We value your trust in PHARMOS NATUR Green Luxury GmbH and we take data protection very seriously. It goes without saying that we handle your personal data with the utmost care. In the following, we would like to inform you what personal data we need from you and the purposes for which we process this data.
In order to be able to offer you the payment methods of Klarna, it may be that we pass on your personal data in the form of contact and order data to Klarna during the checkout process, so that Klarna can check whether you are eligible for the payment methods of Klarna and Klarna can can tailor the payment methods to you.
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other applicable data protection legislation is:
PHARMOS NATUR Green Luxury GmbH
am Neuland 2
82347 Bernried am Starnberger See
Tel: +49 8158 90558-0
The data controller’s Data Protection Officer is:
PWS Peter Werner Schons
Am Grohberg 24
Tel. +49 (6201) 373335
Fax +49 (6201) 373336
1. General information on data processing
We process our users’ personal data to the extent strictly necessary to ensure the provision of a functioning website and our contents and services. Our users’ personal data is processed only with the users’ consent. An exception may be made in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is legally permitted. We collect your personal data during order processing, when you visit the website, when you subscribe to/unsubscribe from our newsletter, when you take part in competitions, when you sign up for seminars, when you contact us in any way and when you use the protected B2B area for download services.
1.1. Legal basis for the processing of personal data
Where we obtain the consent of the data subject to process their personal data, Art. 6 Para. 1 lit. a EU General Data Protection Regulation (GDPR) shall serve as the legal basis.
When processing personal data that is required in order to fulfil a contract to which the data subject is party, Art. 6 Para. 1 lit. b GDPR shall serve as the legal basis. This also applies to processing operations that are required in order to implement pre-contractual measures.
If the processing of personal data is required in order to meet a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR shall serve as the legal basis.
In the event that processing personal data is necessary in order to protect the vital interests of the data subject or another natural person, Art. 6 Para. 1 lit. d GDPR shall serve as the legal basis.
If processing is necessary to protect a legitimate interest pursued by our company or a third party and this is not overridden by the interests, fundamental rights and fundamental freedoms of the data subject, Art. 6 Para. 1 lit. f GDPR shall serve as the legal basis for this processing.
1.2. Data erasure and storage period
The data subject’s personal data will be erased or blocked as soon as the purpose of storage ceases to apply. Data may also be stored if this is stipulated by European or national legislative authorities in Union regulations, laws or other applicable legislation to which the data controller is subject. In such cases, data will be erased or blocked if the storage period stipulated by the relevant standards expires, unless continued data storage is necessary for the purposes of concluding or fulfilling a contract.
2. Provision of the website and creation of log files
2.1. Description and extent of the data processing
Every time our Internet site is accessed, our system automatically collects data and information from the accessing computer system.
The following data is collected:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system was referred to our Internet site
(7) Websites accessed via our website by the user’s system
This data is also stored in our system’s log files. This data is not stored together with other personal data of the user.
2.2. Legal basis for the data processing
The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. f GDPR.
2.3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s computer. The user’s IP address must remain stored for the duration of the session.
The storing of this data in log files enables the website to function properly. This data also allows us to optimise the website and ensure the security of our IT systems. This data is not analysed for marketing purposes.
These purposes also represent our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR.
2.4. Storage period
The data will be deleted once it is no longer needed to fulfil the purpose for which it was collected. With respect to data collected in order to provide the website, this will apply when the respective session ends.
With respect to data stored in log files, this will apply at the latest after seven days. Data may be stored beyond these periods. In such cases, users’ IP addresses will be deleted or anonymised in such a way that the calling client can no longer be traced back to the user.
2.5. Right to objection and removal
The collection of the data to provide the website and the storage of this data in log files is essential in order to operate the Internet site. The user therefore has no right to object.
3.1. Description and extent of the data processing
The cookies store and transmit the following data:
(1) Language settings
(2) Items in a basket
(3) Login information
In so doing, the following data can be transmitted:
(1) Search terms entered
(2) Frequency of page requests
(3) Use of website functions
There are technical measures in place to pseudonymise user data collected in this way. These ensure that the data can no longer be traced back to the requesting user. This data is not stored together with other personal data of the user.
3.2. Legal basis for the data processing
The legal basis for the processing of personal data using technically essential cookies is Art. 6 Para. 1 lit. f GDPR.
The legal basis for the processing of personal data using cookies for analytical purposes, subject to the user’s consent hereto is Art. 6 Para. 1 lit. a GDPR.
3.3. Purpose of the data processing
(1) Shopping basket
(2) Setting the user’s language
(3) Memorising search terms
User data collected by technically essential cookies is not used to create user profiles.
Analytical cookies are used for the purpose of improving the quality of our website and its contents. Analytical cookies help us to learn how the website is used, allowing us to constantly optimise our range of offers.
These purposes also represent our legitimate interest in the processing of personal data according to Art. 6 Para. 1 lit. f GDPR.
3.4. Storage period, right to objection and removal
4. Use of Google Analytics, AdWords, conversion tracking and remarketing
4.1. Google Analytics
4.2. Use of Google AdWords conversion tracking
4.2. Use of Google Inc.’s remarketing or “Similar Audiences” function
5. Use of Facebook’s Custom Audiences pixel
6.1. Description and extent of the data processing
On our Internet site you have the option of subscribing to a free newsletter. When registering for the newsletter, data from the input mask is transmitted to us.
- First name
- E-mail address
- Date of birth (optional)
The following data is also collected during registration:
(1) IP address of the requesting computer
(2) Date and time of registration
In order to process the data, we obtain your consent during the registration process and refer you to this privacy statement.
If you purchase goods or services on our Internet site and provide your e-mail address in the process, we may then use this to send you a newsletter. In such cases, we will only use the newsletter to directly advertise our own similar goods or services to you.
In connection with the processing of data for the purpose of sending newsletters, we pass on your data to our newsletter distribution partner Clever Reach www.cleverreach.com. The data is used exclusively to send the newsletter.
6.2. Legal basis for the data processing
The legal basis for the processing of data following newsletter subscription by the user, subject to the user’s consent hereto, is Art. 6 Para. 1 lit. a GDPR.
The legal basis for the sending of the newsletter following the purchase of goods or services is Section 7 Para. 3 UWG (Law against Unfair Competition).
6.3. Purpose of the data processing
We collect the e-mail address of the user in order to send them the newsletter.
The collection of other personal data during the registration process serves to prevent any misuse of services or of the e-mail address used.
6.4. Storage period
The data will be deleted once it is no longer needed for the purpose for which it was collected. Accordingly, the user’s e-mail address will only be stored for as long as their newsletter subscription is active.
6.5. Right to objection and removal
Users are entitled to cancel their subscription to the newsletter at any time. To this end, there is a corresponding link in every newsletter.
7.1. Description and extent of the data processing
On our Internet site we offer users the possibility of registering by entering their personal data. Data is entered on an input mask and transmitted to and stored by us. We do not pass this data on to third parties. The following data is collected during the registration process:
- First name
- E-mail address
At the time of registration the following data is also stored:
(1) The user’s IP address
(2) Date and time of registration
The user’s consent to the processing of this data is obtained during the registration process.
7.2. Legal basis for the data processing
The legal basis for the processing of data, subject to the user’s consent hereto, is Art. 6 Para. 1 lit. a GDPR.
If the registration serves to fulfil a contract to which the user is party or to implement pre-contractual measures, an additional legal basis for the processing of data is Art. 6 Para. 1 lit. b GDPR.
7.3 Purpose of the data processing
User registration is required in order to provide certain contents and services on our website.
User registration is required in order to fulfil a contract with the user or implement pre-contractual measures.
7.4. Storage period
The data will be deleted once it is no longer needed for the purpose for which it was collected.
This is the case for the data collected during the registration process if the registration is suspended or changed on our Internet site.
For data collected during the registration process to fulfil a contract or implement pre-contractual measures, this is the case when the data is no longer required to fulfil the contract. Even after completion of the contract, the need may arise to store the personal data of the contracting party in order to meet contractual or legal obligations.
7.5. Right to objection and removal
As a user, you have the option to cancel your registration at any time. You may have the stored data relating to you amended at any time.
If the data is required in order to fulfil a contract or implement pre-contractual measures, prior erasure of the data will only be possible if no contractual or legal obligations prevent such erasure.
8. Contact form and e-mail contact
8.1. Description and extent of the data processing
We have a contact form on our Internet site which can be used to contact us electronically. If a user makes use of this option, the data entered on the input mask is transmitted to and stored by us. This data includes:
- First name
- E-mail address
At the time the message is sent, the following data is also stored:
(1) The user’s IP address
(2) Date and time of registration
In order to process the data, we obtain your consent during the sending process and refer you to this privacy statement.
Alternatively, visitors can contact us using the e-mail address provided. In this case, the user’s personal data transmitted along with the e-mail will be stored.
In this context, we do not pass this data on to third parties. The data is used exclusively to process the conversation.
9. Order processing/purchases on pharmos-natur.de
When you place an order on pharmos-natur.de we require certain information from you. We process your personal data to the extent that this is required in order to perform our services under the contract.
We process your address and order information for our own marketing purposes. You can, of course, object to the processing or use of your personal data for advertising purposes at any time by sending us a message to that effect to email@example.com.
10. SSL security
Your orders and your personal data, such as your name, address and all the details you provide on pharmos-natur.de, are protected by modern security systems. This data is sent in encrypted format and made unreadable to external parties through the use of GeoTrust’s Secure Sockets Layer (SSL), a security standard supported by all major Internet browsers. Generally you can recognise the security status from the small padlock in the lower status bar of your browser.
PHARMOS NATUR Green Luxury GmbH takes all the necessary precautions to protect your personal data. You can actively help to support us in this by never revealing your password and choosing encrypted data transmission (SSL) whenever we offer this to you (e.g. during the order process). Our employees will never ask for your password.
If you share your computer with others, you should take care to log off after every session. Together we can ensure that your purchases on pharmos-natur.de are truly secure.
11. Legal basis for the data processing
The legal basis for the processing of data, subject to the user’s consent hereto, is Art. 6 Para. 1 lit. a GDPR.
The legal basis for the processing of data transmitted by sending an e-mail is Art. 6 Para. 1 lit. f GDPR. If the e-mail contact serves to conclude a contract, an additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.
12. Purpose of the data processing
We process personal data from the input mask exclusively for the purpose of processing your query. If you contact us by e-mail, it is also our necessary legitimate interest to process the data.
Any other personal data processed during the sending process serves to prevent the misuse of the contact form and ensure the security of our IT systems.
13. Storage period
The data will be deleted once it is no longer needed for the purpose for which it was collected. With regard to personal data from the input mask of the contact form and data sent by e-mail, this is the case when the respective conversation with the user has been concluded. The conversation is considered concluded when the circumstances suggest that the particular issue has been conclusively resolved.
Additional personal data collected during the sending process will be erased after seven days.
14. Right to objection and removal
The user is entitled at any time to revoke their consent to the processing of the personal data. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such cases the communication cannot be continued.
If you wish to object, please send an e-mail to firstname.lastname@example.org
All personal data stored over the course of your contact with us will then be deleted.
15. Rights of the data subject
If personal data relating to you is processed, you are considered a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:
16. Right of access
You may request confirmation from the data controller about whether personal data relating to you is being processed by us.
If such processing is taking place, you may request the following information from the data controller:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned storage duration for your personal data or, if it is not possible to specify, the criteria that determine the storage period;
(5) whether you have the right to the rectification or erasure of your personal data, whether you have the right to restriction of processing by the data controller or whether you have a right to object to the processing;
(6) whether you have the right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data, if the personal data was not collected from the data subject;
(8) whether automated decision-making, including profiling, takes place pursuant to Art. 22 Paras. 1 and 4 GDPR and – at least in these cases – to be given meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You are entitled to request information about whether your personal data will be transmitted to a third country or an international organisation. In this regard you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
17. Right to rectification
Insofar as your processed personal data is incorrect or incomplete, you are entitled to request that the data controller rectify and/or complete this data. The data controller must carry out such corrections immediately.
18. Right to restriction of processing
Under the following conditions, you may request the restriction of processing of your personal data:
(1) you dispute the accuracy of your personal data for a period of time that enables the data controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data, instead opting to restrict the use of the personal data;
(3) the data controller no longer needs the personal data for processing purposes, but you require the data in order to establish, exercise or defend any legal claims, or
(4) you have lodged an objection to the processing pursuant to Art. 21 Para. 1 GDPR and it is not yet known whether the data controller’s legitimate interests override your own interests.
If the processing of your personal data is restricted, this data – aside from its storage – may only be processed with your consent or in order to establish, exercise or defend any legal claims or to protect the rights of a natural or legal person or for reasons of substantial public interest of the Union or a Member State.
If processing has been restricted in accordance with the aforementioned conditions, you will be informed by the data controller before such restriction is lifted.
19. Right to erasure
a) Duty of erasure
You may request from the data controller that your personal data be erased immediately and the data controller is obligated to erase this data immediately provided one of the following criteria applies:
(1) Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent to the processing pursuant to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR and there is no other legal basis for the processing.
(3) You lodge an objection to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you lodge an objection to the processing pursuant to Art. 21 Para. 2 GDPR.
(4) Your personal data was processed unlawfully.
(5) The erasure of your personal data is required in order to meet a legal obligation under Union law or under the law of the Member States to which the data controller is subject.
(6) Your personal data was collected in relation to the provision of information society services pursuant to Art. 8 Para. 1 GDPR.
b) Information sent to third parties
If the data controller has made your personal data public and is obligated to erase it pursuant to Art. 17 Para. 1 GDPR, it shall take appropriate (incl. technical) steps, with due regard to the available technology and implementation costs, to inform those responsible for processing personal data that you as the data subject have requested from them the erasure of all links to this personal data or of copies or duplicates of this personal data.
You have no right to erasure if the processing is required
(1) to exercise the right to freedom of expression and information;
(2) to meet a legal obligation related to the processing to which the data controller is subject under Union law or the law of the Member States or to perform a task that is in the public interest or in the exercise of official authority invested in the data controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 GDPR;
(4) for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 Para. 1 GDPR, insofar as the right listed under section a) is likely to render impossible or seriously affect the realisation of the aims of this processing, or
(5) to establish, exercise or defend any legal claims.
20. Right to be informed
If you have exercised your right against the data controller to rectification, erasure or restriction of processing, the data controller is obligated to inform all recipients to whom your personal data was disclosed of this rectification or erasure or restriction of processing, unless this proves to be impossible or would involve unreasonable effort.
You are entitled to request that the data controller informs you of such recipients.
21. Right to data portability
You are entitled to receive your personal data that you have provided to the data controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another data controller without interference from the data controller to whom you originally provided the personal data, where
(1) the processing is based on your consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b GDPR and
(2) the processing is carried out by automated means.
In exercising this right you also have the right to have your personal data transferred directly from one data controller to another data controller, provided this is technically feasible. This must not affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data required in order to perform a task that is in the public interest or in the exercise of official authority invested in the data controller.
22. Right to object
You are entitled, for reasons resulting from your particular situation, to lodge an objection to the processing of your personal data on the basis of Art. 6 Para. 1 lit. e or f GDPR; this also applies to any profiling based on these provisions.
The data controller will no longer process your personal data unless it is able to demonstrate compelling and legitimate grounds for such processing that override your interests, rights and freedoms, or the processing is for the purposes of establishing, exercising or defending legal claims.
If your personal data is processed for the purposes of direct advertising, you are entitled at any time to lodge an objection to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as this is connected with such direct advertising.
If you object to processing for the purposes of direct advertising your personal data will no longer be processed for these purposes.
In connection with the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right of objection by automated means using technical specifications.
23. Right to withdraw consent
You may withdraw your consent at any time. This withdrawal of consent shall not affect the legality of any processing for which consent was given and which was carried out prior to the withdrawal thereof.
24. Automated decision-making in individual cases, including profiling
You are entitled to not be subject to a decision based exclusively on automated processing – including profiling – that produces legal effects for you or significantly affects you in a similar way. This does not apply if the decision
(1) is required for the conclusion or fulfilment of a contract between yourself and the data controller,
(2) is permitted based on legislation of the Union or the Member States to which the data controller is subject and this legislation includes reasonable measures to protect your rights and freedoms and your legitimate interests, or
(3) is made with your express consent.
However, these decisions may not relate to particular categories of personal data according to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms and your legitimate interests.
Regarding the cases mentioned in (1) and (3), the data controller will take appropriate steps to protect the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the data controller, to present your own position and to appeal the decision.
25. Right to lodge a complaint with a supervisory authority
Regardless of any other administrative or legal remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the suspected infringement, if you are of the opinion that the processing of your personal data is in breach of the GDPR.
The supervisory authority with whom the complaint is lodged will inform the complainant on the status and outcome of the complaint including the possibility of legal remedy according to Art. 78 GDPR.