Last updated: 2023
While using our website's Internet pages, you can do so without providing any personal data. However, certain enterprise services accessed through our website may require the processing of personal data. In such cases, we seek the data subject's consent, unless there is a legal basis for the processing.
All processing of personal data, including names, addresses, email addresses, and phone numbers, complies with the General Data Protection Regulation (GDPR) and relevant country-specific data protection laws governing Saucehaus LLC. Through this data protection declaration, we aim to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Additionally, this declaration ensures data subjects are aware of their rights.
Saucehaus LLC, as the data controller, has implemented numerous technical and organizational measures to maximize the protection of personal data processed through our website. However, we acknowledge that internet-based data transmissions might have inherent security gaps, making absolute protection impossible. For added security, data subjects are free to use alternative means, like contacting us by telephone, to transfer personal data.
The data protection declaration of Saucehaus LLC adheres to the terminology used by the European legislator for adopting the General Data Protection Regulation (GDPR). We strive to make this declaration comprehensible to the general public, as well as our customers and business partners, by explaining the terms used.
In this data protection declaration, the following terms apply:
- Personal data: Refers to any information related to an identified or identifiable natural person ("data subject"). An identifiable person is one who can be identified directly or indirectly through an identifier such as a name, identification number, location data, online identifier, or specific factors related to their identity.
- Data subject: Represents any identified or identifiable natural person whose personal data is processed by the responsible controller.
- Processing: Encompasses any operation performed on personal data, whether manually or automatically, such as collection, recording, organization, storage, retrieval, use, disclosure, and more.
- Restriction of processing: Involves marking stored personal data to limit future processing.
- Profiling: Refers to automated processing of personal data to evaluate certain aspects related to a natural person, such as work performance, economic situation, health, preferences, etc.
- Pseudonymization: Involves processing personal data in a way that prevents direct attribution to a specific data subject without additional information.
- Controller: The natural or legal person, public authority, agency, or body responsible for determining the purposes and means of personal data processing.
- Processor: The natural or legal person, public authority, agency, or body processing personal data on behalf of the controller.
- Recipient: The natural or legal person, public authority, agency, or other body to whom personal data is disclosed.
- Third party: Any entity other than the data subject, controller, processor, or authorized personnel.
- Consent: Freely given, specific, informed, and unambiguous indication of the data subject's agreement to the processing of their personal data.
Name and Address of the Controller
The controller responsible for data processing in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws in the European Union member states is:
4590 Macarthur Blvd
Newport Beach, CA 92660
United States of America
Phone: (949) 529-0601
Users can prevent cookies from being set through their Internet browser settings and delete existing cookies using software programs. However, disabling cookies may affect certain functionalities of the website.
Collection of General Data and Information
When the Saucehaus LLC website is accessed by a data subject or automated system, general data and information are collected and stored in server log files. This data includes the type and version of the browser, the operating system, referrers, sub-websites, date and time of access, IP address, and Internet service provider. This information is not used to identify individuals but serves purposes like ensuring proper content delivery, optimizing the website and its advertisements, maintaining IT system viability, and aiding law enforcement in case of cyber-attacks.
Anonymous analysis of server log file data helps improve data protection and security while maintaining the confidentiality of personal data provided by data subjects.
Registration on Our Website
Registration on Saucehaus LLC's website requires the provision of personal data, as specified in the respective registration input mask. The collected personal data is exclusively used for internal purposes by the controller and may be shared with processors (e.g., parcel services) for internal purposes.
During registration, the data subject's IP address, date, and time of registration are also stored. This data is necessary to prevent misuse of services and facilitate investigation of any committed offenses, ensuring the controller's security. The data is not shared with third parties unless required by law or for criminal prosecution purposes.
Registration allows the controller to offer exclusive content or services to registered users. Registered users have the option to update or delete their personal data from the controller's database. The data controller provides information about stored personal data upon request and corrects or erases such data when no statutory storage obligations apply.
For any inquiries or requests related to personal data, the data subject may contact the controller's representatives.
- Subscription to Our Newsletters At Saucehaus LLC's website, users can subscribe to our enterprise's newsletter. The personal data transmitted during this process are determined by the input mask used for newsletter ordering. Our newsletter keeps customers and business partners informed about enterprise offers. To receive the newsletter, data subjects must have a valid email address and register for newsletter shipping. For legal purposes, a confirmation email is sent as part of the double opt-in procedure to verify the data subject's authorization to receive the newsletter.
During newsletter registration, we store the data subject's IP address, date, and time of registration. This data helps detect potential misuse of email addresses and serves the controller's legal protection.
The personal data collected for newsletter registration will only be used for sending the newsletter. Subscribers may receive additional emails if necessary for operating the newsletter service or relevant registrations. Personal data collected by the newsletter service will not be shared with third parties. Data subjects can unsubscribe from the newsletter at any time, and consent for data storage and newsletter shipping can be revoked using the link provided in each newsletter or through direct communication with the controller.
- Newsletter-Tracking The newsletter from Saucehaus LLC contains tracking pixels, miniature graphics embedded in HTML-format emails to enable log file recording and analysis. This allows statistical analysis of the success or failure of online marketing campaigns. The tracking pixel enables us to determine if and when an email was opened by a data subject and which links were accessed.
Personal data collected through tracking pixels in newsletters are stored and analyzed to optimize newsletter distribution and tailor future content to data subjects' interests. This personal data is not shared with third parties. Data subjects have the right to revoke their consent, provided through the double-opt-in procedure, for tracking. Upon revocation, the controller will delete this personal data. Unsubscribing from the newsletter constitutes a withdrawal of consent.
- Contact Possibility via the Website Saucehaus LLC's website provides contact information for quick electronic communication with our enterprise, including a general email address. When a data subject contacts the controller via email or contact form, the transmitted personal data is automatically stored. This personal data is stored solely for processing or responding to the data subject's communication and is not shared with third parties.
- Comments Function in the Blog on the Website Saucehaus LLC allows users to leave individual comments on blog posts on the website. Comments made by data subjects, along with chosen (pseudonymous) usernames and the date of commentary, are stored and published. The IP address assigned by the Internet service provider is also logged for security reasons, in case a data subject violates the rights of third parties or posts illegal content. The storage of this personal data serves the controller's interest in exculpation in case of infringement and will not be transferred to third parties unless legally required or necessary for defense.
- Subscription to Comments in the Blog on the Website Third parties may subscribe to comments made in Saucehaus LLC's blog. Upon subscription, the controller sends an automatic confirmation email to the specified email address to verify the double opt-in procedure.
- Routine Erasure and Blocking of Personal Data Saucehaus LLC processes and stores personal data only for the period required to achieve the purpose of storage or as permitted by applicable laws and regulations. Personal data is routinely blocked or erased when the storage purpose is no longer applicable or when the storage period expires.
- Rights of the Data Subject a) Right of Confirmation Data subjects have the right to obtain confirmation from the controller whether their personal data is being processed.
- Right of Access Data subjects have the right to obtain free information about their personal data stored by the controller, including the purposes of processing, categories of data, recipients, storage period, and more.
- Right to Rectification Data subjects have the right to request rectification of inaccurate or incomplete personal data.
- Right to Erasure (Right to be Forgotten) Data subjects have the right to request erasure of their personal data under specific circumstances.
- Right of Restriction of Processing Data subjects can request the restriction of processing under certain conditions.
- Right to Data Portability Data subjects have the right to receive their personal data in a machine-readable format and transfer it to another controller, if certain criteria are met.
- Right to Object Data subjects have the right to object to the processing of personal data under specific circumstances, including direct marketing.
- Automated Individual Decision-Making, Including Profiling Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affects them, except under certain conditions.
- Right to Withdraw Data Protection Consent Data subjects have the right to withdraw their consent to data processing at any time.
Registration on Our Website
The data controller is responsible for collecting and processing personal data from applicants for the purpose of handling the application procedure. In some cases, this processing may occur electronically, such as when an applicant submits application documents via email or a web form on the website. If the data controller enters into an employment contract with an applicant, the submitted data will be stored for the purpose of managing the employment relationship in compliance with legal requirements. However, if an employment contract is not established, the application documents will be automatically deleted two months after the refusal decision, unless there are other legitimate interests of the data controller, such as evidence required for a procedure under the General Equal Treatment Act (AGG).
- Legal basis for data processing The legal basis for processing operations is determined as follows: Art. 6(1) lit. a GDPR serves as the foundation when obtaining consent for specific processing purposes. If the processing of personal data is necessary for executing a contract in which the data subject is involved, such as supplying goods or providing services, it is based on Article 6(1) lit. b GDPR. Similarly, processing operations required for pre-contractual measures, like inquiries about products or services, also fall under this category. In cases where our company is legally obligated to process personal data, such as for tax obligations, the processing is based on Art. 6(1) lit. c GDPR. Rarely, personal data processing may be essential to safeguard the vital interests of the data subject or another person, for instance, in an injury situation, where necessary information has to be shared with medical personnel or other third parties. In such cases, the processing is based on Art. 6(1) lit. d GDPR. Finally, processing operations can be based on Article 6(1) lit. f GDPR. This legal basis is applicable to operations not covered by the aforementioned grounds, where processing is necessary to pursue the legitimate interests of our company or a third party, provided such interests do not override the data subject's fundamental rights and freedoms requiring protection of personal data. Such processing operations are permissible as specifically mentioned by the European legislator, who considers a legitimate interest to be assumed when the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
- Legitimate interests pursued by the controller or third party Regarding data processing based on Article 6(1) lit. f GDPR, our legitimate interest is to conduct our business in favor of the well-being of all our employees and shareholders.
- Data retention period The retention period for personal data is determined by the respective statutory retention period. After the expiration of this period, the relevant data is routinely deleted, as long as it is no longer necessary for fulfilling or initiating a contract.
- Provision of personal data and its consequences We want to clarify that the provision of personal data may be partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information about the contractual partner). In some cases, providing personal data is necessary for concluding a contract, and the data subject must subsequently allow us to process this data. For example, when our company enters into a contract with a data subject, they are obligated to provide certain personal data. Failure to provide this data would result in the inability to conclude the contract. Before providing personal data, the data subject should contact an employee, who will clarify whether providing the data is required by law or contract, necessary for concluding the contract, and explain any obligations and consequences of not providing the data.
- Automated decision-making As a responsible company, we do not engage in automatic decision-making or profiling.