1. Preamble The protection of your personal data is particularly important to us. You can therefore use our website in principle without providing such data. However, if you wish to make use of certain offers or services on our website, this may entail the processing of your personal data in individual cases. In this context, we obtain your consent if there is no legal basis for such data processing, but the processing is necessary for the use of our website.

The processing of personal data on our part is always carried out in accordance with the relevant provisions of the General Data Protection Regulation (GDPR) and other data protection regulations applicable in Germany. The aim of our privacy policy is to inform both you and the interested public about the scope, purpose and nature of personal data collected and processed by us. We also want to inform you about your data subject rights.

As the responsible party, we have initiated a number of technical and organizational measures (TOMs) in order to be able to offer you the fullest possible protection of your personal data when using our website. However, we would like to point out here that data transmission on the Internet can have fundamental security vulnerabilities and for this reason we cannot guarantee absolute protection. You therefore have the option at any time to send us personal data by other means (for example, by telephone or mail).

2. Terms

When creating our privacy policy, we rely on the terms that are also used within the GDPR. At the same time, it is our claim that our privacy policy is easy to understand and to read according to the subject matter. Therefore, we want to define the terms used in this statement in advance:

a) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subjects

Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Controller

The controller or processor of personal data is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

h) Processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.

j) Third party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

k) Consent

Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

3. Data controller

The controller under data protection law is: Char-Broil Europe GmbH Paul-Dessau-Str. 8 Quartier O – 4.OG 22761 Hamburg Germany

Fon: +49 (0)40 360 224 000

4. Data protection officer

The data protection officer is: Dr. Peemöller Gesellschaft für IT-Risiko-Management mbH Kirchenredder 23a 22339 Hamburg

Fon: +49-(0)-40-538 66 11

Fax: +49-(0)-40-538 66 77

Mobil: +49-(0)-172-7 17 51 55

E-Mail: jp@dr-peemoeller.de

Data subjects can contact our data protection officer at any time with concerns about data protection.

5. Cookies

Like many other websites, our site also uses cookies, i.e. small text files that are placed and stored on your computer via your browser. Such a cookie contains a cookie ID, i.e. an unambiguous identifier by which the cookie and thus your browser can be assigned to our site and our server. This enables us to recognize and identify your browser and thus distinguish it from other browsers with possibly different cookies.

By using cookies, we can provide user-friendly services via our website and continuously improve and optimize the offers or information on our website. The purpose of recognition and identification is therefore to simplify the use of our website.

For example, users who agree to the use of cookies do not have to re-enter their access data or update their shopping cart each time they visit the relevant page.

You can prevent the setting of cookies at any time by making the appropriate settings in your browser and in this way permanently object to the setting of cookies. You also have the option of deleting cookies that have already been set within your browser. If you object to the setting of cookies in this way, however, not all functions of our website may be fully available.

6. General information and data collection

When you access our website, general information and data is collected and stored in so-called log files of our server. These are usually

• • accessing browser type and its versoion,
  • accessing operating system,
  • Referrer-URL (website from which you were redirected to our site),
  • sub-pages accessed,
  • date and time of access,
  • IP-address (Inernet protocol address),
  • ISP of the accessing system (Internet service provider) and data and information similar to the above that we need to defend against cyberattacks and other attacks on our IT systems.

We use this information without drawing any conclusions about the person concerned, but we need it in order to

• • display and provide the content of our web offer correctly and truthfully,
  • successively improve the content of our web offer as well as the advertising for it,
  • ensure and guarantee the generel functionality and operability of our website and our IT systems, and
  • be able to provide the relevant information to the prosecuting authorities in the event of criminal offences in connection with our website.

The purpose of the processing is therefore the statistical evaluation and the increase of data and IT security.

We store the above log file data anonymously and separately from possible other personal data of the data subject.

7. Privacy policy for Google Analytics with anonymization function

Our website uses components of Google Analytics, a web analysis service for the collection and analysis of data about the behavior of users of our website. In particular, the service collects data about the website from which the user visited our website (referrer), which subpages the user accessed and how long the user stayed on the respective pages. We use this data to improve our website and for cost-usage analysis of online advertising.

The operator of Google Analytics is the company Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States of America.

We have added “_gat.anonymizeIp” to Google Analytics. This shortens and anonymizes the IP address of a user who accesses our website from the European Union or a state party to the Agreement on the European Economic Area.

Google Analytics analyzes the flow of visitors to our website by, among other things, using the transmitted data and information to provide us with detailed reports on the activities and behavior of users of our website and to offer us other services related to our website.

Google Analytics sets a cookie on the user’s computer system, which allows it to create an analysis of the use of our website. If the user calls up one of our sub-pages on which Google Analytics is integrated, the user’s browser is caused to transmit data to Google Analytics for the purposes of commission accounting and online advertising. Google Analytics receives personal data in this way, such as the user’s IP address, in order to track the origin of users and ad clicks for commission billing purposes.

The cookie collects and stores personal data (for example, the location from which our website was accessed, the time of access and its duration, or the frequency of the user’s visits). This data, including the IP address, is transferred to the United States of America and stored there. Google Analytics may pass this data on to third parties.

As shown in section 5 of our privacy policy, the data subject can prevent cookies from being set and delete cookies that have already been set. This also applies to cookies set by Google Analytics.

In addition, every data subject has the right to permanently object to the processing of his or her personal data by Google Analytics. For this purpose, the data subject can load and install a browser addon at https://tools.google.com/ dlpage/gaoptout. This informs Google Analytics that the above-mentioned personal data may not be transmitted and thus counts as an objection.

If the user’s computer system is later reset, formatted, deleted or reinstalled, the user must reinstall the aforementioned browser addon in order to deactivate Google Analytics. The same applies if the addon – for whatever reason – has been uninstalled.

We would like to point out that it is possible that the general data and information mentioned in section 6 of this privacy policy will be transmitted to the provider and that the provider will store it.

Google’s privacy policy can be found at https://www.google.de/ intl/de/policies/privacy.

The privacy policy of Google Analytics can be viewed here: http://www.google.com/ analytics/terms/de.html

A detailed description of the service is available here: https://www.google.com/ intl/de_de/analytics/

8. Legal basis of the processing

The legal basis of Art. 6 (1) (a) GDPR is relevant if the data subject’s consent to the processing of his or her personal data has been given.

Processing of personal data that serves to fulfill a contract or to initiate a contract with the data subject is based on Art. 6 (1) (b) GDPR.

A processing of personal data is based on Art. 6 para. 1 lit. c) GDPR if it is carried out due to legal obligations to which we are subject, such as the fulfillment of tax obligations.

A processing of personal data is based on Art. 6 (1) (d) GDPR if it is necessary to protect the vital interests of the data subject or another natural person. Such a case would be if a visitor were to injure himself on our premises and we then had to transmit his name, age, health insurance data or other vital data to a doctor or hospital.

Art. 6 para. lit. f) GDPR establishes a processing of personal data, which in each case does not find a basis in the previously mentioned and which is necessary to protect a legitimate interest of our company or a third party. In this context, the interests, fundamental rights and freedoms of the data subject must not be overridden.

9. Legitimate interests in the processing pursued by the controller or a third party

When processing personal data on the basis of Art. 6 (1) lit. f GDPR, our legitimate interest is to conduct business activities that are oriented towards the well-being of our employees and shareholders.

10. Storage period of the personal data

The benchmark for the duration of the storage of personal data is the statutory retention period. After expiry of this period, the respective data is routinely deleted, provided that it is required for the fulfillment or initiation of the contract.

11. Legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

The provision of personal data may result from contractual (e.g. information on the contractual partner) or legal (e.g. tax regulations) obligations. For example, a data subject may provide us with personal data for the purpose of concluding a contract, which will then be processed by us. Thus, a person may be obliged to provide personal data when concluding a contract with our company. In this case, failure to provide this data would make it impossible to conclude a contract.

Before providing personal data, the data subject may contact our company. We will inform the data subject whether the provision of this data is required by contract or by law, is necessary for this purpose and what the specific consequences of not providing it would be.

12. Automated decision making

As a responsible company, we deliberately refrain from automated decision making or profiling.