Privacy Policy

Last updated: December 27, 2024

This Privacy Policy describes how apper.organic (“we,” “us,” or “our”) collects, uses, and discloses your information when you use our website (https://apper.organic). We are committed to protecting your personal data and your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller

For the purposes of the GDPR, we are the data controller responsible for your personal data:

Jakob Gehring; Breitscheidstrasse 43, 16348 Wandlitz, Germany; jakob@apper.organic

Information We Collect

Personal Data

We collect and process the following categories of personal data:

Information You Provide to Us

  • Contact information (such as name and email address)
  • Communication preferences
  • Any other information you choose to provide directly to us

Information We Automatically Collect

When you visit our website, we may automatically collect certain information about your device, including:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on those pages
  • Referring website addresses
  • Basic usage patterns
  • Location data (country/region)

Legal Basis for Processing

Under GDPR, we process your personal data on the following legal bases:

  • Consent: When you explicitly agree to the processing of your data
  • Contract: When processing is necessary for performing a contract with you
  • Legal Obligation: When we must process data to comply with the law
  • Legitimate Interests: When we have a legitimate business interest in processing your data, balanced against your rights and freedoms

Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our website. You can control cookies through your browser settings and the cookie consent banner on our website. We use the following types of cookies:

Essential Cookies

  • Required for the website to function
  • Cannot be disabled
  • Legal basis: Legitimate interest

Analytics Cookies

  • Help us understand how visitors interact with our website
  • Can be disabled
  • Legal basis: Consent

Marketing Cookies

  • Used to track visitors across websites
  • Can be disabled
  • Legal basis: Consent

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.

The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

How We Use Your Information

We process your personal data for the following purposes:

1. To provide and maintain our services

   – Legal basis: Contract
   – Retention period: Duration of service plus [X] years

2. To improve and personalize your experience
   – Legal basis: Legitimate interests
   – Retention period: [X] months from collection

3. To communicate with you
   – Legal basis: Consent or Contract
   – Retention period: Until consent withdrawal or end of contract

4. To comply with legal obligations
   – Legal basis: Legal obligation
   – Retention period: As required by law

International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place through:
– Standard Contractual Clauses approved by the European Commission
– Adequacy decisions issued by the European Commission
– Binding Corporate Rules, where applicable

Your GDPR Rights

Under GDPR, you have the following rights:

  1. Right to Access
       – Request a copy of your personal data
       – Understand how we process your data
       – Response time: Within 30 days
  2. Right to Rectification
       – Correct inaccurate personal data
       – Complete incomplete personal data
  3. Right to Erasure (Right to be Forgotten)
       – Request deletion of your personal data
       – Applicable when:
         – Data is no longer necessary
         – Consent is withdrawn
         – You object to processing
         – Data was unlawfully processed
  4. Right to Restrict Processing
       – Limit how we use your data
       – Applicable during data accuracy verification or legal claims
  5. Right to Data Portability
       – Receive your data in a structured, commonly used format
       – Transfer your data to another controller
  6. Right to Object
       – Object to processing based on legitimate interests
       – Object to direct marketing
       – Object to processing for research/statistics
  7. Rights Regarding Automated Decision Making
       – Not be subject to decisions based solely on automated processing
       – Obtain human intervention for automated decisions

To exercise these rights, contact us at [insert contact email]. We will respond to all requests within 30 days.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection​

In case of a personal data breach, we will notify relevant supervisory authorities and affected individuals in accordance with GDPR requirements.

Data Processors

We use the following categories of data processors:

  • Hosting providers
  • Analytics services
  • Email service providers

​All our processors are bound by data processing agreements that comply with GDPR requirements.

Children’s Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the “Last updated” date
  • Sending you an email notification for significant changes

Complaints

If you are unhappy with how we handle your personal data, you can:

  1. Contact us directly to resolve the issue
  2. Lodge a complaint with your local supervisory authority

Governing Law

This Privacy Policy is governed by and construed in accordance with EU data protection laws, including GDPR, and other applicable local data protection laws.