Controller/data protection officer
Controller according to GDPR for the operation of the website www.undgretel.com including the integrated online shop as well as provider according to the German Telemediengesetz (Telemedia Act) is UND GRETEL Naturkosmetik GmbH, Winsstraße 62-63, 10405 Berlin, Germany, Telephone: +49 (0) 30 2809 6881, Fax: +49 (0) 30 2809 6882, Email: email@example.com, directors: Stephanie Dettmann, Christina Roth.
The Controller’s data protection officer is available at firstname.lastname@example.org or under the aforementioned contact data of UND GRETEL Naturkosmetik GmbH.
Automated data collection and processing by webserver
When you visit our website including the integrated online shop without making a purchase or registering, you do not need to submit any personal data yourself. However, when you access individual pages of our website, the server automatically collects and processes the following data:
• referring website
• accessed website or file
• browser type and version
• operating system used
• device type
• time of access
• anonymized IP address.
This data, which is automatically deleted 7 days after it was collected, does not enable us to identify you as an individual. The data listed is, however, processed by us for the following purposes: ensuring a comfortable use of our website, analysis of system security and stabil-ity and further administrative purposes. The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR. Our legitimate interest follows the above-mentioned purposes.
This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphithea-tre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies” (see above cf. 3). The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to analyze your use of this website in or-der to compile reports about website activities for the website owner and to provide other services to the website owner in connection with website use and internet use. Our legitimate interest follows the above-mentioned purposes according to Art. 6 Sec. 1 lit. f GDPR.
Google may transmit this data to third parties if this is legally compulsory or if third parties process the data on behalf of Google. This website is run with the extension „anonymizeIp“ in order to anonymize the collected IP addresses. Google will not associate your IP address transmitted by Google Analytics with any other data held by Google. The data sent and con-nected with cookies, user IDs or advertising IDs is deleted automatically after 14 months.
Data collection and processing to fulfil contracts and when opening a customer ac-count
If you want to make a purchase through our online shop, you may choose if you wish to enter the data necessary for your order one time only (guest access) or if you wish to open a cus-tomer account to save your data for later purchases. If you order with guest access, we save your data in order to fulfil our contract and delete it as soon as we are no longer legally obli-gated to store it, i.e. after we have fulfilled our contract and when the obligations under tax and commercial law to retain data have ceased. Fields which are mandatory for the fulfilment of contracts are marked; other fields are voluntary. When a customer account is opened, the data entered by you is saved revocably, you can always delete your account in your custom-er area.
During the order process and in order to open a customer account, we collect, process, store and use the following data: form of address, name, billing address, delivery address, date of birth, email address, telephone number, depending on the billing information chosen bank details, credit card data (name of card holder, credit card number, validity date, security number). In order to deliver your ordered goods to you, we transmit your name and delivery address to the commissioned shipping company. In order to facilitate payment, we transmit your bank details or credit card data to the commissioned credit institute::
• Paypal: customer ID in the shop, order number, customer name, customer address, total sum
• Ingenico ePayment: customer ID in the shop, order number, total sum
• Sofortüberweisung: customer ID in the shop, order number, total sum
The legal basis for this data processing is Art. 6 Sec. 1 lit. b) GDPR since this data is neces-sary in order to fulfil our contractual obligations. Without collection, storage or processing of the mandatory fields, fulfilling the contract is impossible.
Product information/email advertising
As our customer, i.e. when you have ordered our products at least once before, you will re-ceive regular product information by email, independently from any newsletter subscription. We wish to inform you about products we offer which you might be interested in on the basis of your last purchases with us. If you do not wish to receive any product information or any (advertising) messages from us, you can at any time object to this without incurring any costs other than the transmission costs according to the standard rates. A message in text form to the above contact data (e.g. e-mail, fax, letter) is sufficient for this. Of course, you will also find an unsubscribe link in every e-mail.
The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR since the targeted infor-mation of existing customers is our legitimate interest.
Subscription of email newsletter
With your agreement, you can subscribe to our newsletter with which we will inform you about our current interesting offers. For the subscription to our newsletter, we use the so-called double opt-in process. This means that once you have subscribed, we will send you an email to the email address you gave us with which we request that you confirm your subscription. We also store the IP addresses you used at subscription and confirmation. The purpose of this process is to be able to prove that you subscribed and to be able to clear up any misuse of your personal data.
The only mandatory data for the subscription of the newsletter is your email address. The submission of any other separately marked data is voluntary and is used to be able to ad-dress you personally. After your confirmation, we store your email address in order to send you the newsletter. Art. 6 Sec. 1 lit. a GDPR is the legal basis.
You can withdraw your consent for sending you the newsletter at any time and unsubscribe from the newsletter without incurring any costs other than the transmission costs according to the standard rates. A message in text form to the above contact data (e.g. e-mail, fax, let-ter) is sufficient for this. Of course, you will also find an unsubscribe link in every e-mail.
During the order process, your order data are sent through with an encryption. We protect our website and other systems by technical and organizational measures against loss, de-struction, access, modification and distribution of your data by unauthorized persons. You should always keep your login information confidential and close the browser window when you have finished communicating with us, especially when you share your computer with others.
…Access (Art. 15 GDPR)
You have at any time the right to access to confirm as to whether or not personal data con-cerning you has been processed, and if so which personal data has been processed.
… Rectification (Art. 16 GDPR)
You have at any time the right to have us rectify personal data concerning you that is stored by us.
…Erasure and Restriction (Art. 17 and Art. 18 GDPR)
You have at any time the right to request the erasure of your personal data stored by us. We will delete your data unless we are authorized or obligated to store your data for other rea-sons. You can similarly request the restriction of our processing of your personal data.
…Data Portability (Art. 20 GDPR)
Regarding personal data which you have provided to us and which we have due to your con-sent processed automatically, you can at any time request that we provide you with this per-sonal data. You then can transmit this data to other companies. If you wish - and if it is tech-nically possible - we can also transmit the data to the company you named to us.
…Right to Objection and Withdrawal of Consent (Art. 21 and Art. 7 Sec. 3 GDPR)
As we have already informed you, you can at any time object to the use of your data for ad-vertising. If you have granted us your consent to process your personal data, you can with-draw it at any time.
…Right to Lodge a Complaint (Art. 77 DSGVO)
If you believe that the processing of the personal data concerning you is illegal, you can lodge a complaint with the competent supervisory authority.
… Exercise of rights
In order to exercise your rights or if you have questions regarding collection, processing and use of your personal data, in case of access, rectification, data portability or erasure of data as well as withdrawal of consent granted, you can contact us at the above contact data (e.g. email, telefax, letter).