Terms of Use and Privacy Policy

Terms of use

Access to this site: This site is owned and operated by FLOCERT GmbH (FLOCERT).

FLOCERT grants you a limited license to access and make personal use of the Site, but not to download (other than page caching, publications, technical documents or other information) or modify it, or any portion of it, except with the express written consent of FLOCERT.

This license does not include any resale or commercial use of the Site or its contents; any collection and use of any product listings, descriptions or prices; any derivative use of the Site or its contents; any downloading or copying of account information for the benefit of another merchant; or any use of data mining, robots or similar data gathering and extraction tools. None of the Site or any portion thereof may be reproduced, duplicated, copied, sold, resold, visited or otherwise exploited for any commercial purpose without the express written consent of FLOCERT. You may not frame or utilize framing techniques to enclose any trademark, logo, or other proprietary information (including images, text, page layout or form) of FLOCERT without express written consent. You may not use any meta tags or other “hidden text” utilizing FLOCERT’s name or trademarks without the express written consent of FLOCERT. Any unauthorized use terminates the permission or license granted by FLOCERT.

Employment Offers: This Site may contain information on employment opportunities within FLOCERT. If you decide to apply for a vacancy we will assume that, by creating an application form or sending us your CV, you are signaling your agreement for FLOCERT to use, hold and destroy any personal data contained in your form/CV for the purpose of considering your application in accordance with our standard recruitment procedures and for the purposes outlined in detail below.

Please do not apply if you do not agree to FLOCERT using, holding or destroying your data for any of the purposes that are outlined below:

We may wish to retain your details on file for up to the next 12 months and to notify you of any suitable vacancies that arise. You would then have the opportunity to apply for these vacancies if you wished to do so.

We may use your personal information for purposes of market research, specifically relating to the improvement of recruitment and HR policies and practices.

Jurisdiction: Your access to, and use of, this Site, the Privacy Policy and these Terms of use (and any dispute, controversy, proceedings or claim of whatsoever nature arising in any way therefrom) shall be governed by, and interpreted in accordance with the laws of Germany exclusive of any rules with respect to conflicts of laws.

Copyright: The information contained on this Site or in any publication made available on or through this Site is the exclusive property of FLOCERT or is licensed to FLOCERT and is protected by copyright and other proprietary rights. Nothing contained in this site may be reproduced, distributed or edited in any manner without the prior written authorization of FLOCERT.

FLOCERT GmbH is the independent Fairtrade certification body offering Fairtrade certification services to clients in more than 120 …

Data protection

The topic of data protection is very important to us. Therefore, we will inform you below about how we process your personal information and what rights you have in this regard.

1. Name and contact data of the data controller for processing as well as the company protection officer.

This privacy information applies for data processing services carried out by:

FLOCERT GmbH (hereinafter: FLOCERT)
Bonner Talweg 177
53129 Bonn

T: +49/ (0)228-2493-0
F: + 49/ (0)228-2493-120
E: flocert@flocert2023.brightminded.com

The data protection officer is available at the following address:

dhpg IT-Services GmbH
Bunsenstr. 10a
51647 Gummersbach

respectively through


2. Rights of data subjects

You have the right:

  • pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. Insofar as we process your data you may request information especially about the processing purpose, the categories of personal data, the recipients of your disclosed personal data, especially recipients in third countries, the planned storage period or the criteria of determination, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if it was not collected by us as well as the existence of an automated decision-making including profiling and, if applicable, meaningful detailed information.
  • pursuant to Art. 16 GDPR, to obtain the immediate rectification of incorrect or incomplete of your personal data stored with us;
  • pursuant to Art. 17 GDPR, to obtain the erasure of the personal data stored with us, unless the processing is required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • pursuant to Art. 18 GDPR, to obtain the restriction of processing of your personal data, if the correctness of data is disputable, the processing is unlawful, but you refuse its erasure and we do not need the data any more. On the other hand, you might need it to assert, exercise or defend legal claims or you have lodged an objection against the processing pursuant to art. 21 GDPR and it is not yet clear whether our legitimate reasons prevail your interests.
  • pursuant to Art. 20 GDPR, to obtain your personal data which you provided us, in a structured, common and machine-readable format or to demand the transfer to any other responsible person, insofar as the processing is based on your consent or a contract and the processing is made by means of automated procedures;
  • pursuant to Art. 7 seq. 3 GDPR, to revoke your uniquely given consent at any time. This entails that a continued processing of your personal data is prohibited and
  • pursuant to Art. 77 GDPR, to lodge a complaint with the supervisory authority. As a rule, you can address to the supervisory authority at your usual place of residence or workplace or at our company headquarter.

3. Right of objection

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 seq. 1 sent. 1 lit. e or f GDPR, you have the right, pursuant to Art. 21 GDPR, to appeal against processing your personal data insofar as there are reasons resulting from your particular situation or which are directed against direct advertising.

In the first case, we will no longer process your data unless we can prove compelling reasons that prevail your interests, liberties and rights or our processing serves to assert, exercise or defend legal claims.

In the latter case you have a general right of objection which is realized by us without indicating a particular situation. If you want to make use of your right of revocation or objection, an email to flocert@flocert2023.brightminded.com will be sufficient.

4.    Data Transfer

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:

  • you have expressly given your consent pursuant to Art. 6 seq. 1 sent. 1 lit. a GDPR
  • the transfer pursuant to Art. 6 seq. 1 sent. 1 lit. f GDPR is required for the assertion, exercise or defence of legal claims and there is no reason to assume that you have a prevailing legitimate interest in not transferring your data,
  • in the event that there is a legal obligation to transfer data pursuant to Art. 6 seq. 1 sent. 1 lit. c GDPR, and
  • this is required by law and pursuant to Art. 6 seq. 1 sent. 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, your personal data are processed by our order processors in compliance with instructions, insofar as this is necessary for the fulfilment of the order. Our contract processors do not have an own right to use your data.

5. Data Security

We use the common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the representation of the closed bowl or lock symbol or by the use of “https” in front of the address of our (sub)website. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in accordance with technological development.

6.  Third countries

We will only transfer data to third countries in accordance with legal regulations.

The permissibility of data transfers to third countries conforms with Art. 44 et seq. GDPR. If we transfer your data to a third country, you will be informed about this in the specific data protection information on the respective process, stating the respective legal regulation.

A formal expression of dissatisfaction with the quality of services delivered by FLOCERT. A complaint can be registered by any third party or …
An official customer request to revoke or reverse a Certification Decision.

Specific privacy information for data processing operations on the website

1. When visiting the website

When visiting our website https://flocert2023.brightminded.com/, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the retrieved file
  • website allowing the access (referrer-URL),
  • used browser and the operating system of the computer as well as the name of your access provider.

The mentioned data are processed by us for the following purposes:

  • to ensure a smooth connection to our website,
  • to ensure a comfortable use of our website,
  • assessment of the system security and stability as well as
  • for further administrative purposes.

The legal basis for data processing is laid down in Art. 6 seq. 1 sent. 1 lit. f GDPR. Our legitimate interest lies in the operation of our website and the related presentation of our company.

Your data will be deleted as soon as they are no longer required for the stated purposes, after 6 months at the latest.

2. When using one of our contact forms

You can pose questions of any kind through our contact forms which are available on our website. The indication of your valid email address is required enabling us to trace the sender of the enquiry and to respond to it. Depending on the contact form, further information may be required to answer your request or to make you an offer.

Data processing for the purpose of entering into contact with us is made pursuant to Art. 6 seq. 1 sent. 1 lit. a GDPR and is based on your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically erased after you have completed your request.

If your request is directed to the conclusion of a contract, Art. 6 seq. 1 sent. 1 lit. b) GDPR serves as the legal basis. In this case, we store your data for the duration of the statutory retention periods.

3. When using our applicant portal

We process your personal data only in order to assess your suitability for the position (or, if applicable, other vacancies at FLOCERT) and to carry out the application process. Only those persons in the company involved in the application process have access to your data. All of our employees are bound to maintain confidentiality.
The legal basis for the processing of your personal data in this application process is § 26 BDSG, Art. 6 seq. 1 sent. 1 lit. b) GDPR. Thereafter, the processing of the data needed in connection with the intention to establish an employment relationship is permitted. If you provide information that goes beyond this required information, you voluntarily provide it to us and consent to its processing. The legal basis for the processing is Art. 6 seq. 1 sent. 1 lit. a GDPR. Withdrawal of consent is possible at any time. You can send your withdrawal at any time to recruitment@flocert2023.brightminded.com by email.

Data of applicants will be deleted in case of cancellation after 6 months. In the event that you have consented to further storage of your personal data, we will take over your data in our applicant pool until revoked on your part. If you would like to subsequently withdraw your consent, send an email to recruitment@flocert2023.brightminded.com indicating withdrawal of your consent.

If you will be offered the job position and the respective employee contract as part of the application process, the data will be transferred to our HR system “rexx-hr”, which is provided by the company rexx-systems GmbH. The company acts as software service provider for our purposes, and a respective service provider contract that ensures secure processing of data has been concluded.

4. When registering for our newsletter or our "job offers"-emails

If you have expressly consented in accordance with Art. 6 seq. 1 sent. 1 lit. a GDPR, we will use your email address to send you our newsletter or the "job offers"-email regularly.

To receive the newsletter or the "job offers"-email, it is sufficient to provide an email address. Cancellation is possible at any time, for example via a link at the end of each newsletter or "job offers"-email. Alternatively, you can also send your cancellation to flocert@flocert2023.brightminded.com by email at any time.

We store your data until revocation of your data.

Analysis of the newsletter

By opening the first automatically generated confirmation e‐mail to receive the newsletter, and by opening each newsletter e‐mail, further data will be collected and transferred to us to manage the newsletter dispatch. This includes, for ex.,

– the subscriber who has opened the newsletter or clicked on links (incl. number of clicks),
– the registration time and, if applicable, whether subscribers have unsubscribed from the newsletter,
– any occurring returns (e.g. if e‐mail accounts are overfilled or do not exist).

We evaluate such data only for statistical purposes in order to further optimise our offerings. By subscribing to the newsletter, you consent to the use of such data. Your data will not be used for any other purposes.

We will use the personal data collected from you as part of the e‐mail newsletter only internally to optimise and send the newsletter expressly requested by you. We will neither sell nor forward your personal data to third parties for advertising, market or opinion research processes.

Tracking will only take place with your consent in accordance with Art. 6 seq. 1 sent. 1 lit. a GDPR, which you give us by registering for the newsletter. You can revoke this consent at any time, for example by unsubscribing from the newsletter via a link at the end of each newsletter. Alternatively, you can also send your cancellation to flocert@flocert2023.brightminded.com by email at any time.

When cancelling our newsletter your data will be erased.

5. Cookies, analysis tools, plugins and other elements of third parties 

We use cookies on our site. These are small files which your browser automatically creates, and which are stored on your terminal device (laptop, tablet, smartphone, etc.). Cookies do not harm your terminal device and do not contain viruses, trojans or other malware. The cookie is used to store information that arises in connection with the specific terminal device used. However, this does not mean that we will immediately become aware of your identity.

The analysis tools used by us evaluate the user behaviour of the website visitors and enable us to optimize the website and adapt marketing measures.

We use plugins and other elements from third parties to integrate the content of these providers into our website.

a) Required first-party cookies

The use of our necessary first-party cookies serves on the one hand to make the use of our range more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically erased after leaving our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain period of time. If you visit our site again in order to use our services, it automatically recognizes that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

These data will be erased after 6 months at the latest.

We process your data on the basis of our legitimate interest in the external presentation of our company via the website you have called up and to promote user friendliness. The legal basis for the processing is Art. 6 seq. 1 sent. 1 lit. f GDPR.

Most browsers automatically accept these cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before such a cookie is generated. However, if cookies are completely deactivated, the website may not be displayed correctly, or you may not be able to use all the functions of our website.

b) Third-Party-Cookies, analysis tools, plugins and other third-party elements

The following indicated and used third-party cookies, analysis tools, plugins and elements of third parties are used only after receipt of your expressly given consent based on Art. 6 para. 1 sentence 1 lit. a) GDPR. You can withdraw your given consents at any time and for the future by changing your settings here:

The withdraw of your consent or not giving your consent may lead to an incorrect display of the website or the website does not allow to use all functions.

With the Third-Party-Cookies analysis tools, plugins and other elements of third parties we want to ensure a need-based design, marketing measures and the continuous optimization of our website. In addition, we use the tracking measures in order to statistically record the use of our website and evaluate it for the purpose of optimizing our services for you.

The respective functional descriptions, possible recipients of the data, information on possible transfers to a third country, and the storage duration can be found in the following notes on the individual processing steps with third-party cookies, analysis tools, plug-ins, and other third-party elements.

(1) Google Maps

This site uses the maps service Google Maps through API. Providers of the maps service is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A.

The implementation of this plug-in is made through the so-called two-click method in order to protect visitors of our website in the best possible way. This means that your personal data (in particular, your IP address) will not be transmitted to Google when you visit the website. First, you have to activate the integrated map by clicking on it. With this click, you give your consent for loading the map with our company location and transferring the data to Google.

Your information is generally not anonymized before it is transferred to a Google server in the U.S.A. and stored there.

Data transfers to the USA as a third country are safeguarded by the standard contract clauses.

Please find more information about the use of user data in Google’s privacy policy.

(2) YouTube

In order to promote our company, we use social plugins of YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA) a subsidiary of Google LLC on our website. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

The plugins are marked with a YouTube logo in the form of a “YouTube camera” or a “Play” button, for example.

The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way. This means that your personal data (in particular your IP address) will not be transmitted to YouTube when you call up the website. Rather, you have to activate the integrated “buttons” and videos by clicking on them. With this click you give your consent for a connection to the YouTube servers.

Through this integration, YouTube receives the information that your browser has called up the corresponding page of our website, even if you do not have a YouTube profile or are not currently logged in to YouTube.

This information (including your IP address) is transmitted directly from your browser to a YouTube server in the USA and stored there. If you are logged in to YouTube, YouTube can assign your visit to our website directly to your YouTube account. If you interact with the plugins, for example by pressing the “YouTube” button, this information is also transmitted directly to a YouTube server and stored there. The information is also published on your YouTube account and displayed to your contacts there.

If you do not want YouTube to associate the data collected via our website directly with your YouTube account, you must log out of YouTube before activating the plugins.

Data transfers to the USA as a third country are safeguarded by the standard contract clauses.

Please find further information in YouTube’s privacy policy.

(3) Google Doubleclick

For the purpose of optimizing our online marketing, we use Google Doubleclick, a service of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this website are transmitted to a Google server in the USA and stored there. This information is used to display advertising on the Google advertising network that is relevant to your interests. Under no circumstances will your IP address be merged with other Google data. The IP addresses are made anonymous, so that an assignment is not possible (IP masking).

Data transfers to the USA as a third country are safeguarded by the standard contract clauses.

You can find further information on data protection for data processing by Google in the Google data protection declaration (https://policies.google.com/privacy).

(4) WhatsApp Messages

To process your message submitted via the messenger “WhatsApp”, we will process your name and surname, telephone number, messenger ID, profile picture (if applicable) and our message history. The legal basis for processing personal data with your prior consent is Art. 6 (1) lit. (a) GDPR. To provide this service we use the service of MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, Germany. Pursuant to Art. 28 (3 ) GDRP, we have completed a contract with the company. We remain responsible for data processing. We only store your personal data for as long as it is necessary to process the complaint, but for no longer than 12 months.

Your consent to the processing of your personal data can be withdrawn at any time with effect for the future by sending an e-mail to flocert@flocert2023.brightminded.com. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.


6. Currency and amendment of the data protection declaration

This data protection declaration is currently valid as of January 2020. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to amend this data protection declaration. You can call up and print out the current data protection declaration at any time on the website at https://flocert2023.brightminded.com/privacy-policy/.