Privacy Policy
We, the Paradise Foods GmbH (“Paradise Foods” or “we”/”us”), would like to thank you for visiting our website and for your interest in our services.
When you access or use our website or our online shop (the website and online shop collectively referred to as “Platform”), or when you initiate, engage in, or show interest in entering into a contractual relationship with us, your personal data may be processed by us in accordance with this Privacy Policy.
Protecting your data is of utmost importance to us. This Privacy Policy, in accordance with Article 13 and Article 14 of the EU General Data Protection Regulation (“GDPR”), outlines how we handle, protect, and process your personal data (also referred to as “data”) in connection with your use of our Platform.
Last updated: 19.02.2026
A. General information
I. Definitions
Our Privacy Policy should be easy to read and understand for our Platform visitors, customers, business partners, interested parties and job applicants. To ensure this, we would like to explain the most important terms. We use the following terms, among others, in this Privacy Policy:
- “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “Data Subject”), e.g. name, address, email addresses, user behaviour;
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
II. Controller
Unless otherwise stated in this Privacy Policy, the Controller within the meaning of Article 4(7) GDPR is:
Paradise Foods GmbH
Stargarder Str. 47
10437 Berlin
E-mail: [email protected]
For specific questions regarding the processing of your personal data and the exercise of your rights under the GDPR, you can contact the above-mentioned contact points at any time.
B. Processing of personal data
The following overview lists all types of data processed by us, the purposes of their processing and the legal basis for their processing.
I. Visiting the Platform
1. Usage Data
If you visit our Platform without transmitting data to us in any other way, we collect the following data on our web server temporarily and anonymised via server log files:
- IP address
- Date and time of the enquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (page visited)
- Access status/HTTP status code
- Amount of data transferred in each case
- Previously visited page
- Browser type
- Operating system used
- Language and version of the browser software
- Host name of the accessing computer.
This processing is technically necessary to display our Platform to you. We also use the data for statistical analyses to ensure the operational security and stability of our Platform. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. f GDPR (our legitimate interest).
We also use the data to fulfil our legal obligations for reasons of data security. The legal basis for this processing is Article 6 para. 1 sentence 1 lit. c GDPR (compliance with legal obligations).
2. Ordering via our online shop
If you place orders for food or other products via our online shop, we process the following categories of personal data:
- First and last name
- Email address
- Address details
- Contact details (e.g. telephone number)
- Payment data
- Information related to your orders placed via the Platform (e.g. purchased items, special instructions, date and time of the order, total amount, and order history)
The processing of this personal data is necessary to process your order and to process payment, deliver the products, and provide customer support.
We also may share your data with service providers (e.g. payment providers or logistics providers) to process payments and deliver your order. These service providers process your data on our behalf and only to the extent necessary to perform the contract.
The legal basis for this processing is Article 6 para. 1 sentence 1 lit. b GDPR (performance of a contract). Where required to comply with legal obligations, the legal basis is Article 6 para. 1 sentence 1 lit. c GDPR.
II. Contacting us
When you contact us (for example, via an online contact form, by email, telephone, or through social media), we process your personal data to the extent necessary to respond to your inquiry and to carry out any measures you request.
Regardless of the communication channel used, we collect the content of your inquiry (for example, the information you provide in an online contact form, such as your name and email address).
We process your data for the following purposes: individual communication with you, management and response to inquiries, provision of our services, and improvement of user experience.
We process your data on the basis of our legitimate interests pursuant to Article 6 para. 1 sentence 1 lit. f GDPR in order to respond appropriately to contact requests. If your inquiry relates to a potential or existing contractual relationship, processing is carried out for the purpose of performing pre-contractual measures in accordance with Article 6 para. 1 sentence 1 lit. b GDPR.
III. Cookies
We use cookies on some areas of our Platform. Cookies are small text files that are stored by the browser on your end device (e.g. computer, tablet or mobile phone) when you visit a website and can be read by us or a third-party provider. They are used to identify your end device for a certain period of time.
Some of the cookies we use are so-called “session cookies”, which are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
Some cookies are necessary for the use of our Platform. These cookies are not used for analysis, tracking, advertising or other non-essential purposes. Some of them only contain information about specific storing preferences. These cookies are essential for user guidance, security and the operation of the Platform. We use these cookies on the basis of Article 6 para. 1 sentence 1 lit. f GDPR (our legitimate interest) to ensure basic functions of the Platform.
We also use technically non-essential cookies e.g. for statistics, marketing and tracking. We place these cookies based on your consent in accordance with Article 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time by amending your cookie preferences through the cookie consent management tool available on our Platform.
For more information about the categories of cookies we use and how you can manage or withdraw your consent, please refer to our Cookie Policy: https://paradisefoods.com/cookie-policy-eu/.
IV. Contractual or Business Relationship
If you are already a business partner or are a potential business customer, and a contractual, quasi-contractual, or pre-contractual business relationship exists with us, we process personal data where necessary to establish and maintain this relationship.
The data processed may include:
- Inventory data, such as your first and last name, address, company name, and business location, job level / role;
- Contact details, such as your email address and telephone number; and
- Payment data, including bank account information, billing details, and payment history.
Before or at the time of collecting this data, we will inform you transparently about which information is required. We process this data in particular to communicate with you, respond to your enquiries, provide customer support, fulfil our contractual or legal obligations, and safeguard our rights. As far as necessary, we may share your data with third parties, i.e. our professional advisors, such as our attorneys, accountants, financial advisors and business advisors, in their capacity as advisors to us.
The legal bases for this processing are Article 6 para. 1 sentence 1 lit. b GDPR (performance of a contract and pre-contractual measures), Article 6 para. 1 sentence 1 lit. c GDPR (compliance with legal obligations), and Article 6 para. 1 sentence 1 lit. f GDPR (our legitimate interest in managing and maintaining business relationships).
V. Job Applications
You can apply for open positions with us through our career email address. For the purpose of processing your application, we collect identification and contact information (typically your first and last name, and email address), application and profile data (such as CV or résumé information including education, work history, qualifications, and cover letters), and employment-related details (such as your current and expected annual salary, and work authorization status).
Before or at the time of collecting this data, we will inform you transparently about which information is required.
The legal basis for processing your application documents and data is Article 6 para. 1 sentence 1 lit. b GDPR, as the processing is necessary to take steps prior to entering into an employment contract. We process your data solely for the purpose of managing the application process and conducting pre-contractual measures.
If your application contains special categories of personal data within the meaning of Article 9 para. 1 GDPR (e.g. data concerning health, religious beliefs, trade union membership, or information revealing racial or ethnic origin), we will process such data only to the extent permitted by law. The processing is based on Article 9 para. 2 lit. b GDPR in conjunction with applicable employment law provisions, insofar as the processing is necessary for exercising rights or fulfilling obligations under employment law. Where required, processing may alternatively be based on your explicit consent pursuant to Article 9 para. 2 lit. a GDPR.
We store your personal data from the time your application is received. If your application is successful and an employment relationship is established, we will retain your data for as long as it is required for the administration of the employment relationship and as long as statutory retention obligations apply.
If your application is unsuccessful, we will retain your personal data only for as long as necessary to complete the application process and to comply with applicable statutory limitation periods and legal obligations. After this period, your data will be deleted unless you have consented to further retention.
VI. Newsletter / E-Mail Marketing
You may subscribe to our newsletter to receive updates about our company and our offers. To subscribe, we require your email address. When you register, your email address will be transmitted to us (or our email service provider) and stored. After registration, you will receive a confirmation email (“double opt-in”).
Our newsletter is sent based on your prior explicit consent (Article 6 para. 1 sentence 1 lit. a GDPR). You may unsubscribe at any time, either by contacting us through the options provided in this Privacy Policy or by using the unsubscribe link included in each newsletter. Upon unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Article 6 para. 1 sentence 1 lit. a GDPR, or we are legally entitled to continue using the data as described in this Privacy Policy.
If we obtain your email address in connection with the sale of a product or service and you have not objected, we may also use it to send you regular offers for similar products or services from our portfolio. This serves our legitimate interest in direct marketing (Article 6 para. 1 sentence 1 lit. f GDPR). You may object to this use of your email address at any time, without incurring any costs beyond the basic transmission fees, by contacting us through the options provided in this Privacy Policy or via the unsubscribe link in the marketing email (see also below regarding your right to object).
VII. Third-party providers
As part of our business activities and to provide certain services, we engage third-party service providers as processors to assist in supporting our Platform. We have concluded data processing agreements (DPAs) with the respective service providers. On our website, we implement the following third-party tools:
| Processor | Purpose | Data Processing | Location and third-country transfer safeguards | Legal Basis | Privacy Policy of Processor |
| Google Analytics, Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland | Analysis of website usage and user behavior in order to evaluate performance, improve content, and optimize user experience | Google Client ID, Click path, Date and time for visit, Device info, Location info, IP address, Pages visited, Referrer URL, Browser Info, Hostname, Browser language, Browser type, Screen resolution, Device operating system, Interaction data, User behavior, Visited URL, Hashed e-mails | EU, USA; certified under theEU-U.S. Data Privacy Framework | Article 6 para. 1 sentence 1 lit. a GDPR | https://policies.google.com/privacy |
| LinkedIn Insight Tag / Pixel, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland | Measurement of advertising effectiveness, tracking of conversions, and optimization of marketing campaigns on LinkedIn. | Device info, IP address, Referrer URL, Timestamp, Browser info, Hashed e-mails | EU, USA; certified under theEU-U.S. Data Privacy Framework | Article 6 para. 1 sentence 1 lit. a GDPR | https://www.linkedin.com/legal/privacy-policy |
| Pinterest Tag, Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland | Tracking user interactions and measuring advertising performance for marketing optimization on Pinterest. | IP address, Online identifiers, Device and browser information, Referrer URL and visited pages, Date and time of access, Interaction and click behavior, Conversion and event data, Transaction-related information, Derived location data, Account-related information (if the user is logged in to Pinterest) | EU, USA; certified under theEU-U.S. Data Privacy Framework | Article 6 para. 1 sentence 1 lit. a GDPR | https://policy.pinterest.com/en/privacy-policy |
| Meta / Facebook Pixel, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland | Tracking user behavior, measuring advertising effectiveness, creating custom audiences, and displaying personalized advertisements. | FBClid, Ads viewed, Content viewed, Device info, geographic location, HTTP-header, Interactions with advertisement, services and product, IP address, Items clicked, Marketing info, Pages visited, Pixel ID, Referrer URL, Usage behavior, Facebook cookie info, Facebook user ID, Usage/click behavior, Browser info, Device operating system, Device ID, User agent, Browser type, Hashed e-mails | EU, USA; certified under theEU-U.S. Data Privacy Framework | Article 6 para. 1 sentence 1 lit. a GDPR | https://www.facebook.com/privacy/explanation |
| Criteo, Criteo SA, 32 Rue Blanche, 75009 Paris, France | Display of personalized advertisements and retargeting across websites based on user behaviour and interaction data. | IP address, device identifiers, browser information, pages visited, interaction data, advertising identifiers | EU, USA; SCCs | Article 6 para. 1 sentence 1 lit. a GDPR | https://www.criteo.com/privacy/ |
| Stripe, Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland | Payment processing and fraud prevention | Name, Payment details, Billing address, Transaction data, IP address, Fraud prevention identifiers | EU, USA; certified under theEU-U.S. Data Privacy Framework | Article 6 para. 1 sentence 1 lit. b, lit. f GDPR | https://stripe.com/privacy |
| Polylang, WP SYNTEX, 8 rue Joseph Cugnot, 38307 Bourgoin-Jallieu, France | Storing and managing language preferences to provide website content in the selected language. | Language preference, IP address, Browser information, Cookie identifiers | EU | Article 6 para. 1 sentence 1 lit. a GDPR | https://polylang.pro/privacy-policy/ |
| Google Fonts, Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland | Uniform display of fonts to ensure consistent visual presentation of the website. | IP address, Device and browser information, Referrer URL | EU, USA; certified under theEU-U.S. Data Privacy Framework | Article 6 para. 1 sentence 1 lit. a GDPR | https://policies.google.com/privacy |
| Google Maps, Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland | Display of interactive maps to provide location-based information. | IP address, Location data (derived), Device and browser information, Interaction data | EU, USA; certified under theEU-U.S. Data Privacy Framework | Article 6 para. 1 sentence 1 lit. a GDPR | https://policies.google.com/privacy |
| WordPress, WordPress (Automattic Inc.), 60 29th Street #343, San Francisco, CA 94110, USA | Provision and technical operation of the website, including content management and user authentication. | IP address, Browser details, Login status, Technical session data | USA; SCCs | Article 6 para. 1 sentence 1 lit. f GDPR | https://automattic.com/privacy/ |
| Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA | Ensuring that visitors are human and protecting against bots, as well as speeding up website performance by allowing Cloudflare to serve cached content. | Stores a unique ID that is used to identify a human visitor after Cloudflare checks if the visitor is not a bot (based on various behavior patterns and security rules) | USA; certified under the EU-U.S. Data Privacy Framework | Article 6 para. 1 sentence 1 lit. f GDPR | https://www.cloudflare.com/privacypolicy/ |
VIII. Online presence on social media
We have various presences on social media platforms. We operate these sites with the following providers:
- LinkedIn, LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland; Website: https://de.linkedin.com/; privacy policy: https://www.linkedin.com/legal/privacy-policy
- Instagram, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.instagram.com/; privacy policy: https://help.instagram.com/519522125107875
- Facebook, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com/; privacy policy: https://www.facebook.com/privacy/explanation
We use the technical platform and services of the respective providers for these information services. We would like to point out, that you use our presence on social media platforms and their functions at your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, rating, sharing).
When you visit our social media sites, the platform providers collect your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as the operator of the accounts, with statistical information about your interactions with our posts. The data collected about you is processed by the platforms and may be transferred to countries outside the EU, in particular to the USA.
The above platform providers’ U.S. entities are certified under the EU-U.S. Data Privacy Framework (DPF) and have undertaken to comply with the European data protection principles.
We do not know how the social media platforms use the data from your visit to our account and your interactions with our posts for their own purposes, how long this data is stored and whether it is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or our account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in, a cookie on your device can be used to track your online behaviour. The platforms can use buttons integrated into websites to record your visits to these websites and assign them to your profile in order to offer you targeted content or advertising. To avoid this, you should log out, deactivate the “stay logged in” function, delete the cookies on your device and restart your browser.
As the provider of the information service, we also only process the data that you make available to us in the context of using our service and that require interaction. For example, if you ask us a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which are described in this Privacy Policy. The legal basis for the processing of your data on the social media platform is Article 6 para. 1 sentence 1 lit. f GDPR.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
The providers of the social media platforms explain in their privacy policies what information they receive and how it is used. These privacy policies (see links above) also contain information on contact options and the setting options for adverts.
IX. International Transfers
As described in this Privacy Policy, we use certain services whose providers are located in third countries (i.e. countries outside the European Union or the European Economic Area) or that process personal data in such countries. In some cases, the level of data protection in these countries may not be considered equivalent to that within the European Union.
Where personal data is transferred to a third country for which the European Commission has not issued an adequacy decision pursuant to Article 45 GDPR, we ensure that appropriate safeguards are in place in accordance with Article 46 GDPR. Such safeguards may include, in particular, the Standard Contractual Clauses (SCCs) adopted by the European Commission or binding corporate rules.
X. Storage and deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other authorisations cease to apply (e.g. if the purpose for processing this data no longer applies or it is not required for the purpose). This means that we only store your personal data for as long as is necessary for the respective processing purpose and limit the storage period to the minimum required. In addition, we only store your data if we are authorised or obliged to do so in accordance with statutory retention periods.
This Privacy Policy may also contain further information on the retention and deletion of data, which apply primarily to the respective processing activities.
C. Your Rights as a Data Subject
You have the right to
- Access your personal data in accordance with Article 15 GDPR,
- Rectification of inaccurate personal data in accordance with Article 16 GDPR,
- Erasure of your personal data in accordance with Article 17 GDPR,
- Restriction of processing in accordance with Article 18 GDPR,
- Data portability in accordance with Article 20 GDPR, and
- Objection to the processing of your data in accordance with Article 21 GDPR (Right to object, see details below).
You also have the right to withdraw your consent to the processing of your personal data at any time. Please note that the withdrawal of consent is only effective for future processing. Any processing that occurred before the withdrawal remains unaffected.
Right to Object: You have the right to object, at any time and for reasons arising from your particular situation, to the processing of your personal data based on Article 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on this provision as defined in Article 4 para. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
To exercise your above rights, you can send an email to [email protected]. You also have the right to complain to a data protection supervisory authority about the processing of your personal data.
D. Data processing when accessing linked content
This Privacy Policy only applies to our Platform. However, the Platform may also contain external links or hyperlinks to websites of other providers. These are to be distinguished from our own content. This external content does not originate from us, nor do we have any influence over the content of third-party sites. If you are redirected to other pages via links within the Platform, please inform yourself there about the respective handling of your data.
E. Automated decision-making/profiling
No automated decision-making or profiling takes place.
F. Changes to this Privacy Policy
Due to the further development of our Platform and our services or due to changed legal and official requirements, it may become necessary to amend this Privacy Policy from time to time.
If you have any questions regarding the processing of your data, you can contact us at any time.