Leonor's Sweet Creations, Rottmannstraße 2-4, 69121 Heidelbeg, Germany.
The legal basis for data processing is Art. 6 (1) a) and Art. 7 EU-DSGVO for consents, Art. 6 (1) b) EU-DSGVO for the fulfillment of services and performance of contractual obligations, Art. 6 (1) c) EU-DSGVO for the fulfillment of legal obligations and Art. 6 (1) f) EU-DSGVO for the protection of legitimate interests.
I. Name and contact details of the person responsible
The person responsible within the meaning of Art. 4 EU-DSGVO and other data protection regulations for the processing of personal data is:
Leonor's Sweet Creations
Phone number: +49 6221 725 25 45
II. What data is collected?
Server log files
During the mere informational use of the website, i.e. if you do not log in to use the website, register or otherwise transmit information to us, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website ("server log files"). These are:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
The legal basis for the data processing is Art. 6 para. 1 lit. f) EU-DSGVO.
When buying a ticket, the following data must be provided: First name, last name, e-mail address, city and telephone number.
The following fields are optional when ordering as a company: company, street, house number and postal code.
We store the data you provide in our database. In addition, the purchased "product" or the respective event, user agent, IP address and payment method are stored.
Ordering books, products or tools
When ordering books, products or tools the address data must also be provided.
The contact form allows you to contact us in a simple way. The collection of your e-mail address is essential in order to be able to answer your request. If additional data is processed, such as name, address or similar, the purpose of the processing is to individualize the respective user and thus to be able to respond to the request in the best possible way and to prevent any misuse of the contact form.
Herewith, we inform you about the content of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described above.
Contents of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. If the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Moreover, our newsletters contain information about our services, promotions, news and us.
Double opt-in and logging: Registration for our newsletter is carried out in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are logged.
Registration data: To register for the newsletter, it is sufficient to enter your first name and e-mail address. Optionally, we ask you to provide a name for the purpose of personal address in the newsletter.
The dispatch of the newsletter and the associated performance measurement are based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lt. f. DSGVO in conjunction with. § Section 7 (3) UWG.
The logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users and furthermore allows us to prove consent.
Cancellation/Revocation - You can cancel our newsletter at any time, i.e. revoke your consents. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to be able to prove consent formerly given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.
III. For what purposes is the data used?
Personal data is only collected, stored and processed to the extent necessary for the provision of the service, the execution of the contract or to respond to the request.
We process your personal data only in strict compliance with data protection regulations. In particular, corresponding data will only be processed in the presence of a legal permission.
We process the aforementioned data in order to establish a connection to our website. The processing is necessary to ensure the security and stability of the system.
The user's IP address is only used to decode the GeoIP to ensure that the localization works properly.
The order information is used to complete the order and deliver the ticket to the customer via email. We ask for the phone number to be able to reach you in case of last-minute event cancellations or location changes.
Ordering books, products or tools
The order data will be used to send the books, products or tools.
The contact form allows you to contact us in a simple way. The collection of your e-mail address is essential in order to be able to answer your request. If additional data is processed, such as name, address or similar, the purpose of the processing is to individualize the respective user and thus to respond to his request in the best possible way and to prevent any misuse of the contact form.
The newsletter fulfills the purpose of giving the subscriber the opportunity to participate in competitions and to receive current information. The collection of the e-mail address is used to deliver the newsletter.
IV. Is data passed on to third parties and if so, which ones?
In principle, the data you provide will not be made available to third parties. In individual cases, however, it may be necessary to pass on your personal data to companies entrusted by us with the provision of individual services in order to execute the contract. The third parties, for their part, are obliged to comply with the statutory regulations when handling and processing this data. They have been carefully selected and commissioned by us. These service providers use your data only for order processing.
A transfer to authorities and state institutions entitled to receive information will only take place within the framework of the legal obligations to provide information and in the event of a court decision obligating us to do so. In these cases, we may provide the information, for example, for the assertion, exercise and defense of legal claims, enforcement of existing contracts, in the context of allegations of fraud, security measures or generally legally applicable regulations.
We use the services of external payment service providers to process payments. You can choose your preferred payment method when placing your order. Depending on the selected payment method, your payment data (when paying by credit card, this is the card number, validity and security code) will be transmitted to the payment service provider cooperating with BakeNight for the purpose of payment processing. A storage at BakeNight does not take place.
Personal data will not be passed on outside the scope described here without express consent.
Under no circumstances will we sell or rent personal data to third parties.
V. How long will the data be stored?
Your data will only be deleted when you have expressed, in writing or via the unsubscribe button, your wish to be deleted from our mailing list.
Personal data of our customers can be manually deleted from the database at any time, if this is requested. However, the data is saved as back-ups and cannot be deleted in this form. Automatic deletion of the back-ups takes place after 30 days, so that their data is completely deleted from this point on.
VI. Your rights as a data subject
As a person affected by the processing of personal data, you are entitled to the rights listed below. These rights result in particular from the requirements of the Data Protection Regulation and are reproduced here in a partially simplified form.
Right to information
Pursuant to Art. 15 EU Data Protection Regulation, you have the right to request confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have a right to information about this personal data and the information specified in Art. 15 (1) Hs. 2 EU-DSGVO. This includes, in particular, the purpose of the processing, the categories of data processed, the recipients to whom data has been or will be disclosed, as far as possible the planned duration of storage or the criteria for the duration of storage.
Right to rectification
Pursuant to Art. 16 EU-DSGVO, you have the right to demand that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
Right to deletion
Pursuant to Art. 17 EU-DSGVO, you have the right to demand that we delete personal data concerning you without undue delay. We are obliged to delete personal data without undue delay if one of the reasons set out in Art. 17 (1) EU-DSGVO applies. These reasons include, for example, that the data is no longer necessary for the purposes for which it was collected or otherwise processed.
Right to restriction of processing
Pursuant to Art. 18 EU-DSGVO, you have the right to demand that we restrict processing if one of the conditions listed in Art. 18 EU-DSGVO applies. This includes, for example, that you dispute the accuracy of the personal data. Then we may only process the data in a restricted manner for as long as it takes to verify the accuracy of the personal data.
Right to data portability
Pursuant to Art. 20 EU-DSGVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You have the right to transfer this data to another controller, i.e. another entity that processes data, without hindrance, provided that the original processing was based on consent or was necessary for the performance of a contract.
Right to object
Pursuant to Art. 21 EU-DSGVO, you have the right to object at any time to the processing of personal data relating to you if such data is processed on the basis of Art. 6(1)(e) or (f) EU-DSGVO and there are grounds for doing so based on your personal situation. You may object to the processing of data for the purpose of direct marketing at any time. Personal data will then no longer be processed for this purpose. The right to object can be exercised by means of an informal declaration. A written statement or, optionally, an e-mail to the above contact address is sufficient.
Right to revoke the declaration of consent
In accordance with Art. 7 (3) EU-DSGVO, you have the right to revoke your consent to processing at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected. The right of revocation can be exercised by an informal declaration. A written declaration or, optionally, an e-mail to the above contact address is sufficient.
Automated decision in individual cases including profiling
Pursuant to Art. 22 EU-DSGVO, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects vis-à-vis you or similarly significantly affects you. Article 22 (1) of the EU GDPR provides for exceptions to this, although Article 22 (4) of the EU GDPR in turn provides for partial backdated exceptions.
Right to complain to a supervisory authority
Pursuant to Art. 77 EU-DSGVO, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if you consider that the processing of personal data relating to you infringes this Regulation.
In the present case, the competent supervisory authority is:
Baden-Württemberg Landesbeauftragte für Datenschutz und Informationsfreiheit
Telefone: 0711/61 55 41 0
VII. Third-party services
We use the following third-party services:
- Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
- Youtube, LLC, subsidiary of Google Inc., 901 Cherry Avenue, San Bruno, CA 94066, USA ("Youtube")
- Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook")
- Instagram Inc., subsidiary of Facebook Inc., 181 South Park Street, San Fransisco, CA 94107, USA ("Instagram")
- Twitter Inc, 1355 Market Street, San Francisco, CA 94103, USA ("Twitter")
- Hotjar Limited, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta ("Hotjar")
- Rocket Science Group LLC, 675 Ponce De Leon AVE NE Atlanta, GA, 30308, USA ("MailChimp").
- Delighted Inc, 2555 Park Boulevard, Suite 32, Palo Alto, CA 94306, USA ("Delighted")
- Outbrain UK Limited, 100 New Oxford Street, London WC1A 1HB, UK ("Outbrain")
- Criteo SA, 32 Rue Blanche, 75009 Paris, FR ("Criteo")
- Drip Inc, 700 Van Ness Avenue Fresno, CA 93721, US ("Drip")
- Pinterest Inc, 808 Brannan St. San Francisco, CA 94103, US("Pinterest")
- Snap Inc, Santa Monica, 2772 Donald Douglas Loop N, US (HQ). ("Snapchat")
It is possible that the registered office of a third-party provider is located in a third country, i.e., a country in which the GDPR does not have direct legal effect. In this case, the transfer of data will only take place if your consent is given, an adequate level of data protection prevails, or other legal permission exists.
Google, Facebook/Instagram, Twitter, MailChimp and Klaviyo operate under the Privacy Shield agreement (EU-US Privacy Shield), which means that the requirements of the Privacy Shield agreement are equivalent to the level of data protection in the European Union and that the data is treated accordingly.
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google").
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. Information such as operating system, browser, IP address, referrer URL is collected. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In case of activation of IP anonymization on this website, however, your IP address will be truncated beforehand by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add On to disable Google Analytics.
Google Maps/Google Earth
This website uses the product Google Maps by Google Inc. By using this website, you consent to the collection, processing and use of automatically collected data by Google Inc, its agents and third parties.
Hotjar is a program that can be used to track movements on a website. For example, "heat maps" can be created that visualize how the user moves on the page, record clicks and mouse movements of the user or analyze how long it takes to fill individual fields. Hotjar can also be used to conduct surveys regarding user satisfaction, for example. By using Hotjar, we obtain valuable information that we can use to improve the performance and user-friendliness of our site.
The following data may be processed and accessed by us: IP address, date and time of the visit to the website, screen resolution, country from which the access is made, preferred language settings, mouse movements and clicks, keystrokes, URL and domain, pages viewed.
Mailchimp and Weber
Our e-mail newsletter is sent via the service provider Mailchimp or Weber.
Weber offers statistical evaluation options for usage data, but the evaluation is always group-related and not individual.
The usage data generated by Weber and Mailchimp is not evaluated individually. As far as possible, any tracking offered by Weber or Mailchimp will be turned off. However, if, for example, you open a link provided by the newsletter in a browser, the Google Analytics analysis tool is used on the website then displayed. Only Weber and Mailchimp has access to the data generated by this. However, you can prevent tracking by Google Analytics by using certain browser plug-ins.
Facebook, Instagram, Twitter, Pinterest
We have integrated plugins of the social networks and services Facebook, Instagram, Twitter and Pinterest on our website.
The direct contact between the social network and you is only established when you actively click on the corresponding button. Unless the social network button is clicked, no data is collected, no activity is logged, and no surfing profile is created.
If the button is clicked, the respective service provider receives the information that you have accessed our website. This does not require a user account with the respective service, nor do you have to be logged in if you have a user account. If, however, you have a user account with the service provider and are logged in, this data is directly assigned to the account. This can be prevented by logging out of your user account of the corresponding service before clicking the button.
We have no way of influencing whether, to what extent, for what purpose and for how long the service providers and social networks collect personal data.
Further information on the handling of user data can be found on these platforms homepages.
We use the services of "Delighted" to send a feedback email after each Leonor's Sweet Creations class. The customer can then rate how they found their experience with us. This feedback is very important for us to be able to further improve our offer. The data will not be passed on to third parties.
Outbrain is a program to distribute content on the internet via banner advertising. To measure the success is on our site so-called "pixel" installed. This allows us to track the behavior of users after they have clicked on an Outbraink advertisement. This procedure is used to evaluate the effectiveness of the Outbrain ads for statistical and market research purposes and can help to optimize advertising measures.
The data collected is anonymous for us, so it does not allow us to draw any conclusions about the identity of the users. Furthermore, a cookie may be stored on your computer for these purposes.
Within our website, we use the "Facebook Pixel" of Facebook Inc. This allows us to track the behavior of users after they have seen or clicked on a Facebook ad. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimize advertising measures.
Within our website, we use the "Pinterest pixel" of Pinterest Inc. This allows us to track the behavior of users after they have seen or clicked on a Pinterest ad. This procedure is used to evaluate the effectiveness of the Pinterest ads for statistical and market research purposes and can help to optimize advertising measures.
Within our website, we use the "Criteo pixel" of Criteo SA. This makes it possible to track the behavior of users after they have seen or clicked on a Criteo advertisement. This procedure is used to evaluate the effectiveness of Criteo ads for statistical and market research purposes and can help to optimize advertising measures.
The data collected is anonymous for us, so it does not offer us any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. You may allow Facebook as well as its partners to serve ads on and off Facebook. Furthermore, a cookie may be stored on your computer for these purposes.
Google Tag Manager
Google AdWords Conversion Tracking
This website uses the online advertising program "Google AdWords" and within the framework of Google AdWords the conversion tracking. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your computer system. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users. If you wish to participate in the tracking, you can object to this use by simply deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
VII.Technical and organizational measures
We take technical and organizational measures to ensure that the security and protection requirements of the EU-DSGVO are met and that personal data is protected against loss, destruction, manipulation or access by unauthorized persons. The measures are adapted to the current state of the art in each case.
IX. Changes to the data protection declaration
X. Online presences / company profile in social media
Our company has online presences on various social media and platforms. Through this, we simplify the search for our services for interested parties and offer an additional channel of communication.
The purpose of the processing of user data by the respective social media and platforms is usually user-specific advertising, i.e. individualized advertising can be displayed that corresponds to the presumed interests of the user or results from the user's previous usage behavior. For this purpose, cookies are stored on the end devices of the users. These cookies can store the usage behavior and thus map the areas of interest.
It is possible that the registered office of a social medium or platform is located in a third country, i.e. in a country in which the GDPR has no direct legal effect. In this case, the transfer of data will only take place if your consent is given, an adequate level of data protection prevails, or other legal permission exists. US providers may operate under the Privacy Shield agreement (EU-US Privacy Shield), which means that the requirements of the Privacy Shield agreement are similar to the level of data protection in the European Union and that the data is treated accordingly.
We would like to make it clear that users should contact the respective third-party providers directly in the event of information requests and/or the assertion of other data subject rights. They have insight and access rights to the user data stored and processed there and can provide information and/or take measures accordingly. If you contact us directly, we will try to support your request as best we can. However, since we have no insight into or access to the data stored by third-party providers, our options for action are limited.
Please inform yourself about the data processing principles of the respective companies using the corresponding data protection statements.
Status February 2021