Name and contact of the person responsible pursuant to Article 4 (7) GDPR (General Data Protection Regulation)
Company: La cuisine de Lilly – Lilly Vidaillac
Address: Seestraße 14, 22607 Hamburg
Phone: +49 40 123 345
Security and Protection of Your Personal Data
We consider it our primary task to maintain the confidentiality of the personal data provided by you and to protect it from unauthorized access. We therefore exercise the utmost care and apply state-of-the-art security standards to ensure maximum protection of your personal data.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the provisions of the German Federal Data Protection Act (BDSG). We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by our external service providers.
The legislator requires that personal data be processed lawfully, in good faith and in a manner understandable to the data subject (“lawfulness, fairness, transparency”). To ensure this, we are informing you of the individual legal definitions that are also used in this Privacy Statement:
- Personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or one or more specific characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, is regarded as identifiable.
“Processing” means any operation or set of operations which is carried out in relation to personal data, whether or not by automatic means, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
- Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their future processing.
“Profiling” means any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data cannot be attributed to an identified or identifiable natural person.
- Filing system
“Filing system” means any structured collection of personal data accessible according to specific criteria, whether centralised, decentralised or organised on a functional or geographical basis.
“Controller” means a natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for their nomination may be laid down by Union law or by the law of the Member States.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing.
- Third party
“Third party” means a natural or legal person, public authority, agency or any other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
The data subject’s “consent” means any freely given, specific, informed and unambiguous expression of his or her will, in the form of a statement or other unambiguous affirmative act, by which the data subject indicates his or her consent to the processing of his or her personal data