We process your personal data for the technical provision of our website based on the following legal bases:
- For the preservation of our legitimate interests in accordance with Article 6(1)(b) UK GDPR, so that we can ensure technical provision of the website. Our legitimate interest consists of being able to provide you with an appealing, technically functional and user-friendly website and to take measures for the protection of our website against cyber risks, and to prevent cyber risks being generated through our website for third parties.
- Where you consent to the application of any non-essential cookies, our lawful basis shall be consent in accordance with Article 6(1)(a) UK GDPR until such consent is withdrawn or such cookie expires (whichever is sooner).
Statistical analysis of the use of our website and range increase
For the purpose of the statistical analysis of the use of our website, we use analysis tools. In this way, we can improve the quality of our website and its contents. We learn about how the website is used and can thus consistently optimise our range of offers.
The information received within the scope of the statistical analysis shall not be merged with your other data collected within the scope of the website.
We process your personal data for the statistical analysis of the use of our website based on the following legal bases:
- Necessary for the fulfilment of our legitimate interests to ensure our website is secure and being used appropriately and to learn from how our website is used in order to identify improvements (Article 6(1)(f) UK GDPR)
- If you have issued your consent, then based on this consent, Article 6(1)(a) UK GDPR.
We use Piwik PRO Analytics Suite as our website analytics tool. This collects data about you as a website visitor based on cookies. The information collected may include the following data in particular:
- IP address
- Operating System
- Browser ID
- Browsing Activity
- Network Location
- Time of visit to the website
- Pages viewed (a page URL and a page title)
- Time spent on each page
- HTTP referrer
- Device Type
- Browser Type
- User ID
- Visitor ID
- Device ID
- Session ID
We calculate metrics such as bounce rate, page views, sessions and similar usage parameters to understand how our website is used. We may also create visitor profiles based on browsing history to analyse visitor behaviour, display personalised content and run online campaigns.
Further information on the cookies used, in particular on the specific purpose, the type of cookie and the storage period, any consent you may have given and the management of the cookies, can be found in our Cookie Declaration.
We process your personal data for statistical analysis of the use of our website based on the following legal basis:
- If you have issued your consent, then based on this consent, Article 6(1)(f) UK GDPR.
For the purpose of personalising advertising, measuring the effectiveness of advertising, integrating external content and protecting our website, cookies or similar technical means from third parties are placed on our website in which or with the help of which personal data can be stored and which can be collected and processed by these third parties. This allows us to improve the quality of our website. The information obtained in this way will not be merged with your other data collected as part of the website.
We use videos from the YouTube service on our website; The provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "YouTube"). In doing so, we use the "extended data protection mode" option provided by YouTube.
By retrieving videos, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in our Cookie Declaration. of this declaration as well as information about the video you have viewed. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Youtube or another Google account, your data will be directly assigned to your account there and processed independently by the provider; You can avoid this by logging out before visiting our site. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. Further information on the associated transfer of personal data to the USA can be found below under "V”. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
. You can find more detailed information on the cookies used, in particular on the specific purpose, the type of cookie and the storage period, any consent you may have given and how to manage the cookies, in our Cookie Declaration.
In this respect, your personal data is processed on the basis of your consent in accordance with Article 6(1)(a) of the UK GDPR.
III. Active use of the website and social media
In addition to the purely informational use of our website and social media platforms, you can also use our website and social media platforms actively in order to get in contact with us. In addition to the above mentioned processing of your personal data for purely informational use, we then also process further personal data which we require to process and respond to your request.
i. Contact request
To be able to process and respond to your requests to us, for example via the different contact forms, we process the personal data of which you have informed us accordingly. This data always includes your name and your email address so that we can send you a reply, as well as the other information which you send to us within the scope of your notification. In the event of product complaints, we will also process your postal address.
We process your personal data when responding to user requests based on the following legal bases:
- For the preservation of our legitimate interests in accordance with Article 6(1)(f) of the UK GDPR; our legitimate interest consists of the proper reponse to customer requests.
ii. Social Media Marketing
We may use your data for advertising and market research purposes, for example posting advertising communications to our social media platforms which include but not limited to Instagram, LinkedIn, Facebook, and X. We typically process your social media handle, gender profile, age range and the content which you view or interact with.
You can unfollow HARIBO at anytime by updating your preferences on the appropriate social media platform.
We may share and receive personal data about you with social media providers for advertising purposes. This is based on the following legal basis:
- Where the data we share with them is collected using cookies, our lawful basis is your consent to these cookies under Article 6(1)(a) of the UK GDPR (see comments under "Cookies Declaration" above).
- Otherwise, our lawful basis for sharing and receiving your personal data with social media providers is based on our legitimate interests to promote our business and products on social media.
If you have any queries about how social media providers collect and use your personal data, we would refer you to the privacy notices available on their applications and websites.
iii. Events and Prize Draws
We may collect and process your personal data when we are running prize draws, raffles or online scavenger hunts or giveaways (whether on our website, in person or on our social pages).
This collection and processing of personal data is necessary to enable you to partake in these events, and to enable us to send prizes to winners. Please note that if you are a winner your name and location may need to be published on our website and / or our social pages.
The types of personal data we may use for this include:
- Prize Draws:name, email address, phone number, postal address, date of birth, social media handle
- Raffles:name, postal address, phone number, email address
- Scavenger Hunt:name, social media handle, email address, phone number, postal address, date of birth, photos / videos posted on socialRaffles:
name, postal address, phone number, email address
- Giveaways:name, social media handle, email address, postal address, phone number
This personal data is gathered when you enter into the event, which may be directly via our website or via third party or social media pages.
Your information may be shared with third party suppliers who help support us in running these events (such as our PR and advertising agencies, our social media providers, promotional partners and courier service providers who deliver prizes).
We process your personal data for the purposes stated here on the following legal basis:
- necessary for the performance of our contracts with entrants (Article 6(1)(b)); and
- necessary for the fulfilment of our legitimate interests to promote our products and encourage engagement with our products by hosting these types of events (Article 6(1)(f) UK GDPR).
Some sections of our website contain links to third party websites. These websites are subject to their own data protection principles. We are not responsible for their operation, including the handling of data. Should you send information to or via such third party websites, then you should inspect the Data Protection Declarations for these websites before you send them information which can be assigned to you.
V. Categories of recipients
Initially, only our employees will be aware of your personal data. To the extent permitted or required by law, or to the extent that you have consented, we will also share your personal data with other recipients who provide us with services in connection with our website. We limit the disclosure of your personal data to what is necessary. In some cases, our service providers receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently with your data, which we transmit to them.
Below is a list of the recipient categories regarding your personal data:
- External services providers for the maintenance, programming, hosting, search function, font of the website www.haribo.com
- External IT service provider of an anti-bot solution
- External IT service provider for website analysis
- External IT service provider for providing the YouTube service on our website
- Inhouse IT service provider for administration
- Both internal and external service providers for answering or reviewing inquiries or processing prize draws, giveaways
- Internal service provider for reviewing customer complaints
- Logistics service providers to be able to send you goods, letters or other items
- Insurers in the event of claims asserted against us
- Payment service providers and banks in the processing of payments
- Legal advisor in the assertion or defence of claims
VI. Transfer to non-member states
VII. Duration of storage
i. Informational use of the website
When using our website for purely informational purposes, we store your personal data as follows:
- Server logs are stored for up to 3 months.
- The storage period of cookies set can be found in the cookie declaration.
- The personal data collected via the Piwik PRO Analytics Suite is stored for 25 months.
- The personal data collected via the YouTube service is stored for a period determined by Google, usually between 9 and 24 months, but in individual cases (e.g. when linking to your Google account, if you are logged in to one during your visit to our website; reuse of YouTube or other Google applications; business and legal requirements) or longer.
- The data collected by Friendly Captcha will be deleted after 30 days.
- Otherwise, your personal data will be deleted immediately after you have left our website.
In addition, you have the option of deleting installed cookies yourself at any time.
ii. Active use of the website and social media
In addition to the purely informational use of our website, you can also actively use our website, for example to contact us. In addition to the processing of your personal data described above in the case of purely informational use, we then process further personal data from you that you actively make available to us
In case of active use of our website, we shall only save your personal data as long as this is required:
The data transmitted by you within the scope of requests shall initially be stored for the duratoon of the response to your request. If applicable, we shall continue to save your personal data up until the statute of limitation for any legal claims from the relationship with you, so that we can if applicable use these as evidence. We will hold for you information for a period of 6 years for these purposes, following which your information will be securely deleted.
iii. Events and Prize Draws
When you enter one of our events, we may retain your data for the duration of the event and up to one month. If you are a winner of one of our events, we may retain your data for up to six months.
VIII. Your rights as the person affected
You are entitled to the following rights as the person affected, which you may assert against us:
Right of information: You are authorised at any time within the scope of Article 15 UK GDPR to request a confirmation as to whether we process appropriate personal data; if this is the case, you shall furthermore be authorised within the scope of Article 15 UK GDPR to receive information on this personal data and certain other information (amongst other things the processing purposes, categories of personal data, categories of recipients, the planned storage duration, the origin of the data, the use of automated decision-making and, in case of the transfer of data to a non-member state, the appropriate guarantees) and a copy of your data.
Right of rectification: You are authorised to request acc. Article 16 UK GDPR a rectification of the personal data we have stored if this is incorrect or erroneous.
Right of deletion: You are authorised subject to the prerequisites laid down in Article 17 UK GDPR to request that we delete personal data concerning you without delay. The right of deletion shall not, amongst other things, exist if the processing of the personal data is required for (i) the exercising of the right to freedom of opinion and information, (ii) the fulfilment of a legal obligation to which we are obligated (e.g. statutory storage obligations) or (iii) the assertion or exercising of legal claims or the defence against legal claims.
Right of limitation of processing: You are authorised subject to the prerequisites laid down in Article 18 UK GDPR to request that we limit the processing of your personal data.
Right of data portability: You are authorised subject to the prerequisites laid down in Article 20 UK GDPR to request that we hand over to you the personal data concerning you and which you have provided to us, in a structured, conventional and machine-readable format.
Right of revocation: You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
Right of objection: You are authorised subject to the prerequisites laid down in Article 21 UK GDPR to file an objection against the processing of your personal data, meaning that we must terminate the processing of your personal data. The right of objection only exists within the limits provided for in Article 21 UK GDPR. In addition, our interests may contradict termination of the processing, meaning that we may remain authorised to process your personal data in spite of your objection.
Right of appeal to a supervisory authority: You have the right to appeal to the UK Information Commissioner's Office (ICO) is you are of the opinion that the processing of the personal data concerning you violates the UK GDPR. The right of appeal shall exist irrespective of any other administrative or judicial rights of appeal.
The ICO can be contacted at:
Cheshire, SK9 5AF
Telephone: +44 (0) 1625 545 745
Fax: +44 (0) 1625 524 510
However, we recommend that you always initially direct any complaints to us at email@example.com.
IX. The scope of your obligations for the provision of data
In principle, you are not obligated to inform us of your personal data. However, if you do not do this, we cannot provide you with our website and cannot respond to requests you send to us. Personal data which is absolutely essential to us for the abovementioned processing purposes is marked as such.
X. Automated decision-making / profiling
We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).
We reserve the right to change this Data Protection Declaration at any time. Any changes shall be announced on our website through publication of the changed Data Protection Declaration. If not otherwise determined, such changes shall take effect immediately. Please therefore check this Data Protection Declaration regularly in order to view the respective most recent version.
Status: October 2023