Privacy Policy

(Last updated: April 30, 2025)

The Planet A Foods GmbH (hereinafter: "we", "us") appreciates your visit to our website www. choviva.com (hereinafter: "Website").
Our principle is to collect only what we need and to process this information solely to provide you with the service you expect.

1. Data Controller

The data controller for processing personal data on our website within the meaning of the General Data Protection Regulation (hereinafter: "GDPR") is:
Planet A Foods GmbH
Fraunhoferstr. 11a
82152 Planegg
Email: hello@forplaneta.com

2. Data Protection Officer

Our appointed Data Protection Officer is:
Kertos GmbH
Briennerstraße 41
80333 Munich
Germany
Email: dsb@kertos.io

3. What are personal data?

Personal data are all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, or IP address. Information for which we cannot (or only with unreasonable effort) establish a connection to your person, e.g. through anonymization of the information, is not considered personal data. The processing of personal data (e.g. collection, querying, use, storage, or transmission) always requires a legal basis such as your consent.

4. Data Processing on Our Website
Provision and Use of the Website
Scope and Purpose of Data Processing

We collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services or information.
When you access our website and use it, we collect personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.

The following information is collected without your intervention and stored until its automatic deletion:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
    We process the aforementioned data for the following purposes:
  • Ensuring a smooth connection to the website
  • Ensuring comfortable use of our website
  • For IT security purposes
Legal Basis

Article 6(1)(f) GDPR serves as the legal basis. The processing of the aforementioned data is necessary for the provision of a website and to enable secure and comfortable use, thus serving the legitimate interest of our company.

Storage Duration and Data Deletion

As soon as the aforementioned data are no longer required for the display of the website, they are deleted (at the latest after 30 days). The collection of data for the provision of the website and the storage of data in log files are mandatory for the operation of the website. The user therefore has no possibility to object. Further storage takes place in individual cases if required by law.

Third Parties

For this website, the technical infrastructure is provided through cloud servers by Microsoft Azure, offered by Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland. By using Microsoft Azure, the following personal data are processed:

  • Your IP address
  • Date and time of the request
  • Domain of the website
  • the type of browser used

The data processing is necessary to provide you with the requested website. The legal basis is Article 6(1)(f) GDPR, where our legitimate interest lies in the provision of the technical infrastructure, as it would otherwise not be possible to operate the website.

The service provider is based in the EU and complies with the GDPR requirements. Additionally, a server location in the Netherlands has been chosen. Nevertheless, it cannot be excluded that data may also be transmitted to the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. "Microsoft" is certified within this framework, which is why such transfers are based on the legal basis according to Article 45 GDPR. Additionally, standard contractual clauses (SCCs) have been concluded. Further information on data protection at Microsoft Azure can be found at: https://azure.microsoft.com/de-de/explore/trusted-cloud/privacy.

5. International Data Transfer

We process your data primarily within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers may be located outside the EEA in so-called "third countries". The General Data Protection Regulation imposes high requirements on the transfer of personal data to third countries. All our data recipients must meet these requirements. Before we transfer your data to a service provider in a third country, each service provider is first reviewed for their level of data protection. A service provider is only selected if they can demonstrate an adequate level of data protection outside the EEA. Regardless of whether our service providers are located within the EEA or in third countries, each service provider must enter into a data processing agreement with us. For service providers outside the EEA, additional requirements must be met. According to Articles 44 et seq. GDPR, personal data can be transferred to service providers who meet at least one of the following conditions:

  • The European Commission has decided that the third country ensures an adequate level of protection (e.g. USA and UK).
  • Standard contractual clauses have been included in our contract with the data recipient (including any additional measures if necessary).
  • Other appropriate safeguards under Article 46 GDPR are provided (e.g. Binding Corporate Rules).
  • In special exceptional cases under Article 49 GDPR
6. Recipients of Personal Data

Within our company, only those individuals who need your personal data for the respective purposes have access to it. Your personal data will only be disclosed to external recipients if we are legally permitted to do so or if you have consented. The following is an overview of the respective recipients:

  • Processors: Group companies or external service providers, e.g. in the areas of technical infrastructure and handling, maintenance, and payment processing, which are carefully selected and monitored. The processors may only use the data according to our instructions.
  • Public Authorities: Authorities and state institutions, such as tax authorities, public prosecutors, or courts, to which we transmit (must transmit) personal data, e.g. to fulfill legal obligations or to protect legitimate interests
7. Email Newsletter

On our website, you have the option to subscribe to our email newsletter. To send and manage the newsletter, we use "Mailchimp" by Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA (hereinafter: "Intuit"). To provide the email newsletter, we collect your email address. By subscribing to the email newsletter, you agree that we may forward your email address to "Intuit" and thus to a server in the USA. There is an adequacy decision by the EU Commission for data transfers to the USA, the EU-U.S. Data Privacy Framework. "Intuit" is certified within this framework, which is why such transfers are based on the legal basis of Article 45 GDPR.
You can revoke the subscription to the email newsletter at any time. You can send us an email or use the contact form on our website.
More about data protection at "Intuit" can be found at: https://www.intuit.com/privacy/statement/

8. Tracking
Scope and Purpose of Data Processing

Various tracking technologies are used on our website. These include, among others, the setting of cookies, the creation of a recognizable value by combining different device and browser information (device fingerprinting), or the use of so-called "universal IDs". In the following, the term "cookies" is used for any tracking technology.

Cookies are data records that are stored on your computer when you visit our website and allow your browser to be reassigned. Cookies store information such as your language settings for the duration of your visit to our website or the entries you make there.

There are different types of cookies. Session cookies are temporary cookies that are stored in the user's internet browser until the browser window is closed and the session cookies are deleted. Permanent or persistent cookies are used for repeated visits and stored in the user's browser for a predefined period. First-party cookies are set by the website the user visits. Only this website is authorized to read information from the cookies. Third-party cookies are set by organizations that do not operate the website the user visits.

A distinction can also be made between technically necessary, functional, and advertising cookies. The former are necessary to ensure basic functions of the website (e.g., storing the language setting). Functional cookies collect information about the user's behavior and whether he receives error messages. Advertising cookies, on the other hand, are used to offer the user tailored advertising.

Legal Basis

The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR due to the described purposes of use, as we have an interest in the user-friendly presentation of our website. If you have given us your consent to the use of functional and advertising cookies based on a notice provided by us on the website ("cookie banner"), the legality of the use is also determined by Art. 6 para. 1 sentence 1 lit. a GDPR.

Storage Duration and Data Deletion

As soon as the data transmitted to us via cookies is no longer required to fulfill the purposes described above, this information will be deleted. Further storage takes place in individual cases if this is required by law.

Configuration of Browser Settings

Most browsers are set to accept cookies by default. However, you can configure your browser to accept only certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if you deactivate cookies via your browser settings on our website. You can also delete cookies already stored in your browser or display the storage duration via your browser settings. It is also possible to set your browser to notify you before cookies are stored. Since the different browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for configuration options.

Cookie List

Screenshot 2025-05-07 at 16.01.27.png

9. Analysis

We use tracking and analysis tools to ensure continuous optimization and needs-based design of our website. With the help of tracking measures, we are also able to statistically record the use of our website by visitors and develop our online offering for you based on the insights gained. If you have given us your consent to use cookies via a notice provided by us on the website ("cookie banner"), the legality of the use is also determined according to Art. 6 para. 1 sentence 1 lit. a GDPR. The following description of the tracking and analysis tools also shows the respective processing purposes and the processed data.

Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). Google Analytics uses "cookies" (see § 7) and similar tracking methods like device fingerprinting.
The information stored in these cookies, e.g. about the time, place and frequency of your use of our website, is usually transmitted to a server of Google in the USA and stored there. For data transfers to the USA, there is an adequacy decision from the EU Commission, the EU-U.S. Data Privacy Framework. "Google" is certified within this framework, which is why such transfers are based on the legal basis according to Article 45 GDPR. In addition, standard contractual clauses (SCC) have been concluded with "Google". When using Google Analytics, it cannot be ruled out that the cookies set by Google Analytics may collect other personal data besides the IP address. We point out that Google may transfer this information to third parties, if required by law or if third parties process this data on behalf of Google.
Google will use the information generated by the cookie on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet use to the website operator. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You can generally prevent the storage of cookies by setting your browser software accordingly. However, we point out that in this case you may not be able to use all the functions of this website to their full extent.
You can revoke your consent to processing and transmission to third countries at any time. The legality of the previous processing will not be affected by this.
More information on data protection at Google can be found at: https://policies.google.com/privacy.

Google - TagManager

This website uses the Google Tag Manager, provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). Google Tag Manager allows the management of website tags. When you visit the website, an HTTP request is sent to Google. This transfers device information (such as your IP address) to Google and within a Google server in the USA. There is an adequacy decision by the EU Commission for data transfers to the USA, theEU-U.S.Data Privacy Framework. "Google" is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.
When using Google Tag Manager, it cannot be ruled out that the data collected by Google may also capture other personal data. We inform you that Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.
Processing is carried out exclusively after you have given your explicit consent. You can withdraw your consent to processing and transfer to third countries at any time. The legality of the processing carried out up to the point of withdrawal remains unaffected.
More information on data protection at Google can be found at: https://policies.google.com/privacy.

10. Data security and security measures

We are committed to treating your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored with us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress.
However, we point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data - e.g. during transmission by email - can be viewed by third parties. We have no technical influence on this. It is your responsibility as a user to protect the data you have provided against misuse by encryption or in another way.

11. Data storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if this has been provided for by the European or national legislature in EU regulations, laws or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or fulfillment of a contract.

12. Rights of the data subject

With regard to your personal data, you have the following legal rights towards us:

Right of access

You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to access this personal data and further information, e.g. about the processing purposes, the recipients and the planned duration of storage or the criteria for determining the duration.

Right to rectification

You have the right to request the correction of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

Right to erasure ("right to be forgotten")

You have the right to request erasure if processing is not necessary. This is the case, for example, if your data is no longer needed for the original purposes, if you have revoked your consent under data protection law, or if the data has been unlawfully processed.

Right to restriction of processing

You have the right to restrict processing, e.g. if you believe that the personal data is inaccurate.

Right to data portability

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you. In the case of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling, insofar as it is associated with such direct marketing.

Right to withdraw your consent under data protection law

You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the legality of the processing carried out up to the withdrawal.

Notwithstanding these rights, you have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data violates data protection regulations.