Privacy policy


This policy explains what personal data we collect when you use our website. Personal data is any data that relates to you personally, e.g. your name, address, email address, user behaviour. We have taken comprehensive technical and operational safety precautions to protect your data from accidental or deliberate manipulation, loss, destruction or unauthorised access. Our security procedures are regularly reviewed and updated in line with technological developments.


You can contact our data protection officer by emailing  datenschutz[at] or by sending a letter addressed to the data protection officer to our postal address


You have the following rights in relation to us as regards your personal data:


Provided the statutory requirements are met, you have the following rights: right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), object to processing (Art. 21 GDPR) and data portability (Art. 20 GDPR). If data is processed on the basis of your consent, you have the right to withdraw this consent with future effect.


As per Art. 21(1) GDPR, you have the right to object to your personal data being processed on the grounds of Art. 6(1)(e) GDPR (data processing in the public interest) or Art. 6(1)(f) GDPR (data processing for the purpose of a legitimate interest) for reasons relating to your particular situation. This also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can  demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.


If we process your personal data for the purpose of direct marketing, you have the right as per Art. 21(2) GDPR to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.


You also have the right to complain to a relevant data protection authority about our processing of your personal data.


When the websites are used for purely informative purposes, i.e. you do not register or send us information in any other way, we only collect the personal data which your browser sends to our server. If you choose to look at our websites, we collect the following data. This is necessary for technical reasons to enable us to display our websites to you and to ensure stability and security. The legal basis for this is Art. 6(1)(f) GDPR:

IP address, date and time of the enquiry, time zone difference from Greenwich Mean Time (GMT), content of the request (concrete page), access status/HTTP status code, volume of data transferred, referrer website, browser, operating system and its interface, language and version of the browser software.


If you contact us by email, using a contact form or by telephone, the data you provide (your email address and, if applicable, your name and telephone number) are stored by us for the purpose of answering your questions. The legal basis for this is Art. 6(1)(1)(f) GDPR. Our legitimate interest lies in conducting our business activities. The details needed for us to respond to your query are shown as being mandatory. If we request details via our contact form which are not essential for us to contact you, these are always shown as being optional. These details provide more information about your query and help us handle your request better. This information is explicitly provided on a voluntary basis and with your consent as per Art. 6(1)(a) GDPR. If these details relate to communication channels (such as an email address or telephone number), you also consent to us contacting you via this communication channel to respond to your query. You can, of course, withdraw your consent at any time with future effect.

We will delete the data collected in this way when it is no longer necessary to store it, or restrict its processing if there are legal requirements to retain it. 


When you enter competitions, we collect data which is necessary for the running of the competition. This usually comprises your individual competition entry (e.g. a comment or photo), name and contact details. We may share this data with our competition partners, e.g. to send you a prize. Data processing and sharing may vary from competition to competition, so it is described in concrete terms in the relevant terms and conditions of entry. Entering a competition and providing the associated data is, of course, voluntary. The legal basis for data processing is Art. 6(1)(b) GDPR. We will delete the data collected in this way when it is no longer necessary to store it, or restrict its processing if there are legal requirements to retain it.


You can apply for a job at our company electronically, in particular by email or by using an online form. We will only use your details to process your application and will not share them with third parties. Please note that it may be possible for unauthorised third parties to access emails which are sent without encryption.

If you apply for a particular position which has already been filled or if we consider you to be equally (or more) suitable for a different position, we would like to forward your application within the company.

Your application will only be forwarded if you have given your prior consent to this. Your personal data will be deleted as soon as the application process has been completed or after a maximum of six months unless you have explicitly consented to a longer retention period for your data or a contract has been concluded. The legal basis is Art. 6(1)(a),(b) and (f) GDPR and Sec. 26 of the Federal Data Protection Act (BDSG).


When you use the website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive by your chosen browser. They are used to send certain information to the website which places the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to improve websites’ overall user-friendliness and effectiveness. We also use cookies to identify you on subsequent visits if you have an account with us. Otherwise, you would have to log in each time you visited.

This website uses the following types of cookie whose purposes are explained below along with the way in which they work


These cookies are automatically deleted when you close the browser. Session cookies are one of the main types. These store a session ID which allows your browser’s various requests to be allocated to a single session. This makes it possible to recognise your computer if you return to our website. Session cookies are deleted when you log out or close your browser


These cookies are automatically deleted after a certain period of time, which may vary depending on the cookie. You can delete cookies at any time via your browser’s security settings.


The Flash cookies we use collect information via your Flash plug-in instead of through your browser. We also use HTML5 storage objects which are saved on your device. These objects save the necessary data regardless of which browser you use and do not have an automatic expiry date. If you want to opt out of Flash cookies, you need to install a corresponding add-on, e.g. ‘Better Privacy’ for Mozilla Firefox ( or the Adobe Flash killer cookie for Google Chrome. You can prevent HTML5 storage objects from being used by selecting private mode in your browser. We also recommend that you manually delete your cookies and browsing history on a regular basis.


You can configure your browser settings in line with your preferences and reject third-party cookies or all cookies, for example. Please note that you may not be able to use all the features of our websites if you do this.


The legal basis for any processing of personal data and the data retention period vary and are set out below.


We use various services as set out below to analyse and optimise our websites. These allow us, for instance, to analyse how many users visit our website, which information users are most interested in, or how users find our site. The data we collect includes the referrer website, which subpages of the website are accessed, or how often and for how long a subpage is viewed. This helps us to improve our sites and make them user-friendly. The data collected is not used to identify individual visitors personally. We only collect anonymous or pseudonymised data.


If you have given your consent, this website uses Google Analytics, a Web analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). In the EU, this service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).

Google Analytics uses cookies which make it possible to analyse how you use our websites. The information collected by the cookies about your use of this website is usually transmitted to and stored by Google on a server in the United States.

We use IP anonymisation (also known as IP masking). Because IP anonymisation has been activated on this website, your IP address will be truncated by Google within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area (EEA). Only in exceptional cases will the whole IP address be transferred to a Google server in the USA first and truncated there. The IP address shared by your browser in connection with Google Analytics will not be associated with any other data held by Google.

The data collected when you visit the website includes:

  • the pages you access, known as your ‘clickstream’
  • the attainment of website targets (conversions, e.g. newsletter subscriptions, downloads, purchases)
  • your user behaviour (e.g. clicks, dwell time, bounce rates)
  • your approximate location (region)
  • your IP address (truncated)
  • technical information about your browser and the devices you use (e.g. language settings, screen resolution)
  • your internet service provider
  • the referrer URL (the website/marketing which you accessed prior to visiting this website)

Purposes of processing

On behalf of the operator of this website, Google will use this information to evaluate your (pseudonymised) use of the website and to compile reports about website activity. The reports provided by Google Analytics serve to analyse our website’s performance and the success of our marketing campaigns.


The recipient of the data is

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

which acts as the processor. We have entered into a data processing agreement with Google for this purpose. Google LLC based in California, USA, can access the data stored by Google, which may also be accessed by US authorities.

Third-country transfer

It is impossible to rule out personal data being transferred to the USA. In the USA, your personal data is not protected by the same high standards as apply to the processing of personal data in the EU. Personal data will only be transferred to the USA if you have consented to the use of this service.

Retention period

The data sent by us and associated with cookies is automatically erased after 14 months. Data which has reached the end of its retention period is automatically deleted once a month.

You can also prevent data generated by the cookie about your use of the website (incl. your IP address) from being captured and transferred to Google and prevent Google from processing this data by

  • rejecting cookies or
  • downloading and installing the browser add-on to disable Google Analytics here.

Alternatively, you can prevent cookies from being stored by adjusting your browser settings. However, if you configure your browser to reject all cookies, the functionality of this and other websites may be restricted.

Legal basis and right to revocation

The legal basis for the processing of your personal data is your consent as per Art. 6(1)(a) GDPR. You can withdraw your consent at any time with future effect by going to the cookie settings  and changing your preferences

Further information about the terms and conditions of use for Google Analytics and Google’s privacy policy is available at and


We have an interest in providing you with a wide-ranging, multimedia information offering. For that reason, we integrate videos from YouTube (YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA). The legal basis for this is your consent as per Art. 6(1)(a) GDPR.

The videos are incorporated in privacy-enhanced mode, also known as a no-cookie solution. This means that YouTube only sets cookies and pixel tags to personalise marketing and search results when you play a video.

When you play a YouTube video, the following data is transmitted to Google as the YouTube operator:

  • the IP address
  • the specific address of the page you request on our site
  • the browser ID transmitted
  • the system date and time of the request
  • existing cookies which can be used to identify your specific browser.

Google is solely responsible for this data processing as the operator of YouTube. Further information is available here.

Please note that Google may receive additional data via cookies which have already been stored on your device. We have no control over the extent to which this is utilised by Google. You can find the YouTube privacy policy here.

It is impossible to rule out personal data being transferred to the USA. In the USA, your personal data is not protected by the same high standards as apply to the processing of personal data in the EU. Personal data will only be transferred to the USA if you have consented to the use of this service.


We use the ‘CookieConsent’ service from Cookiebot to obtain and manage the necessary declarations of consent. This service allows us to obtain and save the necessary declarations of consent for data to be processed by certain applications and/or cookies set by certain applications in line with the legal requirements. The use of this service and the cookies set by this service are strictly necessary for technical reasons for the lawful operation of our website.

The legal basis for data processing is our legitimate interest as per Art. 6(1)(f) GDPR. Our legitimate interest lies in fulfilling the legal requirements.

A declaration of consent submitted via this service is usually stored until such time as you revoke it. Notice revoking previous consent is usually stored for three years.


This privacy policy only applies to our website. However, you will also find us on other online platforms. This enables us to make contact with customers and/or prospects who are active in such networks and inform them about the services we offer. The legal basis for processing your data is therefore our legitimate interest in communicating effectively with you as per Art. 6(1)(f) GDPR. Data which we receive within these online platforms when users write messages to us or communicate with us in any other way within these social networks is processed by us as set out in this privacy policy.

Cookies are usually stored on your computer to enable the platforms to provide their services to you. Data is regularly processed by the providers of online platforms for market research and marketing purposes as well. To this end, cookies are stored on your computer so that usage profiles can be produced to tailor advertising to your interests. In addition to session cookies, which are deleted when your browser is closed, persistent cookies are often used which remain on your computer until such time as they expire or you delete them. You can adjust your general browser settings to select how or whether your browser accepts cookies. Further information about how to adjust these settings is available at: 

Internet Explorer:

Facebook states that it sets cookies for the purposes of authentication, security, website and product integrity, marketing and measurement, website features and services, performance, and analysis and research. You can find detailed information about how Facebook uses cookies at  If you visit us via an online platform of this kind, it is possible that your data will also be processed outside the EU. The provider of the respective platform undertakes to comply with EU data protection standards. Facebook is certified under the EU-US Privacy Shield, amongst others.


If you wish to assert your rights as a user, please note that the most effective way to do this is to contact the provider of the platform directly. The provider can give you information and take action fastest because they have access to the data. Further information about how Facebook processes your data is available at:


We will not share your data with third parties unless we have a legal obligation to do so, it is necessary to forward data to perform a contract, or you have explicitly given your prior consent to your data being shared.

External service providers or partner firms – such as online payment providers or hauliers charged with delivering goods – are only giving your data to the extent that this is necessary to complete your order. In such cases, only the minimum amount of necessary data is shared. If our service providers come into contact with your personal data, we ensure as per Art. 28 GDPR that they likewise comply with the requirements of data protection legislation as processors. Please also refer to the respective provider’s privacy policy.

Although we take reasonable steps to check that services comply with the legal requirements, the content of third-party services remains the responsibility of the respective provider. It is important to us that your data is processed within the EU or the EEA. However, in some cases we may use service providers who process data outside the EU or the EEA. In these cases, we ensure that the recipient maintains an appropriate level of data protection before we share your personal data. This means that EU standard agreements or an adequacy decision, e.g. on the EU-US Privacy Shield, are in place to achieve a level of data protection which is comparable to standards within the EU.


We have taken comprehensive technical and operational safety precautions to protect your data from accidental or deliberate manipulation, loss, destruction or unauthorised access. Our security procedures are regularly reviewed and updated in line with technological developments.


Our websites may contain links to other providers’ websites. Please note that this privacy policy only applies to the websites of Harry-Brot GmbH. We do not have any influence over third-party websites and do not check whether other providers comply with the relevant data protection regulations


We reserve the right to amend or adjust this privacy policy at any time in compliance with the applicable data protection regulations

Version dated 15/03/2021