Data Protection Policy pursuant to Art. 13, 14 GDPR

Contact information for the responsible entity

Dr. Theiss Naturwaren GmbH

Michelinstraße 10

66424 Homburg

Tel.: +49 6841/709 – 0

Fax: +49 6841/709 – 265

E-Mail: info@naturwaren-theiss.de

 

Contact information for the data protection officer

Dr. Theiss Naturwaren GmbH

- Datenschutzbeauftragter –

Michelinstraße 10

66424 Homburg

E-Mail: datenschutzbeauftragter@naturwaren-theiss.de

 

We welcome you to our website. Protecting your personal data is very important to us. We therefore indicate below how we process your personal data.

Data categories; data sources

As a matter of principle we process the personal data that you provide to us as part of an enquiry, pre-contractual legal relationship or contractual relationship. In individual cases and if required to fulfil the contract, we also process personal data that we take from publicly accessible sources (e.g. commercial register, debtor directories, internet) as permitted or are provided to us with permission by third parties (e.g. credit reference agencies).

This may be personal data (name, date of birth, statutory representatives), address data (address, email address, contact name), financial data (account holder’s name, IBAN, BIC), contractual data (contractual term, services purchases, cancellations), communication data (exchange of information, email traffic), advertising data (advertising letters) and other similar categories of personal data.

General processing of visitor data

The use of our website is always possible without providing personal data.

But we emphasise that even in this case access data is collected and stored in the server log files. This relates in particular to the following data:

  • Browser type and browser version,
  • Operating system,
  • The website from where you visit us,
  • Date and time of your visit,
  • Your IP address.

This information is always assessed anonymously to prevent attacks and improve our offering (processing of personal data when balancing interests as per Art. 6 Para. 1 S. 1 lit. f) GDPR) and is then deleted. Normally the data cannot be traced back to you personally and is also not merged with other data.

For specific aspects relating to illegal use, we however reserve the right to analyse the data subsequently.

Processing personal data after consent (Art. 6 Para. 1 S. 1 lit a) GDPR)

In individual cases we obtain consent for particular explicit purposes related to the data collection (e.g. making contact using a contact form).

Data processing only occurs if you issue consent to us. It may occur that the processing of your request is not possible without consent and therefore must be made dependent on this. The data is processed exclusively for the purpose or purposes explicitly stated.

You can revoke your consent for future effect at any time. The revocation has no effect on the legality of the processing up to the time of the revocation.

International data transfer (Art. 49 Para. 1 S. 1 lit. a) GDPR)

SIf a transfer of personal data is made to a third country we therefore comply with the data protection legal requirements for this such that the data transfer is subject to standard contractual clauses or we obtain consent for this under Art 49 Para. 1 S. 1 lit. a) GDPR.

Data transfer occurs for example in relation to the use of Google services. As a result of using these services, data is transferred to the United States of America.

The data transfer only occurs if you issue consent to us.

The specific statement of the recipient, the personal data transferred and the purpose of the data transfer are shown in the notes on the relevant processing shown below.

As a result of the data transfer there is a risk for your personal data. In the United States of America there is no EU law (GDPR) and/or national regulations (e.g. BDSG) with a comparable data protection level or adequate guarantees that ensure the maintenance of an adequate data protection level. It is possible that other deficits cannot be balanced out by other specific guarantees as a result of the American legal position. Nevertheless, depending on the service, standard contractual clauses are partially used to achieve the greatest possible protection for your data. Whether standard contractual clauses can be used is shown in the information on the relevant services.

You can revoke your consent for future effect at any time. The revocation has no effect on the legality of the processing up to the time of the revocation.

Specifically obtained consent

As part of the website you may have issued the following consents to us:

  • For the general contact form:

“I consent to the storage of my data for the electronic processing of my enquiry and accept the provisions of the data protection policy. I can revoke my consent for future transactions at any time.”

Processing personal data for contract initiation and processing (Art. 6 Para. 1 S. 1 lit a) GDPR)

If a contract comes into existence with us, we use personal data if this is required for contract processing or implementing pre-contractual measures. The purposes of data processing depend on the specific contract content that you can take from the contractual documents.

If a contract already exists with us, we process your data to check that you are our contractual partner and properly provide the service required under the contract.

Processing personal data for balancing interests (Art. 6 Para. 1 S. 1 lit f) GDPR)

We process personal data whilst balancing interests if this is required to maintain our interests or those of third parties.

Examples of such purposes are:

  • Ensuring the IT security and integrity of our systems,
  • Preventing or investigating crimes,
  • Assertion or defence of legal claims..

Contact form

If you send us a request via our contact form, we process the data you provide based on your consent pursuant to Art. 6 Para. 1 S. 1 lit a) GDPR to process your enquiry. As a matter of principle, your data is deleted after processing the enquiry if there is no resulting contractual or statutory storage obligation. If you provide us with contractually relevant information we transfer this to our inventory system.

You can revoke your consent for future transactions at any time for all of the contact information provided.

Use of cookies

Various cookies are used when visiting our website. These are text files placed on your computer to amongst other things allow the seamless process of visiting our website.

Some cookies are required to ensure the functionality or IT security of our website. The use of such function cookies takes place based on a justified interest to enable the use of our website incl. its functions under Art. 6 Para. 1 S. 1 lit. f) GDPR.

Other - not essential - cookies may also be set based on Art. 6 Para. 1 S. 1 lit. a) GDPR and therefore based on your consent. The purpose of the relevant cookies set may include:

  • Enabling the use of special functions,
  • The (pseudonym) analysis of usage behaviour in order to optimise our website,
  • Increasing the attractiveness and convenience of our website,
  • Improving and needs-led design of our offering,

 

The use of non-essential cookies takes place as part of so-called usage profiles. You are assigned a pseudonym under which the usage data is stored. Your IP address is stored in an abbreviated form so that personal assignment of the usage profile is fundamentally no longer possible.

If we use cookies for the purposes of (re)marketing or implementing (social media) plug-ins, we base this use on your free consent to such data processing and therefore require your consent. With regard to the individual plug-ins or tracking tools, we refer you to the following, detailed information.

Most of the cookies that we use are deleted by your computer when you close your browser (session cookies). Other types of cookies may remain on your computer and enable us to recognise your computer again using the created usage profile when you next visit our site (permanent cookies).

Cookies on our site are exclusively used by us and not third parties with the exception of third-party supplier cookies which are explicitly stated in this data protection policy.

You can declare your consent by confirming our cookie banner when calling up our website. You can revoke the consent you have provided for future transactions at any time.

Web analysis and marketing

We use the following service for the purpose of web analysis.

As part of the web analysis cookies may be used on various pages. These are text files placed on your computer to amongst other things also allow the seamless process of visiting our website.

The use of cookies takes place as part of so-called usage profiles. You are assigned a pseudonym under which the usage data is stored.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies.

When using cookies we rely on your consent for data collection. If you do not consent to data usage when first visiting our website, we will not collected your usage behaviour and other personal data that may occur when visiting our website and therefore also not use it for usage analysis and then remarketing activities. This also applies to third-party supplier cookies such as this Google Analytics plug-in.

If you consent to the processing of your data as part of the opt-in process (confirmation of the cookie banner), the legal basis for processing your data is based on consent under Art. 6 Para. 1 S. 1 lit. a) GDPR such that we use your data in the scope of the consent you have issued for the purposes of marketing and analysis of your usage behaviour.

The information created by the cookie on your use of this website is usually transferred to and stored on a Google LLC server in the USA. If necessary information on the use of this website and your IP address is transferred to a Google server in the USA and also stored on this server. The data transfer is permissible based on your consent under Art. 49 Para. 1 S. 1 lit a) GDPR. However, if IP anonymisation has been activated on this website, Google will first shorten your IP address within European Union Member States or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there.

On behalf of the operator of this website, Google uses this information to analyse your use of the website, create reports on the website activities and provide other services associated with the website and internet use for the website operator. The IP address provided using Google Analytics by your browser is not combined with other Google data if you have not configured the web and app activities settings in a Google account to permit such combination.

You can find more information on the usage terms and data protection at https://marketingplatform.google.com/about/analytics/terms/de/ or https://policies.google.com/?hl=de&gl=de .

On this website Google Analytics was extended to include the “anonymizeIp” code to ensure IP addresses are collected anonymously (IP masking).

Links to other websites

Our website includes links to other external websites (Facebook, Twitter, Instagram, Pinterest). These are not social plug-ins. If you click a link you call up the relevant website and are transferred to it.

If we process your data on these external websites (e.g. by you contacting us via these websites), our data protection provisions apply.

In addition, the linked websites process your personal data for their own purposes. We cannot make any statements on how the processing of your personal data takes places, the purposes or storage duration by these suppliers. Please note the data protection provisions of the respective provider to obtain further information on the processing of your personal data by them. You can find these at:

 

Google reCAPTCHA

 

In order to identify for entries to our website forms whether abusive automated entries are made, we use the service Google reCAPTCHA from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Use takes place to maintain our justified interests under Art. 6 Para. 1 S. 1 lit f) GDPR. Here your referrer URL, IP address, behaviour relating to the entry mask and any other data required for the service are transferred to Google.

Through your consent to the data transfer to the USA by Google reCAPTCHA in the cookie banner and subsequent interaction with the reCAPTCHA plug-in, you consent to the transfer of your personal data. Information is transferred to a Google server in the USA and is also stored on this server. The data transfer is permissible based on your consent under Art. 49 Para. 1 S. 1 lit a) GDPR.

For further information on data processing by Google please refer to

https://www.google.com/policies/privacy/

Data transfer

We transfer data to other third parties if and to the extent to which this is required to fulfil tasks. Data transfer only occurs if this is required to fulfil the tasks transferred.

We collaborate with the following companies:

  • NEW ORDER mediamanagement GmbH, Gabelsbergerstraße 9, 80333 Munich
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

 

In addition, service providers can be entrusted with tasks for the following areas:

  • IT maintenance
  • IT development
  • IT provision
  • Lawyers

The data is always transferred on the basis of a statutory standard or appropriate contract under Art. 26 or 28 GDPR that ensures the compliance with all data protection legal requirements.

Otherwise data transfer only takes place as part of the statutory envisaged cases, for example to provide statutory information to criminal investigation authorities. The data transfer is permissible in these cases under Art. 6 Para. 1 S. 1 lit c) GDPR.

 

Data transfer to a third country

Data transfer to a third country is intended. This transfer takes place on the basis of the consent you have provided. The recipients of the data you provide are the following companies:

  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

If data is transferred based on consent to a third country without the presence of an appropriateness resolution or other suitable guarantees, reference must be made under Art. 49 Para. 1 S. 1 lit. a) GDPR to the associated higher risk of data processing as part of the transfer. However we would like to assure you that thanks to careful selection and constant checking of the standards of our contractual partners the potential risks are successfully minimised.

Data storage period

We delete your personal data immediately as soon as the data is no longer required to fulfil the contractual and statutory duties.

Personal data is saved at least for the duration required to fulfil contractual obligations and utilise contractual rights. This period can go beyond the actual contractual period as the data may still be relevant after the contract ends as part of the limitation periods. In addition, deletion can only occur if all of the tax and commercial law storage periods have ended.

Please refer to the relevant section on the criteria for the storage period of cookies.

Rights of those affected

As the person affected by the processing of personal data you have the following rights:

You have the right to request confirmation from us on whether we process your personal data. If this is the case, you have the right to receive information on this personal data and the information listed in Art. 15 GDPR.

You have the right to have the responsible person immediately correct your incorrect personal data and if appropriate request the completion of incomplete personal data (Art. 16 GDPR).

You have the right to request that the responsible person immediately deletes your personal data if one of the individual reasons listed in Para. 17 GDPR applies, e.g. if the data is no longer required for the planned purposes (right to deletion).

You have the right to request that the responsible person restricts the processing if one of the requirements listed in Art. 18 GDPR applies, e.g. if you have objected to the processing, for the duration of the check by the responsible person.

You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format and you have the right to have us transfer this data to another responsible person without hindrance if the processing of this data is based on your consent or a contract and the processing occurs with the aid of an automated procedure (Art. 20 GDPR). In executing your right to transfer data, you also have the right to ensure that your personal data is transferred directly from us to another responsible person if this is technically feasible (right to data transfer).

You have the right for reasons that arise from your special situation to object to the processing of your personal data. The responsible person no longer processes your personal data unless they can demonstrate binding reasons requiring protection for the processing that outweigh your interests, rights and freedoms or the processing is used to assert, exercise or defend legal claims (Art. 21 GDPR).

If you wish to utilise your rights you can contact us at any time via the contact options offered on our website.

Complaint right

Notwithstanding any other administrative law or legal assistance, you have the right to complain to a supervisory authority if you are of the opinion that the processing of your personal data infringes the GDPR (Art. 77 GDPR). You can assert this right with a supervisory authority in the member state of your home, workplace or place of apparent infringement.

In Saarland the responsible supervisory authority:

Unabhängiges Datenschutzzentrum Saarland

Frau Monika Grethel State Officer for Data Protection and Freedom of Information

You can find more information on the service portal of the state of Saarland using the following link: http://www.datenschutz.saarland.de

It goes without saying that you can also contact us directly if you are dissatisfied or have data protection questions. The quickest way to reach our internal contacts on data protection is using the following information:

Dr. Theiss Naturwaren GmbH
Data Protection Officer
Michelinstraße 10 66424 Homburg
E-Mail: datenschutzbeauftragter@naturwaren-theiss.de

Obligation to provide data

There is no fundamental obligation to provide the data. But the provision of data may be required to use certain functions or conclude a contract. If you cannot provide the necessary data, you may not be able to use certain functions or services or conclude a contract.