Privacy Policy

California Walnut Commission Data Privacy Information

I. General

1. Scope of application

This privacy information applies to the following processes:

  • The use of our website/s and all other internet pages referring to it (for details, see section„ Data processing when using our websites“); and
  • The use of our external sites (for details, see section "Information on California Walnut Commission External Sites").

2. Body responsible for the data processing (“controller”)

We take the protection of your personal data and the legal obligations serving this protection very seriously. The legal requirements demand comprehensive transparency about the processing of personal data. Only if you are sufficiently informed about the purpose, nature and scope of the processing, the processing is comprehensible for you as a data subject.

The body responsible for the data processing (controller) within the meaning of the General Data Protection Regulation (GDPR) is

California Walnut Commission
101 Parkshore Drive, Suite 250 Folsom, CA 95630, USA
+1 (916)932-7070
info@walnuts.org

It is hereinafter referred to as the "controller" or "we".

Representative in the European Union pursuant to Art. 27 of the GDPR:

mk² gmbh
Oxfordstr. 24 / 53111 Bonn, Deutschland
Telefon: +49 (228)9437870
Fax: +49 (228) 9437877
E-Mail: CWC@californiawalnuts.eu 

3. Terminology / Definitions

The terms used in this Data Privacy Information (e.g. data categories, purposes and legitimate interests, as well as terms from the GDPR) are explained in the section "Definitions" (VI.).

4. General information on the data processing

We process personal data only to the extent permitted by law. Personal data are only disclosed or passed on to third parties in the cases described below. The personal data are protected by appropriate technical and organizational measures (e.g. pseudonymization, encryption). Unless we are required by law to store or disclose personal data to third parties (in particular law enforcement agencies), the decision as to which personal data we process and for how long, and the extent to which we disclose it, depends on which features or functions of the website you use in each individual case.

5. Storage duration

The personal data will be deleted as soon as the purpose of the processing no longer applies or another reason for deletion pursuant to Art. 17 (1) GDPR applies (e.g. you have withdrawn a consent given to us). In exceptional cases, we may nevertheless continue to process your personal data if an exception to the obligation to delete pursuant to Art. 17 (3) GDPR applies (e.g. a legal obligation to store personal data applies). Insofar as we have to inform you about the storage period of cookies and similar technologies, you will find the information on this in our Consent Tool, which you can access here.

6. Automated individual decision-making, including profiling

Automated individual decision-making, including profiling, does not take place.

7. Rights of data subjects

As a data subject, you have the right of access / right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art.17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

8. Notification obligations of the controller

We will notify all recipients to whom your personal data has been disclosed of any rectification or erasure of your personal data or restriction of processing in accordance with Articles 16, 17(1) and 18 GDPR, unless such notification proves impossible or involves disproportionate effort. We will inform you of the recipients if you request this.

9. Obligation to provide personal data

Unless otherwise explained in the information on the legal basis, you are not obliged to provide personal data. If we rely on Art. 6 (1) 1 (b) GDPR as the legal basis for the processing, your personal data are required for the performance or conclusion of a contract. If you do not provide the personal data, the performance or conclusion of the contract is not possible. If you do not provide the data in the cases of Art. 6 (1) 1 (a), (f) GDPR, the use of the affected parts of our website will not be possible.

10. Data transfer to third countries

Data transfers to third countries outside the European Union (EU) and the European Economic Area (EEA) are only permitted in compliance with the special conditions under Art. 44 et seq. GDPR. If such a third country transfer occurs when processing your personal data, we will specifically point out the third country transfer and the basis for transfer in the following sections.

General information on the basis for data transfer:

  • If the transfer is based on an exception according to Art. 49 GDPR, you will find the details at the relevant point.
  • If the transfer is based on an adequacy decision within the meaning of Art. 45 GDPR, you can find an overview of adequacy decisions here.
  • If the transfer is based on so-called standard data protection clauses of the EU Commission within the meaning of Art. 46 (2) (c) GDPR, you will find the implementing decision (EU 2021/914) of the EU Commission, which contains the contractual clauses, here.
  • If the transfer is based on Binding Corporate Rules (BCR) as defined in Art. 46 (2) (b) GDPR, you can find the overview of published BCR here.

11. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR. If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes. The objection need not satisfy any formal requirements and should be directed to the contact details above.

12. Withdrawal of consent

Pursuant to Art. 7 (3) 1 GDPR, you have the right to withdraw your consent at any time with effect for the future informally by mail or e-mail. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Upon your withdrawal, we will delete the personal data processed on the basis of the consent if there is no other legal basis for their processing. The withdrawal need not satisfy any formal requirements and should be directed to the contact details above.

II. Interaction of the Data Privacy Information and the Cookie Policy and the Consent Tool

The Data Privacy Information informs you about data processing based on the regulations of the GDPR and, if applicable, the BDSG (German Federal Data Protection Act). If the regulations of the TTDSG (German Act on Data and Privacy Protection in Telecommunication and Telemedia) are relevant for individual circumstances, you will find the information on this in the Consent Tool [LINK] and in the Cookie Policy. This also applies to the information on the storage or reading of data on your end device.

III. Data processing when using our websites

The use of the website and its features and functions regularly requires the processing of personal data. Unless otherwise indicated, the following explanations apply to all websites that we operate and that link to this Data Privacy Information.

Please note that links on our website may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and secure handling of your personal data on these websites operated by third parties.

Provision of the websites

Purpose of processing: advertising and personalized marketing measures, information security

Legal basis: Art. 6 (1) 1 (f) GDPR

Legitimate interests: design, operation and availability of digital products, customer acquisition, customer retention, customer recovery, promotion of sales activities, operation, integrity and security of digital products

Data categories: Connection data, usage data

Recipients of data: IT service providers

Intended third country transfer: none

Purchase order form

Purpose of processing: purchase order execution and contract management

Legal basis: Art. 6 (1) 1 (b) GDPR

Data categories: Connection data, contract data, content data, master data and contact data

Recipients of the data: (IT) service providers, suppliers

Intended third country transfer: none

Subscription to our (professional) newsletter and dispatch of other mailings

Purpose of processing: advertising and personalized marketing measures; user, prospect and/or customer support; analysis and performance measurement, and optimization of products and/or services

Legal basis: Art. 6 (1) (a), (f) GDPR

Legitimate interests: Customer acquisition, customer retention, customer recovery, promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research

Data categories: Master data, contact data and connection data

Recipients of the data: IT service providers

Intended third country transfer: none

Download of recipes and e-books

Purpose of processing: advertising and personalized marketing measures; user, prospect and/or customer support; analysis and performance measurement, and optimization of products and/or services

Legal basis: Art. 6 (1) 1 (f) GDPR

Legitimate interests: Customer acquisition, customer retention, customer recovery, promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research

Data categories: Connection data and usage data

Recipients of the data: IT service providers

Intended third country transfer: none

Comment function (blog and other posts)

Purpose of processing: advertising and personalized marketing measures; user, prospect and/or customer support

Legal basis: Art. 6 (1) 1 (f) GDPR

Legitimate interests: design, operation and availability of digital products, customer acquisition, customer retention, customer recovery, promotion of sales activities, operation, integrity and security of digital products

Data categories: Connection data, content data, master data if applicable and contact data if applicable

Recipients of the data: IT service providers

Intended third country transfer: none

Login and account areas including login via DocCheck

Purpose of processing: purchase order execution and contract management, business partner maintenance, user, prospect and/or customer support, advertising and personalized marketing measures

Legal basis: Art. 6 (1) 1 (a), (f) GDPR

Legitimate interests: Customer acquisition, customer retention, customer recovery, promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research, design, operation and availability of digital products, operation, integrity and security of digital products, integration of desired or required functionalities

Data categories: Connection data, content data, master data if applicable and contact data if applicable

Recipients of the data: IT service providers

Intended third country transfer: none

Contact

Purpose of processing: user, prospect and/or customer support

Legal basis: Art. 6 (1) 1 (f) GDPR, Art. 6 (1) 1 (b) GDPR (if the inquiry leads to a subsequent conclusion of a contract or refers to an existing contract)

Legitimate interests: Customer acquisition, customer retention, customer recovery, promotion of sales activities, promotion of economic interests, integration of desired or required functionalities

Data categories: Connection data, content data, master data if applicable and contact data if applicable

Recipients of the data: IT service providers

Intended third country transfer: none

Participation in sweepstakes

Purpose of processing: general advertising and personalized marketing measures, purchase order execution and contract management

Legal basis: Art. 6 (1) 1 (a), (b), (f) GDPR.

Legitimate interests: prevention of criminal offenses, administrative offenses and other detrimental actions, integration of desired or required functionalities, customer acquisition, customer retention, customer recovery

Data categories: master data, contact data, content data, connection data

Recipients of the data: IT service providers, suppliers

Intended third country transfer: none

Shopping list function (Bring!)

Purpose of processing: advertising and personalized marketing measures, user, prospect and/or customer support

Legal basis: Art. 6 (1) (f) GDPR

Legitimate interests: design, operation and availability of digital products, integration of desired or required functionalities, advertising and image improvement, market and opinion research

Data categories: usage data, connection data, content data if applicable

Recipients of the data: IT service providers

Intended third country transfer: Switzerland (adequacy decision)

Integrated games (Mahjong)

Purpose of processing: advertising and personalized marketing measures, user, prospect and/or customer support

Legal basis: Art. 6 (1) (f) GDPR

Legitimate interests: design, operation and availability of digital products, integration of desired or required functionalities, advertising and image improvement, market and opinion research

Data categories: connection data

Recipients of the data: IT service providers

Intended third country transfer: none

Integration of external content (photos, videos and posts)

Purpose of processing: general advertising and personalized marketing measures.

Legal basis: Art. 6 (1) 1 (f) GDPR

Legitimate interests: Integration of desired or required functionalities, design, operation and availability of digital products, customer acquisition, customer retention, customer recovery

Data categories: connection data, usage data if applicable

Recipients of the data: IT service providers

Intended third country transfer: in individual cases, USA and other third countries

Consent management

Purpose of processing: legal matters and compliance measures, information security

Legal basis: Art. 6 (1) 1 (c), (f) GDPR

Data categories: master data, if applicable, contact data, usage data, connection data

Legitimate interests: prevention of criminal offenses, administrative offenses and other detrimental actions, integration of desired or required functionalities

Recipients of the data: IT service providers

Intended third country transfer: none

Marketing measures

Purpose of processing: advertising and personalized marketing measures

Legal basis: Art. 6 (1) (f) GDPR.

Legitimate interests: promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research, analysis and optimization of own offers, services and advertising measures

Data categories: Usage data, connection data

Recipients of the data: IT service providers, operators of advertising networks and advertising partners

Intended third country transfer: in individual cases, USA and other third countries (standard data protection clauses and adequacy decisions)

Analysis and performance measurement

Purpose of processing: analysis and performance measurement as well as optimization of products and/or services, advertising and personalized marketing measures

Legal basis: Art. 6 (1) (f) GDPR

Legitimate Interests: Analysis and optimization of own offers, services and advertising measures, promotion of sales activities, advertising and image improvement, market and opinion research

Data categories: Usage data, connection data, content data if applicable.

Recipients of the data: IT service providers

Intended third country transfer: in individual cases, USA and other third countries (standard data protection clauses and adequacy decisions)

IV. Information on California Walnut Commission External Sites

Facebook

Purpose of processing: advertising and personalized marketing measures, analysis and performance measurement, and optimization of products and/or services.

Legal basis: Art. 6 (1) 1 (f) GDPR

Legitimate interests: design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer retention, customer recovery

Data categories: master data, contact data, content data, usage data, connection data, and location data if applicable

Recipients of the data: platform operators and media (Meta Platforms Ireland Limited., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta")

Intended third country transfer: in individual cases, USA and other third countries (based on standard data protection clauses and based on adequacy decisions)

Instagram

Purpose of processing: advertising and personalized marketing measures, analysis and performance measurement, and optimization of products and/or services

Legal basis: Art. 6 (1) 1 (f) GDPR

Legitimate interests: design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer retention, customer recovery

Data categories: master data, contact data, content data, usage data, connection data, and location data if applicable

Recipients of the data: platform operator and media (Meta Platforms Ireland Limited., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta")

Intended third country transfer: in individual cases, USA and other third countries (standard data protection clauses and adequacy decisions)

Pinterest (profile)

Purpose of processing: advertising and personalized marketing measures, analysis and performance measurement, and optimization of products and/or services

Legal basis: Art. 6 (1) 1 (f) GDPR

Legitimate interests: design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer retention, customer recovery

Data categories: master data, contact data, content data, usage data, connection data, and location data if applicable

Recipients of the data: platform operators and media (Pinterest Europe Ltd, Palmerston House, 2nd FloorFenian Street, Dublin 2, Ireland ("Pinterest"))

Intended third country transfer: in individual cases, USA and other third countries

YouTube channel

Purpose of processing: advertising and personalized marketing measures, analysis and performance measurement, and optimization of products and/or services

Legal basis: Art. 6 (1) 1 (f) GDPR

Legitimate Interests: design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer retention, customer recovery

Data categories: master data, contact data, content data, usage data, connection data, and location data if applicable

Recipients of the data: platform operators and media (Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland ("Google"))

Intended third country transfer: in individual cases, USA and other third countries

V. Information on joint controllers

In the cases listed below, we are jointly responsible for the data processing with another entity within the meaning of Art. 4 no. 7, Art. 26 GDPR. You are free to address your request directly to any of the joint controllers. Depending on the specific agreement with the other entity on the rights of data subjects, we will forward your request to the other entity.

Operation of our Facebook page(s)

As to the operation of our Facebook page(s), there is joint controllership with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").
The gist of the agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.
Facebook is responsible for implementing your data subject rights. Facebook informs you about your data subject rights at:
 https://www.facebook.com/legal/terms/information_about_page_insights_data

Operation of our Instagram page(s)

As to the operation of our Instagram page(s), there is joint controllership with Meta Platforms Ireland Limited., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").
The gist of the agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.
Facebook is responsible for implementing your data subject rights. Facebook informs you about your data subject rights at:
https://www.facebook.com/legal/terms/information_about_page_insights_data.

VI. Definitions

The terms used in this Data Privacy Information (e.g. data categories, purposes and legitimate interests, as well as terms from the GDPR) are explained in the section "Definitions".

From the GDPR

This privacy policy uses the terms of the legal text of the GDPR. You can view the definitions (Art. 4 GDPR), for example, at eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679

Additional definitions:

Categories of data

When we specify the categories of data processed, this refers to, without limitation, the following data:

  • Master data (e.g. names, address, dates of birth)
  • Contact data (e.g. email addresses, phone number, messenger services)
  • Content data (e.g. text input, photographs, videos, contents of documents/files)
  • Contract data (e.g. subject of contract, terms, customer category)
  • Payment data (e.g. bank details, payment history, use of other payment service providers)
  • Usage data (e.g. history on our website, use of certain content, access times, contact or purchase order history)
  • Connection data (e.g. device information, IP addresses, URL referrers)
  • Location data (e.g. GPS data, IP geolocation, access points)
  • Diagnostic data (e.g. crash logs, website/app performance data, other technical data to analyze faults and errors)
  • Applicant and employee data (e.g. employment history, working hours, vacation periods, periods of incapacity to work, assessments and evaluations, training and further education, social data, bank details, social security number, health insurance/health insurance number, salary expectations and salary data as well as tax identification number, proofs and documents, working hours, public offices held, social security data, data on professional integration management).

Purposes of data processing

In the following sections, we specify the purposes pursued as purpose categories to improve comprehensibility and readability. In some cases, there may be overlaps with our "legitimate interests" (see definitions below). This is in the nature of the matter. Unless otherwise specified, the purposes are to be understood as follows:

  • Advertising and personalized marketing activities: Includes, for instance, the opening of public and, where applicable, restricted-access websites, apps and/or external pages for general information about our products/services (e.g., general website about our company, press pages, social media pages), personalized communication with users, prospects and/or customers (e.g., newsletters), playout of (personalized) recommendations and advertising measures (e.g., personalized newsletters, playout of advertising on other websites, search engines, social media pages and/or apps and generally in advertising networks), merging and linking of data (possibly involving other parties such as publishers in advertising networks) to ensure commission claims for advertising materials.
  • Safety and emergency management: Includes all processes which, in the relevant context, serve to ensure the relevant safety specifications and the prevention and/or handling of accidents and emergencies, such as access controls, video surveillance, logging, evacuation, personal rescue and damage limitation.
  • Analysis and performance measurement as well as optimization of products and/or services: Includes, for instance, opinion polls and voting, comparison tests (so-called A/B testing), analysis and (usually aggregated) evaluation of user, prospect and/or customer behavior in the online and/or offline area (e.g. through click paths, mouse movements and heat maps), analysis and evaluation of the success of general and, if applicable, personalized marketing measures, needs-based design of our (digital) products and services based on the analyzed demand and/or usage behavior.
  • Purchase order execution and contract management: Includes all processing operations required for the fulfillment of the relevant purchase orders/contracts, such as the processing of master and contact data for the execution and fulfillment of the customer's purchase orders, payment processing including any necessary transfer of data to payment service providers, processing of returns, license verification.
  • Operation and further development of internal IT systems: Includes, among other things, user management, authentication and technical logging, as well as IT support and the further development and adaptation of systems and the associated processing of personal data. This applies regardless of whether the IT systems are operated by the controller itself or by a service provider acting on controller’s behalf (processor).
  • Applicant management: Includes, among other things, personnel marketing and processes in the context of initiating employment, such as processing applications (digital and analog), communicating with applicants, conducting interviews, assessment center procedures and trial work, setting up talent pools, and documenting the outcome of applications.
  • Business partner maintenance: Includes all processes which serve to analyze and select suitable business partners and to maintain existing business relationships.
  • Warranty, guarantee, goodwill and general service: Includes, without limitation, the handling of warranty, guarantee and goodwill cases, as well as any information on updates, improvements and recalls.
  • Identity and/or creditworthiness check: The aim of the processing is to check the identity of the data subject, insofar as this is necessary for the relevant process, and/or to check the creditworthiness and/or solvency of a prospect or contractual partner.
  • Information security: Includes processing operations which serve to protect against hazards and to secure IT systems, as well as to achieve the protection goals of confidentiality, availability and integrity of data, systems and processes (e.g., distinguishing between human access and bot access, detecting and warding off abusive access, security-relevant analysis of the use of digital products and services).
  • Logistics and fleet management: Includes, among other things, the planning, management and control of our logistics, including external logistics service providers, and the management of our vehicle fleet, including compliance with legal obligations.
  • User, prospect and/or customer support: Includes, for instance, contact forms, chat systems including chat bots and callback options, and generally the handling of various inquiries (e.g., advice, service, complaints).
  • Human resources and personnel management: Includes all processes for the implementation of employment or processes that are closely related to employment, such as onboarding, personnel administration, fulfillment of employer obligations, personnel development including training and further education, voluntary employer benefits, personnel planning and controlling, company health management, company social counseling, co-determination, measures to terminate employment, investigative and disciplinary measures, and offboarding.
  • Project management including project collaboration: Coordination and implementation of projects, project planning, project schedule management, exchange of information within projects, collaboration within projects
  • Legal affairs and compliance measures: Includes, for instance, the assertion, exercise, and enforcement of legal claims and processes to comply with legal requirements (e.g., as part of data privacy consent management) and to prevent and/or detect and prosecute legal violations.
  • Event management: Includes all processes required for the implementation of offline and online events and meetings (e.g. registration, participant management, implementation of the event, processing of personal preferences and needs, data processing in the context of video conferencing and/or instant messaging services), photo, audio and/or video documentation of events, issuing of certificates of participation.
  • Administration: Includes processes that comprise, without limitation, basic business functions such as communication, accounting, invoicing and reporting, documentation and archiving, know-how and contact management.

Legitimate interests

In the following sections, we specify our legitimate interests within the meaning of Art. 6 (1) 1 (f) GDPR as categories in order to improve comprehensibility and readability. In some cases, there may be overlaps with our "purposes" (see definitions above). This is in the nature of the matter. Unless otherwise specified, the stated legitimate interests are to be understood as follows:

    • Promotion of sales activities: e.g. promotion of our sales by analyzing and evaluating the demand of our customers, analysis of the interests and buying and demand behavior of our prospects, users and/or customers.
    • Promotion of economic interests: e.g. measures to reduce costs and cut costs, avoidance/reduction of significant additional costs, general increase in earnings (especially through outsourcing to service providers) and avoidance of competitive disadvantages.
    • Advertising and image improvement, market and opinion research: e.g. opinion polls, voting, product and/or service ratings and other reviews, and the integration of these results.
    • Analysis and optimization of our own offers, services and advertising measures: e.g. analysis of user, prospect and/or customer behavior for the optimization of processes, services and products, needs-based design of our products, services and marketing measures and direct customer contact.
    • Design, operation and availability of digital products: Includes, for instance, the integration of general functions of websites, apps and other digital products.
    • Operation, integrity and security of digital products: Includes, without limitation, the defense against requests overloading the service (denial of service attacks) or excessive use of bots to destabilize a platform, IT security measures such as storing log files and, in particular, IP addresses over a longer period of time to detect and ward off misuse, including beyond the legally required level.
    • Direct marketing (personalized marketing): Includes, without limitation, direct approaches to prospects and customers that are not based on consent, such as product recommendations based on past demand behavior, including the processing of data in preparation for direct marketing (e.g., customer segmentation, affinity ratings).
    • Integration of desired or required functionalities: Integration of functionalities that are in the interest of the customer, are played out at the request of the customer and/or are necessary for the provision of the service (e.g., the integration of contact options on websites or in apps or, for instance, the possibility of saving configurations by the user (e.g., language selection)).
    • Assertion, exercise or defense of legal claims: e.g. preservation of evidence, to clarify the facts in the event of a foreseeable legal dispute.
    • Customer acquisition, customer retention, customer recovery: e.g. operation of a customer relationship management (CRM) for prospect and customer care.
    • Freedom of expression, press and broadcasting: Includes, without limitation, processing operations previously covered by the so-called media privilege.
    • Protection of the body and health of the data subjects
    • Promotion of legitimate interests within a group of undertakings: Performance of organizational, procedural or entrepreneurial tasks within the cooperation of several affiliated companies (for this, see the explanations in Recital 48 GDPR).
    • Prevention of criminal offenses, administrative offenses and other detrimental actions: Includes, without limitation, fraud prevention, preventive measures within the framework of an internal control system, measures for the clarification of risks following corresponding suspicious cases or other indications of possible actions to the detriment of the controller or other persons
    • Reduction of failure risks: Identification of economic, technical, procedural or organizational risks to the company that could lead to a complete or partial failure of the company, parts of the company or products or services of the company
    • Other legitimate interests: Where relevant, these interests are explained separately at the relevant points.

In the following section, we list the categories of recipients we use in our Data Privacy Information:

  • Banks and other financial service providers
  • Authorities and other public bodies
  • Professional secrecy holders and their companies/entities
  • IT service providers
  • Opponents in legal disputes
  • Group companies and other affiliated companies
  • Customers and prospects
  • Suppliers
  • Personnel service providers
  • Platform operators and media
  • Associations, organizations and interest groups
  • Landlords
  • Insurances
  • Contractual partners (without customers)