We take data protection seriously

Privacy Policy

Protecting your privacy when processing your personal data is an important issue for us. When you visit our website, our web servers will, by default, save the IP address of your Internet service provider, the referring website, the websites of ours that you visit, as well as the date and duration of your visit. This information is an essential prerequisite for technical transmission of the websites and secure server operation. No personalized evaluation of these data occurs.
We, therefore, process your personal data (in short "data") exclusively on the basis of the statutory provisions. With this data protection declaration, we would like to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Art. 13 of the European Data Protection Basic Regulation (EU DS-GVO).

Office responsible:
Cherry SE
Rosental 7, c/o Mindspace
81677 München
Tel.: +49 9643 2061-0
E-Mail: dsb@cherry.de

1. Which data is processed, and from which sources does this data originate?

We process the data which we have received from you within the scope of service processing, contract initiation or processing, on the basis of your consent or within the scope of your application to us or within the scope of your employment with us.

Personal data includes:

  • Your master/contact data for customers; this includes e.g., first and last name, address, contact data (e-mail address, telephone number, fax), bank data, image recordings
  • Data that we generate ourselves from master/contact data and other data, e.g., by means of customer needs and customer potential analyses
  • The documentation of your declaration of consent for the receipt of e.g., newsletters
  • Photoshoots in the context of events

2. Personal data

Personal data are data about your identity. These include your name, your address and your e-mail address. You do not need to reveal any personal data in order to be able to visit our website. In a number of cases, we will require your name and address, along with other information, in order to be able to offer you the service you require.

The same applies in the event of a request for delivery of information material, or a response to your inquiries. In these cases, we will always advise you of this. Furthermore, we only save the data that you sent us automatically or voluntarily. When you use one of our services, we generally only collect the data that are necessary to be able to offer you our services. We might ask you for further information; however, you are under no obligation to provide it. Whenever we process personal data, we do so in order to be able to offer you our services, or in order to pursue our commercial interests.

Applicants and employees include, for example, first and last name, address, contact details (e-mail address, telephone number, fax), data of birth, data from CV and employment certificates, bank details, religious, affiliation, image recordings.

For business partners, this includes, for example, the name of their legal representative, company, commercial register number, VAT number, company number, address, contact details (e-mail address, telephone number, fax), bank details.

For trade fair visitors, this includes, for example, first and last name, address, contact details (e-mail address, telephone number, fax).

Visitors to our company include their name and signature.

For journalists, this includes first and last name, e-mail address, fax number.

For lottery participants, this includes first and last name, address, e-mail address.

3. For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the Basic Data Protection Regulation (DS-GVO) and the Federal Data Protection Act 2018 as amended:

  • To fulfill (pre-)contractual obligations (Art. 6 Para. 1 lit. b DS-GVO)::
    Your data is processed online or in one of our branches for the purpose of contract processing, for the purpose of contract processing of your employees in our company. The data is processed in particular for business initiation and for the execution of contracts with you.
  • To fulfill legal obligations (Art. 6 Para. 1 lit.c DS-GVO):
    Processing of your data is necessary for the purpose of fulfilling different legal obligations, e.g., from the commercial code or the tax code.
  • To safeguard legitimate interests (Art. 6 (1) (f) DS-GVO):
    Due to a balancing of interests, data processing beyond the actual fulfilment of the contract may take place in order to safeguard legitimate interests of us or third parties. Data processing for the protection of legitimate interests takes place, for example, in the following cases:
    - Advertising or marketing (see point 5)
    - Measures for the business control and further development of services and products;
    - Lead a group-wide customer database to improve customer service
    - In the context of legal action
    - Sending non-promotional information and press releases.
  • in the context of your consent (Art 6 para. 1lit.a DSGVO):
    If you have given us consent to the processing of your data, i.e., for sending our newsletter, publishing photos, competitions, etc.

4. Automatically stored data

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transfer, file not found, etc.)
  • Used web browser and used operating system
  • Full IP address of the requesting computer
  • Transferred amount of data


There is no merging of data with other data sources. The processing is carried out in accourdance with Art. 6 para. 1 lit. f DSGVO based on our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to ward off attacks on our web server, we store this data for a short time. A conclusion to individual persons is not possible on the basis of this data. After seven days at the latest, the data is anonymised by shortening the IP address at the domain level so that it is no longer possible to relate to the individual user. In anonymous form, the data is also processed for statistical purposes; a comparison with other databases or a transfer to third parties, even in excerpts, does not take place. Only in the context of our server statistics, which we publish every two years in our activity report, is a representation of the number of page views instead.

5. Processing of personal data for advertising purposes

You may object to the use of your personal data for advertising purposes at all times or for individual measures without incurring any costs other than the transmission costs according to the basic rates.

Under the legal requirements of § 7 Abs.3 UWG, we are entitled to use the e-mail address you provided when signing the contract for direct advertising for your own similar goods or services. These product recommendations are provided by us, regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations by e-mail from us, you may object to the use of your address for this purpose at any time without incurring any costs other than the base rate transmission costs. A communication in text form is sufficient. Of course, every e-mail always includes an unsubscribe link.

6. Who receives my data?

If we use a service provider for order processing, we will still be responsible for protecting your data. All processors are contractually obliged to treat your data confidentially and to process it only as part of the provision of services. The processors commissioned by us will receive your data if they need the data to fulfil their respective performance. These are, i.e., IT service providers we need for the operation and security of our IT system as well as advertising and address publishers of our own promotions.

Your data will be processed in our customer database. The customer database supports the enhancement of data quality of existing customer data (duplicate cleaning, warped/deceased licensing, address correction), and allows enrichment with data from public sources.

The data is provided to the group companies if necessary for the execution of the contract. The storage of customer data is company-related and separate, whereby our parent company acts as a service provider for the individual participating companies.

In the event of a legal obligation and in the context of legal action, authorities and courts as well as external auditors may be the recipients of your data.

In addition, insurance, banks, credit bureaus, and service providers may be recipients of your information for the purpose of contract initiation and fulfilment.

7. How long will my data be stored?

We process your data until the termination of the business relationship or until expiry of the applicable statutory retention periods (for example, from the Commercial Code, the Tax Code, or the Working Hours Act); in addition, until the termination of any legal disputes in which the data is required as proof.

8. Is personal data transmitted to a third country?

Transmission in individual cases will only take place on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.

8.1. sentry.io

We use Sentry, a failure analysis service. This service is provided by Functional Software Inc, 132 Hawthorne StreetSan Francisco, California 94107, USA ("Sentry"). 

ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be excluded.

To ensure the technical stability of our services, Sentry is used to log system errors. The information generated by Sentry is generally transferred to and stored on a Sentry server in the USA. Sentry has submitted to the EU's standard contractual clauses for this purpose. The data is stored for a maximum of 90 days and then deleted without residue. The data is processed on the basis of our legitimate interest in accordance with Art. 6 paragraph 1 lit f GDPR.

In order to carry out the error analysis, we have concluded a processing agreement with Sentry in accordance with Art 28 GDPR. Sentry's terms of use and privacy policy can be found at: https://sentry.io/privacy/.

9. Cookies

Cookie settings

When you visit our websites, we might save information on your computer in the form of cookies. Cookies are small files that are sent to your browser by an Internet server, and are saved to the computer's hard disk. The legal basis for the use of cookies is described in Article 6, Paragraph 1, Point (f) of the GDPR.

This only involves saving the Internet protocol address – no other personal data are saved. The information that is saved in the cookies allows your next visit to our website to be recognized automatically, which makes it easier for you to use it. Of course, you can also visit our websites without accepting cookies. If you do not wish your computer to be recognized the next time you visit our website, you can also prevent the use of cookies by changing the settings in your browser to “Do not accept cookies”. The respective procedure can be found in the user guide to your respective browser. If you prevent cookies from being used, this may limit the functionality of some sections of our websites.

9.1 Google Analytics Disclaimer

We use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereafter "Google". Google Analytics uses so-called "cookies", text files that are stored on your computer and thus allow an analysis of the use of the website by you
The information generated by these cookies, such as the time, location and frequency of your website visit, including your IP address, is transmitted to Google in the United States and stored there.
We use Google Analytics on our website with the addition "_gat._anonymizeIp". In this case, your IP address will already be shortened and thus anonymized by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Google will use this information to evaluate your use of our site, to compile reports on our website activity, and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google.
Google does not claim to link your IP address to any other data provided by Google. You can prevent the installation of cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to use all functions of our website fully.

In addition, Google offers a deactivation add-on for the most popular browsers, giving you more control over what Google collects about the sites you visit. The add-on informs the JavaScript (ga.js) of Google Analytics that no website visit information should be transmitted to Google Analytics. However, the Google Analytics Disable Add-on does not prevent data from being transmitted to us or any other web analytics services we may use. Further information on the installation of the browser add-on is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en

If you visit our site via a mobile device (smartphone or tablet), you must instead click this link to prevent tracking by Google Analytics within this website in the future. This is also possible as an alternative to the above browser add-on. Clicking on the link places an opt-out cookie in your browser that is valid only for this browser and this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted, so you will have to click the link again
If you've consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalize your ads, Google will use your data along with Google Analytics data to create audience lists for cross-device remarketing. To do this, Google Analytics will initially track your Google-authenticated ID associated with your Google Account (that is, personally identifiable information) on our website. Afterwards, Google Analytics will temporarily link your ID with your Google Analytics data to optimize our audiences

If you do not agree, you can opt-out of this through the "My Account" section of your Google Account.

9.2 Google Tag Manager

This website uses the Google Tag Manager with IP anonymization. The Tag Manager does not collect personal data. The tool initiates other tags that record data in some circumstances. The Google Tag Manager does not access these data. If deactivation takes place at domain or cookie level, this remains the case for all tracking tags that are implemented with Google Tag Manager, You can find the data protection policy of Google for this tool here: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

10. Security

We have taken technical and administrative precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All of our employees, as well as service providers that work for us, are obliged to comply with the data protection laws in force.

Whenever we collect and process personal data, they are encrypted before transmission. This means that your data cannot be misused by third parties. Our security precautions are subject to a continual improvement process and our data protection declarations are regularly updated. Please make sure that you have the latest version.

11. YouTube in enhanced privacy mode

We use the provider YouTube to embed videos. The videos were embedded in the extended data protection mode. But like most website, YouTube also uses cookies to collect information about visitors to its website. YouTube uses these to capture video statistics, prevent fraud, and improve usability.

It will also connect to the Google DoubleClick network. Starting the video could trigger more data processing. We have no influence on that. For more information about privacy at YouTube, please see their privacy policy at: http://www.youtube.com/t/privacy_at_youtube

12. Which data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right of objection to the processing as well as a right to data portability and to a complaint in accordance with the requirements of data protection law.

Right to information:
You can ask us for information as to whether and to what extent we process your data.

Right to rectification:
If we process your data thtat is incomplete or incorrect, you may at any time ask for their correction or completion.

Right to cancellation:
You may request deletion of your data from us if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons opposing an immediate deletion, i.e., in the case of legally regulated storage requirements.
Regardless of your right to cancellation, we will immediately and completely erase your data, unless there is a legal obligation to deal with or comply with the law.

Right to restriction of processing:
You may require us to restrict the processing of your data if:

  • You deny the accuracy of the data for a period that allows us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you reject a deletion and instead require a restriction of data usage,
  • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
  • You have objected to the processing of the data.


Right to data portability:

You may require us to provide you with the information you have provided to us in a structured, common and machine-readable format and that you may transfer that information to another person without hindrance, provided that:

  • we process this data based on a consent given or revocable by you or for the performance of a contract between us, and
  • this processing is done using automated procedures.

If technically feasible, you may require us to transfer your data directly to another person in charge.

Right to object:
If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to a profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims. You can object to the processing of your data for the purpose of direct mail at any time without stating reasons.

Right of appeal:
If you believe that we violate German or European data protection laws when processing your data, we ask you to contact us to have your questions clarified. Of course, you also have the right to contact the supervisory authority responsible for you, the respective State Office for Data Protection Supervision. If you want to assert one of the mentioned rights against us, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity.

13. Am I required to provide data?

The processing of your data is necessary to conclude or fulfil your contract with us. If you do not provide us with this data, we will generally have to refuse to finish-out the contract or be unable to complete an existing contract and consequently terminate it. However, you are not obliged to give your consent to the processing of data that is not relevant or legally required for the fulfilment of the contract.

14. Changes to this data protection declaration

We reserve the right to change our data protection declaration should this prove necessary due to new technologies. Please make sure that you have the latest version. If significant changes are made to this data protection declaration, then we will provide notice of this on our website.

All interested parties and visitors to our websites with questions related to data protection can contact:

Mr Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: dsb@cherry.de


Date: May 2020

Privacy Policy for Newsletter Marketing

Information on data protection pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

We have taken privacy very seriously, and we also have information in our newsletter regarding customer data („data“). We hereby inform you how we process and work with your data.

1. Responsible body and data protection officer:

Responsible body:

Cherry SE
Rosental 7, c/o Mindspace
81677 München
Tel.: +49 9643 2061-0
E-Mail: dsb@cherry.de

Contact details of our data protection officers:

Herrn Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: dsb@cherry.de

2. Categories of data in newsletter marketing:

  • Personal data: name, address, telephone number, e-mail
  • Advertising and sales data: e.g., product interest

3. Processing purposes:

a) Processing effort is the indication given in the order of a message dispatch; This means that the data you need will be associated with the email address.

b) In addition, we may also use your information for the following purposes:

  • measures to further develop services and products;
  • reporting for the success control of the measures taken over time;
  • reviewing and optimising needs analysis, benchmarking;
  • disclosure of personal data in due diligence;
  • attraction of our data (e.g., use/research of publicly available data);
  • use for system development/development of test systems;
  • assert legal rights and legality in lawful circumstances;
  • advancement developed system and processes;
  • internal and external investigations, security checks;
  • advertising or marketing,
  • Sending our newsletter, publishing photos, competitions, etc.

4. Legal basis:

The sending of the newsletter in accordance with section 3 a) follows on the basis of your consent in accordance with article 5, paragraph 1 lit. f DSVGO.
The further processing operations in Section 3 b) are based on a balance of interests in favour of CHERRY. From a technical point of view, we evaluate the efficiency and attractiveness of our newsletter so that in the future we will only be able to provide you with product recommendations that are of interest to you. Since no sensitive personal data are used in this case and, as a rule, only evaluations are made at an aggregated, non-personal level, data processing can be assessed as a legitimate interest at this point.

5. Recipients or categories of recipients of your data:

Has access to your data only to the extent necessary to achieve the purpose according to the internal distribution of tasks. Internally, only those departments and employees are granted access to your data, which requires access.

Service provider:
We have turned on service providers who, as processors, have access to your data and process it for specific purposes specified by us. These processors can be marketing providers, website hosting service providers, IT support service providers or website analysis service providers.

Third parties:
We may share your information with government agencies, outside consultants, business partners or courts, if necessary.

International data transmission:
Although all recipients are currently located within the EU/EEA, you must expect recipients to be located in a non-EU/EEA country that does not offer a level of data protection that is adequate compared to the European level of data protection. In particular, service providers can in the future can be located in the USA. In this case, CHERRY will either select service providers certified under the US-EU Privacy Shield Program (Article 45 (1) GDPR) or agree with CHERRY the EU standard contractual clauses as approved by the EU Commission (Art. 46 paragraph 2 (c) or (d) GDPR).

Insofar as we commission service providers within the scope of order processing, your data will be subject to the security standards specified by us in order to adequately protect their data.

6. Duration of storage of your data:

We process and store your data in principle for the duration of your consent.

7. Processing of your data in a third country or by an international organization:

Transmission in individual cases will only take place on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.

8. Your privacy rights:

Under certain conditions, you can assert your privacy rights with us

  • Right to information, correction and deletion of your data stored by us according to articles 15, 16, 17 DSGVO; A deletion may take place, if other legal regulations (e.g., legal storage obligations or the restrictions according to the § 35 BDSG) or a predominant interest on our part (e.g., for the defense of our rights and claims) do not oppose this;
  • Right to restriction of data processing according to Article 18 GDPR,
  • Right of objection according to Article 21 GDPR,
  • Right to portability of your data according to Article 20 GDPR.

Furthermore, you have a right of appeal to a data protection supervisory authority (Article 77 DSGVO). However, we recommend always directing a complaint to our data protection officer to ensure a faster resolution of your concerns.

Your requests for the exercise of their rights should, if possible, be sent in writing to the above-mentioned address or directly to our data protection officer.

9. Scope of your obligations to provide us with your data:

There is no legal obligation to provide your data to CHERRY.
However, you will not receive newsletters if you do not provide us with your data and the corresponding consent. The provision of your data is entirely voluntary. If you do not provide your data, you will not face any legal consequences.

10. Automated decision-making in individual cases (including profiling):

We do not use purely automated decision-making procedures under Article 22 GDPR. Insofar as we should use such a procedure in individual cases in the future, we will inform you separately if this is required by law.
Information about your right to object Article 21 GDPR
You have the right to object at any time to the processing of your data, which takes place on the basis of Article 6 (1) of the GDPR (data processing base on a balance of interest) or Article 6 (1) of the GDPR (data processing based on a balance of interests) or Article 6 (1) (DSGVO) (Data Processing in the Public Interest). However, the prerequisite is that there are reasons for your objection that arise from your particular personal situation. This also applies to a profiling base on this provision within the meaning of Article 4 No. 4 DSGVO.
If you object, we will no longer process your personal information unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

We will no longer process your data for newsletter advertising purposed if you object to the processing for this purpose.

The opposition can be sent to above mentioned address at any time.


Date: May 2020