Privacy Policy

(Last amended: 9 January 2023)

The protection of your personal data is important to us. Whenever we process data, we do so in accordance with the Personal Information Protection and Electronic Documents Act or other relevant provincial law. This policy explains how your personal data are handled when you use our website and

I. Privacy Officer

Contact details of our privacy officer:
RiGO Trading S.A.
6, Route de Trèves, EBBC / Building E
L-2633 Senningerberg
Telephone: +352 286 7670

II. Purposes and legal bases for the data processing

1. Use of the website for information purposes

You can visit our website without actively providing any information about yourself. In this case, we will process the following personal data on a technical level:

a. Technical provision of the website

For the purpose of the technical provision of the website, it is necessary for us to process certain automatically transmitted information from you in order to enable your browser to display our website and you to use the website. This information is automatically collected each time our website is accessed and is stored in our server log files. This information relates to the computer system of the machine making the request. The following information is collected:

  • IP address of the user
  • The date and time the website was accessed
  • URL visited including HTTP method and GET parameters + protocol version
  • Byte size of the server response
  • HTTP referrer
  • Browser type and version
  • Operating system type and version

In addition, we use the Friendly Captcha anti-bot solution to secure input fields against automated attacks. The following information will be processed:

  • Hash value (one-way encryption) of the incoming IP-address (the IP-address is discarded, only the hash value is stored)
  • HTTP-request header-data, especially user-agent, origin, and referrer
  • Date/time of the request
  • Version of the widget used
  • Number of requests from the (hashed) IP-address per time period
  • Answer of the arithmetic problem solved by the visitor's computer

Furthermore, we use cookies to make our website available for you to use. Cookies are text files that are saved in a web browser or by a web browser on your computer system when you visit a website. Cookies contain a unique string of characters that uniquely identifies the browser when the user returns to the website. We use cookies only to make our website available to you along with its technical features. Some features of our website can be provided without using cookies. The cookies listed below store the information described in each case and transmit it to us:

This enables us to improve the quality of our website. We do not use the information collected by the above cookies to create user profiles or to evaluate your surfing behaviour.

Your data, which we have collected using the above cookies, will not be used by us to create user profiles or to analyse your surfing behaviour. We process your personal data for the technical provision of our website on the following legal bases:

  • to perform a contract or to take steps prior to entering into a contract in so far as you visit our website to find out about our products and events; and
  • to protect our legitimate interests in order to be able to make the website technically available to you. Our legitimate interests lie in being able to make an attractive, technically functional and user-friendly website available to you as well as to take steps to protect our website against cyber risks and prevent cyber risks for third parties emanating from our website.

b. Statistical analysis of website use and increased coverage

With your consent, we use analytical tools in order to carry out statistical analyses of how our website is used. By doing this, we can improve the quality of our website and its content. We learn how the website is used and can thus continually optimise our service. The information obtained in the context of statistical analysis of our website will not be combined with any other of your data collected by the website.

Piwik PRO

We use Piwik PRO Analytics Suite as our website analytics tool. This collects data about you as a website visitor based on cookies. The information collected may include the following data in particular:

  • IP address
  • operating system
  • browser ID
  • Browsing activity
  • Network location
  • Time of visit to the website
  • Pages viewed (a page URL and a page title)
  • Time spent on each page
  • HTTP referrer
  • Device type
  • Browser type
  • User ID
  • Visitor ID
  • Device ID
  • Session ID

We calculate metrics such as bounce rate, page views, sessions and similar usage parameters to understand how our website is used. We may also create visitor profiles based on browsing history to analyse visitor behaviour, display personalised content and run online campaigns.

You can find more information about the cookies being used, any consent you might have granted and ways to manage cookies in the section Technical provision of the website (a.).

We process your personal data in order to carry out a statistical analysis of how you use our website on the basis of your consent.

c. Marketing

For the purposes of personalising advertising, measuring the effectiveness of advertising, integrating external content and protecting our website, cookies or similar technical means from third parties are placed on our website, in which or with the help of which personal data may be stored and which may be collected and processed by these third parties. This enables us to improve the quality of our website. The information obtained in this way is not merged with your other data collected within the framework of the website.

We use videos from the YouTube service on our website; the provider is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "YouTube"). We use the "extended data protection mode" option provided by YouTube.

By calling up videos, YouTube receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under III.1.a. of this declaration as well as information about the video you have viewed are transmitted. This takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged into YouTube or another Google account, your data will be directly assigned to your account there and processed independently by the provider; you can avoid this by logging out before visiting our site. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You can find more information on the associated transfer of personal data to the USA below under "VI. Third country transfer". You have a right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and processing by YouTube can be found in YouTube's privacy policy. There you will also find further information on your rights and setting options to protect your privacy: You can find more information about the cookies being used, any consent you might have granted and ways to manage cookies in the section Technical provision of the website (a.).

We process your personal data in order to carry out a statistical analysis of how you use our website on the basis of your consent.


Our website uses Facebook retargeting pixel to better understand and serve our audience. This technology allows us to show personalized ads to users who have previously visited our website. Facebook may collect information such as pages visited and actions taken on our website, which is used to provide more relevant ads to you. We respect your privacy and only use information in accordance with Facebook's privacy policy. If you do not wish to participate in Facebook retargeting, you can opt out by adjusting your ad preferences in your Facebook account settings.

2. Active use of the website

In addition to using our website for purely informational purposes, you can also actively use our website in order to contact us, subscribe to the newsletter or join the fan club. In this case, in addition to the processing of your personal data as indicated above when you use the website purely for informational purposes, we also use other personal data that we require, for instance, to process and respond to your enquiry.

a. Contact request

In order to process and respond to your enquiries, e.g. via the various contact forms, we process your personal data provided by you in this context. In every case, this will include your first name and surname and e-mail address in order to send you a reply, as well as other information you provide us in the context of your communication.

We process your personal data to respond to enquiries on the following legal basis:

  • to protect our legitimate interests; our legitimate interest lies in providing an appropriate response to enquiries from end customers or other interested parties.

b. Newsletter, promotional e-mails and fan club

With your consent, we will use your data for the purposes of advertising and market research such as sending our newsletter or participation in the fan club. As it is mandatory information, we will always process your first name and surname, your e-mail address and your confirmation that you are at least 16 years of age. We will also process your post code in connection with the fan club.

We process your personal data for these purposes on the basis of your consent.
You can unsubscribe from the newsletter at any time by clicking on the corresponding link in the newsletter and confirming that you wish to unsubscribe.
You can leave the fan club on our website at any time by clicking on Company / Service / Fan Club.

IV. Links

Some sections of our website contain links to the websites of third-party providers. These websites are subject to their own data privacy policies. We are not responsible for their operation, including the handling of data. If you send information to or via such third-party sites, you should check the privacy policies of these sites before sending information that can be traced to you personally.

V. Categories of recipients

In the first instance, only our employees receive your personal data. Insofar as permitted or prescribed under law, we also share your personal data with other recipients which provide services in connection with our website. We restrict the forwarding of your personal data to what is necessary. Some of our service providers receive your personal data in their capacity as processors and, in this case, are strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently with your data which we send to them.

The categories of recipients of your personal data are indicated below:

  • External service provider for support of the website, specifically Scholz & Volkmer GmbH, Schwalbacher Straße 72, 65183 Wiesbaden, Germany;
  • External service provider for programming of the website, specifically Nion digital GmbH, Luise-Ulrich-Straße 20, 80636 München;
  • External service providers for hosting the website, specifically PlusServer GmbH, Hohenzollernring 72, 50672 Cologne, Germany, Akamai Technologies GmbH, Parkring 20–22, 85748 Garching, Germany, and Cloudinary Inc., 111 W Evelyn Ave, Suite 206, Sunnyvale, CA 94086, USA; and Amazon Web Services EMEA SARL (AWS), 38 Avenue John F. Kennedy, L-1855 Luxemburg.
  • External service providers for an anti-bot solution on the website, specifically Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany;
  • External service providers for providing the search tool on the website, specifically Elasticsearch B.V., Keizersgracht 281, Amsterdam 1016 –Ed, Netherlands;
  • External IT service provider for website analysis, specifically Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin, Germany;
  • Internal IT service provider for the group, specifically HARIBO IT Dienstleistungs GmbH & Co. KG, Dr.-Hans-und-Paul-Riegel-Straße 1, 53501 Grafschaft, Germany;
  • External service providers for responding to or checking enquiries or executing competitions;
  • Logistics service providers for sending you goods, letters or other items;
  • Insurers when claims are filed against us;
  • Payment service providers and banks for processing payments;
  • IT service providers for administration and hosting of our website;
  • Legal advisors when claims are filed or defended against.
  • YouTube
  • Monotype

VI. Transfer to third countries

When using the Youtube service from Google, personal data is transferred to the USA. The US is considered a non-secure third country with regard to data protection, for which neither adequacy decisions of the EU Commission nor other guarantees exist. Neither the protection of personal data known from the EU exists there, nor do corresponding rights or legal remedies of the data subjects exist with regard to their personal data. In particular, there is a risk that secret and intelligence services as well as other authorities can access your personal data unhindered, for example within the framework of the CLOUD Act, and that there are no effective legal remedies against this. Such data transfer to the USA is covered by your consent, e.g. to the use of cookies. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations.

VII. Duration of storage

1. Use of the website for information purposes

We store your personal data as follows when you use our website for information purposes only:

  • Server logs are stored for up to three months.
  • Information on the storage period of cookies can be found in the section Technical provision of the website (a.).
  • The personal data collected via the Piwik PRO Analytics Suite will be stored for 25 months.
  • The personal data collected via the YouTube service is stored for a period determined by Google, regularly between 9 and 24 months, but in individual cases (e.g. when you are linked to your Google account if you are logged in to one while visiting our website; reuse of YouTube or other Google applications; business and legal requirements) even longer.
  • The data collected by Friendly Captcha will be deleted after 30 days.
  • Otherwise, your personal data are erased as soon as you leave our website.

You can delete installed cookies yourself at any time.

2. Active use of the website

When you use the website actively, we will only store your personal data for as long as necessary:

  • The data you transmit as part of enquiries shall initially be stored for the time it takes to respond to your enquiry. We may then continue to store your personal data until any legal claims arising from the relationship with you become time-barred, in order to use these as evidence where necessary. The period of limitation is generally two (2) years, but may be up to six (6) years.
  • If you join the fan club or subscribe to the newsletter, your data shall be stored until you leave the fan club or unsubscribe from the newsletter.
  • With regard to competitions, your data shall be stored for up to four weeks after the winners have been chosen.

VIII. Your rights as a data subject

Where the statutory criteria are met, you have the following rights as a data subject which you can exercise in relation to us:

  • Right to access: You have the right to request confirmation from us of whether or not we process personal data concerning you; if this is the case, you are further entitled to access these personal data as well certain other information (including the purposes of processing, categories of personal data, categories of recipients, envisaged storage period, origin of data, use of automated decision-making and, in the event of transfer to a third country, the appropriate safeguards) and to receive a copy of your data.
  • Right to rectification: You have the right to request the correction by us of personal data concerning you that is stored by us if such data are inapplicable or inaccurate.
  • Right to erasure: You have the right to obtain from us the erasure of personal data concerning you without undue delay. You will not have the right to erasure if the processing of personal data is necessary for (i) exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (for example, statutory retention obligations) or (iii) for the establishment, exercise or defence of legal claims.
  • Right to restriction of processing: You have the right to obtain from us the restriction of processing of your personal data.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
  • Right to withdraw: You have the right to withdraw your consent to the processing of personal data at any time with future effect.
  • Right to object: You have the right to object to the processing of your personal data and consequently we must cease processing of your personal data. The right to object may have time limits. Moreover, ceasing to process may be contrary to our interests and consequently we will be entitled to process your personal data in spite of your objection.

IX. Scope of your obligations to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to make our website available to you or respond to your enquiries. Personal data which we absolutely need for the aforementioned processing purposes are labelled as mandatory.

X. Automated decision-making and profiling

We do not use automated decision-making or profiling (automated analysis of your personal circumstances).

If you have any concerns or complaints about the collection, use, or disclosure of your personal information, please contact the Privacy Officer listed at the top of this policy, and they will inform you of the process that Haribo Canada will follow to investigate your concerns or complaints.

XI. Amendments

We reserve the right to amend this data privacy policy at any time. Any changes will be notified through the publication of an amended data privacy policy on our website. Unless provision is made otherwise, such changes will be effective immediately. Please check this privacy policy regularly to see the most up-to-date version.