The following Privacy Notice applies to the website of YOGI TEA GmbH.
As of October 6rd 2022
We, YOGI TEA GmbH, Burchardstraße 24, 20095 Hamburg, telephone: +49 (0)40 - 42 30 11-0, e-mail: info.eu@yogiproducts.com are responsible within the meaning of the laws on data protection for processing data in connection with this Privacy Notice (hereafter also referred to as "YOGI TEA", "we" or "us").
For more than 40 years YOGI TEA has been synonymous with delicious herbal and spice teas based on unique Ayurveda tea recipes whose roots go back to the 3,000-year-old Indian philosophy of Ayurveda.
Should you have any questions on this Privacy Notice or generally on the processing of your data by YOGI TEA, please refer to our data protection officer:
Tabea Knabe (managing director MACU Datenschutz UG), can be contacted through dataprotection.eu@yogiproducts.com
Personal data means "any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" (Article 4 no. 1 of the General Data Protection Regulation). Personal data includes for example name, e-mail address, address and data of birth.
When we process personal data, that means that we, for example, record, store, use, transmit to others or delete this data.
Registration data: We process firstly all data from you that you send us in connection with your registration to the Yogi Tea media data bank under https://www.yogitea.com/en/medialibrary/. These are the personal data that are necessary in order to justify and fulfil registration (e.g. name, company, e-mail address).
Competitions: We first process all your data that you send us in connection with participation in competitions. These are the personal data required in order to carry out the competition (e.g. name, company, e-mail address).
Data on online behaviour and preferences: We also process data such as IP addresses and information on visits to our website.
Customer complaints and compensation products: We process data from you that you send us in connection with a complaint. These are the personal data that are necessary in order to conduct and handle complaints as well as for the shipment of compensation products (e.g. name, e-mail address, address).
We process your data for the following purposes and on the basis of the legal principles stated:
Please note your rights to object when data is processed for purposes of direct marketing or for personal reasons and your right to revoke your consent (see section What rights do you have? and the section Information on your rights to object).
As a matter of principle, we only give your data to third parties provided this is necessary in order to fulfil the contract, we or the third party have a legitimate interest in forwarding the data or you have given your consent to the data being forwarded. Should data be forwarded to a third party on the basis of a legitimate interest, this is explained in the Privacy Policy. Furthermore, data may be forwarded to third parties should this be required of us due to provisions of the law or enforceable orders by a public authority or court of law.
We reserve the right to use service providers in recording or processing data. Service providers only receive personal data from us that they require for their specific function. Therefore, your e-mail address may be forwarded to a service provider, for example in order that it can deliver a newsletter you have ordered. Service providers may also be appointed to make server capacity available.
Specifically, the following types of service provider are involved:
We may also share personal data with processors located in non-EEA countries (so-called third countries). These are processors in the USA and in Switzerland.
In such cases, we ensure that the recipient has an appropriate level of data protection in place. In the case of Switzerland, this is an adequacy decision pursuant to Article 45 of the GDPR. In the case of processors in the USA, these are the standard EU contractual clauses adopted by the European Commission (Article 46 of the GDPR) or explicit consent provided by the user.
You can obtain a summary from us of recipients in third countries and a copy of the specifically agreed rules in order to ensure an adequate level of data protection. Please use the information in the section Contact for this purpose.
We store your data for as long as this is required in order to provide our online offer and the related services or should we have a legitimate interest in continued storage. In all other cases, we delete your personal data with the exception of such data as we must continue to hold in fulfilment of legal (e.g. tax and commercial law) retention requirements (e.g. invoices). We block data subject to a retention period until the retention period ends expires.
The following exact retention periods apply:
Registration data: For as long as you are registered with our media data bank and after it has ended [immediate deletion]
Data derived from competitions: As long as the competition is being carried and processed after it has ended for [2 months]
Data relating to online behaviour and preferences: [2 years]
Data relating to complaints of customers: As long as the complaint is being handled by us and after it has been handled for 1 year.
Every time you use the Internet, certain information is automatically transmitted from your Internet browser and stored by us in so called log files.
We store the log files for a period of seven to ten days in order to identify malfunctions and for security reasons (e.g. in order to clarify attempted attacks) and they are then deleted. Log files that are retained longer for purposes of proof are excluded from deletion until the case concerned is finally clarified and may in certain cases be forwarded to the investigating authorities.
The following information in particular is stored in the log files:
Selected information derived from log-files (not the IP address) is also used in order to analyse the web.
Cookies are small text files that are sent when a website is visited and stored in the browser. If this website is visited again, the user's browser returns the contents of the cookie and thus enables the user to be recognised again. Certain cookies are automatically deleted after the end of the browser session (so called session cookies), and others are stored for a specified length of time or stored permanently in the user's browser and then delete themselves automatically (so called temporary or permanent Cookies).
As a matter of principle, no personal data are stored in the cookies but only an online identification.
You can deactivate the storage of cookies through your browser settings and delete cookies that are already stored in your browser at any time (see Technical advice). Please note however that without cookies this online offer might possibly not function or only function subject to limitations.
Please also note that objections to the creation of user profiles function partly through the use off a so called "opt out cookie". If you delete all cookies, an objection might not therefore be considered and you will have to submit the objection again.
Cookies that are absolutely necessary
Certain cookies are required so that we can provide our online offer securely. This category includes for example:
Analysis cookies
We use analysis cookies in order to record the behaviour of our users (e.g. subpages visited, search enquiries entered) and to analyse this behaviour statistically
We specifically use the following cookies:
_ga (Google; HTTP Cookie):
Registers a unique ID to generate statistical data relating to user behaviour (24 months).
_gac_UA-* (Google; HTTP Cookie):
Used by Google AdWords to identify the device (3 months ).
_gcl_au (Google; HTTP Cookie):
Used by the campaign manager to highlight the actions of users who visit the website after an ad has been displayed or clicked on (3 months).
_gid (Google; HTTP Cookie):
Registers a unique ID that is used to generate statistical data relating to use of the website by the user (1 day).
_gat_gtag_UA_* (Google; HTTP Cookie):
Is used to throttle the request rate (1 day).
cookieNotice18 (YogiTea; HTTP Cookie):
Controls the display of the cookie banner. Once accepted by the user, the banner disappears (Session end).
We require statistical information on the use of our online facility in order to make it more user friendly, to measure its reach and to be able to operate market research.
We use the following web analysis tools for this purpose. The user profiles created by these tools with the aid of cookies or through the evaluation of log files are not amalgamated with personal data.
The providers of the tools only process data as job processors in accordance with our instructions and not for their own purposes.
The tools either do not use the users' IP addresses at all or abbreviate them immediately after they have been recorded.
For each tool you will find information on the provider concerned and also how to object to the recording and processing of data by the tool.
It should be noted in the case of tools that work with opt out cookies, that the opt out function is equipment and browser based and only applies to the terminal or browser that is currently used. Should you use several terminals or browsers, you must set the opt out function on each terminal and on each browser used.
Moreover, you can prevent the creation of any user profiles by deactivating the use of cookies in general.
Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Analytics with the additional function offered by Google to anonymise IP addresses: according to this function, Google generally abbreviates the IP address within the EU already and only in exceptional cases actually in the USA and in all cases only stores the IP address in abbreviated form.
You can object to the recording and evaluation of your data by this tool by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
We are present on several social media platforms. These are individually listed below. Customers, interested parties and/or users can communicate with us via these platforms and inform themselves about our activities and products.
In this context, we draw your attention to the fact that this may result in the processing of user data outside the European Union. This can pose risks to users visiting our social media pages.
In general, social media platforms also utilise user data for the purposes of market research and advertising. User behaviour is utilised for personalised advertising, for example. This takes account of the user’s interests. In order to achieve this, cookies are stored on the user’s device that allow conclusions to be drawn regarding user behaviour and the user’s interests.
We process personal data on social media platforms on the basis of a legitimate interest pursuant to point (f) of Art. 6 (1) GDPR. Our aim is to ensure effective communication with users and to inform you of our activities and products. Where consent to data processing is required, such processing is carried out pursuant to Art. point (f) of Art. 6 (1) and Art. 7 GDPR.
We are unable to track all processing procedures on the social media platforms. You should therefore address any requests for information to the respective operator of the individual social networks. Only the operator has access to the user data and is thereby able to provide information or take the requisite measures in the event that you wish to assert your user rights. If you have any questions regarding data protection, however, you can also address these to us or our data protection officer.
For additional details and/or options for revoking your consent, we refer you to the individual sites:
The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified in line with the EU-US Privacy Shield.
You can find Facebook’s data protection policy at:
https://www.facebook.com/about/privacy/
The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
You can find Instagram’s data protection policy at:
https://help.instagram.com/519522125107875
The provider is the Twitter International Company, One Cumberland Place, Fenian Street
Dublin 2, D02 AX07 IRELAND.
You can find Twitter’s data protection policy at:
https://twitter.com/de/privacy
We use the Conversion-Tracking service provided by Adform Germany GmbH, Gr. Burstah 50-52, 20457 Hamburg Germany. We use this to measure the success of our advertising tools. We deliver advertising banners via the Adform network. In this context, cookies are stored when visiting websites within the advertising network. These cookies contain an advertising ID and are valid for 60 days. No personal identification can be made via the cookie. We can merely identify which advertising tool led to your visit to the website.
If you do not wish to use Adform, you can deactivate the cookie. Instructions can be found at https://site.adform.com/privacy-center/platform-privacy/opt-out/.
We use Google Conversion-Tracking via the AdWords service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you click on an advert delivered by Google and are redirected to our website, Google AdWords stores a cookie in your browser. This conversion-tracking cookie is stored as soon as a user clicks on a Google ad.
The cookie allows us to see when a visitor to our website has clicked on a Google ad, when they have been redirected, and which pages the visitor has looked at. The cookie is individual, i.e. each AdWords customer is assigned their own cookie.
This functionality is used to generate conversion statistics that Google provides to its customers. These statistics show how many users have clicked on an ad. However, it isn’t possible to personally identify customers.
The legal basis for Google AdWords is the user’s consent pursuant to point (f) of Art. 6 (1) GDPR, i.e. you voluntarily provide your personal data. When visiting our website, your personal data are sent to Google in the USA and stored there; this particularly includes your IP address. Google may pass these data on to third parties. We have no influence on this. We ourselves do not receive any data to identify the data subject.
Cookies are only stored for 30 days.
Google guarantees that it processes data securely and has therefore committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
If you wish to prevent your data being processed by Google AdWords, you can do so via your browser settings. Here you can prevent the automatic storage of cookies / block cookies from the “googleadservices.com” domain. However, this can result in limited website functionality.
On our website, we use the Google Remarketing service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function serves the purpose of displaying adverts tailored to the user’s individual interests. For this purpose, cookies are stored on your computer that allow third-party providers, including Google, to record that you have visited our website with your browser. This information can then be used at a later date to present you with our adverts on other websites, e.g. during Google searches or on websites within the Google network.
The legal basis for Google Remarketing is the user’s consent pursuant to point (f) of Art. 6 (1) GDPR, i.e. you voluntarily provide your personal data. When visiting our website, your personal data may be sent to Google in the USA and stored there. However, Google states that no personal data of any description are recorded or stored during this processing. We have no influence on this and also do not receive any data via which a user may be personally identified.
You can find further information on data protection at Google and on the functionality of Remarketing in the Google data protection policy. Here too, you are able to deactivate the storage of cookies via your browser’s settings. You also have the option of preventing your data being recorded by Google Remarketing via the Google ad settings.
We use the “Conversion Pixel” / visitor action pixel from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). By accessing this pixel via your browser, Facebook can recognise whether a Facebook ad was successful, i.e. whether it resulted in a pageview, for example. For this purpose, Facebook provides us exclusively with anonymised statistical data. This allows us to record the effectiveness of our Facebook ads for statistical and market-research purposes. Furthermore, we draw your attention to Facebook’s data protection policy. You can withdraw your consent at https://www.facebook.com/ads/preferences/.
In order to assert your rights, please use the inform in the Contact section. When doing this, please ensure that we can identify who you are with absolute certainty.
You may demand that we confirm to you whether we process personal data relating to you and you are entitled to information with respect to which of your data we process. Should your data be incorrect or incomplete, you may demand that they be corrected or completed. Should we have forwarded your data to third parties, we inform them of the correction, to the extent that this is stipulated by law.
Provided the legal conditions apply, you may demand that we delete your personal data immediately. This is particularly the case if
Should we have forwarded your data to third parties, we inform these third parties that the data have been deleted to the extent that this is stipulated by law.
Please note that your right to deletion is subject to limitations. For example, we must not and may not delete any information that we must continue to hold due to legal retention periods. Also your right to have data deleted does not apply to data that we require in order to assert, exercise or defend legal claims.
Provided that the legal conditions apply, you may demand that we restrict processing. This is particularly the case if:
In the event of right to restrict processing, we mark the data concerned in order in this way to ensure that these data are only processed within the strict limits that apply to restricted data (namely, in particular the defence of legal interests or with your consent).
You have the right to object to our processing data for reasons relating to your particular situation provided that this is based on the legal grounds of a legitimate interest. You may also object to the processing of your data for advertising purposes ("objection to advertising"). Please also note in this context the section Information on your rights to object.
You have the right to receive personal data, which you have given us in order to fulfil a contract or on the basis of consent, in a form that can be transferred. In this case, you may also demand that we transmit these data directly to a third party provided that this is technically feasible.
Should you have given us your consent to process your data, you may revoke this consent at any time to come into effect for the future. This does not affect the legality of any processing of your data that has taken place until the time consent is revoked.
You have the right to submit a complaint to a data protection authority. You may refer to the data protection authority that is responsible for your place of residence for this purpose. Alternatively, you may also refer to the data protection authority that is responsible for us, which is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg
E-Mail: mailbox@datenschutz.hamburg.de
You can also visit our website without providing us with any data on yourself. In order to register however you are required to give us the personal data (e.g. name, date of birth, e-mail address) needed in order to establish and implement the contract; we identity this compulsory information with *. Should you not wish to give us this information, we are unfortunately unable to register you as a member.
We do not make any fully automated decisions in connection with this data protection declaration in individual cases with legal or comparable consequences.
We do not collect any data on you from third parties (e.g. credit agencies or social networks)
We monitor our homepage to see whether our contact form is being used by a real person or a machine/automated service. This monitoring is performed by the reCAPTCHA function offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). In this context, personal data (including the IP address) are sent to Google. These are processed on the basis of a legitimate interest pursuant to point (f) of Art. 6 (1) GDPR. Our interest is to avoid spam and the misuse of our homepage.
This processing may result in data being sent to Google LLC in the USA. Google guarantees that it adheres to the European data protection standard and is certified in accordance with the so-called “Privacy Shield” (https://www.privacyshield.gov/list). Additional information regarding the data protection policy of Google reCAPTCHA can be found at https://www.google.com/intl/de/policies/privacy/
It is sometimes the case that personal data are processed when entering the details of a store (e.g. name of the store, e-mail address, telephone number). The entered data are accessible to visitors of our homepage (“Store Locator”). By clicking on “Save”, you agree to this processing. The legal basis for this is your consent pursuant to point (a) of Art. 6 (1) GDPR. Furthermore, we draw your attention to our data protection policy.
To conduct surveys, we use the SurveyMonkey application of Momentive Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland. This company is a subsidiary of Momentive Inc., based in the USA. When you voluntarily participate in our surveys, SurveyMonkey collects personal information. This includes in particular the IP address of the device you are using for this purpose and, in addition, device-specific information. SurveyMonkey also uses tracking services to collect user data and statistics. By participating in the survey, you consent to data processing pursuant to Article 6, paragraph 1, point (a), of the General Data Protection Regulation (GDPR) and Article 49, paragraph 1, point (a), of the GDPR (transfer to a third country). When SurveyMonkey is used, data is transmitted to the USA. In this context, we would like to expressly point out that the level of data protection in the USA does not correspond to that in the EU. There are certain risks in terms of data security. There is currently no data protection agreement between the EU and the USA. However, the provider assures European data protection standards and uses what are known as standard contractual clauses. These clauses were developed by the EU Commission. They specify the use of additional data protection measures, in particular encryption technologies. These can be found at https://www.surveymonkey.de/mp/legal/data-processingagreement/. That’s why we trust SurveyMonkey to process personal data securely. The privacy policy can be accessed at https://www.surveymonkey.de/mp/legal/privacy-basics/.
You may submit an objection to the processing of your personal data for advertising purposes at any time ("objection to advertising"). We will then cease processing your data for advertising purposes. Please bear in mind however that, for organisational reasons, there might be an overlap between your objection and use of the data as part of a campaign that is already in progress.
You have a right to object to our processing personal data for reasons that relate to your particular situation, provided that this is based on the legal grounds of a legitimate interest. We will then cease processing your personal data, unless we are able to prove compelling reasons for continued processing that are worthy of protection, which override your rights or interests or are only processing this information in order to assert, exercise or defend legal claims.
Objections are not bound to any particular form. Please send your objection if possible to:
YOGI TEA GmbH
Burchardstraße 24
20095 Hamburg
Telephone: +49 (0)40 – 42 30 11-0
E-mail: dataprotection.eu@yogiproducts.com
YOGI TEA GmbH
Managing directors: Michael Garcia Heermann, Nirvair Singh Khalsa
Burchardstrasse 24
20095 Hamburg, Germany
Phone: +49 (0) 40 42 30 11-0
Fax: +49 (0) 40 42 30 11-99
E-mail: dataprotection.eu@yogiproducts.com
Tabea Knabe
MACU Datenschutz UG
Krokusweg 11
72525 Münsingen, Germany
E-mail: kontakt@macu-datenschutz.de
In accordance with Article 88 (1) of the European General Data Protection Regulation (GDPR) in conjunction with Section 26 (1) of the German Federal Data Protection Act (BDSG), YOGI TEA GmbH collects and processes the personal data of applicants in order to decide whether to establish an employment relationship.
‘Personal data’ refers to information about the personal or material circumstances of a specific or identifiable natural person. This includes information such as your name, address, phone number and date of birth, as well as information about your specific background etc. which can be attributed to a specific person with reasonable effort. On the other hand, personal data do not include information which cannot be (in)directly associated with your real identity.
It is necessary to provide personal data for the application and decision-making processes. Automated decision-making does not take place. If you apply to us electronically, i.e. by e-mail or the form on our website, then we will collect and process your personal data for the purposes of the application process and in order to take steps prior to entering into a contract. By submitting an application on our recruitment page, you are signifying your interest in employment with us. In connection with this, you will send us personal data that we will use and store for the sole purpose of your application / search for a job.
Only authorised people from Human Resources or who are involved in the application process will have access to your data. As we work closely with East West Tea Company, LLC, Eugene, Oregon, it is possible for application data to be sent to the USA. Your data will be encrypted in this process and stored there if your application is not considered.
By submitting an application, you agree to the potential transfer of your personal data to the USA. Without this consent, we might be unable to consider your application. You have the right to withdraw this consent at any time, without providing a reason. If you do so, however, we might no longer be able to consider your application.
We use application management software from Personio GmbH in our application processes. The data you provide as part of your application are sent via TLS encryption and stored in a database. This database is operated by Personio GmbH, which is a provider of personnel administration and applicant management software. In this context, Personio is our processor in the sense of Article 28 GDPR. Data processing in this context is based on a processing agreement between us, as the controller, and Personio. The legal notice of Personio GmbH is available here: https://www.personio.com/legal-notice/.
Where necessary for operational reasons, we engage the services of data processors with whom we might share your data. In particular, these might be HR consultancies or recruitment agencies. All processors are contractually obliged to treat your data as confidential and only process the data for the purposes of performing their service. We have concluded a data transfer agreement with East West Tea Company, LCC, that contains what are known as standard contractual clauses. These standard contractual clauses ensure an adequate level of data protection based on minimum European standards.
Your data will be stored for 180 days after the end of the application process. This is normally done in order to comply with legal obligations and/or defend against any claims based on statutory regulations. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as metadata, which do not relate directly to a person, for use in statistical evaluations (such as the gender ratio of applications or the number of applications per period).
Furthermore, we reserve the right to store your data for 180 days after the end of the application process, in order to add the data to our Talent Pool for the purposes of identifying other potentially interesting positions for you. By accepting our privacy policy, you consent to the continued storage of your data and the addition of your data to our Talent Pool. If, during the application process, you are offered a job with us and accept it, we will store the personal data we collected during the application process for the duration of your employment at least.
You have the right to object to the use of your data at any time. You also have the right to request information about what data concerning you we have stored. You have the right to request the rectification of inaccurate data. Likewise, you have the right to demand that we erase the data we are storing, provided that the erasure does not conflict with any statutory provisions. You are also entitled to demand that the processing of your data be restricted.
If you have any questions about data protection, you can contact us at any time, either by e-mail at dataprotection.eu@yogiproducts.com or by post at the address provided above. You can contact our external data protection officer by e-mail at kontakt@macu-datenschutz.de or by adding ‘Data Protection Officer’ to the postal address. Furthermore, you have the right to lodge a complaint with a supervisory authority. This is the Hamburg Commissioner for Data Protection and Freedom of Information. We reserve the right to update this privacy policy at any time in order to keep it consistent with the current legal requirements, reflect changes to the application process etc. If you revisit this recruitment page or submit a new application, the latest version of the privacy policy will then apply.
You can contact us as follows:
YOGI TEA GmbH
Burchardstraße 24
20095 Hamburg
Telephone: +49 (0)40 - 42 30 11-0
E-Mail: dataprotection.eu@yogiproducts.com