Skip to navigation Skip to main content
Logo Alnavit

Data protection notice

Alnavit GmbH (hereinafter referred to as “Alnavit”) develops organic products. In the following, we inform you about the processing of personal data on our website. We place great importance on the careful handling of personal data. When processing your personal data, we comply with the statutory provisions and take data protection seriously. 

You can print or save this document by using the usual functionality of your browser (File/Save as). You can also download and archive this document in PDF form by clicking here. To open the PDF file, you need the free Adobe Reader or another program that supports the PDF format.

1. Contact person

The contact person and “controller” for the processing of your personal data when you visit this website within the meaning of the EU General Data Protection Regulation (GDPR) is

Alnavit GmbH
Mahatma-Gandhi-Straße 7
64295 Darmstadt
Email: datenschutz@alnavit.com

Phone: +49 (0) 6151 356 7100

If you have any questions about data protection in connection with our products or the use of our website, you can contact us at any time. You may contact us at the postal address or email address provided above.

2. Processing of personal data

When you use our on-line services or interact with our websites (e.g. fill out and send the contact form), personal data are processed.

Personal data refers to information relating to an identified or identifiable person. This primarily includes information (e.g. your name, telephone number, address, and email address) that allows conclusions to be drawn about your identity.

Statistical data that we collect when you visit our website and that cannot be linked to you personally is not considered personal data.

2.1 Accessing our website/connection data

Each time you use our website, we process connection data that your browser automatically transfers in order to enable you to visit the website. The connection data include HTTP header information such as the user agent, in particular:

  • IP address (is anonymised) of the requesting device
  • method (e.g. GET, POST), date, and time of the request
  • time zone difference to Greenwich Mean Time (GMT)
  • address of the requested website and path of the requested file
  • access status/HTTP status code
  • if applicable, the previously accessed website/file (HTTP referrer)
  • browser and its version and language
  • operating system and its version
  • version of the HTTP protocol, HTTP status code, size of the file delivered
  • manufacturer and model details for mobile devices such as smart phones and tablets
  • screen resolution
  • JavaScript activation
  • colour level
  • request information such as language, type of content, encoding of content, and character sets
  • cookies of the accessed domain stored on the end device

The processing of this connection data is essential to grant access to the website, ensure the long-term functionality and security of our systems, and support the general administrative maintenance of the website. Connection data are also stored temporarily in internal log files – limited to what is necessary – for the purposes described above and to detect and respond to repeated or criminal access attempts that may compromise the stability and security of our website.

The legal basis is Article 6 para. 1 sentence 1 lit. b GDPR provided that the page visit is made in the course of the initiation or execution of a contract and otherwise Article 6 para. 1 sentence 1 lit. f GDPR because of our legitimate interest in the permanent functionality and security of our systems. However, the automatic transfer of the connection data and the log files developed from it do not constitute access to the information in the end device within the meaning of the implementation laws of the ePrivacy Directive of the EU member states (in Germany Section 25 of the German Telecommunications and Digital Services Data Protection Act (TDDDG)). In any case, such access would be absolutely necessary.

The IP addresses of users are deleted or anonymised after the end of use. When anonymised, IP addresses are modified so that information relating to personal or factual circumstances can no longer be attributed to a specific or identifiable person, or only with a disproportionate effort in terms of time, cost, and resources. The log files are stored temporarily and then anonymised. The data in the log files are analysed by us in anonymised form in order to further improve the Alnavit on-line offers and make them more user-friendly as well as to find and rectify errors more quickly. They are also used to manage server capacity to ensure the availability of appropriate data volumes when needed. In exceptional cases, individual log files and IP addresses may be retained for a longer period to prevent further cyberattacks from the same IP address and/or to pursue criminal prosecution of the perpetrators.

2.2 Making contact

You have various options for contacting us. This includes the contact form and contacting us by email. To use these features, you must provide additional personal data, which we use and store to deliver the respective service. If you provide us with personal data via our contact form or by email, we will use it solely to respond to your enquiries, communicate with you, and process complaints in compliance with data protection principles. If you contact us using the contact form, your name and email address will be stored so that we can properly process your enquiry.
If additional voluntary information is possible, this is labelled accordingly and serves to better process your enquiry. The legal basis for product-related enquiries is Article 6 para. 1 lit. b GDPR insofar as your details are required to answer your enquiry or initiate or fulfil a contract. The legal basis for enquiries without product reference is Article 6 para. 1 sentence 1 lit. f GDPR because of our legitimate interest in you contacting us and us being able to answer your enquiry.


No data are transferred to third parties – with the exception of passing on personal data to Alnatura Produktions- und Handels GmbH, Mahatma-Gandhi-Str. 7, 64295 Darmstadt – for the purpose of processing contracts or responding to customer enquiries in connection with enquiries on the subject of organic food. Only the data required to respond to this specific customer enquiry (e.g. a complaint) or to process these contracts will be passed on. More information can be found at Data protection provisions of Alnatura Produktions- und Handels GmbH. The legal basis for the transfer is Article 6 para. 1 lit. b with regard to the processing of contracts and Article 6 para. 1 lit. f GDPR based on our legitimate interest in responding to customer enquiries.

2.3 Competitions and surveys

In the context of competitions, we use your data to organise the competition and notify the winners. Detailed information can be found in the conditions of participation for the respective competition. The legal basis for the processing is the competition contract in accordance with Article 6 para. 1 sentence 1 lit. b GDPR. Data processing for other or further purposes, in particular for advertising, is based on your consent in accordance with Article 6 para. 1 lit. a GDPR.
As a rule, the prizes will be sent to you by us. Depending on the nature of the prize or to optimise transport, your data may be shared with logistics partners for the purpose of processing the competition or delivering the prize. Insofar as these are not explicitly mentioned in the conditions of participation or the competition-specific data protection information, we have concluded order processing agreements with the transport company in accordance with Article 28 GDPR with regard to the processing of your name and address required for dispatch.

3. Transfer of personal data

The data collected by us will be transferred only if:

  • you have given your express consent in accordance with Article 6 para. 1 sentence 1 letter a GDPR
  • the transfer according to Article 6 para. 1 sentence 1 letter f GDPR is necessary for the assertion, exercise, or defence of legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data
  • we are legally obliged to transfer data according to Article 6 para. 1 sentence 1 lit. c GDPR , in particular if this is necessary for legal prosecution or enforcement because of official enquiries, court orders and legal proceedings
  • this is legally permissible and required according to Article 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, IT service providers who maintain our systems as well as consulting companies. If we pass on data to our service providers, these providers may use the data only to fulfil their tasks. Personal data may also be transferred to Alnatura Produktions- und Handels GmbH.

The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects, and are regularly monitored by us.

In addition, data may be transferred in connection with official enquiries, court orders, and legal proceedings if this is necessary for legal prosecution or enforcement.

4. Storage and deletion of personal data

In principle, we store personal data only for as long as necessary to fulfil the purposes for which we collected the data. We will then delete the data immediately unless we still need them until the expiry of the statutory limitation period for evidence purposes for civil law claims, because of other statutory retention obligations, or if there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

For evidence purposes, we must retain contract data for three years from the end of the year in which the business relationship with you ends. According to the statutory limitation period, any claims shall lapse in at the earliest at this time.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of statutory documentation obligations, which may arise in particular from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act, and the German Securities Trading Act. The periods of retention specified there are up to 10 years.

5. Use of tools on the website

5.1 Technologies used such as cookies and pixels

This website uses various services and applications (collectively “tools”) that are offered either by us or by third parties. In particular, this includes tools that use technologies to store or access information on the end device:

  • Cookies: Information stored on the end device that consists, in particular, of a name, a value, the storing domain, and an expiry date. Session cookies (e.g. PHPSESSID) are deleted after the session while persistent cookies are deleted after the specified expiry date. Cookies can also be deleted manually.
  • Web storage (local storage/session storage): Information (i.e. a name and a value) stored on the end device. Information in the session storage is deleted after the session while information in the local storage has no expiry date and generally remains stored unless a mechanism for deletion has been set up (e.g. storage of a local storage with a time entry). Information in the local and session storage can also be deleted manually.
  • JavaScript: Programming codes (scripts) embedded or called up in the website; they set cookies and web storage or actively collect information from the end device or about the user behaviour of visitors. JavaScript can be used to enable “active fingerprinting” and create user profiles. Although JavaScript can be blocked via browser settings, most services will no longer work.
  • Pixel: tiny graphic automatically loaded by a service; which can make it possible to recognise visitors by automatically transferring the usual connection data (in particular IP address, information about browser, operating system, language, address called up and time of call) and, for example, to determine whether an email has been opened or a website visited. With the help of pixels, “passive fingerprinting” can be enabled and usage profiles can be created. The use of pixels can be prevented by blocking images (e.g. in emails); however, the display will be severely restricted

With the help of these technologies and by simply establishing a connection on a page, “fingerprints” (i.e. user profiles that do not require the use of cookies or web storage and can still recognise visitors) can be created. Fingerprints generated during connection set-up cannot be fully prevented manually.

Cookies are small text files used by websites and stored on your device by the browser to make the user experience more efficient. Cookies cannot run programs or deliver viruses to your computer. We use cookies to personalise content and advertisements, offer functions for social media, and analyse access to our website. This storage helps us to design our website and makes it easier for you to use. For example, by saving certain entries you make so that you do not have to keep repeating them. In addition, some of this information is required in order to ensure the proper functioning of the website.

We also pass on information about your use of our website to our partners for social media, advertising, and analyses provided we have your consent.
Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the services.

This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

There are basically two different types of cookies: session cookies, which are deleted as soon as you close your browser (end of the session) and persistent cookies, which are stored on your data carrier for a longer period of time or indefinitely. Most cookies we use are session cookies and are automatically deleted from your hard drive at the end of the browser session. In addition, we use persistent cookies that remain on your hard drive. When you visit us again, we will automatically recognise that you have already visited us and which entries and settings you prefer. The cookies are stored on your end device and delete themselves after the time specified in the list.

Because we respect your right to data protection, you have the option of deciding for yourself which cookies – with the exception of necessary cookies because these are essential for the functionality of the website – you wish to allow or not allow. You are responsible for managing your cookie settings.

Most browsers are set by default to accept cookies, run scripts, and display images. However, you can usually adjust your browser settings so that cookies or similar technologies are rejected or stored only with your prior consent. If you reject cookies or similar technologies, some of our services may not function properly for you.
We understand that you may not be interested in all functions when you visit our website. We therefore give you the opportunity to decide whether or not to use certain services when you first visit our website. When selecting your personal cookie settings, you can choose between:

  • functional
  • statistics
  • marketing

You can find more detailed information on cookies in your individual settings under “Details”.

5.2 Legal basis and withdrawal

5.2.1 Legal basis

We use tools necessary for website operation based on our legitimate interest in accordance with Article 6 para. 1 sentence 1 lit. f GDPR in order to provide the basic functions of our website. In certain cases, these tools may also be necessary for the fulfilment of a contract or the implementation of pre-contractual measures. In this case, the processing is carried out in accordance with Article 6 para. 1 sentence 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 2 TDDDG.

We use all other non-essential (optional) tools that provide additional functions based on your consent in accordance with Article 6 para. 1 sentence 1 lit. a GDPR. Access to and storage of information in the end device is subject to consent in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 1 TDDDG. Data are processed using these tools only if we have received your consent for this in advance.

If personal data are transferred to third countries, we refer to Item 7 (“Data transfer to third countries”) – also with regard to any associated risks. We will inform you if we have concluded standard contractual clauses or other guarantees with the providers of certain tools. If you have given your consent to the use of certain tools and the associated transfer of your personal data to third countries, we will (also) transfer the data processed when using the tools to third countries on the basis of this consent in accordance with Article 49 para. 1 lit. a GDPR.

5.2.2 Obtaining your consent

We use the Cookiebot tool from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (“Cookiebot”) to obtain and manage your consent. This generates a banner that informs you about the data processing on our website and gives you the opportunity to consent to all, individual, or no data processing using optional tools. This banner appears the first time you visit our website as well as when you reopen your settings to change them or withdraw your consent. The banner will also appear on subsequent visits to our website if you have deactivated the storage of cookies or if the cookie has been deleted by Cookiebot or expired.


As part of your website visit, your consent or withdrawal (consent status as proof of consent), a truncated version of your IP address (with the last three digits set to zero), information about your browser, your end device, the time of your visit, and the URL from which the consent was sent are transferred to Cookiebot. Cookiebot also sets a necessary cookie to record your consent preferences and any subsequent withdrawals. If you delete your cookies, you’ll be asked to provide your consent again on your next visit. Otherwise, we will save your consent status for one year.


Data processing by Cookiebot is necessary to provide you with the legally required consent management and to fulfil our documentation obligations. The legal basis for the use of Cookiebot is Article 6 para. 1 sentence 1 lit. f GDPR justified by our interest in fulfilling the legal requirements for cookie consent management. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states (in Germany according to Section 25 para. 2 TDDDG). If you delete your cookies, you’ll be asked to provide your consent again on your next visit.

5.2.3 Withdrawal of your consent or change of your selection

You can withdraw your consent for certain tools at any time. Click here, and then select “Change your consent” or “Withdraw your consent”. There, you can also change your selection of tools you consent to and view additional information about the tools used and their respective storage periods. Alternatively, you can assert your right of withdrawal directly with the provider for certain tools.

5.3 Necessary and functional tools

We use certain tools (“necessary tools”) to enable the basic functions of our website. This includes tools for the preparation and display of website content, the management and integration of tools, the provision of payment processing services, the detection and prevention of fraud, and the assurance of website security Without these tools, we would not be able to provide our service.

Therefore, necessary tools are used without consent.
The legal basis for necessary tools is the protection of our legitimate interests in accordance with Article 6 para. 1 lit. f GDPR because of the necessity for the provision of the respective basic functions and the operation of our website.

In cases where the provision of the respective website functions is necessary for the fulfilment of a contract or the implementation of pre-contractual measures, the legal basis for data processing is Article 6 para. 1 lit. b GDPR.

We also use tools to improve the user experience on our website and offer you more functions (“functional tools”). If we do not obtain consent for these tools, necessary and functional tools are still used on the basis of our legitimate interests in accordance with Article 6 para. 1 sentence 1 lit. f GDPR or for the fulfilment of a contract or for the implementation of pre-contractual measures in accordance with Article 6 para. 1 sentence 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 2 TDDDG.
In the event that personal data are transferred to third countries (such as the US), we refer to Item 7 (“Data transfer to third countries”) in addition to the information provided below.

5.3.1 Our own tools

We use our own necessary tools that access information in the end device or store information on the end device, in particular:

  • to save your language settings
  • to note that information placed on our website has been displayed to you so that it is not displayed again the next time you visit the website

5.3.2 Matomo tag manager

Our website uses Matomo Tag Manager. Tag Manager is used exclusively to manage tracking tools and other services or “website tags”. A tag is an element stored in the source code of our website in order to execute a tool such as scripts. If these are optional tools, they will be integrated by Matomo Tag Manager only with your consent. Matomo Tag Manager ensures that the usage data required by our partners (see the data processing procedures described above) is forwarded to them.

The legal basis is Article 6 para. 1 sentence 1 lit. a GDPR based on the consent you have given via the cookie banner.

Matomo collects information on which tags are used via our website to help ensure stability and functionality as part of the use of the Matomo Tag Manager. However, the Matomo Tag Manager does not store any personal data beyond the mere establishment of a connection, in particular no data about user behaviour or the pages visited.

You can find more information on this in the Information from Matomo on the Tag Manager.

5.3.3 Friendly Captcha

Our website uses the “Friendly Captcha” service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha is intended to prevent automated software (i.e. bots) from carrying out abusive activities on the website. In other words, the service checks whether the entries made actually originate from a human being.

To do this, Friendly Captcha sends a calculation task to the visitor’s browser; this must be solved by the visitor’s end device. In addition to the calculation task, the following data are transferred to Friendly Captcha:

  • connection data
  • interaction data
  • functional data

Depending on these data, the tool then determines whether the website is being accessed by a human or a bot.

The legal basis for the processing of personal data using Friendly Captcha is our legitimate interest according to Article 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in protecting our website, in particular from bots and spam.

You can find more information about how Friendly Captcha handles personal data in their privacy policy.

5.4 Analysis and advertising measures

In order to improve our website, we use various technologies to analyse user behaviour and evaluate the associated data. The data collected may include, in particular, the IP address of the end device, the date and time of access, the identification number of a cookie, and the identification of mobile end devices as well as technical information about the browser and operating system. However, the data collected are stored only in pseudonymised form so that no direct conclusions can be drawn about individuals. These data are also processed for marketing purposes so that individualised advertising messages can be displayed to you. The legal basis for both analysis measures and advertising measures and the associated data processing is Article 6 para. 1 sentence 1 lit. a GDPR, based on the consent you have given separately for both purposes, if applicable via the cookie banner. You can withdraw or change the individual consents at any time with effect for the future (see above)

We also use tools for advertising purposes (“marketing tools”). Some of the access data collected when you use our website is used for interest-based advertising. By analysing and evaluating this access data, we are able to show you personalised advertising (i.e. advertising that corresponds to your actual interests and needs) on our website and on the websites of other providers.
The legal basis for the marketing tools is your consent according to Article 6 para. 1 sentence 1 lit. a GDPR.
Access to and storage of information in the end device is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 1 TDDDG. To withdraw your consent, see 5.2.3: “Withdrawal of your consent or change of your selection”.

In the event that personal data are transferred to the US or other third countries, your consent also expressly extends to the transfer of data (Article 49 para. 1 sentence 1 lit. a GDPR). Please refer to Item 7 (“Data transfer to third countries”) for the associated risks.

In the following section, we explain these technologies and the providers used for them in more detail. The data collected may include in particular:

  • the IP address of the device
  • the identification number of a cookie
  • the device identification of mobile devices (Device ID)
  • referrer URL (previously visited page)
  • pages accessed (date, time, URL, title, length of visit)
  • Downloaded files
  • links to external websites that were clicked
  • if applicable, achievement of certain goals (conversions)
  • technical information: operating system; browser type, version and language; device type, make, model, and resolution
  • approximate location (country and city if applicable)

However, the data collected are stored only in pseudonymised form so that no direct conclusions can be drawn about individuals. Below you will find an additional objection option for our analysis and advertising measures. As an alternative to the way described in Item 5.2.3, you can exercise your objection by making the appropriate settings on http://preferences-mgr.truste.com/, a page that provides bundled objection options from advertisers. The website of TRUSTe, Inc, 835 Market Street, San Francisco, CA 94103-1905, US (“TRUSTe”) allows you to deactivate all adverts at once using opt-out cookies or to individually make the settings for each provider. If you delete all cookies or use a different browser or profile later, you must set the opt-out cookie again.

In the following section, we explain these technologies and the providers used for them in more detail.

5.4.1 Matomo

On our website we use the open source web analysis service Matomo (formerly PIWIK), a service of InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”). Matomo uses cookies that enable us to analyse the use of the website. For this purpose, information generated by the cookie about your use of this website will be stored on our server for usage analysis. The IP address is anonymised before storage.

If individual pages of our website are accessed, the following data are stored:

  • two bytes of the IP address of the user’s device
  • the website called up
  • the website from which the user accessed the website
  • the sub-pages that are accessed from the website accessed
  • the time spent on the website
  • the frequency of visits to the website

Legal basis for data processing: the legal basis for data processing is your consent in accordance with Article 6 para. 1 lit. a GDPR, Section 25 para. 1 TDDDG.

Usage analysis helps to optimise and improve the appeal of our website.

The data will be deleted as soon as they are no longer required for our recording purposes. In our case, this applies after seven days.

5.4.2 Meta Pixel (formerly Facebook Pixel)

As part of our on-line communication, we use the “Meta Pixel” service for usage-based user targeting. This is offered for persons outside the US and Canada by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and for all other persons by Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, US (together “Meta Platforms”).

We use Meta Pixels to analyse the general use of our website (in particular “events”) and to track the effectiveness of advertising (“conversion tracking”). We also use Meta Pixels to display personalised advertising messages in the social networks of Meta Platforms (e.g. Facebook and Instagram) based on your interest in our products (“retargeting”). Target group remarketing is also carried out using custom audiences.
For this purpose, Meta processes data that the service collects via JavaScript, cookies, and other technologies on our websites. In particular, these include:

  • http header information about the browser used (e.g. user agent, language)
  • information on events such as “page view”, other object properties, and buttons clicked by visitors to the website
  • On-line identifiers such as IP addresses and, where provided, Facebook business-related identifiers or device IDs (e.g. advertising IDs for mobile operating systems) and information on the status of deactivation/restriction of ad tracking.

Meta Platforms thus receives information from your browser, among other things, that our site has been accessed by your end device, including across devices, regardless of whether you have a Facebook user account. If you do not have a user account with Facebook, ad placements will be displayed only from a “Custom Audience” size of 20 different users; however, no conclusions can be drawn from this about the characteristics of the individual users in this group.

Furthermore, Meta Platforms receives information about what actions you have taken on our site (e.g. searched and viewed content at the product level) and can track which of our pages or sub-pages you are or have been on. Meta Platforms uses this information to provide us with statistical and anonymous data about the general use of our website and the effectiveness of our Facebook Ads. This process is used to evaluate the effectiveness of advertisements (“ads”) for statistical and market research purposes and can help to optimise future advertising measures. The resulting assignment to a “Custom Audience” is valid for up to 180 days. Although the data collected in this way is anonymous to us, the data are stored and processed by Meta Platforms.

The data collected in this context may be transferred by Meta Platforms to servers in the US for analysis and stored there.

Meta Platforms acts as our processor for matching, measurement, and analysis services, in particular for analysing the use of our website, matching user IDs, and generating reports on our advertising campaigns. We have therefore concluded an order processing contract. In the event that personal data are transferred from Meta Platforms Ireland Limited to the US for these purposes, Meta Platforms Ireland Limited and Meta Platforms Inc. have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Article 46 para. 2 lit. c GDPR.
In addition, we and Meta Platforms are jointly responsible for the processing of event data for the targeting of advertisements (by creating and selecting target groups), the delivery of commercial and transaction-related messages, the improvement of ad delivery, and the personalisation of functions and content in the context of the use of Meta Pixel. The mutual obligations were set out in a joint agreement, which can be accessed at the following address: https://www.facebook.com/legal/controller_addendum.

Meta Platforms also processes the Event Data to protect and secure its products, support research and development, maintain product integrity, and drive improvements.

If you have a Facebook or Instagram account and have enabled the relevant privacy settings, Meta Platforms may link information about your visit to our website with your account and use it for targeted advertising. You can view and change the privacy settings of your Facebook account at any time: https://www.facebook.com/settings/?tab=ads. You can prevent the linking of data collected outside Instagram to display personalised advertising in Instagram as follows: https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE.

The legal basis for the use of the Meta Pixel is your consent given at the beginning of the visit to our website according to Article 6 para. 1 sentence 1 lit. a GDPR. Access to and storage of information in the end device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 1 TDDDG. The transfer of your data to the US and other third countries is based on your express consent in accordance with Article 49 para. 1 lit. a GDPR.

If you have not consented to the use of Meta Pixel, Meta Platforms will display only generic Facebook and Instagram ads that are not selected based on the information collected about you on this website.

If you do not agree to the data processing by Facebook in this context, you can prevent your data from being transferred via the “Meta Pixel” by adjusting your preferences in the cookie banner or by using the deactivation link of Alnavit provided here. By clicking on the “Opt-out link”, an “Opt-out cookie” is set via JavaScript so that when you visit our website again, you will be asked whether an “Opt-out cookie” has been set. If the response is positive, the meta pixel will no longer be used for future calls. However, this opt-out function is device- or browser-related (i.e. it applies only to the respective end device or the browser from which it was set). If you access our pages from different end devices or browsers, you must opt out on each individual end device and in each additional browser used.

Further information, especially regarding joint responsibility and contact details, can be found in the privacy policy of Meta Platform, particularly for the social networks Facebook and Instagram: https://www.facebook.com/about/privacy/.

5.5  Use of external media

We also use embeds from external media. These are used to display external media such as embedded videos or maps.

Unless otherwise stated, the legal basis for this is your consent in accordance with Article 6 para. 1 sentence 1 lit. a GDPR, which you gave either via the cookie banner or by individually authorising the tool through an overlay banner displayed above it. Access to and storage of information in the end device is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 1 TDDDG. You can withdraw your consent or change your selection at any time. In the event that personal data are transferred to the US or other third countries, your consent also expressly extends to the transfer of data (Article 49 para. 1 sentence 1 lit. a GDPR). Please refer to Item 7 (“Data transfer to third countries”) for the associated risks.

5.5.1 YouTube

We have integrated videos that are stored on YouTube and can be played directly from our website. YouTube is a multimedia service of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, US (“YouTube”), which is offered for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, US (together “Google”). YouTube may store information such as cookies, local storage, and session storage on your end device and execute JavaScript, which accesses information on your end device.

We have activated the extended data protection mode of YouTube. According to the documentation of YouTube, this means that Google receives less usage information and does not personalise video recommendations and advertisements. Cookies are no longer stored. However, information such as your device ID and other data related to video playback is still stored in the local and session storage of your device and may be accessed by Google. After this click, the video is played, and Google sets its own cookies to improve its services and to display individualised advertising in the Google advertising network.


By playing a video, YouTube and Google receive the information that you have accessed the corresponding sub-page on our website. In addition, further information regarding the purpose and scope of the collection and processing of data by the plug-in provider is recorded. YouTube and Google use these data for advertising, market research, and the customised design of their websites. If you access YouTube on our website while you are logged into your YouTube or Google profile, YouTube and Google can also link this event to the respective profiles. To prevent being linked to your Google account, please log out of Google before visiting our website.

The legal basis is your consent according to Article 6 para. 1 lit. a GDPR. Access to and storage of information in the end device is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 1 TDDDG. The transfer of your data to the US and other third countries is based on your express consent in accordance with Article 49 para. 1 lit. a GDPR.

In addition to withdrawing your consent, you deactivate personalised advertising in the Google settings for advertising. In this case, Google will display only non-individualised advertising: https://adssettings.google.com/notarget.

Further information on the processing of your data by YouTube can be found in the Privacy Policy of Google.

5.5.2 OpenStreetMap

Our website uses map extracts based on the open source map service OpenStreetMap (OSM) from the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. This service is integrated by us to provide the “Sales partner search” function.

After interaction and confirmation of the reference to OSM on a map section, personal connection information (including IP address, browser and device information, date and time of the call and the last website visited) is transferred to a server of the OpenStreetMap Foundation. Depending on which map sections you call up, data may also be transferred from servers in countries outside Germany and the EU or the European Economic Area. The main servers and infrastructure of the OpenStreetMap Foundation are operated in the UK and the Netherlands.

OSM is an open source service. We can influence the infrastructure of the OpenStreetMap Foundation and the associated processing of personal data only until confirmation of the reference to OSM on our website. The aforementioned processing therefore takes place within the framework of the conditions of the OpenStreetMap Foundation. The information collected may be transferred to third parties, processed on behalf of third parties, or merged with other personal data stored about the user.

Further information on the use of personal data by OpenStreetMap can be found in the privacy policy of OSM: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

The legal basis for the use of OSM is Article 6 para. 1 sentence 1 lit. a GDPR based on the consent given by you with the confirmation of the reference to OSM. Access to and storage of information in the end device is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany in accordance with Section 25 para. 1 TDDDG.

5.5.3 Google Geocoding API

As part of the “dealer search” via OpenStreetMap (see Section 5.5.2), we use the “Google Geocoding API”, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, US (together “Google”).

The Google Geocoding API is a service used to process, convert, or format geodata. “Geodata” are locations, addresses, latitude and longitude coordinates, and location IDs.

No connection to Google is established when you visit our website. When you make entries in the sales partner search, only the search queries are transferred to Google and compared with the geodata of the existing dealer locations. No link is made between your connection information and the request.

If personal data are transferred to Google, the legal basis is our legitimate interest according to Article 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest is to improve the findability of our sales partners and the user-friendliness of the website

Further information on the handling of personal data by Google can be found in the privacy policy of Google: https://policies.google.com/privacy

5.5.4 Algolia search function

We use the search engine solution of Algolia, Inc. 3790 El Camino Real, Unit #518, Palo Alto, CA 94306, US and Algolia SAS, 55 Rue d’Amsterdam, 75008 Paris, France on our website. (“Algolia”). Algolia is a search engine solution used to search website content and can be integrated into websites for this purpose.

No connection to Algolia is established when you visit our website. When you use our search function, only the search terms are transferred to Algolia and compared with the content of our website. No link is made between your connection information and the request.

If personal data are transferred to Algolia, the legal basis is our legitimate interest according to Article 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest is to improve the findability of content and the user-friendliness of our website.

Further information on the handling of personal data by Algolia can be found in the privacy policy of Algolia: https://www.algolia.com/policies/privacy.

6. On-line presences in social networks

We maintain on-line presences in social networks in order to communicate with customers and interested parties and provide information about our products and services. User data are generally processed by the social networks concerned for market research and advertising purposes. In this way, user profiles can be created based on the interests of the users. Cookies and other identifiers are stored on users’ computers for this purpose. Based on these user profiles, adverts are then placed within the social networks and on third-party websites.

As part of the operation of our on-line presence, we may have access to information such as statistics on the use of our on-line presence provided by the social networks. These statistics are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country) as well as data on interaction with our on-line presence (e.g. likes, subscriptions, sharing, and viewing images and videos) and the posts and content distributed via it. These can also provide information about the interests of users as well as which content and topics are particularly relevant to them. We also use this information to adapt the design, content, and activities on our on-line presence and optimise it for our audience. The list below provides details and links to the data we can access as the operator of our social media presences. The collection and use of these statistics is generally subject to joint responsibility. If this is the case, the corresponding contract is listed below.

The legal basis for data processing is Article 6 para. 1 sentence 1 lit. f GDPR, based on our legitimate interest in effective user information and communication with users or Article 6 para. 1 sentence 1 lit. b GDPR in order to stay in contact with our customers and to inform them and to carry out pre-contractual measures with future customers and interested parties.

If you have an account with the social network, we may be able to see your publicly available information and media when accessing your profile. In addition, the social network may enable us to get in touch with you. This can be done via direct messages or posted contributions. Responsibility for communication content and the processing of content data lies with the social network as the messaging and platform service. As soon as we transfer personal data from you to our own systems or process it further, we are independently responsible for these, and this is done to carry out pre-contractual measures and to fulfil a contract in accordance with Article 6 para. 1 lit. b GDPR.

The legal basis for the data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. Under the links below, you will find further information on the respective data processing and the possibilities of objection.

Data protection requests can be made most efficiently with the respective provider of the social network because only these providers have access to the data and can take appropriate measures directly. You can, of course, also contact us with your enquiry. In this case, we will process your enquiry and forward it to the provider of the social network.

Below is a list of the social networks on which we have an on-line presence.

7. Data transfer to third countries

As explained in this privacy policy, we use services provided by companies that are partly based in third countries (outside the EU or the European Economic Area) or that process personal data there (i.e. in countries where the level of data protection does not match that of the EU). Insofar as this is the case and the European Commission has not issued an adequacy decision (Article 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the EU or binding internal data protection regulations. Where this is not possible, we base the transfer of data on exceptions under Article 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfilment of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is planned and there is no adequacy decision or appropriate safeguards in place, authorities in that country (e.g. intelligence services) may be able to access, collect, and analyse the transferred data. In such cases, your data subject rights may not be enforceable. If your consent is obtained via the cookie banner, you will be informed of this as well.

8. Your rights

You are entitled to the data subject rights formulated in Article 7 para. 3, Article 15–21, Article 77 GDPR at any time if the respective legal requirements are met:

You have the right to request information about the processing of your personal data by us at any time (Article 15 GDPR). We will explain how your data are processed as part of your information request and provide an overview of the data stored about you. If data stored by us are incorrect or no longer up to date, you have the right to have these data corrected (Article 16 GDPR). You can also request the deletion of your data (Article 17 GDPR). If deletion is not possible in exceptional cases because of other legal provisions, the data will be blocked so that they are available only for this legal purpose. You can also have the processing of your data restricted (e.g. if you are of the opinion that the data stored by us is incorrect; Article 18 GDPR). You also have the right to data portability (i.e. we will send you a digital copy of the personal data you have provided upon request; Article 20 GDPR).

To exercise your rights described here, you can contact us at any time using the contact details above. This applies also if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the respective legal requirements are met, we will comply with your data protection request.

Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise or defence of legal claims beyond this period. The legal basis is Article 6 para. 1 sentence 1 lit. f GDPR, based on our interest in the defence against any civil law claims according to Article 82 GDPR, the avoidance of fines according to Article 83 GDPR, and the fulfilment of our accountability obligation according to Article 5 para. 2 GDPR.

You have the right to withdraw your consent at any time (Article 7 para. 3 GDPR). As a consequence, we may no longer continue the data processing that was based on this consent for the future. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
If we process your data based on legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. You have a general right to object to the processing of your data for direct marketing purposes. We will honour this without requiring a justification (Article 21 GDPR). If you wish to exercise your right of withdrawal or objection, you can send an informal message to the contact details above.

Finally, you have the right to lodge a complaint with the data protection supervisory authority responsible for us (Article 77 GDPR). You may exercise this right before a supervisory authority in the Member State where you habitually reside or work or where the alleged infringement occurred. In Hesse, where Alnavit is based, the respective supervisory authority is The Hessian Data Protection Officer, P.O. Box 3163, 65021 Wiesbaden.

9. Data security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data during transfer and prevent unauthorised access. These are adapted in line with the current state of the art.

10. Amendment of the privacy policy

We occasionally update this privacy policy (e.g. when we adapt our website or the legal requirements change).

Last updated: April 2025

Popular products