Data protection notice

We take the protection of your private data very seriously and we want you to feel comfortable when visiting our website. The protection of your privacy when processing your personal data is of great importance to us and one that we take into account in our business processes.

This data protection notice explains how your personal data are collected, processed and used during and after your use of our website; the types of data involved; why such data are collected; with whom it is shared; and your rights in this regard.

Please read this notice carefully.

This data protection notice may be updated from time to time, so please check it regularly.

I. Explanation of terms

We have drawn up our data protection notice in accordance with the principles of the General Data Protection Regulation (see Art. 5 GDPR). However, if there are any ambiguities regarding the use of terms, you can view the relevant definitions here.

II. Name and address of the data controller

OGL Food Trade Lebensmittelvertrieb GmbH
Legal representatives: Norbert Gasser, Johannes Zelger
Eichenstr. 11 a-d
85445 Oberding
Tel.: +49 (0)8122 892 040
Fax: +49 (0)8122 558 601

III. External data protection officer

blu Systems GmbH 
Data Protection Officer
Keltenring 11
82041 Oberhaching
Phone: +49 (0)89 9192 9056 0

IV. Storage period and erasure

Unless this data protection notice specifies a more specific storage period, we will keep your personal data until the purpose or legal basis for the data processing no longer applies. If you make a justified request for erasure or revoke your consent to data processing, your personal data will be deleted unless we have other lawful reasons for storing your data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

V. Provision of the website and creation of log files

When you visit our website, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until its automatic erasure:

  • IP address of the computer making the request;
  • date and time of access;
  • name and URL of the file retrieved;
  • website from which access is made;
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

We will process the above data for the following purposes:

  • to ensure smooth connection to the website;
  • to ensure ease of use of the website;
  • to evaluate system security and stability;
  • for error analysis;
  • for other administrative purposes.

The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest derives from the data collection purposes listed above. In no case will we use the data collected for the purpose of drawing conclusions about you as a person.

Our legitimate interest in processing data is as follows: the integrity and security of our website, which is ensured by our security department via the collection of logs, in particular IP addresses, in order to detect possible abuse at an early stage and thus take measures to reduce any damage.

Your personal data are stored with our provider, with which we have concluded a data processing agreement within the meaning of Art. 28 GDPR.

VI. SSL Encryption

For security reasons, our website uses SSL encryption. This protects the data sent and prevents them from being read by unauthorised third parties.
You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol, visible in your browser address bar on the left.

VII. Cookies

We use cookies in order to make using our website more attractive, user-friendly and effective. Cookies are small text files that are stored on your end device and contain information about the websites that you visit. Cookies do not cause any damage to your computer and do not contain any viruses.

By making the appropriate changes to your browser settings, you can gather information about the cookie settings and individually decide whether to accept them or in general to reject them; you can also arrange for the automatic deletion of cookies when the browser window is closed. Deactivating cookies may mean that you cannot use all the functions of our website.

Cookies used

Necessary Cookies resolution (session duration) Used to remember the screen size of website visitors and to display website content correctly. fe_typo_user (session duration) This cookie is a standard TYPO3 session cookie. It saves the session ID in the event of a user login. In this way, logged-in users can be recognised and granted access to protected areas. cookieconsent_status (1 year) Used to store the cookie settings of website visitors. dp_cookieconsent_status (1 year) Used to save the cookie settings of website visitors and prevent the Consent banner from being displayed again when subpages are retrieved.
Statistical & Marketing Cookies _ga (2 years) Used to count and store page visits. _gid (24 hours) Used to distinguish visitors. The aim is to collect data on how users move between pages on the website. _gat_gtag_UA_108816906_6 (one minute) Used to store randomly generated user IDs of visitors.

VIII. Data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under EU data protection law. If these tools are active, your personal data may be transferred to such third countries and processed there. We would point out that no level of data protection comparable to that existing in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It therefore cannot be ruled out that the US authorities (e.g. intelligence services) may process, evaluate and permanently store data located on US servers for monitoring purposes. We have no influence on these processing activities.

IX. Contacting the company

You can contact us at any time. The following may be helpful:

General contact options

For general contact purposes, you may use the following media:

  • post,
  • phone,
  • fax, or
  • e-mail.

In order to process your contact request, we will need to store your communication data (e.g. phone number, e-mail address) and identification data (e.g. name, address).

For this purpose, the legal basis of Art. 6 (1) (b) GDPR will apply only in the case that the contact is based upon the initiation of a contract, the implementation of an existing contractual relationship or the amendment of a contractual relationship.

For all other cases involving contact, processing is based upon the company’s legitimate interest in accordance with Art. 6 (1) (f) GDPR.

Our legitimate interest for such processing is as follows: as a company, we pursue the economic interests of individualisation and optimisation of our products, which are declared as economic factors of the company.

X. Microsoft Teams

We use Microsoft Teams, a service provided by Microsoft Corporation, to conduct phone and video conferences, online meetings and/or online seminars. If online meetings or seminars are to be recorded, we will inform you of this before the start of the online meeting or seminar and, if necessary, request your (verbal) consent. If you do not wish to be recorded, you can leave the online meeting or seminar. The following personal data may be processed during the event:

  • user details: display name, e-mail address, profile picture (optional), preferred language;
  • meeting metadata: e.g. date, time, meeting ID, phone number, location;
  • text, audio and video data: you may have the option of using the chat function in an online meeting or seminar. In this case, the text entries that you make will be processed so as to display them in the online meeting or seminar.

The scope of the data depends on the information that you provide before or during participation in the online meeting or seminar.
Data transfer to the USA is based upon the standard contractual clauses of the EU Commission in accordance with Art. 46 (2) (c) GDPR.

Legal basis for online meetings

The legal basis for processing is Art. 6 (1) (b) GDPR.
During an online meeting, the login names of all participants as well as the communication content generated will be displayed and can be viewed by other participants in the online meeting. The communication content is saved for documentation purposes. If necessary, the online meeting will be recorded and subsequently made available to participants.

XI. Handling of applicant data

You can apply to us for job vacancies by e-mail or post. We will inform below you about the scope, purpose and use of your personal data that will be collected during the application process. We assure you that the collection, processing and use of your data will meet the applicable data protection law and all other legal provisions and that your data will be treated confidentially.

When you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship. 
The legal basis for this is Art. 6 (1) (b) GDPR (general initiation of a contract) and § 26 (1) BDSG (Federal German Data Protection Law) (initiation of an employment relationship). Within our company, your personal data will only be passed on to those employees who are involved in processing your application.

If your application is successful, the data that you have submitted will be stored in our data processing systems for the purpose of implementing the employment relationship on the basis of Art. 6 (1) (b) GDPR and § 26 (1) BDSG.

If we are unable to make you a job offer, or if you reject a job offer, or if you withdraw your application, we will store your application documents for a period of six months from the end of the process. At the end of the six-month period, the data will be deleted and any physical documents relating to your application will be destroyed. Such storage may in particular serve as evidence in the event of a legal dispute. If it is evident that the data will be required following expiry of the six-month period (e.g. owing to an impending or pending legal dispute), the data will only be deleted when the need for further storage no longer exists.

Admission to our applicant pool 
If we do not make you a job offer, it may nevertheless be possible to include you in our applicant pool. If you are included, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of a suitable vacancy arising. 
Inclusion in the applicant pool is based exclusively upon your express consent (Art. 6 (1) (a) GDPR). The provision of such consent is voluntary and is not related to the current application process. The data subject may revoke his/her consent at any time: in this case, the data will be irrevocably deleted from the applicant pool unless there are legal reasons for retention.
Data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

XII. Google Tag Manager

We use the functions of the Google Tag Manager on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
This is a tag management system that is used for the purpose of managing website tags via an interface. 
In order to monitor system stability and performance, Google Tag Manager may collect certain aggregate data about tag triggering. Such data will not include user IP addresses or user-specific identifiers that could be associated with a specific individual. If there has been deactivation by the user at domain or cookie level, this will remain in place for all tracking tags implemented using Google Tag Manager. Other than data in standard HTTP request logs, all of which will be deleted within 14 days of receipt, Google Tag Manager does not collect, store or share information about visitors concerning the properties of our customers, including page URLs visited. Google Tag Manager provides for the triggering of other tags that may in turn collect data. For more information about our use of Google Tag Manager data, please see the Google Tag Manager Terms of Service at and the Privacy Policy at

The consent banner on our website allows us to actively obtain your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke this consent at any time.

Data transfer to the USA is based upon the standard contractual clauses of the EU Commission.

XIII. Google Analytics

We use the functions of the Google Analytics web analysis service on our website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyse the behaviour of website visitors. In doing so, we receive from you various usage data, such as page views, length of stay, operating systems used and origin. Such data may be combined by Google into a profile that will be assigned to you or to your end device. Furthermore, Google Analytics allows us to record, among other things, your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to augment the data sets that it collects and employs machine learning technologies in its data analysis. Google Analytics uses technologies that enable you to be recognised for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website will usually be transferred to a Google server in the USA and stored there.

The consent banner on our website allows us to actively obtain your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke this consent at any time.

Data transfer to the USA is based upon the standard contractual clauses of the EU Commission. Details can be found here:

IP anonymisation

Furthermore, we only use Google Analytics on our website with IP anonymisation activated. This means that your IP address is shortened by Google within the Member States of the European Union, or in other states that are party to the European Economic Area, before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only then will it be shortened there. Furthermore, we have concluded a data processing agreement with Google: Google processes the data on our behalf and thereby enables us to evaluate website usage by users, to create reports on website activity and to collect other information related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available from the following link:

You can find more information on the handling of user data with Google Analytics in the Google data protection notice:

Google refers to the data processing conditions in its own data protection notice.

Storage period

Data stored by Google at user and event level that are linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised or deleted after two months. See the following link:

XIV. Google Maps

We use the Google Maps service on our site. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Your IP address must be saved in order to use the functions of Google Maps. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on such data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform font display. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

We use Google Maps in order to present our online offers in an attractive way and to permit easy location of the places that we indicate on our website. This represents a legitimate interest in accordance with Art. 6 (1) (f) GDPR. If corresponding consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TTDSG (Federal German Telecommunications-Telemedia Data Protection Law) insofar as consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. You can revoke this consent at any time.

Data transfer to the USA is based upon the standard contractual clauses of the EU Commission. Details can be found here: and
More information on the handling of user data can be found in Google’s privacy policy:

XV. Rights of data subjects

Right to information 
According to Art. 15 GDPR, you have the right to request information about the personal data that we process. This right includes information concerning:

  • the purposes of the processing,
  • the categories of personal data,
  • the recipients or categories of recipients to whom your data have been or will be disclosed,
  • the planned storage period or, at least, the criteria for determining the storage period,
  • the existence of a right to rectification, erasure, restriction of or objection to processing,
  • the existence of a right of appeal to a supervisory authority,
  • the origin of your personal data, if it has not been collected by ourselves, or
  • the existence of automated decision-making processes, including profiling and, where applicable, meaningful information about the details thereof.

Right of rectification

According to Art. 16 GDPR, you have the right to have incorrect or incomplete stored data corrected by us without delay.

Right to erasure

According to Art. 17 GDPR, you have the right to request that we delete your personal data without delay, insofar as no further processing is necessary for one of the following reasons:

  • the personal data are still necessary for the purposes for which they were collected or otherwise processed,
  • the exercising of the right to freedom of expression and information,
  • for compliance with a legal obligation that requires processing under the laws of the European Union or of its Member States governing the data controller, or for the performance of a task in the public interest or in the exercise of official authority vested in the data controller,
  • for reasons of public interest in the field of public health in accordance with Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR,
  • for archiving purposes that are in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the right referred to at Art. 17 (1) GDPR is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  • for the assertion, exercise or defence of legal claims.

Right to restriction

According to Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons:

  • you dispute the accuracy of your personal data,
  • the processing is unlawful and you object to the erasure of your personal data,
  • we no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
  • you object to the processing in accordance with Art. 21 (1) GDPR.

Right to information

If you have requested the rectification or erasure of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR, we will notify all recipients to whom your personal data has been disclosed unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.

Right to transmission

We grant you the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format.

You also have the right to request the transmission of such data to a third party, provided that processing is carried out with the aid of automated procedures and is based upon consent in accordance with Art. 6 (1) (a) GDPR, Art. 9 (2) (a) GDPR or Art. 6 (1) (b) GDPR.

Right of revocation

According to Art. 7 (3) GDPR, you have the right to revoke your consent at any time. Revocation of consent will not affect the lawfulness of the processing carried out upon the basis of the consent granted until revocation. No future data processing may be carried out on the basis of your revoked consent.

Right to complain

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR. This will depend upon the federal state of your residence, your work or the alleged violation. You can find a list of supervisory authorities (for the non-public sector) with addresses at:

Our competent supervisory authority is: 
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) (Bavarian State Office for Data Protection Supervision) 
PO Box 1349
91504 Ansbach
Online complaint form (in German):

Right of objection

If we process your personal data on the basis of a legitimate interest in accordance with Art. 6 (1) (f) GDPR, you have the right to object to such processing in accordance with Art. 21 GDPR if you can demonstrate special reasons for this. These objections may arise from your particular situation or be raised against direct marketing. In the latter case, you have a general right of objection that we must implement without any indication of the specific situation. You can exercise your right of objection or revocation directly by sending an e-mail to

Automated decision-making in individual cases including profiling

In accordance with Art. 22 GDPR, you have the right not to be subject to any decision based solely upon automated processing, including profiling, that may produce legal effects concerning you or have similarly significant effects upon you.

However, this does not apply if the decision:

1. is necessary for the conclusion or performance of a contract between the data subject and the controller, or
2. is authorised by European Union or Member State legislation to which the controller is subject and such legislation contains appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject; or
3. is made with the express consent of the data subject.

For the cases mentioned at points 1 and 3, we take steps to protect your rights and freedoms as well as your legitimate interests, including at least the right to obtain intervention on the part of a person from our side, to express your point of view and to contest the decision.

Amendments and updates

Changes may from time to time be made to our data protection notice in the course of updating. If changes are made to this notice, we will indicate these for you.

This data protection notice is dated 09.04.2024.