Thank you for visiting our website. We attach particular importance to the security of your data. Below we inform you about the processing of your personal data when visiting and using our online offer and when contacting us. You will also find information about your rights regarding the processing of your data.

General information:

1 Scope of application
This data protection declaration applies to the processing of your personal data when you visit our web pages at www.chicopee-petfood.fr or our social media profiles on Facebook, Instagram or LinkedIn. Furthermore, this data protection declaration applies when you contact us by e-mail, telephone or post.

2 Responsible
“Controller” within the meaning of Article 4, point 7 of the European General Data Protection Regulation (“GDPR”) is:

Harrison Pet Products Inc.

144 Dawn Avenue

Guelph, N1G 4X2

Ontario, Canada

e-mail: info©harrisonpet.com

www.harrisonpet.com

Conductor: Agathe Heim, Wolfgang Heim, Klaus Lahrmann

Ontario Registration Number: 0001232090

3 Contact details of the data protection officer
You can contact our data protection officer at the following contact details:

Erich Zimmermann

c/o ZiDa-Datenschutz GmbH

102, rue Waldhofer

69123 Heidelberg

Email: e.zimmermann@zida-datenschutz.de

Website: www.zida-datenschutz.de

4 General information

4.1 Data type

We process personal data that you make available to us when you use our online offer (e.g. when you place an order or contact us). In addition, we process data that is automatically transmitted by your web browser when you use our website.

In section B we explain what data is specifically involved when using the various functions of our online offering.

4.2 Purposes and legal bases of processing

We process your personal data in accordance with the applicable data protection provisions for various purposes. Depending on the purposes for which we process your data, the following legal bases are generally taken into account for the processing:

Article 6, paragraph 1, sentence 1, point a) of the GDPR serves as the legal basis for our company for processing operations in which we obtain your consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of another service or consideration, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries about our products or services.

If our company is subject to a legal obligation which makes the processing of personal data necessary, for example for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) of the GDPR.

Finally, processing operations may also be based on Article 6(1)(f) GDPR. Processing operations which are necessary to safeguard a legitimate interest of our company or a third party are based on this legal basis, insofar as the legitimate interests or fundamental rights and freedoms of the data subject do not prevail.

Further information on the purposes and the respective legal basis for the processing of your data in connection with the use of this website can be found in section B.

4.3 Transmission of data

Your personal data is not passed on to third parties for purposes other than those mentioned below. We only pass on your personal data to third parties if:

you have given your express consent in accordance with Article 6, paragraph 1, sentence 1, letter a of the GDPR,

the transmission according to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being transmitted (e.g. necessary transmission of data to debt collection agencies, lawyers, tax advisors, accountants, auditors, etc.)

in the event that there is a legal obligation to transmit in accordance with Article 6, paragraph 1, sentence 1, letter c of the GDPR (e.g. necessary transmission of data to authorities and public services such as supervisory, tax, financial, administrative or criminal prosecution authorities),

this is permitted by law and required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you (e.g. transmission of your data to credit institutions, payment service providers, postal, parcel or logistics service providers or telecommunications service providers).

In addition, it may be necessary for service providers commissioned by us (long-term partners), in particular IT and web service providers, to receive and process personal data on our behalf in the context of the operation and maintenance of our company-internal IT infrastructure. In the context of operating this website, we use the following service providers in particular:

Top-Tiernahrung (Susanne Ehe) in Rottenacker

4.4 Transfer of personal data to a third country

If we transmit data to recipients located in a third country, i.e. outside the European Union (EU) and the European Economic Area (EEA), or if data processing takes place in a third country in the context of the use of third-party services, this will only be done in compliance with the applicable data protection provisions.

In some third countries, the European Commission certifies, through so-called adequacy decisions, a level of data protection comparable to that of the EU (Article 45 GDPR). Insofar as there is no comparable data protection standard in a third country, we ensure, in accordance with appropriate safeguards, that an adequate level of data protection is adequately guaranteed by the recipient (e.g. standard contractual clauses of the European Commission), unless you have expressly given your consent to the transmission of data or the transmission of data is required by contract or by law (Articles 46 to 49 GDPR). You can find more information on this on the information page of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

Shopify Inc.

Harrison Pet Products website is hosted on Shopify Inc. This platform allows us to sell our products and services online. Your personal data is therefore stored in Shopify's databases as well as on the Shopify application. This server is secure and protected by a firewall.

My personal data for payment on Shopify

When you purchase products on our Harrison Pet Products website using a direct payment gateway, Shopify stores your credit card information. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction information is retained throughout your order until it is complete. Once your order is complete, your transaction information is deleted.

What is PCI-DSS?

This is a standard that protects all direct payment gateways. It is managed by the PCI Security Standards Council, which is an umbrella organization of payment brands like Visa, MasterCard, American Express and Discover. PCI-DSS helps ensure the secure handling of credit card information used by our store and other service providers.

To learn more about Shopify, we recommend reviewing Shopify's Terms of Service.

4.5 Retention period

Unless a retention period is expressly specified, personal data will be stored for as long as this is necessary for the defined purposes and the fulfilment of our legal obligations or, insofar as the processing is based on your consent, until you withdraw your consent. Insofar as there are legal retention and documentation obligations, in particular those arising from commercial and tax law, the data will be stored for at least the retention period prescribed by law. Retention and documentation periods of up to ten years may result from §§ 147 AO and 257 HGB. With regard to possible legal claims, the retention period is also determined by the statutory limitation periods. According to §§ 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; in individual cases, limitation periods of up to 30 years may apply.

4.6 Rights of data subjects

As a data subject, you have various rights under the GDPR in relation to the processing of your data:

Right of access: In accordance with Article 15 of the GDPR, you have the right to request information about the personal data we process. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned retention period, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if they have not been collected from us, as well as the existence of automated decision-making, including profiling, and, where applicable, relevant information on the details thereof. As part of your right of access, you can request a copy of your personal data. We generally provide copies of the data in electronic form, unless you indicate otherwise. Right of rectification: In accordance with Article 16 of the GDPR, you have the right to demand that inaccurate data concerning you be rectified or that data concerning you be completed without delay.

Right to erasure: In accordance with Article 17 of the GDPR, you have the right to request the erasure of personal data we hold about you, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

Right to restriction of processing: In accordance with Article 18 GDPR, you have the right to request restriction of the processing of your personal data to the extent that you contest the accuracy of the data, the processing is unlawful but you refuse their deletion, we no longer need the data but you need them to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR;

Right to data portability: in accordance with Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request transmission to another controller;

Right to withdraw consent: In accordance with Article 7, paragraph 3 of the GDPR, you have the right to revoke your consent at any time once it has been given to us. This has the consequence that we can no longer continue the data processing that was based on this consent in the future. The legality of the processing carried out on the basis of your consent until its revocation remains unaffected by your revocation.

Right to lodge a complaint with a supervisory authority: In accordance with Article 77 of the GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes applicable data protection legislation. As a general rule, you can contact the supervisory authority of your habitual residence or place of work or of the place of the alleged infringement.

RIGHT OF OPPOSITION

In accordance with Article 21 of the GDPR, you have the right to object, for reasons relating to your particular situation, to the processing of your personal data, insofar as this processing is carried out on the basis of a legitimate interest in accordance with Article 6, paragraph 1, sentence 1, point f) of the GDPR or in the public interest in accordance with Article 6, paragraph 1, sentence 1, point e) of the GDPR; this also applies to profiling based on these provisions.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your objection is directed against the processing of your data for direct advertising purposes, we will immediately cease the processing. In this case, it is not necessary to indicate a special situation. This also applies to profiling, insofar as it is related to such direct advertising.

If you wish to exercise your right to object, simply send an email to info@harrisonpet.com .

4.7 Links to other websites

This data protection information does not apply to websites or online offers of other providers that are merely referred to by a corresponding link on our website. If you follow a link to one of these websites, we would like to point out that the providers of these other websites are themselves responsible for the processing of personal data when using their website and that we do not assume any liability in this regard. We recommend that you consult the data protection information on the respective other websites.

1. Data processing when using our website

1 Visit the website

When you visit our website, your browser automatically transmits data to us. This information is stored in a log file on our web server. The following information is included:

IP address (if possible, it is recorded anonymously).

Domain name of the website you came from

Names of files viewed

date and time of a consultation

name of your internet service provider

as well as, where applicable, the operating system and browser version of your terminal.

We record the information collected – including the IP address – only for the following purposes:

Ensure smooth website connection establishment,

To ensure comfortable use of our website,

ensure the stability and security of our systems.

The information is stored temporarily for a maximum of 30 days. The processing of personal data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest arises from the purposes mentioned. We reserve the right to statistically analyze anonymized data sets.

Further explanations about cookies and the analysis and marketing technologies used on our website can be found in sections B. 9 and 0.

2 Order via our online store

In principle, you do not need a customer account to order goods in our online shop. If you would like to place an order via our online shop, we need the following information from you:

Information about a private client/company

Greeting, first name and last name

E-mail address

Billing address, possibly different delivery address

Payment details depend on the selected payment method

Ordering Information

We process this data for the purpose of establishing, executing and terminating the purchase contract concluded with you, including checking your order, processing invoicing and payment, shipping goods, handling customer complaints/returns and communicating with customers as well as, if necessary, to assert: exercise or defend mutual legal claims. The legal basis for data processing is Article 6, paragraph 1, sentence 1, letter b of the GDPR.

We pass on the information about your delivery address to a transport/logistics company commissioned by us for the purpose of processing the purchase contract. If we use the shipping service of Deutsche Post AG (DPDHL), we also pass on your e-mail address to DPDHL as well as the electronic order data for the purpose of parcel notification, so that you are informed by e-mail about the shipping status and the expected delivery date. the delivery day becomes. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in offering you the most convenient service possible and assume that it is in your interest to receive reports on the status of your parcel. DPDHL guarantees that personal data will only be processed to the extent necessary to carry out the relevant postal or transport service and to send status reports. DPDHL has taken appropriate technical and organizational measures that meet the requirements of the applicable data protection laws. Further information can be found in DPDHL's data protection declaration.

Additionally, depending on the payment method you select, we will transmit the information necessary to process the payment to the relevant payment/financing service provider (see Section B. 4).

Unless we use your contact details for advertising purposes on the basis of your consent or a legal basis, we generally store the data necessary for the execution of the contract only until the contract is completed, i.e. until the end of the contract and the expiry of any statutory or contractual warranty periods. We then store the information required by statutory provisions, in particular commercial and tax law, for the legally specified periods (usually 6 or - in particular in the case of booking documents - 10 years from the conclusion of the contract, § 257 para. 4 HGB). , § 147 para. 3 AO ).

If you do not provide us with the data necessary for the order, it will not be possible to purchase the desired product.

3 Create a customer account

On our website, you have the option of creating a password-protected customer account, through which you can change and manage your user and billing data and view your orders at any time. This means that you only have to enter your data once when registering and can log in for subsequent orders using your email address and a password of your choice. The following data is collected as part of the registration process:

Information about a private client/company

Greeting, first name and last name

E-mail address

Self-selected password

Billing address, possibly different delivery address

We use your data only for the purpose of providing you with the customer account and its functions to be used in accordance with our contractual terms and to process orders placed here - as described in point B. 2. The legal basis for processing your data is Article 6, paragraph 1, sentence 1, letter b GDPR. The data will be stored for the entire duration of your registration and use of your customer account. You can delete your customer account at any time; please contact customer service@bosch-tierfutter.de.

If you do not provide us with the data necessary for registration, it will not be possible to create a customer account.

Please note that you are responsible for keeping your access data (password) confidential in order to prevent any misuse of your data. We ask you not to share the password with anyone.

4 Payment processing

In order to process payment transactions efficiently and securely, we use payment services from third-party providers - in addition to banks and credit institutions - depending on the payment method you choose ("payment service providers").

After completing the order, you will be redirected to the integrated website of the respective payment service provider, where you can - if necessary after logging in with your access data - enter your payment details and/or request payment via the service provider. In particular, we transmit the precise payment amount to the respective provider of the payment service you have selected.

In order to process the transaction, it is necessary for the respective payment service provider to process further payment information. This includes, for example, the customer's first name, last name and address, bank details such as account number or credit card number, passwords, TANs, checksums as well as order and recipient information. However, the data entered will only be processed and stored by the payment service provider. Under certain circumstances, the data may be transmitted by the payment service provider to credit rating agencies. The purpose of this transmission is to verify identity and creditworthiness. You will find information on this in the general terms and conditions and data protection information of the respective payment service provider.

The legal basis for the transmission of your data to the relevant payment service provider is Art. 6 para. 1 sentence 1 lit. b GDPR; The transfer is necessary for the performance of the contract.

​ Payment via PayPal

If you select the PayPal payment service, you will be automatically redirected to the PayPal website or app, where you will need to log in with your PayPal ID and confirm the payment. As part of the payment processing, the payment information required for this purpose (usually the data collected from the customer when ordering or registering, merchant information, payment amount, IP address and any other required transaction data) is transmitted to PayPal. This requires that you have created an account there or that you have agreed to the processing of your personal data as a guest. We have no influence on the data processing by PayPal; this is carried out independently by PayPal within the framework of the contractual relationship between you and PayPal. The service provider is PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, 2449 Luxembourg. Further information can be found in PayPal's privacy policy.

Payment by credit card

Credit card payments are processed via the PAYONE payment service. The provider of this service is PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main ("PAYONE"). You enter your credit card number, its expiry date and, if necessary, your CVC number in the corresponding input fields of the window. This is a plug-in. All credit card data is entered directly into the PAYONE system and cannot be read or saved by us. We therefore have no insight into this data. Our service provider passes on this data and other information as part of the transaction to the (credit) companies involved in the payment process (MasterCard, card issuing bank). You can find information on how your data is processed by PAYONE in PAYONE's data protection information: https://www.payone.com/DE-de/datenschutz

6 requests / complaints / personalized advice

If you send us general inquiries, a request for personalised dietary advice or a complaint using the online forms provided on the website, your details from the online form, including the contact details you provided there, will be used for the purpose of processing the request and, if necessary, further communications stored and processed with you by us. Your data will only be used for the purpose of answering and processing your question.

The legal basis for the processing of your information is the consent you gave when sending the form (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke your consent at any time with future effect by sending an e-mail to kundenservice@bosch-tierfutter.de or by sending a declaration to our contact details under Section A. 1. The legality of the processing carried out on the basis of your consent until its revocation remains unaffected by your revocation.

7 Analytics and Marketing Technologies

7.1 Use of Facebook visitor access statistics

We use the visitor access statistics (remarketing function) "Custom Audiences" from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), also known as Facebook Pixel. This function allows us to target website visitors with advertising by displaying personalized and interest-based Facebook ads to visitors of this website when they visit the social network Facebook. The function will only be activated after you have given your consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. If the function is activated, a direct connection to a Facebook server will be established when you visit this website. This means that which of our websites you have visited is transmitted to the Facebook server. Facebook assigns this information to your personal Facebook user account. You can find more information about the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy in Facebook's data protection information at https://www.facebook.com/about/privacy/. If you do not want Facebook to directly assign the collected information to your Facebook user account, you can deactivate the "Custom Audiences" remarketing function here. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate Facebook's usage-based advertising here: http://www.youronlinechoices.com/de/praferenzmanagement/.

Please note that due to the Cloud Act, US authorities may have access to personal data necessarily exchanged with Facebook on the basis of the Internet Protocol when this tool is integrated. EU citizens have no possibility of effective legal protection in the USA or the EU against this access.

Cookies used (lifetime in parentheses): ATN (2 years), AA003 (2 months), _fbp (3 months), fr (3 months)

7.2 Google Analytics

We use the Google Analytics analysis service. This web analysis service is operated by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). We use Google Analytics to evaluate your use of our website and to compile reports on user activity.

This analysis tool works in particular on the basis of cookies. The information stored by the cookie is usually transferred to a Google server in the USA and then stored there. However, as part of IP anonymization, your IP address is usually shortened (anonymized) beforehand by Google within a member state of the EU or in another contracting state of the Agreement on the European Economic Area. On our behalf, Google will use the information transmitted to create a report on the use of the website. We have concluded an order processing contract with Google. If you wish to prevent the use of cookies, you can do so by locally changing your settings in the Internet browser used on your computer (e.g. Safari, Internet Explorer, Opera, Firefox, etc.), i.e. the program for opening and displaying Internet pages. You can also prevent the collection and processing of your data by the Google cookie by downloading and installing a browser plug-in offered by Google via the following link:

https://tools.google.com/dlpage/gaoptout?hl=de.

You can prevent the collection by Google Analytics by clicking on the link below. A so-called opt-out cookie is then installed, which prevents the future collection of your data when you visit this website: https://tools.google.com/dlpage/gaoptout?hl=de

Further information on the terms of use and data protection of Google and Google Analytics can be found at http://www.google.com/analytics/terms/de.html and at https://www.google.de/intl/de/policies/. We would like to point out that the extension "anonymizeIp" has been added to Google Analytics. This ensures anonymized collection of IP addresses.

Information about cookies:

Categorization for consent: Marketing cookies used (lifetime in parentheses): _ga (2 years), _gid (1 day), _gat_UA-* (1 minute), _utma (2 years), _utmb (30 minutes), _utmc (session), _utmt (10 minutes), _utmz (6 months)

Please note that under the Cloud Act, US authorities may have access to personal data necessarily exchanged with Google on the basis of the Internet Protocol when this tool is integrated. EU citizens have no possibility of effective legal protection in the USA or the EU against this access.

8 social media buttons

We offer you the possibility to directly access our presence on the social networks Facebook, Instagram or LinkedIn by using the appropriate buttons on our website.

We deliberately do not use plugins offered by these social media services, but rather links developed specifically for our website. Thus, by simply visiting our website, no user data is transmitted to the providers of these social networks. Only when you click on a social media button on our website will a connection be established between your browser and the server of the respective social media service and you will be redirected to our social media presence (see section C below). We do not collect any personal data via these buttons on our website and therefore do not transmit any data to the social media providers.

9 SSL Encryption

This website uses SSL (Secure Socket Layer) encryption to transmit data from your browser to our server and to the servers that provide the files we include on our website. With SSL, data is transmitted encrypted. You can recognize the presence of SSL encryption by the text "https" in front of the address of the website you are visiting in the browser.

C Social media presence

We maintain a social media presence on Facebook and Instagram, through which we communicate with customers and interested parties and share information about our offers and products as well as news about Harrison Pet. Your visit to our social media presence triggers various data processing operations, which we provide you with an overview of below:

When you visit our social media pages, your personal data is collected and processed not only by us, but also by the providers of the respective social network ("Providers"). This happens even if you do not have a profile on the respective social network. For details on the personal data that these providers collect in the context of your visit and use of the respective network and for what purposes they process this data, please refer to the data protection declarations of the respective providers:

The provider of Facebook and Instagram is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). You can view the data protection declaration at https://de-de.facebook.com/policy.php and at https://privacycenter.instagram.com/policy.

Interactions with our social media pages: As the operator of our social media pages, we can generally only view the information stored in your public profile, and only if you have such a profile and are logged in to it while you use access to our site and interact with it (e.g. by commenting on our posts, liking, sharing, etc.). Please note that these public interactions with our social media pages are also visible to other users. If you send us a (private) message using the respective messaging functions, it will not be visible to other users. We process the personal data provided here exclusively to communicate with you and respond to your request. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in communicating with interested users via our social media pages and in responding to your messages via the channel you have chosen. Please note that you use our social media pages and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, liking).

10 Changes to this Privacy Policy

We reserve the right to amend this data protection declaration if the legal situation of this online offer or the type of data collection changes. However, this only applies to statements relating to data processing. If the user's consent is required or if elements of the data protection declaration contain a regulation of the contractual relationship with users, the data protection declaration will only be amended with the user's consent.

If necessary, please inform yourself about this data protection declaration, especially if you provide personal data.