Data Protection

Data Protection

 

We value your trust in PHARMOS NATUR Green Luxury GmbH and we take data protection very seriously. It goes without saying that we handle your personal data with the utmost care. In the following, we would like to inform you what personal data we need from you and the purposes for which we process this data.

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other applicable data protection legislation is:

 

PHARMOS NATUR Green Luxury GmbH

am Neuland 2

82347 Bernried am Starnberger See

Germany

Tel: +49 8158 90558-0

E-mail: info@pharmos-natur.de

Website: www.pharmos-natur.de

 

The data controller’s Data Protection Officer is: 

PWS Peter Werner Schons

Am Grohberg 24

69488 Birkenau

Tel. +49 (6201) 373335

Fax +49 (6201) 373336

E-mail: p.schons@schons-beratung.de

 

1. General information on data processing

We process our users’ personal data to the extent strictly necessary to ensure the provision of a functioning website and our contents and services. Our users’ personal data is processed only with the users’ consent. An exception may be made in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is legally permitted. We collect your personal data during order processing, when you visit the website, when you subscribe to/unsubscribe from our newsletter, when you take part in competitions, when you sign up for seminars, when you contact us in any way and when you use the protected B2B area for download services.  

 

1.1. Legal basis for the processing of personal data

Where we obtain the consent of the data subject to process their personal data, Art. 6 Para. 1 lit. a EU General Data Protection Regulation (GDPR) shall serve as the legal basis.

When processing personal data that is required in order to fulfil a contract to which the data subject is party, Art. 6 Para. 1 lit. b GDPR shall serve as the legal basis. This also applies to processing operations that are required in order to implement pre-contractual measures.

If the processing of personal data is required in order to meet a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR shall serve as the legal basis.

In the event that processing personal data is necessary in order to protect the vital interests of the data subject or another natural person, Art. 6 Para. 1 lit. d GDPR shall serve as the legal basis.

If processing is necessary to protect a legitimate interest pursued by our company or a third party and this is not overridden by the interests, fundamental rights and fundamental freedoms of the data subject, Art. 6 Para. 1 lit. f GDPR shall serve as the legal basis for this processing. 

1.2. Data erasure and storage period

The data subject’s personal data will be erased or blocked as soon as the purpose of storage ceases to apply. Data may also be stored if this is stipulated by European or national legislative authorities in Union regulations, laws or other applicable legislation to which the data controller is subject. In such cases, data will be erased or blocked if the storage period stipulated by the relevant standards expires, unless continued data storage is necessary for the purposes of concluding or fulfilling a contract.

 

2. Provision of the website and creation of log files

2.1. Description and extent of the data processing

Every time our Internet site is accessed, our system automatically collects data and information from the accessing computer system. 

The following data is collected:

(1) Information about the browser type and version used

(2) The user’s operating system

(3) The user’s Internet service provider

(4) The user’s IP address

(5) Date and time of access

(6) Websites from which the user’s system was referred to our Internet site 

(7) Websites accessed via our website by the user’s system

This data is also stored in our system’s log files. This data is not stored together with other personal data of the user.

2.2. Legal basis for the data processing 

The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. f GDPR.

2.3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s computer. The user’s IP address must remain stored for the duration of the session. 

The storing of this data in log files enables the website to function properly. This data also allows us to optimise the website and ensure the security of our IT systems. This data is not analysed for marketing purposes. 

These purposes also represent our legitimate interest in data processing according to Art. 6 Para. 1 lit. f GDPR.

2.4. Storage period

The data will be deleted once it is no longer needed to fulfil the purpose for which it was collected. With respect to data collected in order to provide the website, this will apply when the respective session ends. 

With respect to data stored in log files, this will apply at the latest after seven days. Data may be stored beyond these periods. In such cases, users’ IP addresses will be deleted or anonymised in such a way that the calling client can no longer be traced back to the user.

2.5. Right to objection and removal

The collection of the data to provide the website and the storage of this data in log files is essential in order to operate the Internet site. The user therefore has no right to object. 

 

3. Use of cookies

3.1. Description and extent of the data processing

Our website uses cookies. Cookies are text files that are stored in or by the Internet browser on the user’s computer system. If a user visits a website, a cookie can be stored on the user’s operating system. This cookie contains a distinctive string of characters that clearly identify the browser upon future visits to the website. 

We use cookies to make our website more user-friendly. Certain elements of our Internet site need the requesting browser to be identifiable even after moving to another page. 

The cookies store and transmit the following data:

(1) Language settings

(2) Items in a basket

(3) Login information

We also use cookies on our website to analyse users’ surfing behaviour. 

In so doing, the following data can be transmitted:

(1) Search terms entered

(2) Frequency of page requests

(3) Use of website functions

There are technical measures in place to pseudonymise user data collected in this way. These ensure that the data can no longer be traced back to the requesting user. This data is not stored together with other personal data of the user.

Upon visiting our website, the users are informed of the use of cookies for analysis purposes by way of an info banner and are referred to this privacy statement. The banner also gives an indication of how the user can prevent cookies being stored by changing their browser settings. 

3.2. Legal basis for the data processing 

The legal basis for the processing of personal data using technically essential cookies is Art. 6 Para. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analytical purposes, subject to the user’s consent hereto is Art. 6 Para. 1 lit. a GDPR.

3.3. Purpose of the data processing

The purpose of using technically essential cookies is to make the website easier to use for the users. Certain functions of our Internet site cannot be offered without the use of cookies. These functions require the browser to be recognised even after moving to another page.

We use cookies for the following applications:

(1) Shopping basket

(2) Setting the user’s language

(3) Memorising search terms

User data collected by technically essential cookies is not used to create user profiles.

Analytical cookies are used for the purpose of improving the quality of our website and its contents. Analytical cookies help us to learn how the website is used, allowing us to constantly optimise our range of offers.

These purposes also represent our legitimate interest in the processing of personal data according to Art. 6 Para. 1 lit. f GDPR. 

3.4. Storage period, right to objection and removal

Cookies are stored on the user’s computer and transmitted by their computer to our site. As such, you as the user have full control over the use of cookies. By changing the settings in your Internet browser you can disable or limit the transmission of cookies. Cookies already stored can be deleted at any time. This may also happen automatically. If cookies are disabled for our website, you may no longer be able to use all the functions of the website to their full extent. 

 

4. Use of Google Analytics, AdWords, conversion tracking and remarketing

4.1. Google Analytics 

We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies. The information that the cookie collects on your use of this website is transmitted to Google’s servers and stored there. Should IP anonymisation be enabled on this website, Google will shorten your IP address beforehand within Member States of the European Union or in other countries which are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the full address be transmitted to a Google server in the USA and shortened there. Under the authority of the provider of this website, Google will use this information to analyse your use of the website, compile reports on website activity and perform further services for the website provider associated with the use of the website and Internet usage. 

4.2. Use of Google AdWords conversion tracking

We use the online advertising programme “Google AdWords”, specifically the conversion tracking feature of Google AdWords. Google conversion tracking is an analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When you click on a Google ad, a conversion tracking cookie is placed on your computer. These cookies become invalid after 30 days, do not contain personal data and thus cannot be used to identify you. If you visit certain pages of our website and the cookie has not yet expired, Google and ourselves will recognise that you have clicked on the ad and been forwarded to this page. Every Google AdWords client receives a different cookie. It is therefore impossible for cookies to be traced from the websites of AdWords clients. The information collected using the conversion cookie helps to generate conversion statistics for AdWords clients who have opted for the conversion tracking service. This enables clients to see the total number of users who have clicked on their ad and been forwarded to a page that contains a conversion tracking tag. However, they do not receive any information that could personally identify a user. If you do not wish to take part in tracking, you may object to its use by changing your browser software settings to prevent the setting of cookies (opt-out option). You will then not be included in the conversion tracking statistics. Further information and Google’s data privacy policy are available at: http://www.google.com/policies/technologies/ads/, http://www.google.de/policies/privacy/ or [object](new link: https://www.exactag.com/datenschutz/) to this website function.

4.2. Use of Google Inc.’s remarketing or “Similar Audiences” function

We use Google Inc.’s (“Google”) remarketing or “Similar Audiences” function on the website. This function enables the provider to target ads at users of their website. This works by having personalised, interest-related ads displayed to users when they visit other websites belonging to the Google Display Network. To enable analysis of website use, which is in turn used as the basis for creating interest-related ads, Google uses so-called cookies. Google stores a small file containing a sequence of numbers in the browsers of website visitors. This sequence records visits to the website as well as anonymised data on the use of the website. No personal data on website visitors is stored. If you then visit another website in the Google Display Network, you will be shown ads that will most likely relate to products and information that you have previously viewed. You can permanently disable the use of cookies by Google by clicking the following link and downloading and installing the plug-in provided: https://www.google.com/settings/ads/plugin. Alternatively, you can disable the use of cookies by third parties by visiting the opt-out page of the Netzwerkwerbeinitiative (Network Advertising Initiative) at http://www.networkadvertising.org/choices/ and following the detailed opt-out instructions listed there. Further information on Google remarketing and Google’s privacy policy are available at: http://www.google.com/privacy/ads/ or you can object to this website function.

 

 

 

5. Use of Facebook’s Custom Audiences pixel

We use the “Custom Audiences” pixel of Facebook Inc. (“Facebook”) on our website. This serves the purpose of displaying interest-related ads to the users of our website when they visit the social network Facebook. We have implemented a Facebook pixel on our website for this purpose. When a user visits our website, this pixel establishes a direct connection to Facebook’s servers. Information is therefore passed to Facebook’s servers that you have visited our website and Facebook assigns this information to your personal Facebook user account. For further information about the collection and use of data by Facebook, your rights with regard to the above and options for protecting your privacy, please read Facebook’s privacy policy at https://www.facebook.com/about/privacy/. Alternatively, you can object to targeted advertising on Facebook by visiting https://www.facebook.com/settings/?tab=ads#_=_. You will need to be logged into Facebook or you can object by contacting us directly.

 

6. Newsletter

6.1. Description and extent of the data processing

On our Internet site you have the option of subscribing to a free newsletter. When registering for the newsletter, data from the input mask is transmitted to us.

- Surname

- First name

- E-mail address

- Title

- Date of birth (optional)

The following data is also collected during registration:

(1) IP address of the requesting computer

(2) Date and time of registration

In order to process the data, we obtain your consent during the registration process and refer you to this privacy statement.

If you purchase goods or services on our Internet site and provide your e-mail address in the process, we may then use this to send you a newsletter. In such cases, we will only use the newsletter to directly advertise our own similar goods or services to you.

In connection with the processing of data for the purpose of sending newsletters, we pass on your data to our newsletter distribution partner Clever Reach www.cleverreach.com. The data is used exclusively to send the newsletter.

6.2. Legal basis for the data processing

The legal basis for the processing of data following newsletter subscription by the user, subject to the user’s consent hereto, is Art. 6 Para. 1 lit. a GDPR.

The legal basis for the sending of the newsletter following the purchase of goods or services is Section 7 Para. 3 UWG (Law against Unfair Competition).

 

6.3. Purpose of the data processing

We collect the e-mail address of the user in order to send them the newsletter. 

The collection of other personal data during the registration process serves to prevent any misuse of services or of the e-mail address used.

6.4. Storage period

The data will be deleted once it is no longer needed for the purpose for which it was collected. Accordingly, the user’s e-mail address will only be stored for as long as their newsletter subscription is active. 

6.5. Right to objection and removal

Users are entitled to cancel their subscription to the newsletter at any time. To this end, there is a corresponding link in every newsletter. 

 

7. Registration

7.1. Description and extent of the data processing

On our Internet site we offer users the possibility of registering by entering their personal data. Data is entered on an input mask and transmitted to and stored by us. We do not pass this data on to third parties. The following data is collected during the registration process:

- First name

- Surname

- E-mail address

At the time of registration the following data is also stored:

(1) The user’s IP address

(2) Date and time of registration

The user’s consent to the processing of this data is obtained during the registration process.

7.2. Legal basis for the data processing 

The legal basis for the processing of data, subject to the user’s consent hereto, is Art. 6 Para. 1 lit. a GDPR.

If the registration serves to fulfil a contract to which the user is party or to implement pre-contractual measures, an additional legal basis for the processing of data is Art. 6 Para. 1 lit. b GDPR.

7.3 Purpose of the data processing

User registration is required in order to provide certain contents and services on our website.

User registration is required in order to fulfil a contract with the user or implement pre-contractual measures.

7.4. Storage period

The data will be deleted once it is no longer needed for the purpose for which it was collected.

This is the case for the data collected during the registration process if the registration is suspended or changed on our Internet site. 

For data collected during the registration process to fulfil a contract or implement pre-contractual measures, this is the case when the data is no longer required to fulfil the contract. Even after completion of the contract, the need may arise to store the personal data of the contracting party in order to meet contractual or legal obligations.

7.5. Right to objection and removal

As a user, you have the option to cancel your registration at any time. You may have the stored data relating to you amended at any time. 

If the data is required in order to fulfil a contract or implement pre-contractual measures, prior erasure of the data will only be possible if no contractual or legal obligations prevent such erasure. 

 

8. Contact form and e-mail contact

8.1. Description and extent of the data processing

We have a contact form on our Internet site which can be used to contact us electronically. If a user makes use of this option, the data entered on the input mask is transmitted to and stored by us. This data includes:

- First name

- Surname

- E-mail address

At the time the message is sent, the following data is also stored:

(1) The user’s IP address

(2) Date and time of registration

In order to process the data, we obtain your consent during the sending process and refer you to this privacy statement.

Alternatively, visitors can contact us using the e-mail address provided. In this case, the user’s personal data transmitted along with the e-mail will be stored. 

In this context, we do not pass this data on to third parties. The data is used exclusively to process the conversation.

 

9. Order processing/purchases on pharmos-natur.de

When you place an order on pharmos-natur.de we require certain information from you. We process your personal data to the extent that this is required in order to perform our services under the contract.

We process your address and order information for our own marketing purposes. You can, of course, object to the processing or use of your personal data for advertising purposes at any time by sending us a message to that effect to info@pharmos-natur.de.

 

10. SSL security

Your orders and your personal data, such as your name, address and all the details you provide on pharmos-natur.de, are protected by modern security systems. This data is sent in encrypted format and made unreadable to external parties through the use of GeoTrust’s Secure Sockets Layer (SSL), a security standard supported by all major Internet browsers. Generally you can recognise the security status from the small padlock in the lower status bar of your browser.

PHARMOS NATUR Green Luxury GmbH takes all the necessary precautions to protect your personal data. You can actively help to support us in this by never revealing your password and choosing encrypted data transmission (SSL) whenever we offer this to you (e.g. during the order process). Our employees will never ask for your password.

If you share your computer with others, you should take care to log off after every session. Together we can ensure that your purchases on pharmos-natur.de are truly secure.

 

11. Legal basis for the data processing 

The legal basis for the processing of data, subject to the user’s consent hereto, is Art. 6 Para. 1 lit. a GDPR.

The legal basis for the processing of data transmitted by sending an e-mail is Art. 6 Para. 1 lit. f GDPR. If the e-mail contact serves to conclude a contract, an additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.

 

12. Purpose of the data processing

We process personal data from the input mask exclusively for the purpose of processing your query. If you contact us by e-mail, it is also our necessary legitimate interest to process the data.

Any other personal data processed during the sending process serves to prevent the misuse of the contact form and ensure the security of our IT systems.

 

13. Storage period

The data will be deleted once it is no longer needed for the purpose for which it was collected. With regard to personal data from the input mask of the contact form and data sent by e-mail, this is the case when the respective conversation with the user has been concluded. The conversation is considered concluded when the circumstances suggest that the particular issue has been conclusively resolved.

Additional personal data collected during the sending process will be erased after seven days.

 

14. Right to objection and removal

The user is entitled at any time to revoke their consent to the processing of the personal data. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such cases the communication cannot be continued.

If you wish to object, please send an e-mail to info@pharmos-natur.de

All personal data stored over the course of your contact with us will then be deleted.

 

15. Rights of the data subject

If personal data relating to you is processed, you are considered a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:

 

16. Right of access

You may request confirmation from the data controller about whether personal data relating to you is being processed by us. 

If such processing is taking place, you may request the following information from the data controller:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;

(4) the planned storage duration for your personal data or, if it is not possible to specify, the criteria that determine the storage period;

(5) whether you have the right to the rectification or erasure of your personal data, whether you have the right to restriction of processing by the data controller or whether you have a right to object to the processing; 

(6) whether you have the right to lodge a complaint with a supervisory authority;

(7) all available information about the origin of the data, if the personal data was not collected from the data subject;

(8) whether automated decision-making, including profiling, takes place pursuant to Art. 22 Paras. 1 and 4 GDPR and – at least in these cases – to be given meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You are entitled to request information about whether your personal data will be transmitted to a third country or an international organisation. In this regard you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

 

17. Right to rectification 

Insofar as your processed personal data is incorrect or incomplete, you are entitled to request that the data controller rectify and/or complete this data. The data controller must carry out such corrections immediately.

 

 

 

18. Right to restriction of processing

Under the following conditions, you may request the restriction of processing of your personal data:

(1) you dispute the accuracy of your personal data for a period of time that enables the data controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data, instead opting to restrict the use of the personal data;

(3) the data controller no longer needs the personal data for processing purposes, but you require the data in order to establish, exercise or defend any legal claims, or

(4) you have lodged an objection to the processing pursuant to Art. 21 Para. 1 GDPR and it is not yet known whether the data controller’s legitimate interests override your own interests.

If the processing of your personal data is restricted, this data – aside from its storage – may only be processed with your consent or in order to establish, exercise or defend any legal claims or to protect the rights of a natural or legal person or for reasons of substantial public interest of the Union or a Member State.

If processing has been restricted in accordance with the aforementioned conditions, you will be informed by the data controller before such restriction is lifted.

 

19. Right to erasure

a) Duty of erasure

You may request from the data controller that your personal data be erased immediately and the data controller is obligated to erase this data immediately provided one of the following criteria applies:

(1) Your personal data is no longer required for the purposes for which it was collected or otherwise processed.

(2) You revoke your consent to the processing pursuant to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR and there is no other legal basis for the processing. 

(3) You lodge an objection to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you lodge an objection to the processing pursuant to Art. 21 Para. 2 GDPR. 

(4) Your personal data was processed unlawfully. 

(5) The erasure of your personal data is required in order to meet a legal obligation under Union law or under the law of the Member States to which the data controller is subject. 

(6) Your personal data was collected in relation to the provision of information society services pursuant to Art. 8 Para. 1 GDPR.

b) Information sent to third parties

If the data controller has made your personal data public and is obligated to erase it pursuant to Art. 17 Para. 1 GDPR, it shall take appropriate (incl. technical) steps, with due regard to the available technology and implementation costs, to inform those responsible for processing personal data that you as the data subject have requested from them the erasure of all links to this personal data or of copies or duplicates of this personal data. 

c) Exceptions

You have no right to erasure if the processing is required

(1) to exercise the right to freedom of expression and information;

(2) to meet a legal obligation related to the processing to which the data controller is subject under Union law or the law of the Member States or to perform a task that is in the public interest or in the exercise of official authority invested in the data controller;

(3) for reasons of public interest in the field of public health pursuant to Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 GDPR;

(4) for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 Para. 1 GDPR, insofar as the right listed under section a) is likely to render impossible or seriously affect the realisation of the aims of this processing, or

(5) to establish, exercise or defend any legal claims.

 

20. Right to be informed

If you have exercised your right against the data controller to rectification, erasure or restriction of processing, the data controller is obligated to inform all recipients to whom your personal data was disclosed of this rectification or erasure or restriction of processing, unless this proves to be impossible or would involve unreasonable effort.

You are entitled to request that the data controller informs you of such recipients.

 

21. Right to data portability

You are entitled to receive your personal data that you have provided to the data controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another data controller without interference from the data controller to whom you originally provided the personal data, where

(1) the processing is based on your consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b GDPR and

(2) the processing is carried out by automated means.

In exercising this right you also have the right to have your personal data transferred directly from one data controller to another data controller, provided this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data required in order to perform a task that is in the public interest or in the exercise of official authority invested in the data controller.

 

22. Right to object

You are entitled, for reasons resulting from your particular situation, to lodge an objection to the processing of your personal data on the basis of Art. 6 Para. 1 lit. e or f GDPR; this also applies to any profiling based on these provisions. 

The data controller will no longer process your personal data unless it is able to demonstrate compelling and legitimate grounds for such processing that override your interests, rights and freedoms, or the processing is for the purposes of establishing, exercising or defending legal claims.

If your personal data is processed for the purposes of direct advertising, you are entitled at any time to lodge an objection to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as this is connected with such direct advertising.

If you object to processing for the purposes of direct advertising your personal data will no longer be processed for these purposes.

In connection with the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right of objection by automated means using technical specifications. 

 

23. Right to withdraw consent

You may withdraw your consent at any time. This withdrawal of consent shall not affect the legality of any processing for which consent was given and which was carried out prior to the withdrawal thereof.

 

24. Automated decision-making in individual cases, including profiling

You are entitled to not be subject to a decision based exclusively on automated processing – including profiling – that produces legal effects for you or significantly affects you in a similar way. This does not apply if the decision 

(1) is required for the conclusion or fulfilment of a contract between yourself and the data controller,

(2) is permitted based on legislation of the Union or the Member States to which the data controller is subject and this legislation includes reasonable measures to protect your rights and freedoms and your legitimate interests, or

(3) is made with your express consent.

However, these decisions may not relate to particular categories of personal data according to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms and your legitimate interests.

Regarding the cases mentioned in (1) and (3), the data controller will take appropriate steps to protect the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the data controller, to present your own position and to appeal the decision.

 

25. Right to lodge a complaint with a supervisory authority

Regardless of any other administrative or legal remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the suspected infringement, if you are of the opinion that the processing of your personal data is in breach of the GDPR. 

The supervisory authority with whom the complaint is lodged will inform the complainant on the status and outcome of the complaint including the possibility of legal remedy according to Art. 78 GDPR.

 

Do not miss anything else and subscribe to the newsletter