Privacy Policy

Welcome to our website hipp.com and thank you for being interested in our company and products. As a matter of course, we take the protection of your data very seriously. Therefore, we like to inform you about how your personal data are processed by HiPP. The website hipp.com is provided by Hipp GmbH & Co. Vertrieb KG, Pfaffenhofen (hereinafter referred to as HiPP).

HiPP collects, stores and processes your personal data only if such is permitted on the basis of statutory regulations, or if you have given us your consent to do so. The data shall not be forwarded to third parties. However, processors may be involved in our data processing in individual cases. You receive information that promote our products and services related to nutrition, skin care and development of your child. The basis for this is Article 6 (1) of the EU General Data Protection Regulation. If you would like information or want correction, data portability, deletion, restriction of / opposition to the processing, please contact our responsible data protection officer, A. Maier, datenschutz-team(at)@mailhipp(dot).de at any time with regard to your rights to privacy. Further, you can take any questions or complaints you may have to the competent supervisory authority, Bayerische Landesamt für Datenschutzaufsicht, D-91511 Ansbach, poststelle(at)@maillda.bayern(dot).de.

Thank you!

There are two ways in which we receive data: either you have given them to us or we have collected them while you used our services.

Generally, you can use our Internet website without giving us your personal information directly. If you use certain services, we will ask you for personal information. This might include, for example, your name, your e-mail address or your postal address. This will make the service in question faster and more user-friendly. Some services cannot even be provided without your data input.

Some of the data are collected as soon as you visit our website.

In addition to web server log data, we use cookies and other tracking technologies to track your use of our website/apps. Some of these cookies and technologies are essential, i.e. mandatory, to ensure functionality of our digital services. Apart from that, you also have the opportunity to disable certain cookies and tracking technologies linked to our services in our consent management tool (“cookie banner”).

Click on the following link to access our cookie banner. There you will find more detailed information on the cookies and tracking technologies used and can disable/enable them (unless they are essential, i.e. mandatory):

(You don't see a link? Please deactivate your adblocker and reload this website again.)

With regard to our notice system this Privacy Policy describes what personal data is collected when you use our whistle-blowing system SecuReveal („whistle-blowing system“) and how Hipp GmbH & Co. Vertrieb KG, Pfaffenhofen a. d. Ilm („Hipp“ or „we“) processes this data as the controller.

With regard to our notice system this Privacy Policy is addressed to any user of the whistle-blowing system as well as to potential suspects, witnesses or other third parties named in reports (each a „data subject“).

We process personal data in accordance with the EU General Data Protection Regulation („GDPR“) and applicable national data protection laws. Unless otherwise defined in this Privacy Policy, the terms used herein shall have the same meaning as in the GDPR.

Hipp GmbH & Co. Vertrieb KG
Georg-Hipp-Str. 7
85276 Pfaffenhofen a. d. Ilm 

The personal data we collect varies depending upon the purpose of the collection and the service we are providing you.

Generally, we may collect the following types of personal data from you directly:

a) Browser history, such as pages accessed, date of access, location when accessed, and IP address

b) Demographic information, such as your age and gender and lifestyle preferences. Lifestyle preferences may include your preference for some of the products we offer, and your interests related to those products

c) Browser history, such as pages accessed, date of access, location when accessed, and IP address

d) If ever you apply for employment with us, we will collect additional personal data, such as your employment history, educational history and employment references.

e) Further, we process personal data in order to provide you with information about the whistle-blowing system and to enable the submission and processing of reports via the whistle-blowing system.

The following statements are intended to inform you about how we process personal data about you via the whistle-blowing system and for what lawful purposes we may use it.

When you visit the whistle-blowing system via our website, your browser automatically transmits your IP address and other information about the system you are using (such as the browser you are using and the browser version). The processing of this data is necessary in order to make our website available to you correctly on your respective device. The firewall of our processor checks this connection data by automatically creating log files in order to recognise and prevent harmful attacks on our system.

Legal basis: Art. 6 para. 1 lit f GDPR - legitimate interest in maintaining the functionality, stability and security of our website.

The whistle-blowing system is designed to guarantee whistle-blowers the highest possible level of data protection. The whistle-blowing system can be used anonymously without providing personal data, so that the anonymity of the whistle-blower can be fully preserved when submitting a report.

Data is transmitted exclusively using SSL encryption in order to guarantee the security of the data provided by the whistle-blower. We do not use any tracking tools or third-party cookies on the website.

The whistle-blowing system uses special encryption methods to ensure that only the respective whistle-blower and our responsible compliance officers have access to the report provided. The data contained in the report is therefore only passed on within our company to the relevant compliance officer; it is not passed on to third parties in any other way (with the possible exception of passing it on to the competent authorities or courts as well as auditors for further investigation of the facts on which the report is based). In particular, there is no possibility of access to data within the report by our processors.

Depending on the data, you provide to us, we process the following personal data:

• Identification data of the whistle-blower and the accused (e.g. name, personnel number)
• (Private) contact information of the whistle-blower (e.g. address, e-mail address, telephone number)
• Function in the company
• Information on the facts of the case
• Communication with the compliance officer
• Information and follow-up measures (e.g. investigations)
• Technical secondary data (IP address of access to the whistle-blowing system)

Legal basis: Art. 6 para. 1 lit c GDPR - fulfilment of a legal obligation, namely the provision of an internal whistle-blowing system pursuant to Section 8 in conjunction with Section 11 of the Whistle-blower Protection Act.

You can also submit reports via our whistle-blowing system without disclosing your identity. In this case, you will remain anonymous.

This website also uses cookies. These small text files can be stored on your device when you visit our website and store certain information about you.

We only use technically necessary cookies on this website, which are necessary to ensure the proper functionality of the website and the whistle-blowing system. The use of technically necessary cookies is possible without your consent. However, you can deactivate these cookies at any time via your browser settings.

Legal basis: Art. para. 1 lit F GDPR - legitimate interest in the proper provision of the website and the whistle-blowing system.

The following technically necessary cookies are set on the website:

Cookie name: PHPSESSID
Purpose: This cookie is necessary to manage your active session.
Storage duration: Session

For the purposes mentioned above, we may disclose your personal data to the following recipients:

For the technical hosting of the whistle-blowing system: RBS Responsible Business Solutions GmbH based in Vienna (no content data of the report will be transmitted, only technical secondary data) as well as the technical sub-processors A1 Telekom Austria AG and Wolf Rechtsanwälte GmbH & Co KG.

If disclosure is required (i) by law or regulation or (ii) for the establishment, exercise or defence of legal claims, we may also disclose personal data to competent authorities, such as supervisory, regulatory or criminal authorities, courts or other third parties advising us in this context (e.g. lawyers, forensic experts or auditors).

Your data will only be processed within the EEA and will therefore not be transferred to a third country.

In general, we only store your personal data for as long as is necessary to fulfil the purpose for which it was collected.

Technical secondary data (IP address of access to the whistle-blowing system) is processed exclusively in the firewall of the processor and deleted after 24 hours.

As a data subject, you have the following rights in particular under the legally defined conditions in accordance with Art. 15 - 21 GDPR with regard to your personal data:

• to check whether and which personal data we have stored about you and to receive copies of this data (right of access)
• to request the rectification, completion or erasure of your personal data that is inaccurate or not processed in accordance with the law (right to rectification and erasure)
• to request that we restrict the processing of your personal data (right to restriction)
• to object, in certain circumstances, to the processing of your personal data or to withdraw consent previously given for processing (right to object or withdraw consent)
• to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller (right to data portability)

We do not process your personal data for the purpose of making decisions based solely on automated processing, including profiling, which produces legal effects concerning you (Art. 22 GDPR).

To exercise any of the above rights, please send an email to compliance(at)@mailhipp(dot).de. You also have the right to lodge a complaint with the competent supervisory authority if you believe that we have violated your data protection rights or have not sufficiently implemented your data subject rights.

If you have any questions or other concerns about our processing of your personal data, please contact our Chief Compliance Manager at compliance(at)@mailhipp(dot).de.

Our business address is:
Hipp GmbH & Co. Vertrieb KG
Georg-Hipp-Str. 7
85276 Pfaffenhofen
Germany

Chief Compliance Manager and Data Protection Manager: A. Maier