
RELEASE AT 10.0
Fried fresh today,
served right away.
Just the way it should be!:
Korean-style fried chicken.
Fried fresh today,
served right away.
Just the way it should be!:
Korean-style fried chicken.
And now available at various supermarkets.
FCF Holding GmbH is committed to making its website, www.mrs-yumami.com, accessible and continuously improving its accessibility. This accessibility information is provided in accordance with Section 14 of the German Accessibility Strengthening Act (BFSG). It concerns the digital accessibility of our online services and explains the extent to which they comply with accessibility requirements.
Company: FCF Holding GmbH
Hohenzollernring 31–35, 50672 Cologne, Germany
Domain: www.mrs-yumami.com
Telephone: +49 (0) 221 66 99 36 0
Email: info@eathappygroup.com
The website is currently partially compliant with the requirements of BITV 2.0.
The following content in particular is currently not fully accessible:
Phone: +49 221 6699360
E-mail: info@mrs-yumami.com
EatHappy ToGo GmbH Hohenzollernring 31–35 50672 Cologne Germany
Phone: +49 221 6699360
E-mail: info@mrs-yumami.com
FCF Digital Solutions
The authorised representative is Managing Director Jan Fischer.
The person responsible is Managing Director Jan Fischer.
VAT identification number (USt-ID): DE293743681
Gothaer Allgemeine Versicherung AG Gothaer Allee 1 50669 Cologne Geographic scope: Worldwide, except for direct exports to the USA / Canada, for environmental damage and for insured events arising from discrimination.
Register entry: Commercial Register (Handelsregister) Register court: Local Court of Cologne (Amtsgericht Köln) Register number: HRB 78266
At EAT HAPPY ⚠️ we take customer service very seriously and apply the highest standards when it comes to handling and resolving our customers’ concerns. If you have a complaint, or believe that we have not handled your complaint to your satisfaction, please contact us via the contact form at https://www.eathappy.de/kontakt/ ⚠️ before submitting a complaint through the Online Dispute Resolution platform or to a consumer arbitration board.
We are neither willing nor obliged to participate in dispute-resolution proceedings before a consumer arbitration board.
This legal notice also applies to the following social-media presences and online profiles:
Disclaimer: The contents of this website have been created with care and to the best of our current knowledge; they are, however, provided for information purposes only and have no legally binding effect, unless they concern legally mandatory information (e.g. the legal notice, the privacy policy, the terms and conditions, or the withdrawal instructions for consumers). We reserve the right to change or delete the contents in whole or in part, provided that contractual obligations remain unaffected. All offers are non-binding and without obligation.
Where we refer via hyperlink to third-party websites, we cannot accept any responsibility for the ongoing currency, accuracy and completeness of the linked content, as this content lies outside our area of responsibility and we have no influence over its future design. Should any content, in your view, violate applicable law or be inappropriate, please let us know so that we can take appropriate action.
Copyright and trademark rights: All content displayed on this website — such as texts, photographs, graphics, brands and trademarks — is protected by the respective protective rights (copyright, trademark rights). The use, reproduction, etc. is subject to our rights or the rights of the respective authors or rights holders.
Image sources and copyright notices: All images, photos and graphics are our own productions or were purchased from shutterstock.com.
With the following privacy policy we would like to explain to you which types of your personal data (hereinafter also referred to simply as “data”) we process, for which purposes and to what extent.
This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences such as our social-media profiles or our food-delivery platform for gastronomy services (hereinafter collectively referred to as the “Online Offering”).
We point out that, in the processing operations carried out by us, data may under certain circumstances also be processed outside the area of the European Union and thus outside the scope of the GDPR; unfortunately we have no influence over this. This may give rise to data-protection risks for you because, for example, the enforcement of your rights under the GDPR could be made more difficult. We assure you, however, that we do everything possible to ensure an optimal level of data protection for you.
The terms used are not gender-specific.
Last updated: 11 November 2024
FCF Holding GmbH Hohenzollernring 31–35 50672 Cologne Germany
Authorised representatives: Dr. Johannes Steegmann, Jan Fischer
E-mail address: info@mrs-yumami.com
Phone: +49 221 6699360
Legal notice: https://eathappygroup.com/fcf-holding-gmbh/impressum/ ⚠️
ap-Datenschutz GmbH Dr. iur. Andreas Pinheiro LL.M. Hohenstaufenring 8 50674 Cologne
Phone: +49 221 99989030 Fax: +49 221 42327859
E-mail: info@ap-datenschutz.de Website: https://ap-datenschutz.de
The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.
Below we share the legal bases of the General Data Protection Regulation (GDPR) on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data-protection requirements in your or our country of residence and establishment may apply. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.
National data-protection provisions in Germany: In addition to the data-protection provisions of the GDPR, national data-protection provisions apply in Germany. These include in particular the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains in particular special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Sec. 26 BDSG), in particular with regard to the establishment, performance or termination of employment relationships and the consent of employees. In addition, data-protection laws of the individual federal states may apply.
In accordance with the statutory requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, availability and separation relating to it. Furthermore, we have set up procedures that ensure the exercise of data-subject rights, the deletion of data and responses to threats to the data. In addition, we already take the protection of personal data into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by data-protection-friendly default settings.
Shortening of the IP address: Where it is possible for us, or where storage of the IP address is not necessary, we shorten your IP address, or have it shortened. In the case of shortening the IP address, also referred to as “IP masking”, the last octet, i.e. the last two numbers of an IP address, is deleted (in this context the IP address is an identifier individually assigned to an internet connection by the online-access provider). By shortening the IP address, the identification of a person by means of their IP address is to be prevented or substantially made more difficult.
SSL encryption (https): In order to protect the data transmitted via our Online Offering, we use SSL encryption. You can recognise such encrypted connections by the prefix https:// in the address bar of your browser.
You have the following rights with respect to us regarding the personal data concerning you:
If you have given consent to the use of data, you can withdraw it at any time. If the lawfulness of the processing is based on consent, it remains valid until the withdrawal is exercised.
Please direct all requests for information, access requests or objections to data processing by e-mail to info@mrs-yumami.com or to the address stated in Sec. 1(2).
You may at any time request that we delete your data. Statutory retention periods may exist here, which allow us to retain your data until the expiry of the period.
If your data should be incorrect, you have the right to request us to rectify it. We will comply with this request without undue delay.
You have the right to receive the personal data you have provided to us in a readable format, insofar as technically possible, in order to make it available to another company (right to data portability).
You have the right to lodge a complaint with the supervisory authority responsible for you. A list of data-protection officers and their contact details can be found via the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
In the course of our processing of personal data, it happens that the data is transferred to, or disclosed to, other bodies, companies, legally independent organisational units or persons. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content that are integrated into a website. In such cases we observe the statutory requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
Data transfer within the group of companies: We may transfer personal data to other companies within our group of companies, or grant them access to this data. Insofar as this disclosure takes place for administrative purposes, the disclosure of the data is based on our legitimate business and commercial interests, or takes place insofar as it is necessary for the fulfilment of our contract-related obligations, or where the consent of the data subjects or a legal permission exists.
Data transfer within the organisation: We may transfer personal data to other bodies within our organisation, or grant them access to this data. Insofar as this disclosure takes place for administrative purposes, the disclosure of the data is based on our legitimate business and commercial interests, or takes place insofar as it is necessary for the fulfilment of our contract-related obligations, or where the consent of the data subjects or a legal permission exists.
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you use, and by means of which certain information flows to the body that sets the cookie (here, to us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the internet offering as a whole more user-friendly and effective.
We use cookies on our website. Such cookies are necessary so that you can move freely around the website and use its features; this also includes, among other things, access to secured areas of the website. Through cookies we can track who has visited the page(s) and derive from this how often certain pages are visited and which parts of the page are particularly popular. Session cookies store information about your activities on our website.
The following cookie types and functions are distinguished:
You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. We point out that you may not be able to use all functions of this website.
We use cookies in order to be able to identify you for subsequent visits, if you have an account with us. Otherwise you would have to log in again for each visit.
The following cookies are used:
| Name | Persistence | Description |
|---|---|---|
| borlabs-cookie | 1 year | Consent to the setting of cookies |
| 1P_JAR | 1 month | |
| __Secure-3PAPISID | 2 years | |
| __Secure-3PSIDCC | 1 year | |
| __Secure-3PSID | 1 year | |
| _pgar | 6 months | |
| ANID | 1 week | |
| APISID | 2 years | |
| CGIC | 6 months | |
| CONSENT | 6 months | |
| CONSISTENCY | 15 years | |
| DV | SESSION | |
| HSID | 1 year | |
| NID | 9 months | Google cookie for unlocking Google Maps content. |
| OGPC | ||
| OGPIC | ||
| OTZ | 1 month | |
| PAIDCONTENT | 6 months | |
| SAPISID | 1 year | |
| SEARCH_SAMESITE | 18 months | |
| SIDCC | 1 year | |
| SID | 2 years | |
| SNID | 18 months | |
| SSID | 2 years | |
| _gcl_au, DSID, IDE | 3 months | Google cookie for ad targeting and ad measurement. Generates statistical data about how the visitor uses the website. |
| _ga, _gat, _gid | 2 years | Google cookie for website analytics. Generates statistical data about how the visitor uses the website. |
| _fbp, act, c_user, datr, fr, m_pixel_ration, pl, presence, sb, spin, tr, wd, xs | Session duration / 3 months | Facebook cookie for website analytics, ad targeting and ad measurement. |
| _hjAbsoluteSessionInProgress, _hjid, _hjIncludedInSample, _hjTLDTest | Session duration | Hotjar cookie for website analytics. Generates data (mouse movements, mouse clicks, scroll heights, etc.) about how the visitor uses the website. |
| rc::c | Google reCAPTCHA. Google cookie to distinguish between humans and bots. |
Legal basis: Consent — before we process, or have processed, data in the context of the use of cookies, we ask users for consent that can be withdrawn at any time. Before consent has been given, at most cookies that are necessary for the operation of our Online Offering are used. Their use takes place on the basis of our interest and the interest of users in the expected functionality of our Online Offering.
We process the data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships as well as related measures, and in the context of communication with the contractual partners (or pre-contractually), e.g. to answer enquiries.
We inform the contractual partners of which data is required for the aforementioned purposes before or in the course of data collection, e.g. in online forms, by means of special marking (e.g. colours) or symbols (e.g. asterisks or similar), or personally. We process this data to fulfil our contractual obligations, to secure our rights, and for the purposes of the administrative tasks associated with this information as well as the business organisation.
For the processing operations mentioned in paras. 1 and 2, Art. 6(1)(b) GDPR (performance of the contract) constitutes our legal basis.
We only pass on the data of the contractual partners to third parties within the framework of applicable law insofar as this is necessary for the aforementioned purposes or to fulfil legal obligations (e.g. to involved telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisers, payment service providers or tax authorities). Contractual partners are informed about further forms of processing, e.g. for marketing purposes, within the framework of this privacy policy.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data-protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
In this context, the contractors are obliged by us pursuant to Art. 28 GDPR to meet our high data-protection requirements. This obligation is underpinned by our rights of control and instruction.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e. in principle after 4 years, unless the data is stored in a customer account, e.g. for as long as it must be retained for legal reasons of archiving (e.g. for tax purposes, usually 10 years). Data disclosed to us by the contractual partner in the context of an order is deleted in accordance with the specifications of the order, in principle after the end of the order. For the latter processing operations, Art. 6(1)(c) GDPR (fulfilment of legal obligations) constitutes our legal basis.
We process the information of our visitors and interested parties (uniformly referred to as “visitors”) in order to provide the ordered food and drinks and to render and invoice other services and provisions.
In the course of our commission it may be necessary for us to process special categories of data within the meaning of Art. 9(1) GDPR, in particular information on a person’s health. The processing takes place in order to protect the health interests of the visitors (e.g. in the case of information on allergies) and otherwise only with the consent of the visitors.
Insofar as necessary for the performance of the contract or legally required, or consented to by customers, or where it takes place on the basis of our legitimate interests, we disclose or transfer the data of the customers, e.g. to the service providers, authorities, billing offices involved in the performance of our services, and in the field of IT, office or comparable services.
Shop and e-commerce: We process the data of our customers in order to enable them to select, acquire or order the chosen products, goods and associated services, as well as their payment and delivery or execution.
The required information is marked as such in the context of the order or comparable acquisition process and includes the information required for delivery or provision and billing, as well as contact information in order to be able to hold any consultation. For the processing operations mentioned, Art. 6(1)(b) GDPR (performance of the contract) constitutes our legal basis.
We offer our services on online platforms operated by other service providers. In this context, in addition to our data-protection notices, the data-protection notices of the respective platforms apply. This applies in particular with regard to the procedures used on the platforms for reach measurement and interest-based marketing. For the processing operations mentioned, we rely on our legitimate interest in an efficient and functioning business operation pursuant to Art. 6(1)(f) GDPR. The interests of the data subjects do not prevail here, as we take, for example, measures to anonymise/pseudonymise the reach measurement.
In this context, the contractors are obliged by us pursuant to Art. 28 GDPR to meet our high data-protection requirements. This obligation is underpinned by our rights of control and instruction.
Services and service providers used:
When contacting us (e.g. via contact form, e-mail, telephone or social media), the information of the enquiring persons is processed insofar as this is necessary to answer the contact enquiries and any requested measures.
Answering the contact enquiries within the framework of contractual or pre-contractual relationships takes place to fulfil our contractual obligations or to answer (pre-)contractual enquiries, and otherwise on the basis of the legitimate interests in answering the enquiries.
For the processing operations mentioned in paras. 1 and 2, Art. 6(1)(b) GDPR (performance of the order) constitutes our legal basis.
We use messenger services for communication purposes and therefore ask you to observe the following notes on the functionality of the messengers, on encryption, on the use of the metadata of the communication, and on your options to object.
You can also contact us via alternative means, e.g. by telephone or e-mail. Please use the contact options communicated to you or the contact options specified within our Online Offering.
In the case of end-to-end encryption of content (i.e. the content of your message and attachments), we point out that the communication content (i.e. the content of the message and attached images) is end-to-end encrypted. This means that the content of the messages is not visible, not even to the messenger providers themselves. You should always use a current version of the messengers with encryption activated, so that the encryption of the message contents is ensured.
However, we also point out to our communication partners that the providers of the messengers, while they cannot view the content, can find out that and when communication partners communicate with us, as well as technical information on the device used by the communication partners and, depending on the settings of your device, also location information (so-called metadata) being processed.
Notes on legal bases: Insofar as we ask communication partners for permission before communicating with them via messenger, the legal basis of our processing of your data is their consent (Art. 6(1)(a) GDPR). Otherwise, if we do not ask for consent and you contact us on your own initiative, we use messengers in the relationship with our contractual partners and in the context of contract initiation as a contractual measure, and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication (Art. 6(1)(f) GDPR) and the fulfilment of the needs of our communication partners for communication via messengers. Furthermore, we point out that we do not transmit the contact data provided to us to the messengers for the first time without your consent.
For the collection of metadata for reach measurement and advertising, we rely on our legitimate interest in advertising our own products pursuant to Art. 6(1)(f) GDPR. The interests of the data subjects do not prevail here, as we take, for example, measures to anonymise/pseudonymise the reach measurement, and only simple data (addresses, e-mail) is used for advertising in a legally permitted context.
Withdrawal, objection and deletion: You can withdraw a granted consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion policies (i.e., for example, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information from the communication partners, if no reference back to a previous conversation is to be expected and no statutory retention obligations preclude the deletion.
Reservation of reference to other communication channels: Finally, we would like to point out that, for reasons of your security, we reserve the right not to answer enquiries via messenger. This is the case if, for example, contract internals require special confidentiality or an answer via the messenger does not meet the formal requirements. In such cases we refer you to more adequate communication channels.
Skype: The end-to-end encryption of Skype requires its activation (unless it is activated by default).
Types of data processed: Contact data (e.g. e-mail, telephone numbers), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. text entries, photographs, videos).
Data subjects: Communication partners.
Purposes of processing: Contact requests and communication, direct marketing (e.g. by e-mail or post).
Services and service providers used:
We use platforms and applications of other providers (hereinafter “third-party providers”) for the purposes of conducting video and audio conferences, webinars and other types of video and audio meetings. When selecting the third-party providers and their services, we observe the statutory requirements.
In this context, data of the communication participants is processed and stored on the servers of the third-party providers, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual and audio contributions, as well as entries in chats and shared screen content.
Insofar as users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimisation or marketing purposes. We therefore ask you to observe the data-protection notices of the respective third-party providers.
For the collection of metadata for reach measurement and advertising, we rely on our legitimate interest in the further development and improvement of our own products pursuant to Art. 6(1)(f) GDPR. The interests of the data subjects do not prevail here, as we take, for example, measures to anonymise/pseudonymise the reach measurement.
Notes on legal bases: Insofar as we ask users for their consent to the use of the third-party providers, the legal basis of the processing is consent (Art. 6(1)(a) GDPR). Furthermore, their use may be a component of our (pre-)contractual services, provided that the use of the third-party providers has been agreed in this context (Art. 6(1)(b) GDPR).
In this context, the contractors are obliged by us pursuant to Art. 28 GDPR to meet our high data-protection requirements. This obligation is underpinned by our rights of control and instruction.
Services and service providers used: Microsoft Teams and Skype (Microsoft Corporation, USA — SCC in place; details as above); TeamViewer (TeamViewer GmbH, Jahnstr. 30, 73037 Göppingen, Germany; privacy policy: https://www.teamviewer.com/en/privacy-policy/).
The surveys and questionnaires (hereinafter “surveys”) conducted by us are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical execution of the surveys (e.g. processing the IP address in order to display the survey in the user’s browser, or to enable a resumption of the survey by means of a temporary cookie (session cookie)), or where users have consented.
Notes on legal bases: By participating in the survey, you implicitly give us your consent to the processing pursuant to Art. 6(1)(a) GDPR. For any collection of metadata for reach measurement and advertising, we rely on our legitimate interest in the further development and improvement of our own products pursuant to Art. 6(1)(f) GDPR.
Services and service providers used: Microsoft Forms (Pro) — Microsoft cloud forms; service provider: Microsoft Corporation, USA; website: https://forms.office.com/; privacy policy: https://privacy.microsoft.com/en-us/privacystatement (SCC in place per Art. 46(2) GDPR).
In order to provide our Online Offering securely and efficiently, we use the services of one or more web-hosting providers, from whose servers (or servers managed by them) the Online Offering can be accessed. For these purposes we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.
The data processed in the context of providing the hosting offering may include all information relating to the users of our Online Offering that arises in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the content of online offerings to browsers, and all entries made within our Online Offering or on websites.
Mail sending and hosting: The web-hosting services we use also include the sending, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders, as well as further information concerning the e-mail dispatch (e.g. the providers involved) and the contents of the respective e-mails, are processed. The aforementioned data may furthermore be processed for the purposes of spam detection. Please note that e-mails on the internet are generally not sent encrypted. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption procedure is used) not on the servers from which they are sent and received. We therefore cannot accept any responsibility for the transmission path of the e-mails between the sender and receipt on our server.
Collection of access data and log files: We ourselves (or our web-hosting provider or our food-delivery platform for gastronomy services) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the accessed web pages and files, the date and time of access, transmitted data volumes, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server log files may be used, on the one hand, for security purposes, e.g. to avoid an overload of the servers (in particular in the case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure the utilisation of the servers and their stability. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
In this context, the contractors are obliged by us pursuant to Art. 28 GDPR to meet our high data-protection requirements.
Services and service providers used: - Flying Circus: Operations & hosting platform for e-commerce / websites; service provider: Flying Circus Internet Operations GmbH, Leipziger Str. 70/71, 06108 Halle (Saale), Germany; website: https://flyingcircus.io/; privacy policy: https://flyingcircus.io/de/privacy/. - SimplyDelivery: Food-delivery platform for gastronomy services; service provider: SimplyDelivery GmbH, Potsdamer Str. 33, 14974 Ludwigsfelde, Germany; privacy policy: https://www.simplydelivery.de/datenschutzerklaerung/.
Purpose of processing: The application procedure requires that applicants provide us with the data necessary for their assessment and selection. Which information is required results from the job description or, in the case of online forms, from the information provided there.
In principle, the required information includes information on the person, such as the name, address, a contact option, and the evidence of the qualifications necessary for a position. Upon request, we are also happy to inform applicants which information is required. This includes the data categories of personnel data (personal details, social information, billing data (bank details) and other data usually taken into account during recruitment), as well as the documents belonging to the application and the information contained therein, such as cover letter, CV, references, and other information relating to a specific position or voluntarily provided by applicants regarding their person or qualifications.
This may also include special categories of personal data (e.g. degree of severe disability, religious affiliation, etc.).
Processing of the data: Where provided, applicants can submit their applications to us by means of an online form. The data is transmitted to our HR Hub encrypted in accordance with the state of the art. The HR Hub manages the applications received on the basis of the MS Dynamics software. The software is hosted in our data centre, which is operated by Microsoft Germany exclusively on servers in the European Union. Further information on data processing in the MS environment: https://privacy.microsoft.com/en-us/privacystatement.
Applicants can also submit their applications to us by e-mail. Here, however, we ask you to note that e-mails on the internet are generally not sent encrypted. We therefore cannot accept any responsibility for the transmission path of the application between the sender and receipt on our server. Applicants are welcome to contact us regarding the method of submitting the application, or to send us the application by post.
Legal bases of processing: In principle, we can base the processing of your data on Art. 88(2) GDPR in conjunction with Sec. 26(1) BDSG, since this is necessary for the establishment of the employment relationship in the context of personnel selection. The processing of special categories of personal data can be carried out by us pursuant to Sec. 26(3) BDSG in conjunction with Sec. 22 BDSG, where it is necessary for the fulfilment of legal obligations arising from labour law and the law on social security and social protection.
Deletion of data: - The data provided by applicants may, in the case of a successful application, be further processed by us for the purposes of the employment relationship. - Otherwise, if the application for a job offer is not successful, the applicants’ data is deleted at the latest 4 months after the end of the application period. - The applicants’ data is also deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion takes place, subject to a justified withdrawal by the applicants, at the latest after the expiry of a period of six months, so that we can answer any follow-up questions on the application and comply with our obligations to provide evidence under the provisions on the equal treatment of applicants. Invoices for any reimbursement of travel expenses are archived in accordance with the tax-law requirements.
Inclusion in an applicant pool: Inclusion in an applicant pool, if offered, takes place on the basis of voluntary consent. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the ongoing application procedure, and that they can withdraw their consent at any time for the future. Storage takes place to enable a “permanent application” for later application procedures. Deletion of the data from the applicant pool takes place after the storage has been withdrawn, but at the latest after we have not been able to offer you a position for 3 years. Legal basis: consent (Art. 6(1)(a) GDPR; for sensitive data, explicit consent per Art. 9(1)(a) GDPR).
We use software services accessible via the internet and executed on the servers of their providers (so-called “cloud services”, also referred to as “software as a service”) for the following purposes: document storage and management, calendar management, e-mail sending, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of web pages, forms or other content, as well as chats and participation in audio and video conferences.
In this context, personal data may be processed and stored on the servers of the providers, insofar as this is part of communication processes with us or is otherwise processed by us as set out in this privacy policy. This data may include, in particular, master data and contact data of the users, data on processes, contracts, other processes and their contents. The providers of the cloud services also process usage data and metadata, which they use for security purposes and service optimisation.
Services and service providers used: - Apple iCloud: Cloud storage services; provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; privacy policy: https://www.apple.com/legal/privacy/en-ww/ (SCC in place). - Google Cloud Services: Cloud storage services; provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent: Google LLC, USA); privacy policy: https://www.google.com/policies/privacy; data-processing terms: https://cloud.google.com/terms/data-processing-terms (SCC in place). - Microsoft Cloud Services: Cloud storage services; provider: Microsoft Corporation, USA; privacy policy: https://privacy.microsoft.com/en-us/privacystatement (SCC in place).
We process personal data for the purposes of promotional communication, which may take place via various channels, such as e-mail, telephone, post or fax, in accordance with the statutory requirements.
For advertising, we rely on our legitimate interest in advertising our own products pursuant to Art. 6(1)(f) GDPR. Should we, in exceptional cases per para. 2, not be entitled to advertise, we will obtain your consent to advertising pursuant to Art. 6(1)(a) GDPR.
Recipients have the right to withdraw granted consent at any time or to object to promotional communication at any time. After withdrawal or objection, we may store the data required to prove the consent for up to three years on the basis of our legitimate interests before we delete it; the processing of this data is limited to the purpose of a possible defence against claims.
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are exclusively news and offers from Eat Happy ⚠️.
For registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information is blocked and automatically deleted after one month. In addition, we store the IP addresses you used and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. Legal basis is Art. 6(1)(f) GDPR.
The mandatory information for sending the newsletter is solely your e-mail address and your first name. The latter is used in order to be able to address you personally. Providing a surname is voluntary. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. Legal basis is Art. 6(1)(a) GDPR.
The newsletter is sent via our service provider “Braze”. You can find out more about this in the corresponding section of our privacy policy.
You can withdraw your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare the withdrawal by clicking on the link provided in each newsletter e-mail, by e-mail to info@mrs-yumami.com, or by a message to the contact details specified in the legal notice.
We point out that, when sending the newsletter, we evaluate your user behaviour. For this evaluation, the sent e-mails contain so-called web beacons, also known as tracking pixels. These are one-pixel image files that link to web pages and thus enable us to evaluate your user behaviour. With the data thus obtained, we create a user profile in order to be able to provide you with the newsletter tailored to your interests. You can object to this tracking at any time by clicking the separate link provided in each e-mail, or by informing us via info@mrs-yumami.com.
We process personal data of the participants of prize draws and competitions only in compliance with the relevant data-protection provisions, insofar as the processing is contractually necessary for the provision, execution and handling of the prize draw, the participants have consented to the processing, or the processing serves our legitimate interests (e.g. in the security of the prize draw, or the protection of our interests against misuse by possibly recording IP addresses when submitting prize-draw entries).
For the collection of your data for the purpose of participation in the prize draw, we rely on your given consent pursuant to Art. 6(1)(a) GDPR. The further processing for the above purpose then takes place for the purpose of conducting the prize draw pursuant to Art. 6(1)(b) GDPR.
If, in the context of the prize draws, contributions of the participants are published (e.g. in the context of a vote or presentation of the prize-draw entries or the winners, or the reporting on the prize draw), we point out that the names of the participants may also be published in this context. Participants can object to this at any time.
If the prize draw takes place within an online platform or a social network (e.g. Facebook or Instagram, hereinafter “online platform”), the terms of use and data-protection provisions of the respective platforms additionally apply.
The participants’ data is deleted as soon as the prize draw or the competition has ended and the data is no longer required to inform the winners or because follow-up questions on the prize draw are to be expected. In principle, the participants’ data is deleted at the latest 6 months after the end of the prize draw. Winners’ data may be retained longer, e.g. to answer queries about the prizes or to fulfil the prize services; in this case the retention period depends on the type of prize and amounts, for example, to up to three years for goods or services.
We process personal data for the purposes of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on potential interests of users, as well as the measurement of their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by means of which the information relevant to the display of the aforementioned content is stored about the user. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used, and information on usage times. Insofar as users have consented to the collection of their location data, this may also be processed.
The IP addresses of the users are also stored. However, to protect the users, we use available IP-masking procedures (i.e. pseudonymisation by shortening the IP address). Generally, in the context of the online-marketing procedure, no clear data of the users (such as e-mail addresses or names) is stored, but pseudonyms. This means that we as well as the providers of the online-marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is generally stored in cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online-marketing procedure and analysed for the purposes of displaying content, as well as supplemented with further data and stored on the server of the online-marketing procedure provider.
We generally only receive access to aggregated information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online-marketing procedures have led to a so-called conversion, i.e. for example to a conclusion of a contract with us. Unless otherwise stated, please assume that cookies used are stored for a period of two years.
This website uses, insofar as you have given consent, Braze, a web-analysis service of Braze Inc. Braze uses so-called “cookies” (text files) that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookies about your use of this website is generally transmitted to a Braze server. In doing so, you are assigned a random customer ID, by means of which a re-identification of the user is generally not possible. More detailed information on the individual cookies, such as storage period and function, can be found in our cookie banner.
On behalf of the operator of this website, Braze uses the information received to evaluate your use of the website, to compile reports on website activities, and to provide further services connected with website and internet use to the website operator.
The cookies are only stored after you have given your consent for this. You can, in principle, refuse this by means of a corresponding setting of your browser software; we point out, however, that in this case you may not be able to use all functions of this website to their full extent.
We use Braze in order to be able to analyse and thereby regularly improve the use of our website. Through the statistics obtained, we can improve our offering and make it more interesting for you as a user.
In addition, we use Braze for sending newsletters. If you enter data for the purpose of receiving the newsletter (e.g. e-mail address), this is stored on Braze’s servers in the EU.
With the help of Braze, we can analyse our newsletter campaigns. When you open an e-mail sent with Braze, a file contained in the e-mail (so-called web beacon) connects to Braze’s servers. In this way, it can be determined whether a newsletter message was opened and which links were clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
The data you have deposited with us for the purpose of receiving the newsletter is stored by us until you unsubscribe from the newsletter, and is deleted from both our servers and Braze’s servers after unsubscribing. Data stored with us for other purposes (e.g. e-mail addresses for the members’ area) remains unaffected by this.
We base the use of Braze on our legitimate interest in advertising and efficiently managing our services (Art. 6(1)(f) GDPR). The legal basis for the use of Braze is your consent pursuant to Art. 6(1)(a) GDPR. Third-party provider: Braze Inc., 330 W 34th Street, 18th Floor, New York, NY 10001, USA; privacy policy: https://www.braze.com/company/legal/privacy.
This website uses, insofar as you have given consent, Google Analytics 4, the current version of the web-analysis service of Google Ireland Limited (“Google”). We use Google Analytics to be able to analyse the use of our website and thereby regularly improve it.
Google Analytics uses so-called “cookies” (text files stored on your computer that enable an analysis of your use of the website), scripts (executable program code) and pixels (images). The information generated by Google Analytics about your use of this website is generally transmitted to a Google LLC server in the USA and stored there. With Google Analytics 4, your IP address is processed exclusively in shortened form; logging or storage of the IP addresses does not take place. On behalf of the operator of this website, Google will use the collected information to evaluate your use of the website, to compile reports on website activities, and to provide further services connected with website and internet use to the website operator. The collected information consists of so-called “events” (any possible actions on the website — scrolling, reloading, dwell time, etc.). In addition, Google Analytics determines detailed location and device data.
Google evaluates the data collected in the context of Google Analytics with the help of artificial intelligence, enabling a cross-device analysis of visitor streams. These visitor logs are automatically deleted after 14 months.
You can prevent the storage of cookies by a corresponding setting of your browser software; you can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at: http://tools.google.com/dlpage/gaoptout. For exceptional cases in which personal data is transferred to the USA, Google Ireland has, through the conclusion of standard data-protection clauses pursuant to Art. 46(2)(c) GDPR, ensured a comparable level of data protection.
Legal basis for the use of Google Analytics is your consent (Art. 6(1)(a) GDPR), which you give us via the cookie banner. Third-party provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; privacy policy: https://policies.google.com/privacy.
Google Tag Manager is a solution of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), with which marketers can manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not collect personal data. The tool ensures the triggering of other tags, which may in turn collect data; Google Tag Manager does not access this data. If a deactivation was carried out at domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.
Legal basis for the transfer of personal data to Google is your consent (Art. 6(1)(a) GDPR). For exceptional cases in which personal data is transferred to the USA, Google Ireland has ensured a comparable level of data protection through standard contractual clauses (SCC) pursuant to Art. 46(2) GDPR.
We use the web-analysis service Hotjar of Hotjar Ltd, Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta, Europe, on our web pages. This tool records movements on the observed web pages in so-called heatmaps. This allows us to recognise, in anonymised form, where visitors click and how far they scroll, so that we can design our website in a better and more customer-friendly way.
The protection of your personal data is very important to us when using this tool. All data is collected without us being able to assign it to specific users. We can only track how the mouse was moved, where clicks were made and how far scrolling took place. In addition, the screen size of the device, the device type, information on the browser, the country from which access took place and the preferred language are recorded. If personal data of you or third parties is displayed on a web page, this is automatically hidden by Hotjar and is therefore not traceable for us.
You can prevent the use of Hotjar via a “Do Not Track header” (configure your browser accordingly), or via the opt-out switch at https://www.hotjar.com/opt-out. Further information and Hotjar’s privacy policy: https://www.hotjar.com/privacy.
With regard to the use of Hotjar, we rely on our legitimate interest in an optimisation and improved presentation of web pages (Art. 6(1)(f) GDPR). As we also store cookies to use the service, we require your consent for this, which we obtain before storing the cookies (Art. 6(1)(a) GDPR).
We maintain online presences within social networks in order to communicate with the users active there or to offer information about us there. We point out that data of the users may be processed outside the area of the European Union. This may give rise to risks for the users, as the enforcement of the users’ rights could be made more difficult.
Furthermore, the data of the users within social networks is generally processed for market-research and advertising purposes. For example, usage profiles can be created on the basis of the usage behaviour and the resulting interests of the users. The usage profiles can in turn be used to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the users’ computers.
For a detailed presentation of the respective forms of processing and the opt-out options, we refer to the privacy policies and information of the operators of the respective networks. Also in the case of access requests and the assertion of data-subject rights, we point out that these can be asserted most effectively with the providers. You can find more details in our separate privacy policies: - https://www.eathappy.de/instagram-impressum-datenschutz/ ⚠️ - https://www.eathappy.de/facebook-impressum-datenschutz/ ⚠️
We currently use the following social-media plug-ins: Facebook, Instagram, Xing, LinkedIn, TikTok. We use the so-called two-click solution. This means that when you visit our page, no personal data is initially passed on to the providers of the plug-ins. You recognise the provider of the plug-in by the marking on the box, via its initial letter or logo. Only if you click on the marked field and thereby activate it does the plug-in provider receive the information that you have accessed the corresponding website of our online offering; in addition, the data mentioned in Sec. 4 of this declaration is transmitted. By activating the plug-in, personal data of you is thus transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). As the plug-in provider carries out the data collection in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.
We have no influence on the collected data and data-processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, or the storage periods. The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or needs-based design of its website. You have a right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this. Legal basis for the use of the plug-ins is Art. 6(1)(f) GDPR.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us is assigned directly to your existing account with the plug-in provider. We recommend that you log out regularly after using a social network, but in particular before activating the button, as you can thus avoid an assignment to your profile with the plug-in provider.
Addresses of the respective plug-in providers and URLs of their data-protection notices: - Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php (SCC in place). - Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA (SCC in place). - Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; http://www.xing.com/privacy. - LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy (SCC in place). - TikTok Inc., Venice Blvd., Culver City, CA 90232, USA; https://www.tiktok.com; privacy policy: https://www.tiktok.com/legal/privacy-policy (SCC in place).
Within our online offering, the so-called “Facebook Pixel” of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or in the EU by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used. This allows interest-based advertisements (“Facebook Ads”) to be displayed to users of the website when they visit the social network Facebook or other websites that also use this procedure.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the extent and further use of the data collected by Facebook through the use of this tool. Through the integration of Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding web page of our internet presence, or clicked on an advertisement of ours. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or are not logged in, it is possible that the provider learns and stores your IP address and other identifying features.
For the collection of data for advertising purposes, we rely on your given consent pursuant to Art. 6(1)(a) GDPR. Further information on data processing by Facebook: https://www.facebook.com/about/privacy (SCC in place for transfers to the USA).
Objection: You can object to the collection by the Facebook Pixel and the use of your data to display Facebook Ads. Deactivation of the “Facebook Custom Audiences” function is possible for logged-in users at https://www.facebook.com/settings/?tab=ads. You can also object to the use of cookies serving reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative, and additionally via aboutads.info (US) or youronlinechoices.com (EU), or by rejecting all analysis-based cookies in the cookie banner.
We have integrated YouTube videos of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) into our online offering, which are stored on http://www.youtube.com and can be played directly from our website. These are all integrated in “extended data-protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos is the data mentioned in Sec. 2 transmitted; we have no influence on this data transmission.
By visiting the website, YouTube (Google) receives the information that you have accessed the corresponding sub-page of our website; in addition, the data mentioned in Sec. 4 of this declaration is transmitted. This takes place regardless of whether YouTube provides a user account through which you are logged in, or whether no user account exists. If you are logged in with Google, your data is assigned directly to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. You have a right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this.
Legal basis for the transfer of personal data to YouTube (Google) is your consent (Art. 6(1)(a) GDPR). Further information: https://policies.google.com/privacy (SCC in place for transfers to the USA).
On this website we use the Google Maps offering of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.
By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website; in addition, the data mentioned in Sec. 4 of this declaration is transmitted. This takes place regardless of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged in with Google, your data is assigned directly to your account. If you do not want the assignment with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. You have a right to object to the creation of these user profiles, whereby you must contact Google to exercise this.
Legal basis for the transfer of personal data to Google is your consent (Art. 6(1)(a) GDPR). Further information: http://www.google.de/intl/de/policies/privacy (SCC in place for transfers to the USA).
We use the service Google reCAPTCHA of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) on our website. This service serves to distinguish natural persons from so-called bots (mechanical and automated processing) at logins. In doing so, the IP address may be passed on to Google, resulting in a transfer of personal data to Google Ltd.
Legal basis for the transfer of personal data to Google is your consent (Art. 6(1)(a) GDPR). SCC in place for transfers to the parent company in the USA. Further information and Google’s privacy policy: https://www.google.com/intl/en/policies/privacy/.
The data processed by us is deleted in accordance with the statutory requirements as soon as the consents permitted for processing are withdrawn or other permissions cease to apply (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose).
Insofar as the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial-law or tax-law reasons, or whose storage is necessary for the assertion, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person.
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or another individual notification. Insofar as we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time and please check the information before making contact.
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen Postfach 20 04 44 40102 Düsseldorf
Kavalleriestraße 2–4 40213 Düsseldorf
Phone: +49 211 384240 Fax: +49 211 3842410 E-mail: poststelle@ldi.nrw.de Website: https://www.ldi.nrw.de
In this section you receive an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined in particular in Art. 4 GDPR. The statutory definitions are binding. The following explanations, in contrast, are mainly intended to aid understanding. The terms are sorted alphabetically.
We use cookies to make our website work and to improve your experience. You can accept all cookies or decline the optional ones. Privacy Policy
Got it — we’ll only use essential cookies.