Privacy Statement

1    Introduction

We are providing this information to give you an overview about how Soil & More Impacts GmbH processes your personal data, and about the rights you have under data protection law. It is generally possible to use our website without also entering personal data. However, if you perhaps disclose personal data via our website, if you are in contact with our company regarding a business matter, or – as the business partner of our customers – you have completed one of our questionnaires, it may be necessary for us to process additional personal data.
The processing of personal data, such as your name, your address or email address, is always performed in accordance with the applicable data protection laws, especially the General Data Protection Regulation (GDPR). With this Privacy Statement, we are seeking to make the situation transparent for you, and to inform you particularly about the legal basis, scope and purpose of the personal data we process, and about your rights depending on the context in which this data is processed.

2    Responsibility (data controller)

The data controller as defined by the GDPR is:
Soil & More Impacts GmbH
Buttstr. 3
22767 Hamburg
email: info@soilandmore.com

3    Data Protection Officer

You can contact our Data Protection Officer as follows:
email: dsb@secjur.com
Telephone: +49 941 569 550 20
You can contact our Data Protection Officer directly at any time for any questions and suggestions you have regarding data protection, and to exercise your rights under the data protection law (see below).

4    The data recorded when you visit our website

If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data your browser relays to our server (in “server log files”). Our server collects a range of general data and information each time you access any page. This general data and information are stored in the server’s log files. The information captured may include

  • the browser types and versions used,
  • the operating system used by the computer making access,
  • the website from which an accessing system contacts our website (“referrer”),
  • the sub-pages accessed via system that accesses our website,
  • the date and time of the website access,
  • truncated internet protocol address (anonymised IP address) and
  • the internet service provider of the system making access.

We do not draw any conclusions about you when using this general data and information.  This information is instead needed

  • to allow us to properly deliver our website content,
  • to optimise the content and marketing of our website,
  • to ensure the continuous functioning of our IT systems and our website’s technology as well as to
  • provide the information necessary for law enforcement authorities in the prosecution of cyber-attacks.

The legal basis by which we process data is our overriding legitimate interest pursuant to Art. 6 (1) Sentence 1 (f) GDPR.  We have a legitimate interest in delivering our online service in a technically flawless manner.
The log files will be erased within 30 days at the latest.

5    How we process the data you provide to us?

5.1    Business contacts / questionnaires
We record your general contact details (name, email address, telephone number, business address, position) if we are in business-related contact with your company. We will also collect this data if you complete a questionnaire as the business partner of our customers (e.g. for our SMImonitor service).
The purpose of processing this data is to make contact if this is necessary for business reasons or other reasons, for example if there are any queries regarding the data you have entered into the questionnaire.
We store and use the data provided by you based on our overriding legal interests pursuant to Art. 6 (1) Sentence 1 (f) GDPR, in (business-related) communications with the relevant correct contact persons.
After the applicable business relationship has conclusively ended, your data will be blocked while observing relevant tax and commercial law retention regulations, and erased at the latest when these time limits expire.
5.2    Making contact / contact form
Personal data will be collected when you contact us (e.g. by contact form or email). The data collected in the case of a contact form, will be identified on the contact form in question.
This data will be stored and used solely for the purpose of responding to your query or for making contact, and for the technical administration that this entails.
The legal basis for processing the data is our legitimate interest in responding to your query pursuant to Art. 6 (1) (f) GDPR. If you are contacting the aim of concluding a contract, then Art. 6 (1) (b) GDPR provides an additional legal basis for the data processing.
Once your inquiry has been conclusively resolved, your personal data will be erased; this will be the case if circumstances indicate that the relevant matter has been conclusively clarified, and insofar as there are no statutory retention obligations to the contrary.
5.3    Management of job applications / job market
You can submit a job application to us. The personal information in your job application documents may be processed electronically if you submit your application to us by email or by using a web form provided on our website.
We collect and process the personal data of applicants for the purpose of conducting the job application process. If we conclude an employment contract with applicants, the data provided will be stored for the purpose of conducting the employment relationship in compliance with the legal requirements.
The legal basis for processing the data of job applicants is the processing of data for the purposes of the employment relationship in accordance with Section 26 German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
If no employment contract is concluded with the applicant, the job application documents shall be automatically erased six months after notification of the rejection, provided we have no other overriding legitimate interests that are contrary to the data erasure. Another example of a legitimate interest in this relation is a burden of proof in a procedure pursuant to the General Equal Treatment Act (Gleichbehandlungsgesetz, AGG). The data processing will then take place solely on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
5.4    Newsletter subscription
If you have registered on our website to receive our newsletter, we will process your personal data to keep your updated with news about our company.
This type of data processing is based on your consent pursuant to Art. 6 (1) Sentence 1 (a) GDPR, which you issued to us when you registered for the newsletter. You can withdraw this consent at any time with future effect.
The data necessary for sending the newsletter will be stored until such time that you cancel your newsletter subscription (meaning you withdraw your consent).
5.5    Newsletter for existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for goods or services in our range similar to those already purchased.
The data processing in this case will take place solely on the basis of our legitimate interest in delivering direct marketing pursuant to Art. 6 (1) (f) GDPR. If, at the outset, you refused consent to the use of your email address for this purpose, we will not send you emails. You are entitled, at any time, to object to the use of your email address for the aforementioned marketing purposes with future effect. To do so, please notify the data controller named at the top. We will promptly cease using your email address for marketing purposes once we have received your objection.

6 Cookies

Our offer uses cookies. These are text files that are stored on your computer.
Cookies can be used to collect and process personal data. The legal basis for this processing depends in each case on whether the cookie is absolutely necessary for the functioning or not. The data processed by cookies that are required for the proper functioning of the website are necessary to safeguard this legitimate interest pursuant to Art. 6 (1) p. 1 lit. f DSGVO. For all other cookies, you can give your consent to this within the meaning of Art. 6 para. 1 lit. a DSGVO via our cookie banner. You can revoke this consent at any time with effect for the future. The settings for cookies can also be managed in the cookie settings of your browser.
This website uses the cookie banner Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents. (The Borlabs Cookie company does not receive any personal data.) For more information on the processing purposes, storage period and recipients of the data stored in the cookies, please refer to our Cookie Banner.
The cookie in the cookie banner stores the consent you gave when you entered the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.

7    Our social media activities

To allow us to communicate with you on social networks and inform you about our services, we run our own pages on these networks. If you visit one of our social media pages, we and the relevant social media network provider are deemed to be “joint controllers” within the definition of Art. 26 GDPR, with regard to the processing operations triggered in relation to personal data.
We are not the provider of this platform, but instead only use it within the scope of the options provided to us by the respective providers. Therefore, as a precaution we make clear that your data may also be processed outside of the EU and the EEA. Any such use may therefore entail data protection risks for you, because the safeguarding of your rights, such as your rights to information, erasure, objection, etc., could be hampered, and data processing via social networks is frequently directly performed for the purposes of advertising, or for user behaviour analyses conducted by network providers, and over which we have no control.  If the provider creates user profiles, cookies are often used, or user behaviour may be directly attributed to your own member profile on the respective social network (if you are logged into it).
Our legal basis for operating the fan page is Art. 6 (1) Sentence 1 (f) GDPR, our legitimate interest in communicating with you in a contemporary manner and means, and to inform you of new developments. If you are required to issue your consent to the respective providers to process your data as a user, the legal basis for this processing is Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR.
Because we are unable to access the data inventories of these providers, please be informed that the best means of exercising your rights (e.g. the right to information, rectification, erasure, etc.) is vis-á-vis the respective provider directly. We have provided further information below on how your data is processed on social networks, and the ways in which you can exercise your right to object or your right to withdraw consent (opt-out) in relation to each of the social network providers we use:
7.1    Facebook
Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Here is the link to Facebook’s Privacy Policy: (https://www.facebook.com/help/568137493302217)
As a fan page operator, we can use “Facebook Insights” provided by Facebook. These are diverse statistics that provide us with an insight into how our Facebook fan page is used. We and Facebook, as the joint controllers within the definition of Art. 26 (1) GDPR, produce these statistics by processing the data you provided (including personal data). We have concluded an agreement with Facebook in accordance with Art. 26 GDPR, and its contents can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum
The legal basis and the purposes of the processing of data by Facebook can be read here: https://www.facebook.com/about/privacy/legal_bases and https://de-de.facebook.com/policy.php
7.2    YouTube
YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy:  https://policies.google.com/privacy
Opt-out and ad settings: https://adssettings.google.com/authenticated
7.3    LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy:
https://www.linkedin.com/legal/privacy-policy
Opt-out and ad settings:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
7.4    Xing
XING SE, Dammtorstraße 30, 20354 Hamburg (XING).
Privacy Policy and opt-out: https://privacy.xing.com/de/datenschutzerklaerung 

8    Your rights as a data subject

You have comprehensive rights regarding how your personal data is processed. Firstly, you have a comprehensive right to information, and you may, in certain circumstances, demand the rectification, and/or erasure and/or blocking of your personal data. You may also demand that the processing be restricted, and you can exercise a right to object as well as a right to data portability. If you would like to exercise one of your rights and/or want to receive further information, you can contact our Data Protection Officer directly. You are also entitled to lodge a complaint with a supervisory authority.

updated: January 2021