and storage of personal data, about the type and the purpose of their use, the respectively decisive legal basis for this purpose as well as about the rights to which you are entitled.

This privacy statement may be supplemented or changed in future, for example owing to statutory requirements. Therefore, please inform yourself regularly about the current status. The respective current privacy statement can be called and printed out by you on our website at all times.

2. Name and contact data of the data controller responsible for the processing

This privacy statement shall apply to the data processing by:

Data controller:

Thüringer Kräuterhof Gera GmbH & Co. KG
Am Flugplatz 4 - 07546 Gera
Tel: +49 (0)365 / 51 61 89 0
Fax: +49 (0)365 / 51 61 89 29


3. Name and contact data of our external data protection officer

Stephan Eschenbacher,
acting for business purposes under Eschenbacher IT-Consulting & Service
Eckenstraße 50
90480 Nuremberg

Tel.: +49 (0)911/40 18 23
Fax: +49 (0)911/40 18 25
Mail: se@eschenbacher-it.de
Website: http://www.eschenbacher-it.de/home.html

4. Definitions

We use among others the following terms in our privacy statement, which we would like to explain below:

a) Personal data

Personal data are all information, which refer to an identified or identifiable natural person (hereinafter "data subject"). A natural person will be seen as identifiable, who can be identified directly or indirectly, in particular by means of allocation to an identifier such as a name, to a code number, to location data, to an online identifier or to one or several special features, which are an expression of the physical, physiological, genetic, mental, financial, cultural or social identity of this natural person.

b) Data subject

A data subject is each identified or identifiable natural person, whose personal data are processed by the data controller responsible for the processing.

c) Processing

Processing is each activity carried out with or without the help of automated processes or each such series of activities in connection with personal data such as the collection, entry, organisation, classification, the storage, adjustment or change, the reading out, query, use, disclosure by transmission, distribution or any other form of provision, comparison or the linking, limitation, erasure or the destruction.

d) Limitation to the processing

The limitation to the processing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling

Profiling is each type of automated processing of personal data, which consists of the fact that these personal data are used in order to assess certain personal aspects, which refer to a natural person, in particular in order to analyse or foresee aspects with regard to work performance, financial position, health, personal preferences, interests, reliability, conduct, place of abode or change in location of this natural person.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in a manner in which the personal data can no longer be allocated to a specific data subject without involving additional information, if this additional information is stored separately and is subject to technical and organisational measures, which guarantee that the personal data is not allocated to an identified or identifiable natural person.

g) Data controller or person responsible for the processing

Data controller or person responsible for the processing is the natural person or legal entity, authority, institution or other body, which decides on its own or together with others about the purposes and means of the processing of personal data. If the purposes and means of this processing are stipulated by Union law or the law of the member states then the data controller respectively the certain criteria for his appointment can be envisaged according to Union law or the law of the member states.

h) Contract data processor

The contract data processor is a natural person or legal entity, authority, institution or other body, which processes personal data by order of the data controller.

i) Recipient

The recipient is a natural person or legal entity, authority, institution or other body, to which personal data are disclosed, irrespective whether it concerns a third party or not. Authorities, which possibly receive personal data within the scope of a certain investigation order according to Union law or the law of the member states, shall however not be deemed as recipients.

j) Third party

A third party is a natural person or legal entity, authority, institution or other body except the data subject, the data controller, the contract data processor and the persons who, under the direct responsibility of the data controller or the contract data processor, are authorised to process the personal data.

k) Consent

The consent is each expression of intent submitted by the data subject voluntarily for the certain case unmistakably and in an informed manner in the form of a declaration or any other clear confirming act, with which the data subject gives to understand that it agrees with the processing of the personal data relating to him/her.

l) Breach of the protection of personal data

A breach of the protection of personal data is a breach of the security, which leads to the destruction, to the loss or the change, whether unintended or unlawfully, or to the unauthorised disclosure of respectively to the unauthorised access to personal data, which were transmitted, stored or processed in any other manner.

5. Collection and storage of personal data as well as the type and purpose of their use

a) when visiting our website

When calling our website www.tkh-tea.com information will be automatically sent by the browser used on your terminal device to the server of our website. This information is temporarily stored in a so-called log file. The following information is entered hereby without any action on your part and is stored until the automated erasure after leaving our website:

  • IP address of the requesting computer
  • Date and time of the access
  • Name and URL of the called file
  • Website, from which the access is carried out (Referrer-URL)
  • Used browser and, if applicable, the operating system of your computer as well as the name of your Access Provider

The stated data are processed by us for the following purposes:

  • To guarantee a smooth set-up of a connection of the website
  • To guarantee a convenient use of our website
  • Evaluation of the system security and stability as well as
  • for further administrative purposes

The legal basis for the data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is derived from the purposes listed above for the data collection. In no way do we use the collected data for the purpose to draw conclusions about your person.

b) when you contact us per e-mail or via our contact form

We collect personal data if you provide these to us voluntarily when contacting us per e-mail to info@thueringer-kraeuterhof.de or via our contact form. Which data are collected can be seen from the input form. We use the data communicated by you for processing your enquiries and for processing the contract. After the full processing of your enquiry or after the full processing of the contract or after deletion of your user account your data will be blocked for further use and they will be erased after the expiry of the storage deadlines under tax and commercial law, if you have not explicitly consented to a further use of your data or we reserve a data use beyond this, which is permitted by law and about which we will inform you below.

The data processing for the purpose of contacting us or with the creation of a user account with our company shall be carried out according to Art. 6 Para. 1 S. 1 lit. a GDPR based on your voluntarily granted consent.

The data processing with the conclusion of a contract with us shall be carried out according to Art. 6 Para. 1 S. 1 lit. a GDPR based on your voluntarily granted consent or according to Art. 6 Para. 1 S. 1 lit. b GDPR in order to fulfil the contract.

You can object to the storage and use of your data for these purposes at all times by a message to the contact possibilities stated above under Subclause 1.

c) Information relating to electronic post (e-mail)

The data transmission in the internet (e.g. with the communication per e-mail) can feature security gaps. Information, which you send to us unencrypted per electronic post (e-mail), can be read, stored and used for purposes not as intended by third parties while en route. Therefore, please do not send any confidential information without using an encryption programme.

d) Other forwarding of data

Your personal data will not be transmitted to third parties for any other purposes than those listed below.

We only forward your personal data to third parties, if:

  • you have explicitly granted your consent hereto according to Art. 6 Para. 1 S. 1 lit. a GDPR,
  • the forwarding is necessary according to Art. 6 Para. 1 S. 1 lit. f GDPR in order for the assertion, exercising or defence of legal claims and there is no reason to assume that you have a primary interest in the non-forwarding of your data that is worthy of protection,
  • for the event that a statutory obligation exists for the forwarding according to Art. 6 Para. 1 S. 1 lit. c GDPR, as well as
  • this is permitted by law and according to Art. 6 Para. 1 S. 1 lit. b GDPR is necessary for the processing of contractual relationships with you.

6. Cookies

As many other websites we also use "cookies", small text files, which make it possible to store specific information relating to the access device of the user (PC, tablet, smartphone) on the device. They serve, on the one hand, the purpose of user-friendliness of our website and thus for the user, on the other hand however also the statistical entry of the data or the website use and therefore to improve our offer. Several of the cookies used by us will be deleted again after the end of the browser session, thus after closing your browser, so-called session cookies. Other cookies remain on your terminal device and enable us to recognise your browser with the next visit, persistent cookies.

As a user you can influence the use of cookies. The majority of browsers have an option, with which the storage of cookies can be reduced or prevented completely. However, we would like to point out that the use and the convenience of use on our website may be restricted by the exclusion of cookies.

Detailed information about cookies

You can find detailed information about cookies, e.g. how you can determine which cookies were set and how you can handle and delete these on the following site: http://www.allaboutcookies.org/ge/

You can find further instructions regarding the deletion of cookies in the most common browsers here:

The legal basis for the data processing, i.e. for the use of so-called cookies, is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is derived from our interest in the user-friendliness of our website and in improving our offer.

7. Use of Matomo (formerly Piwik)

Our website uses Matomo, an Open-Source software for the statistical evaluation of the user accesses. Matomo uses cookies, which are stored on your access device and enable an analysis of the use of the website by the user.

The information generated by the cookie regarding the use of our offer is stored on the server of the provider in Germany. The IP address is anonymised immediately after the processing.

Matomo supports the "Do Not Track" process of current web browsers. If you want to generally prevent the analysis of your web behaviour we recommend that you activate this option in your browser.

You can receive information relating to data protection of Matomo under: matomo.org/privacy-policy/.

The legal basis for the use of Matomo is Art. 6 Para. 1 S. 1 lit. f GDPR. We have a legitimate interest in the statistical evaluation of the user accesses in order to optimise our web appearance.


8. Applications and application procedure

We collect and process the personal data of applicants for the purpose of carrying out the application procedure. The processing can also be carried out by using electronic means. This is, in particular, the case if an applicant transmits corresponding application documents to us by using electronic means, for example per e-mail or via a web form located on the website.

If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of carrying out the employment relationship by complying with the statutory regulations.

If we do not conclude an employment contract with an applicant the application documents will be deleted automatically 6 months after announcement of the rejection decision, insofar as a deletion does not oppose any other legitimate interests of the data controller responsible for the processing within the meaning of Art. 6 Para. 1 S. 1 lit. f GDPR. Any other legitimate interest in accordance with this regulation is, for example, an obligation to provide proof in proceedings according to the General Equal Treatment Act (AGG).

The legal basis for the processing of your personal data in the application procedure is your consent, Art. 6 Para. 1 lit. a GDPR. The legal basis for the use of your data for the purpose of processing the employment relationship is Art. 6 Para. 1 lit. b GDPR.

9. Rights of data subjects

You have the right:

  • pursuant to Art. 15 GDPR to request information about your personal data that are processed by us. You can in particular request information about the processing purposes, the category of the personal data, the categories of recipients, towards whom your data were or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, limitation to the processing or to object, the existence of a right to lodge a complaint, for the origin of your data, insofar as these were not collected in our company as well as about the existence of an automated decision-making including profiling and, if applicable, feasible information regarding their details;
  • pursuant to Art. 16 GDPR without delay to request the rectification of incorrect or completion of your personal data stored in our company;
  • pursuant to Art. 17 GDPR to request the erasure of your personal data stored in our company, insofar as the processing is not necessary in order to exercise the right to free expression of an opinion and to information, in order to fulfil a legal obligation, for reasons of public interests or for the assertion, exercising or defence of legal claims;
  • pursuant to Art. 18 GDPR to request the limitation to the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, however you refuse their erasure and we no longer require the data, however you require these for the assertion, exercising or defence of legal claims or pursuant to Art. 21 GDPR you have filed an objection against the processing;
  • pursuant to Art. 20 GDPR to receive your personal data, which you have made available to us, in a structured, common and machine-readable format or to request the transmission to another data controller;
  • pursuant to Art. 7 Para. 3 GDPR to revoke your once granted consent at all times towards us. This has the consequence that we may no longer continue the data processing, which was based on this consent, for the future and
  • pursuant to Art. 77 GDPR irrespective of another legal remedy under administrative law or court legal remedy to lodge a complaint at a supervisory authority, in particular in the member state of your customary place of abode, your workplace or the location of the presumed breach. A list of the supervisory authorities with the respective contact data can be taken from the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. 

10. Right to object

Insofar as your personal data are processed based on legitimate interests pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to file an objection against the processing of your personal data, insofar as reasons exist for this purpose, which arise from your special situation or the objection is directed against direct marketing. In the latter case you have a general right to object, which will be implemented by us without stating a special situation.

If you would like to exercise your right of revocation or right to object, an e-mail is sufficient to info@thueringer-kraeuterhof.de. 

11. Data security

For reasons of security our website uses an SSL (Secure Socket Layer) encryption. Whether an individual site of our internet presence is transmitted encrypted, you can recognise by the fact that the address line of the browser changes from "http://" to "https://" and by the closed presentation of the key or lock symbol in the status bar of your browser.

We furthermore use suitable technical and organisational security measures in order to protect your data against accidental or wilful manipulations, partial or full loss, destruction or against the unauthorised access of third parties. Our security measures are continuously improved in line with the technological development.