Privacy Policy

Privacy Policy

This Privacy Policy informs you of the extent to which we process your personal data (hereinafter referred to as “data”).

1.    Responsible for data processing

In accordance with the provisions of the General Data Protection Regulation (GDPR), the controller responsible for data processing is:

Kalfany Süße Werbung GmbH & Co. KG
Industriegebiet West
Holzmattenstraße 22
D-79336 Herbolzheim
Tel. +49 (0) 7643 / 801-0
Fax +49 (0) 7643 / 801-20

2.    Contact information for our data protection officer

Michael Gruber
Externer Datenschutzbeauftragter

Thundorferstr. 10
D-93047 Regensburg

T +49 (0) 941 462 909 29
M +49 (0) 152 32 01 04 95

3.    General information about data processing

We process data in connection with the operation of our website.

This also includes disclosure by means of transmission to third parties and, if applicable, to “third countries” outside of the European Union (“EU”) and the European Economic Area (“EEA”). We have provided appropriate notices below in cases where we transfer data outside of the EU or EEA.

4.    Data processing

The data concerned, processing purposes, legal bases, recipients and transfers to third countries are listed below:

a)    Log files when visiting our website

We log your visit to our website. The following data is processed in this context:

  • Name of our website(s) accessed,
  • date and time of access,
  • the amount of data transferred,
  • the browser type and version,
  • the operating system you are using,
  • the referrer URL (the previously visited website),
  • your IP address,
  • the requesting provider.

The legal basis for data processing is our legitimate interests according Art. 6(1(f) GDPR in ensuring the security and continuous operation of our website. The log file is deleted after seven days unless it is required for clarification or verification of specific violations of the law of which we have become aware within the retention period.

b)    Hosting

In order to operate our website, we use the services of web hosting providers who process the data referred to above (log file when you visit our website) and all other data to be processed in connection with the operation of our website on our behalf.

According to Art. 6(1)(f) GDPR, the legal basis for this data processing is our legitimate interest, thus permitting us to operate the website in the first place.

c)    Contacting us

If you contact us, we will process your data, including your name, contact details (if you have provided them) and your message, exclusively for the purpose of processing and responding to your enquiry.

The legal basis for this data processing is our obligation to satisfy a contract and/or to satisfy pre-contractual obligations according to Art. 6(1)(b) GDPR and/or our legitimate interest in processing your enquiry according to Art. 6(1)(f) GDPR.

d)     Contacting us to apply for a job

If you contact us to send us your application for employment, e.g. by e-mail or via a contact form, your data (e.g. name, e-mail address, desired location if specified by you), your message and the application documents you submit will be processed exclusively for the purpose of processing and handling your application for employment. The legal basis for data processing is primarily section 26 BDSG. This provision permits data to be processed that is required in connection with a decision to establish an employment relationship.

Should this data be necessary for the pursuit of legal rights after completion of the application process, data processing may be carried out in the pursuit of legitimate interests pursuant to Art. 6(1)(f) GDPR, namely for purposes of asserting and/or defending against legal claims.

e)     Contract performance

We process your order data within the scope of performing existing contracts between you and us.

The legal basis for this data processing is Art. 6(1)(b) GDPR when fulfilling our contractual obligations and Art. 6(1)(c) GDPR when fulfilling our legal obligations.

We transmit your address details to the company hired to carry out the delivery. Where necessary to execute the contract, we also provide your e-mail address or telephone number to coordinate a delivery date (notification of dispatch) to the company hired to carry out the delivery.

We transmit your transaction details (name, date of order, payment method, date of dispatch and/or receipt, amount and payment recipient, bank details or credit card details) to the payment service provider responsible for processing the payment.

f)     Newsletter

You have the option to sign up for our e-mail newsletter in order to receive regular information about our company and our offerings. We process any data you provide (e-mail address and other information provided voluntarily) when you register for our newsletter. We will send you an e-mail after your registration asking you to confirm your registration (“double opt-in”) in order to prevent misuse of your data. Your registration will be logged in order to be able to verify your registration in a legally compliant manner. This relates to the times of registration and confirmation as well as your IP address.

The legal basis for sending the newsletter is your prior consent pursuant to Art. 6(1)(a) GDPR.

The legal basis for sending the confirmation e-mail for your registration, as well as associated data logging, is our legitimate interest according to Art. 6(1)(f) GDPR so that we may properly verify your registration.

The newsletter will be sent by a service provider commissioned by us who acts on our behalf and upon our instructions.

Customised product recommendations
If you have concluded a purchase agreement with us, we will use your website to send you customised product recommendations for similar products we offer in future. You may object to this kind of data processing at any time without incurring any costs other than transmission costs in accordance with the base rates.

Data processing is done on the basis of our overriding legitimate interest in engaging in direct marketing under Article 6 Paragraph 1(f) GDPR.

Personalised newsletter
Provided you have given your consent, we use tracking pixels to analyse your user behaviour as part of sending the newsletter when opening e-mails or clicking on links. We use the information thus generated exclusively to make information and offers available to you via the newsletter that correspond to your interests.

The legal basis for this processing is your prior consent pursuant to Art. 6(1)(a) GDPR.

g)     Customer account/Dealer log-in

If you open a customer account, you agree that your master data (name, address, e-mail address, bank details if applicable) as well as your usage data (user name, password) will be stored. This allows us to identify you as a customer and allows you to manage your orders and commissions. Data is processed in this context on the basis of your consent in accordance with Art. 6(1)(a) GDPR.

h)     Cookies

We use “cookies” on our website. Cookies are small text files that are placed on your device (PC, smartphone, tablet, etc.) and stored by your browser.

We use strictly necessary technical cookies on our website to ensure the proper functioning of the site. For example, these cookies make it possible to navigate our website or to provide other basic functions on the website.

In addition, we use optional cookies that provide us with additional information, for example to analyse data traffic or for advertising and marketing purposes.

The cookies we use remain on your device for different times that vary in length.

Session cookies: These cookies are deleted from your device immediately after you close your web browser.

Permanent cookies: These cookies remain on your device even after you close your web browser and enable us, for example, to recognise you when you next visit our website.

Cookie providers
Cookies that we set directly are called “first-party cookies”. By contrast, “third-party cookies” are set by third-party websites, for example in order to display content (advertisements, images, tracking pixels, etc.).

Legal basis for data processing
As a general rule, data processing using cookies is based on your consent in accordance with Art. 6(1)(f) GDPR, or our overriding legitimate interests in optimising and ensuring the functionality of our website in accordance with Art. 6(1)(f) GDPR.

Withdrawal and objection
If data is processed on the basis of your consent, you may withdraw your consent at any time with future effect (“opt-out”). You may object to further data processing with prospective effect in cases of data processing on the basis of our legitimate interest.

You may withdraw your consent by using the opt-out link in the section of the Privacy Policy related to the service in question.
Information about objecting to data processing may be found in Section 7 of this Privacy Policy.

Cookie browser settings
In addition, you can prevent or limit data processing by cookies in future by selecting the appropriate browser settings and, for example, disabling cookies. Any cookies that are already stored may be deleted using your browser settings. Please refer to the following links for more information on the respective browser settings:

Mozilla Firefox:
Internet Explorer:
Google Chrome:

Cookiebot Consent Banner
We use the Cookiebot service Cybot A/S. Havnegade 39, 1058 Copenhagen, Denmark (hereinafter ‘Cybot’) on our website to document your choices for certain data processing operations that use cookies and to communicate with relevant third-party providers if you have granted your consent.

By using the Cookie Consent provided to select the cookies used, the following data is automatically logged by Cybot:

  • the end user’s IP number in anonymised form (the last three digits are set to ‘0’);
  • the date and time of consent;
  • the user agent of the end user’s browser;
  • the URL from which the consent was sent;
  • an anonymous, random, encrypted key;
  • the end user’s consent status, which serves as evidence of consent.

The key and consent status are stored in your browser in the CookieConsent cookie so our website can automatically read and comply with your settings for all subsequent page requests and future end user sessions for up to 12 months. The key is used to verify your consent and/or settings and for an option to check if the consent status stored in your browser is the same as the original consent sent to Cybot.

We process this data in order to fulfil our legal obligation to process data in compliance with data protection laws pursuant to Article 6 Paragraph 1 c) GDPR.

More information about data processing at Cybot is available at:

Our cookies
You can find more information on the specific cookies used, the purposes for which they are used and their lifespan in our Cookie Settings.

i)     Analysis/Marketing

aa.    Google services

We use a variety of services on our website provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). It is possible that data will also be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, as a result.

Google Analytics
We use the Google tracking tool “Google Analytics” on our website. We use Google Analytics in order to evaluate your use of the website, to compile reports on website activities on our website, and to provide other services associated with website use and to improve user-friendliness.

Interactions between website visitors are collected and automatically analysed, primarily with the aid of cookies, by virtue of the use of Google Analytics.

You may find details about the cookies we use in our Cooking Settings.

We use Google Analytics with the extension “anonymizeIp()”. IP addresses within the member states of the EU or EEA are shortened as a result. Only in exceptional cases will your complete IP address be transferred and shortened at the destination if sent to a Google server in the United States. As a rule, this precludes personal identification. In particular, it is not possible to identify the computer/device used by the website visitor to access the website.

The following data will be processed in connection with the use of Google Analytics:

  • 3 bytes of the IP address for accessing user’s system (anonymised IP address)
  • The web page viewed
  • The website from which the user reached the page accessed on our website (referrer)
  • The sub-pages accessed via the website
  • Length of stay on the website
  • Frequency of visiting the website

According to information provided by Google, Google will not associate your IP address with any other data held by Google in any case.

The legal basis for this data processing is your prior consent pursuant to Art. 6(1)(a) GDPR.

Withdrawing your consent
You may withdraw your consent at any time with future effect by changing the settings available under our Cookie Settings or via

In addition, please refer to statements concerning Google’s use of data within the Google Partner Network at:

bb.    LinkedIn Pixel

We use a Pixel on our website from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”), a subsidiary of LinkedIn Inc. 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA We use the LinkedIn Pixel to evaluate the success of our LinkedIn advertising campaigns and to optimize the delivery of advertising campaigns to interested target groups on LinkedIn.

When you click on a LinkedIn ad or visit our website, the Pixel integrated into our website places a cookie on your device. The cookie processes data that makes it possible to recognize whether you have reached our website via a LinkedIn advertisement and makes it possible to analyze your behavior as a website visitor until a contract is potentially concluded. This allows us to track the success rate of our advertising campaigns on LinkedIn. In addition, the Pixel processes data concerning the circumstance that you have visited our website and enables us to tailor advertising displayed on LinkedIn based on your interests.

The LinkedIn Pixel integrated into our website establishes a direct connection to LinkedIn’s servers when you visit our website. The information generated by the cookie about your use of our website (including your IP address) is transmitted to LinkedIn.

For more information about data protection at LinkedIn, please refer to:

These cookies remain on your device even after you close your web browser and enable us to recognize you on your next visit our website. The cookie is no longer valid after 30 days. Data collected in this context is anonymous and does not permit us to personally identify any users. If you are registered with LinkedIn, LinkedIn may associate information collected as part of this process with your account. Even if you do not have a LinkedIn account, or are not logged in when you visit our website, LinkedIn may process and store your IP address and other identification data.

The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR.

You may withdraw your consent at any time with future effect by changing the settings available under our Cookie Settings.

cc.    Matomo

We use cookies from the open-source analytics software Matomo on our website. When you visit our site, information about your use of the website (including IP address) is stored by cookies. We will use this information to evaluate your use of our website, to compile reports on website activities for us, and to provide additional services associated with the use of websites and the internet.

The legal basis for this data processing is your prior consent pursuant to Article 6(1)(a) GDPR.

You may withdraw your consent at any time using the Cookie Settings on our website. Please note that this website uses Matomo with the extension “anonymizeIp()”. This shortens IP addresses before they are transmitted. A direct personal reference in connection with the stored data is thus fundamentally excluded. We may transfer stored data to third parties if required by law.

You may also withdraw consent to data collection below by mouse click. An opt-out cookie will be placed on your computer if you uncheck the following box and this will prevent data collection.

You may revoke your consent at any time with future effect by adjusting your settings under our Cookie Settings.

5)    Integration of third-party content
We use third-party dynamic content (“content”) to optimise the display and offerings on our website. When visiting our website, an application programming interface (“API”) automatically submits a request to the server of the respective content provider as part of which certain log data (e.g. the user’s IP address) is transmitted. The dynamic content is then transmitted to our website and displayed there.

We use third-party content in connection with the following functionalities:

a)    Google Maps

We use the “Google Maps” map service on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and is used to provide an interactive map to you. When the map is displayed, data, including your IP address and your location, is transferred to Google’s server in the USA and stored there.

Additional information on data protection can be found at:

Processing in this manner is performed on the basis of our overriding legitimate interest in the optimum marketing of our website in accordance with Art. 6(1)(f) GDPR.


We use the external service reCAPTCHA in order to protect input forms on our website and registration for our newsletter from spam and unauthorised use. This service is provided by Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as “Google”). reCAPTCHA makes it possible to distinguish between human input and unauthorised input from automated software (also referred to as “bots”). The following data is transferred to Google’s servers in the USA when using this service:

  • Referrer URL
  • The user’s IP address
  • The user’s input behaviour and mouse movements within the area of the “reCAPTCHA” check-boxes
  • Google Account: If the user is logged in to their Google account when visiting our website, this will be recognised and associated with your profile.
  • Information on the browser you are using, browser size, browser resolution, browser plugins, language settings, date
  • Mouse and touch events within the page
  • Scripts and display instructions on the website
  • Cookies

This processing is performed on the basis of our overriding legitimate interest in the security of our website in accordance with Art. 6(1)(f) GDPR.

c)    Seal of Approval

The Trusted Shops Trust Badge is integrated into this website in order to display our Trusted Shops Seal of Approval and Trusted Shops’ products for buyers after they place an order. The Trust Badge and the services advertised with it are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. Upon accessing the Trust Badge, your IP address, the date and time of the request, the amount of data transferred and the requesting provider (access data) are transmitted to the Trusted Shops servers. This access data is not evaluated and is automatically overwritten at the latest seven days following the end of your visit to the relevant page.

Processing in this manner is performed on the basis of our overriding legitimate interest in the optimum marketing of our website in accordance with Art. 6(1)(f) GDPR.

Additional personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use such products. The contractual agreement between you and Trusted Shops applies in such cases.

We use certain cookies that store your IP address to analyse user behaviour on our websites, to optimise our website as well as to personalise content and advertisements.

d)    Userlike integration

Our website uses a live chat function provided by Userlike UG (haftungsbeschränkt), Probsteigasse 44–46, 50670 Cologne, Germany. You can use the live chat like a contact form to chat with our employees in near real time. Personal data is collected at the start of the chat.

  • Date and time of access;
  • Browser type/version;
  • IP address;
  • Operating system in use;
  • URL of the previously visited website;
  • Amount of data sent;
  • First name, Last name;
  • E-mail address

Depending on the course of the conversation, additional personal data that you have entered may be collected during the chat. The nature of this data depends heavily on your enquiry or the problem you are describing.

When you access this website, the chat widget is loaded by AWS Cloudfront in the form of a JavaScript file. From a practical standpoint, the chat widget represents the source code that is executed on your computer and allows the chat function to operate.

In addition, Userlike stores transcripts of live chats. The purpose of this is to save you from potentially having to go through a long history of your enquiry and to constantly monitor the quality of our live chat service. If you do not wish chats to be retained for this purpose, please inform us using the contact details set out above. We will then delete any live chats we have stored without undue delay.

Data is processed on the basis of Art. 6(1)(b) GDPR for the performance of a contract and/or for satisfaction of our pre-contractual obligations or on the basis of our legitimate interests in responding to your enquiry in accordance with Art. 6(1)(f) GDPR.

6)    Data retention

We only retain personal data for as long as it is necessary for the purposes for which it is processed or until you withdraw your consent. The retention period for certain data can be up to 10 years irrespective of the processing purposes in the event we must comply with statutory retention obligations.

7)    Your rights as a data subject

a)    Information

Upon request, you may receive information about all personal data that we have stored about you at any time and free of charge.

b)    Rectification, erasure, restriction of processing (blocking), objection

Should you no longer agree to the retention of your personal data or should such data have since become incorrect, we will arrange for the erasure or blocking of your data or make the necessary corrections (insofar as this is possible under applicable law) upon instruction from you. The same applies if you would like us to restrict the processing of your data in future. Without limitation, you have the right to object in cases where your data is necessary for the performance of a task carried out in the public interest, or in pursuit of our legitimate interests or in cases based on profiling. You likewise have a right to object in the case of data processing for purposes of direct marketing.

c)    Data portability

You have the right to data portability in cases where data is processed on the basis of a contract, pre-contractual negotiations, consent or by means of an automated process. Upon request, we will provide you with your data in a structured, commonly used and machine-readable format so that you can, if you wish, transmit your data to another controller.

d)    Right to withdraw consent with future effect

You can withdraw your consent at any time with future effect. Withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.

e)    Right to lodge a complaint

You also have the option of lodging a complaint related to your rights as a data subject with a supervisory authority: (

f)    Limitations

The rights described above do not apply to data for which we are not able to identify the data subject, e.g. if anonymised for analysis purposes. It may be possible to exercise your right of access and right to erasure, blocking, rectification or portability with regard to this data if you provide us with additional information that enables us to make the required identification.

8)    Exercising your rights as a data subject

For questions regarding the processing of your personal data, requests for information, rectification, blocking, objection or erasure of data, or requests to transfer your data to another company, please contact or send a fax to: +49 (0) 7643 / 801-20.