Privacy Policy

BDSI Privacy Policy

BDSI Data Protection Notice


Section 1 – Information on Gathering Personal Data

(1) In the following we wish to inform you about the personal data gathered in using our website. Personal data includes all data related to you personally, e.g. name, address, e-mail addresses, user behaviour.

(2) The controller, pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR), is the Association of the German Confectionery Industry (BDSI), Schumannstr. 4?6, 53113 Bonn, Germany (cf. our legal notice). Our data protection officer can be contacted at: Data protection (Datenschutz) c/o Association of the German Confectionery Industry (BDSI), Schumannstraße 4?6, 53113 Bonn, Germany, E-Mail

(3) Our website provides a contact form which you may use to contact us via electronic media. The personal data gathered from the input mask is only processed to help us answer your questions. If you contact us via e-mail, this also verifies the required legitimate interest in the data being processed. If you use this way of contacting us, the data entered into the input mask is transmitted to us and is stored. This data is:

form of address; family name, first name; postal address; e-mail address; phone number; details regarding your expressed interest.

Alternatively you may choose to contact us via the e-mail address we have provided. In this case the personal data provided in your e-mail is stored by us.

The legal basis for this data processing is Art. 6 (1) (a) of the GDPR.

You give us your consent to processing your data as part of the data submission process together with the following text:


“By submitting this message I consent to my contact data being used to contact me a single time for the purpose stated. I may revoke this consent with future effect at any time – including via e-mail sent to:”


We erase the data gathered in this connection as soon as its storage is no longer required or we restrict its processing where statutory record-preserving requirements apply.

Your contact data is stored in a jointly controlled database – within the meaning of Art. 26 of the EU General Data Protection Regulation (GDPR) – this database being shared by the following organisations – the Association of the German Confectionery Industry (BDSI), the German Association for the Promotion of Exports of Chocolate, Confectionery, Biscuits, Snacks, and Ice-cream (German Sweets), the German Cocoa and Chocolate Foundation (Stiftung der Deutschen Kakao- und Schokoladenwirtschaft), the German Confectionery Promotion Company (Süßwarenförderungs-GmbH), the Advisory Board of the International Sweets and Biscuits Fair (AISM), the German Industrial Disputes Support Fund Association (Arbeitskampf-Unterstützungsfonds e.V.), and the German Committee of Industrial Users of Sugar (IZZ).

(4) If we commission service providers to perform individual functions of our service offering or if we wish to use your data for advertising purposes, we shall inform you about the respective activities in detail as subsequently stated. In this connection we shall also state the criteria set for data storage duration.


Section 2 – Legal Basis

Your personal data is processed with your consent or on the basis of statutory permission. In as far as we obtain consent for processing personal data, the legal basis for this data processing is Art. 6 (1) (a) of the GDPR.

In as far as personal data is processed for the purpose of performance of a contract to which you are a contractual party, the legal basis for this data processing is Art. 6 (1) b) of the GDPR. In as far as personal data is processed for the purpose of compliance with a statutory obligation to which we are subject by law, the legal basis for this data processing is Art. 6 (1) (c) of the GDPR. In the event that the vital interests of the data subject or a different natural person make a processing of personal data necessary, the legal basis for this data processing is Art. 6(1) (d) of the GDPR. If such data processing is required to protect our legitimate interests or those of a third party and if your interests, your basic rights and basic freedoms do not override such interests, the legal basis for this data processing is Art. 6 (1) (f) of the GDPR.


Section 3 – Your Rights

(1) You have the following rights with respect to your personal data stored by us:

– right of access to personal data,

– right to correction or erasure of personal data,

– right to restricted processing of personal data,

– right to objection against the processing of personal data,

– right to data portability.

(2) In addition, you have the right to lodge a complaint with a data protection regulatory authority against our processing your personal data.

(3) If you given us your consent to process your personal data, you can revoke this consent at any time – including per e-mail

Such a revocation does not affect the legality of data processing conducted up to that point in time.


Section 4 – Gathering of Your Personal Data when Visiting Our Website

(1) If you are using the website simply for information purposes, i.e. if you do not register or provide us with other information, then we only gather the personal data which your browser transmits to our server. If you wish to look at our website, we gather the following data which we need for technical purposes to show you our website and ensure the stability and security of its use (the legal basis for this being Art. 6 (1) (f) of the GDPR):

– IP address

– date and time of information request

– time difference to Greenwich Mean Time (GMT)

– content of query (concrete web page)

– access status/HTTP status code

– respectively transmitted data volume

– originating web page of the query

– browser

– operating system and its user interface

– language and version of the browser software.

(2) In addition to the aforementioned data, cookies are stored on your device when you use our website. Cookies are small text files which are allocated to the browser you are using and stored on your hard disk, via which certain information is passed on to the cookie-setting entity (in this case us). Cookies cannot execute programs or transfer viruses to your device. They serve the general purpose of making the internet offering more user-friendly and more efficient.

(3) Use of cookies:

a) This website uses the following types of cookies, whose scope and function is explained in the following:

– transient cookies (cf. point b) below)

– persistent cookies (cf. point c) below)

b) Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. The latter store a so-called session ID that allows different requests from your browser to be attributed to the same sessionThis enables your device to be recognised if and when you return to our website. These session cookies are deleted when you log out or close your browser.

c) Persistent cookies are automatically deleted after a preset time which may differ depending on the respective type of cookie. You can delete the cookies at any time by accessing the security settings of your browser.

d) You may configure your browser settings as you wish and, for example, reject third-party cookies or all cookies. Please note that if you do this, you may not be able to use the full functionality of this website.

e) In as far as our processing activities are required, we pass your personal data to the following recipient categories: logistics partners; postal service providers; call centres; IT providers.

Furthermore, we may pass on your personal data to third parties so that we can conclude contracts or offer you similar services in cooperation with our partners.

Your personal data is not transmitted to a third country.


Section 5 – Additional Functions and Offerings on our Website

(1) In addition to using our website for purely informational purposes, we offer various services which you may use should this be of interest to you. Usually this means providing additional personal data which we use to render the respective service and comply with the aforementioned data processing principles.

(2) We partially use external service providers for the purpose of processing your data. These are carefully selected by us and, if their compliance with the statutory data protection standards is verified, they are commissioned by us and are bound by our instructions and regularly subjected to verification checks.


Section 6 – Objection to, or Revocation of, Consent to Our Processing of Your Data

(1) If you give consent to your data being processed, you may revoke this consent at any time. The revocation of your consent affects the extent to which we are permitted to process your personal data after you have issued such a revocation.

(2) In as far as our processing of your personal data is based on the balance of interests, you may lodge an objection to this data processing. This is so if such data processing is, in particular, not required to perform a contract with you, as is respectively explained in the cases described below. When exercising this revocation right, we request that you name the reasons why we should not process your personal data as we do. Once we have received your revocation and the reasons for it, we shall review the circumstances of your case and either cease such data processing, adapt our data processing accordingly, or else name our cogent and legitimate reasons for continuing such data processing.

(3) Naturally you may at any time object to your personal data being processed for advertising and data analysis purposes. You may inform us of your objection to data processing for advertising purposes by mailing us.


Section 7 – Use of Our Web Shop

(1) If you wish to place an order with us in our web shop, this contract can only be concluded if you provide us with your personal data, which we require to duly and properly fulfil your order. Mandatory details for concluding a contract are marked as such, whereas other details are voluntary. To perform the contract with you, we require the following personal data from you to process your order: form of address; company or family name, first name;  postal address; e?mail address; optionally: date of birth; optionally: different delivery address.

We process the data you provide to fulfil your order. In this connection, we may pass your payment data to our company’s bank. The legal basis for this is Art. 6 (1) (b) of the GDPR.

We may also process the data you have given us to inform you about additional interesting products in our portfolio or to send you e?mails containing technical information.

(2) Under commercial law and fiscal law, we are obliged to store your address, payment, and ordering data for a period of 10 years. However, after a period of two years, we restrict the processing of your data, i.e. your data is only used for the purpose of our compliance with statutory obligations.

(3) To prevent unauthorised third-party access to your personal data, especially financial data, the order process is encrypted via TLS technology.


Section 8 – Member Services

(1) Via a login on this website and via the website, you may login to the BDSI Member Services offering. Access to the Member Services offering is exclusively reserved for members of the BDSI and is not public. If you wish to use our portal as an employee of a member company, you will need to register by sending your e-mail address and company details to our corresponding contact address. You will then receive a username and a one-time password which you will need to change after the first login. There is no real-name requirement; a pseudonym may be used. We use a one-time password procedure for the registration process, i.e. your registration is not concluded until you have registered using the temporary password and the username and have subsequently chosen a non-temporary password. In this regard, the aforementioned data is mandatory whereas all additional information may be voluntarily provided in the course of using our portal.

(2) If you use our Membership Services portal, we store your data within the course of your using the portal on the basis of the terms of service until such time as you choose to have your access terminated by mailing us at this e-mail address. What is more, we store your voluntarily provided data for the duration of your use of the portal in as far as you do not previously have these deleted. You may have any of your data changed by mailing us; we do not provide the option of data self-management. The legal basis for this is Art. 6 (1) (f) of the GDPR. Our legitimate interest in this respect lies in the technical safeguarding of the Member Services portal and compliance with its terms of service.

(3) Your portal data is not visible to other users of the BDSI Member Services portal.

(4) To prevent unauthorised third-party access to your personal data, your connection is encrypted via TLS technology.


Section 9 – Use of Matomo (formerly Piwik)

(1) Our website uses the web analysis service Matomo (formerly Piwik) to analyse the usage statistics of our website and enable us to regularly provide improvements. The statistics gathered enable us to improve our offering and make it more interesting to you as a user. The legal basis for using Matomo (formerly Piwik) is Art. 6 (1) (f) of the GDPR.

(2) This analysis requires the storage of cookies (described in greater detail under Section 3) on your device. The controller stores the information gathered in this manner exclusively on a server in Germany. You may discontinue this analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we draw your attention to the fact that you will possibly not be able to use this website to the full extent intended. You can prevent cookies from being stored on your device by selecting the appropriate settings in your browser. You may prevent the use of Matomo (formerly Piwik) by unchecking the following checkbox, thereby activating the opt-out plug-in:

(3) This website uses Matomo (formerly Piwik) with the extension “AnonymizeIP”. This means IP addresses are processed in abbreviated form and hence direct personal traceability can be ruled out. The IP address sent by your browser in connection with Matomo (formerly Piwik) will not be mingled with other data gathered by us.

(4) The Matomo (formerly Piwik) program is an open source project. Data protection information from the third-party service provider is available at

Section 10 – Incorporation of YouTube Videos

(1) We have incorporated YouTube videos in our online offering, stored at, which can be directly played via our website. These are all incorporated in “extended data-protection mode”, i.e. no data of yours as the user is transferred to YouTube if you do not play these videos. Only if you play the videos is the data specified in paragraph 2 transferred. We have no controlling influence over this data transmission.

(2) When you visit the website, YouTube then receives the information that you visited the corresponding subpage of our website. In addition, the data described under Section 3 of this Data Protection Notice is transferred. This happens regardless of whether YouTube provides you with a user account via which you are logged in or whether there is no such user account. If you are logged into Google, your data is directly allocated to your Google account. If you do not want such data to be allocated to your YouTube profile, you must log out before you activate the corresponding button. YouTube stores your data as a user profile and uses it for purposes of advertising, market research, and/or tailor-made configuration of its website. Such an analysis is especially made (even if a user is not logged in) for the purpose of providing tailor-made advertising and in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of such user profiles, but this right can only be asserted by contacting YouTube.

(3) Further information on the purpose and scope of data gathering and its processing by YouTube is contained in Google’s data protection notice. For further information on your corresponding rights and the settings options for protecting your privacy please visit: Google also processes your personal data in the USA and has agreed to the terms and conditions of the EU-US Privacy Shield:


Section 11 – Incorporation of Google Maps

(1) We use the functions of Google Maps, a service provided by Google, on our website. This allows us to display interactive maps directly on our website and enables you to conveniently use the map function.

(2) Cookies are only set if you provide us your consent to do so. The legal basis for this is Art. 6(1)(a) GDPR ('consent'). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

(3) When you visit our website, Google is notified that you have accessed the corresponding subpage of our website. In addition, data referred to in the section 'Collection of personal data when visiting our website' of this privacy notice will be transmitted. This is done regardless of whether you are logged into a Google account or not. If you are logged into a Google account, your information will be directly associated with your account. If you do not wish this information to be associated with your Google profile, you must log out of Google before clicking a button. Google stores your data as usage profiles and uses it for purposes of advertising, market research and/or tailoring its website to your needs. Such evaluation also takes place (even for users who are not logged in) for the purpose of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles; you must contact Google to exercise this right.

(4) For more information about the purpose and scope of data collection and its processing, please refer to the provider's privacy policy. You will find further information on your corresponding rights and options for protecting your privacy at: Google also processes your personal data in the United States and has committed to the EU-US Privacy Shield:


Section 12 – Use of E-Cards

(1) The e-card is a charge-free service offered by the Association of the German Confectionery Industry (BDSI), Schumannstr. 4–6, 53113 Bonn, Germany.

(2) In using this service, the sender (user) undertakes to comply with the following terms of service set by the BDSI:

(3) The e-card shall only be used for sending private messages for private occasions, such as congratulations, greetings, or announcements.

(4) The user shall send the e-card exclusively under his/her real name. Anonymous e-cards shall not be transmitted by the BDSI. Stating a false name, an incomplete name, or the name of a third party is inadmissible.

(5) It is forbidden to send an e-card with illegal content, e.g. containing the use of discriminatory, sexist, abusive, or racist language. In case of infringement, the user undertakes a binding commitment to the BDSI to issue a cease-and-desist declaration under penalty of law and to pay the litigation costs and damages. In addition to this, the user shall hold the BDSI harmless from any and all claims asserted by third parties in this connection.

(6) It is forbidden to use the e-card for commercial purposes or for personal advertising.

(7) Mass use of the e-card is inadmissible. The same applies to the sending of undesired e-cards. Point 5 shall apply correspondingly.

(8) The user may download or print out the e-card for private purposes. Beyond that, however, the creative artists’ copyrights and the BDSI’s exclusive usage rights must be observed.

(9) The respective IP address and e-mail address of the user and the recipient, and the text contents of the cards, are stored when using the e-card service. This only occurs for transmission purposes or in order to inform the user of error reports. For the remainder, the BDSI’s general data protection regulations shall apply. This data is automatically erased after 4 weeks.


Section 13 – Safety Notice

We use technical and organisational measures to protect your data against unauthorised access, loss, and destruction. Our security measures are subject to continuous improvement to stay current with state-of-the-art technological developments.


Section 14 – Collection of personal data pursuant to Art. 12 and 13 of the EU General Data Protection Regulation (GDPR) in connection with conducting (and participating in) video conferences

14.1. Description of Processing Activity

Data protection notices in connection with conducting (and participating in) videoconferences

14.2. Data Controller

Bundesverband der Deutschen Süßwarenindustrie e.V. 
Data controller’s contact details: 
Schumannstraße 4–6, 53113 Bonn 
Vereinsregister des Amtsgerichts Bonn 20 VR 2744 
Electronic contact address: E-mail

14.3. Contact Details of the Data Protection Officer

Contact details of the data protection officer: 
Data protection c/o 
Bundesverband der Deutschen Süßwarenindustrie e.V. 
Schumannstr. 4-6, 53113 Bonn 
Electronic contact address of the data protection officer: 

14.4. Purpose and Legal Basis for Data Processing

Conducting video conferences, telephone conferences, and online meetings via Cisco Webex. Conducting video conferences is required for the purpose of performing contracts and for the purpose of exercising our association’s legitimate interests. The legal basis for data processing is Art. 6 (1) GDPR.

14.5. Data Recipients or Categories of Personal Data Recipient

We do not disclose personal data processed in connection with the participation in videoconferences to third parties unless such data is especially intended for disclosure or unless we are legally obliged to do so. Please note that the content of video conferences, as well as that of face-to-face meetings, is often used to communicate information to clients or third parties and is therefore intended for disclosure.

14.6. Transmission of Personal Data to a Third Country

There are no plans to transmit your personal data to a third country. We have subcontracted a data processing agreement with the provider Cisco Webex. Information on which data is processed by Cisco Webex and for which purposes can be found in Cisco Webex’s privacy policy ( Your data is stored on servers located within the European Union.

14.7. Duration of Personal Data Storage

After collection, your data will be stored by Cisco Webex for as long as is required under the statutory retention periods to complete the respective task.

14.8. Rights of the Data Subject

You have the following rights under the General Data Protection Regulation:

  • If your personal data is processed, you have right of access to your stored personal data (Art. 15 GDPR).
  • In the event that the personal data processed is incorrect, you have the right to correction of your personal data (Art. 16 GDPR).
  • If the legal requirements are fulfilled, you may request the erasure or restriction of the data processed as well as file an objection to such data processing (Art. 17, 18 and 21 GDPR).
  • If you have consented to your data being processed or if a data processing agreement exists and the data is processed using automated procedures, you may have a right to data portability (Art. 20 GDPR).
  • If you exercise your above-mentioned rights, the data controller shall check whether the corresponding legal prerequisites have been fulfilled.
  • Furthermore, you have the right of appeal which is to be filed with the State Commissioner for Data Protection: 
    Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen 
    (State Office for Data Protection and Freedom of Information of North Rhine-Westphalia) 
    Kavalleriestr. 2–4, 40213 Düsseldorf 
    Phone: +49 211 38424-0, Fax: +49 211 38424-10 

14.9. Obligation to Provide Data

If you do not provide the required data for participation, you will not be able to participate in the video conferences and events, webinars, or desk sharing.

14.10. Right to Revoke Consent

If you have consented to the collection of your data by the data controller via a corresponding declaration, you may revoke your consent at any time with future effect. Such revocation shall not affect the legality of any data processing which occurred on the basis of your consent prior to receipt of your revocation.