Privacy Policy

We, the Hemro International AG, Thurgauerstrasse 80, 8050 Zürich, Switzerland (Hemro/we), thank you for visiting one of our websites and for your interest in Hemro. In the following, we provide information about the type, scope, and purpose of the collection and use of your personal data on our websites. Personal data is any information relating to an identified or identifiable natural person. This includes in particular your name, address, and email address. If provisions of the General Data Protection Regulation (GDPR) are named in this Privacy Policy, these shall apply in accordance with Art. 3 GDPR. In all other respects, the applicable statutory provisions on data protection shall apply.

This Privacy Policy applies to the following websites belonging to the Hemro Group:

ditting:  https://www.ditting.com/
HeyCafé: https://www.heycafe.com/

Unless explicitly mentioned in the following provisions, these apply equally to all previously listed Hemro Group websites. Where reference is made below to “our website”/”the website,” this refers to the website you are currently visiting.

The provider of the websites listed above and the controller in terms of data protection law is

Hemro International AG
Thurgauerstrasse 80
8050 Zürich
Switzerland

Authorized representatives of the Executive Board: Dr. Marcel Lehmann, Adrian Schürmann, Ziya Boro

Tel.: +41 44 864 18 00
Email: info@hemrogroup.com

1.    Data processing to enable website usage

Every time you access content on our website, connection data is transferred to our web server. This connection data includes:

  • the IP address (Internet Protocol address) of the respective users
  • the date and time of the query
  • the referrer URL
  •  device numbers such as your unique device identifier (UDID) and comparable device numbers, device information (e.g., device type)
  • the browser type/version

This connection data is neither used to determine a user’s identity nor is it combined with data from other sources. Rather, it serves to make the website available. The legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. f GDPR. After no more than seven days, the connection data is anonymized by truncating the IP address at the domain level. 

2.    Data processing on request

The use of our website is generally possible without providing personal data. You are neither obliged to visit this website nor to provide any personal data. If you do not provide us with the personal data listed below, you may not be able to use certain functions or services of this website. Other than that there will be no consequences for you.

We process your personal data when you use our following services:

2.1    Dealer area

Some of our websites provide you with the opportunity to register with us as a dealer and use the dealer area on our website. We will process your data for this purpose.

When using a password, please take appropriate security measures. For example, a password should contain a minimum of 8 characters and should always consist of a combination of upper- and lowercase letters, numbers, and special characters. Trivial words such as “ABC” or keyboard sequences (e.g., “qwert” or “asdfgh”), all kinds of names (e.g., of friends, acquaintances, colleagues, family members, pets), city and building names, cartoon characters, car brands, license plates, terms, dates of birth, telephone numbers, common abbreviations, etc. are thus problematic.

Your personal data is processed based on Art. 6 para. 1 sentence 1 lit. b GDPR.

2.2    Employee login

If you are an employee of Hemro, the Hemro Group’s website provides you with the ability to access the dealer area and website administration and editing functions via the website’s login function. When you make changes on the website (e.g., edit content), we record the time when the changes are saved and the login used.

Login data must be kept strictly confidential. If a password has nevertheless been shared, for example, to enable third parties to access certain databases in an emergency, the password must be changed immediately. For your own protection, passwords that have already been used before may not be used again.

We also store your IP address and the time of access during the login process. This is necessary to ensure the security of our information technology systems.

We also set a session cookie each time you log in. This session cookie prevents automatic logout during active use of the account or related services. After the respective logout, the session cookie is automatically deleted within a few minutes.

Your personal data is processed for the purpose of the employment relationship and thus on the basis of Art. 88 GDPR in conjunction with the relevant national regulations (in German law, § 26 para 1, sentence 1 BDSG). If special categories of personal data are involved, processing is based on Article 88 GDPR in conjunction with the relevant national regulations (in German law, § 26 para 3 BDSG).

2.3    Contact form

If you use the contact form we provide to contact us, your details will be stored so that they can be used to process your query. Provision of your email address is sufficient for us to contact you. The additional voluntary information about your person serves only to personalize the address for you.

The legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest then lies in responding to your query. 
If (pre)contractual measures are implemented, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. 

2.4    Newsletter

If you expressly consented to receiving our newsletter, information about company news, current events, and the latest coffee grinding product highlights will be sent regularly to the email address you provided. Provision of your email address is sufficient for us to send you the newsletter. The additional voluntary information about you is only used to personalize the newsletter for you.

In order to subscribe to our newsletter, we use the so-called double-opt-in procedure. This means that once you have subscribed, we will send you an email to the email address you provided, asking you to confirm that you want us to send you the newsletter. If you do not confirm your subscription within three months, your information will be automatically deleted.

In connection with our newsletter, we use the online marketing platform Mailchimp (“Mailchimp”), which is operated by Intuit Inc, 2700 Coast Ave, Mountain View, CA 94043, 650-944-6000, USA. Mailchimp is a service that can be used to organize the sending of newsletters, among other things. Our newsletters sent via Mailchimp allow us to analyze the behavior of newsletter recipients using a tracking pixel (so-called web beacons). It may be analyzed, for example, how many recipients have opened the newsletter message and how often links in the newsletter have been clicked. Further information about Mailchimp’s Privacy Policy is available at: https://mailchimp.com/legal/cookies/#Cookies_served_through_the_Service and https://www.intuit.com/privacy/statement/.

The legal basis for the processing of data is based on your consent, based on § 25 para. 1 sentence 1 Telecommunications Digital Services Data Protection Act (TDDDG) for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You may withdraw your consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. A link is provided at the end of each newsletter for you to exercise your right to withdraw from the newsletter and tracking. Alternatively, you can also withdraw your consent at any time, for example, by sending an email to marketing@hemrogroup.com.

Please note that Intuit Inc. is a company from the USA. However, Intuit Inc. is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the U.S. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TXVKAA4&status=Active.

2.5    Applications

On the Hemro Group website, you can apply centrally for a position at one of the companies listed there (in each case: “job provider”). You have the option of using our online application form. Alternatively, you can also apply by e-mail or post.

As part of the online application, you will be asked to provide personal details (e.g. name and contact details). The provision of certain data is required for the establishment and implementation of a possible employment relationship with the respective job provider. If you do not provide these data, which are marked separately as mandatory fields, your application is incomplete and cannot be considered further in the application process. The provision of other information and the upload of files or documents (e.g. CV or application photo) is not mandatory at this application stage, but optional. If you only provide mandatory information, there will be no disadvantages for your application.

Once we have received your online application, you will receive an automatic confirmation of receipt from us. Further communication regarding the application process will then take place via the respective job provider.

Your data will be processed by the respective job provider for the purpose of deciding whether to establish an employment relationship. The legal basis for data processing by the respective job provider is Art. 88 para. 1 GDPR in conjunction with the respective national regulation, in Germany § 26 para. 1 sentence 1 BDSG. If special categories of personal data are affected, the processing is governed by Art. 88 GDPR in conjunction with the national regulation, in Germany § 26 para. 3 BDSG. In the event of a rejection or the completion of the application process, your data will be deleted within 90 days.

Please note our additional data protection information in connection with an application at: https://hemro.jobs.personio.de/privacy-policy?language=en 

3.    Data processing for a needs-oriented website design

In order to make your user experience of our website as pleasant as possible, we use so-called “web tracking systems.” Cookies are generally used for this purpose. These are small text files, which are sent from a web server to your browser and stored on your computer’s hard drive. This enables us to recognize the end device you are using when you access our website. We are thus able to determine, for example, whether you are logged in, have an active shopping cart, and what the contents of your shopping cart are. The session cookies deployed for using the shop are deleted at the end of the browser session. Other cookies remain on your end device and allow us to recognize your device on your next visit.

A list of the tracking tools and other services that we use and that use cookies is provided in Section 3.1 et seq.

Most browsers are set to accept cookies by default. You can deactivate the storage of cookies in your browser and delete them from your hard drive at any time. However, you can also use your browser to prevent certain cookies (e.g., from third parties) from being set – to prevent web tracking, for example. Further information about your browser’s help function is available here.  
We would like to point out that you can also install a plug-in in your browser to protect your privacy. Plug-ins such as AdBlock, Ghostery, or NoScript can prevent tracking (please refer to the privacy policy of the respective plug-in provider).

Finally, we would like to point out that if cookies are deactivated, it may not be possible to use all functions of this website to their full extent. Please also note that deactivation may have to be carried out for each browser and each end device.

Details of the cookies used on the website can be found in the cookie banner and in the following terms and conditions. Unless otherwise stated in the following provisions in Section 3.1 ff., the legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the needs-oriented design of the website.

3.1    Cookie consent with the cookie consent tool

The HeyCafe and Ditting websites use Usercentrics' cookie consent technology to obtain your consent to the storage of certain cookies on your end device and to document this in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/ (“Usercentrics”).

When you visit our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or the withdrawal of your consent(s)
  • your IP address
  • Information about your browser
  • Information about your end device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

In addition to the information in the cookie banner, please also note the following information in the Sections 3.2 ff. 

3.2    Google Analytics

Our website uses the “Google Analytics 4 (GA4)” tracking tool. This is a service provided by Google Ireland Limited, a company registered and operated in accordance with Irish law, headquartered at Gordon House, 4 Barrow Street, Dublin, Ireland (“Google”). This tracking tool helps us to make our online offers more interesting for you and to improve the user experience. Data on the use of our website is stored in pseudonymized user profiles. In addition to JavaScript and pixels, cookies can also be used for this purpose. Further information on the use of cookies can be found at: https://support.google.com/analytics/answer/11397207. The types of personal data processed include Online identifiers (including cookie identifiers), internet protocol addresses and device identifiers, identifiers assigned by the customer.

Data from different devices, sessions, and interactions can additionally be linked to a user ID. This information is generally transferred to a Google server in the USA and stored there.

As part of the evaluation, Google also uses artificial intelligence (AI) to automatically analyze, classifies, and enrich data. This is done in particular for predictive metrics on future user behavior based on structured event data, such as purchase probability, churn probability and predicted revenue. The forecast measurement values can also be used for forecast target groups. You can find out more about this at: https://support.google.com/analytics/answer/9846734.

Google uses modeling techniques to estimate online conversions that cannot be captured directly. This enables more realistic statements to be made in reports, advertising campaigns to be optimized and automatic bidding to be improved. You can find more information on this at: https://support.google.com/analytics/answer/10710245.

Finally, the data is analyzed using Analytics statistics. Google provides automatic and user-defined statistics. You can find out more about this at: https://support.google.com/analytics/answer/9443595.

By default, Google already automatically anonymizes user IP addresses when collecting user data. Google also does not log or store the IP addresses. The truncating of IP addresses does not mean that data is processed entirely in anonymized form. Thus, when Google Analytics is used, usage data is collected that is to be evaluated as personal data, such as identification features of the individual users, which also allow a link to an existing Google account, for example.

On our behalf, Google will use this information to evaluate your usage of our website, to compile reports on website activity, and to provide other services related to website and Internet usage to us. The pseudonymized user profiles are not combined with personal data about the bearer of the pseudonym unless separate consent has been obtained for this.

For more information on Google Analytics, see: https://support.google.com/analytics/answer/12017362

Please note that Google also has independent access to your data collected via Google Analytics and may also use this data for its own purposes. Google may, for example, link this data to other information about you, such as search history, personal account, usage data from other devices, and all other data that Google has about you.

The legal basis for the use of Google Analytics is based on your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that Google is a company from the USA. Information about Google's data centers locations can be found at www.google.com/about/datacenters/locations/. The new EU standard data protection clauses were agreed as appropriate safeguards to ensure an adequate level of protection for the transfer of data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. You can find further information here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

3.3    Google Tag Manager

We use Google Tag Manager "GTM". This Google service allows website tags to be managed via an interface. However, GTM only implements tags. In this respect, no cookies are used. GTM only triggers other tags, which in turn may collect data, but GTM does not access this data. Data is only analyzed in the respective tool (see the tools listed in section 3 for details). However, the GTM records your IP address and online identifiers (including cookie identifiers), which may also be transmitted to Google in the USA. You can find additional information on GTM at https://support.google.com/tagmanager/answer/6102821

The legal basis for the use of GTM is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner.

Please note that the provider is a company from the USA. Information about Google's data center’s locations can be found at www.google.com/about/datacenters/locations/ The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an appropriate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

3.4    Google Maps

We use Google Maps via an API on our website. This is a service provided by Google. Your IP address must be stored to use the Google Maps functions. This information is generally transferred to a Google server in the USA and stored there. We have no control over this data transfer. We have also concluded an agreement with Google on mutual responsibility for the processing of personal data. You can view our agreement with Google by clicking the following Link. The legal basis for the use of Google Maps is based on your consent pursuant to § 25 para. 1 sentence 1 TDDDG for the storage and access to information in end devices, as well as pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR for the further processing of your data. You give your corresponding consent via our cookie banner. Please note that Google is a company from the USA. The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an appropriate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

Further information on how user data is handled is available in Google’s Privacy Policy at: https://policies.google.com/privacy.

3.5    YouTube

Some of our websites use plug-ins from YouTube, which is operated by Google. If you visit one of our websites featuring a YouTube plug-in and actively click on the corresponding field, a connection to YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you’re logged in to your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. 

The legal basis for the use of YouTube is based on your consent pursuant to § 25 para. 1 sentence 1 TDDDG for the storage and access to information in end devices, as well as pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR for the further processing of your data. You give your corresponding consent via our cookie banner.

Please note that the provider is a company from the USA. Information about Google's data center’s locations can be found at www.google.com/about/datacenters/locations/ The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an appropriate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

For more information about the handling of user data by YouTube, please visit YouTube's privacy policy at: https://policies.google.com/privacy.


4.    Social media presences 

4.1    Links to social networks

Our website may contain links to social networks (Facebook, X (Twitter), Instagram, and YouTube). These websites are operated exclusively by third parties. If you click the links, the respective provider may process your personal data. Please refer to the providers’ privacy policies for further information in this regard.

4.2    Data processing by Hemro and legal basis

Our social media presences (Facebook, X (Twitter), LinkedIn, Instagram, and YouTube) are intended to provide you with information about Hemro as well as about our new developments, services, and products. Depending on the respective provider’s offer, you have the option to interact in different ways (comments, recommendations, etc.), for example, in connection with our social media presence. The interaction of users is an important criterion for us in order to carry out targeted marketing. For example, we can determine which posts users prefer to read. We therefore also use the statistics determined by the providers in this regard for our own purposes. If we process the users’ personal data, the legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest thus lies in particular in targeted information/advertising. The providers will inform you separately about the legal basis on which they process your data for their own purposes.

4.3    Joint responsibility

In individual cases, we may share responsibility for the processing of your personal data with social media providers. In this case, you may assert your rights both against us and against the social media provider (see Section 9). However, the first point of contact is always the social media provider.

We have concluded an agreement with Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook or Meta) on joint responsibility for the processing of personal data. This applies to the processing of so-called “insights data” – page statistics, in particular on the interactions of Facebook users. Further information on page insights is available here: https://www.facebook.com/business/pages/manage#page_insights. You can view our agreement with Google by clicking the following link: https://www.facebook.com/legal/controller_addendum

In relation to “page insights,” we have also concluded an agreement with LinkedIn Ireland on joint responsibility. With Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to your aggregated data. It is not possible for us to draw conclusions about individual users by means of page insights information. Detailed information about page insights and our agreement with LinkedIn Ireland can be viewed by clicking the following link:
https://legal.linkedin.com/pages-joint-controller-addendum.

Please note that the social media providers also process your data outside the EU/EEA. Meta Platforms Inc. and LinkedIn Corporation are active participants in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA when data is transferred to them. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active

With regard to the storage period for your data processed by us for our own purposes, please refer to our explanations provided under Section 7. Otherwise, please observe the respective social media provider’s privacy policy.

5.    Data transfer 

We will only transfer personal data to third parties or other recipients if this is necessary for the provision of services, if you have given your consent, if there is a legal obligation to do so, or if the transfer of data is permitted on another legal basis. Where necessary, we have concluded data processing agreements with the recipients of your data in accordance with Art. 28 GDPR. 

6.    Data transfer to countries outside the EU

Insofar as necessary for our purposes, we will only transfer personal data to recipients outside the EU if you have given your consent, if there is a legal obligation to do so, or if the transfer of data is permitted on another legal basis. Your data will also be transferred to recipients based in the USA within the scope of processing data. An appropriate level of data protection is ensured by the conclusion of the new so-called EU standard contractual clauses and/or the participation of the service provider in the USA in the EU-U.S. Data Privacy Framework. An overview of the participants in the EU-U.S. Data Privacy Framework can be found here: https://www.dataprivacyframework.gov/s/participant-search

7.    Storage period for personal data/criteria for determining the storage period

We will store your personal data for as long as this is necessary for the aforementioned processing purposes or in case of an objection that no compelling reasons worthy of protection exist for Hemro or in case of a withdrawal of consent if no other legal basis for data processing exists. In certain cases (e.g., if there is a legal obligation to store data), your personal data will not be deleted immediately, but rather blocked initially. For example, the storage period for messages sent via the contact form with business-related content can be ten years. 

8.    Security measures to protect your personal data

We use technical and organizational measures to protect your data from unauthorized access, loss, or destruction. Our security measures are continuously adapted in line with technical developments. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to treat personal data confidentially. Our employees are trained accordingly.

To protect your personal data on this website, we use a secure online transmission procedure known as “Secure Socket Layer” (SSL) transmission. This can be recognized by the closed lock symbol displayed on the https:// address. Click on this symbol for details of the SSL certificate used. Display of this symbol depends on the browser version used.  SSL encryption guarantees the encrypted and complete transmission of your data.

9.    Your rights 

Within the framework of the legal requirements, you are in principle entitled to request from Hemro:

  • confirmation of whether Hemro is processing your personal data
  • information about this data and the circumstances of processing
  • correction if this data is incorrect
  • deletion if there is no justification for processing and no obligation to store your personal data (any longer)
  • restriction of processing in certain cases specified by law
  • objection in case of data processing based on Art. 6 para. 1 sentence 1 lit. f GDPR
  • transfer of your personal data – insofar as you have provided it – to you or a third party in a structured, common and machine-readable format

If you have given your consent to the processing of your personal data, you have the right to withdraw your consent again at any time. Processing of your personal data will then not be allowed in the future. However, this will not affect the lawfulness of the processing carried out with your consent before you withdrew your consent.

Please address your specific request to our data protection officer in writing or via email, clearly identifying your person:

krupna LEGAL
Data Protection Officer

Email: office@krupna.legal

Insofar as we use your data in joint responsibility with third parties in the sense of Art. 26 GDPR, the third party is primarily responsible for the exercise of all data subject rights. However, you are also free to assert your rights against us.

Finally, we would like to draw your attention to your right to lodge a complaint with a supervisory authority. 

10.    No automated individual decisions

We do not use your personal data to make automated individual decisions.

11.    Changes to the Privacy Policy

New legal requirements, business decisions, or technical developments may make changes to our Privacy Policy necessary. The Privacy Policy will then be amended accordingly. The latest version can always be found on our website.