de en

Privacy

We are very happy at your interest in our website. The protection of personal data and therefore your privacy is an important issue for us. Therefore, we will of course handle your personal data responsibly in compliance with the relevant legal data protection regulations. In this Privacy Policy, we will inform you which data we collect when you use our website, to what purpose and in which way we collect, process and use this data and what your rights are.

Controller/data protection officer


Controller according to GDPR for the operation of the website www.undgretel.com including the integrated online shop as well as provider according to the German Telemediengesetz (Telemedia Act) is UND GRETEL Naturkosmetik GmbH, Winsstraße 62-63, 10405 Berlin, Germany, Telephone: +49 (0) 30 2809 6881, Fax: +49 (0) 30 2809 6882, Email: in-fo@undgretel.com, directors: Stephanie Dettmann, Christina Roth.

The Controller’s data protection officer is available at datenschutz@undgretel.com or under the aforementioned contact data of UND GRETEL Naturkosmetik GmbH.

Automated data collection and processing by webserver


When you visit our website including the integrated online shop without making a purchase or registering, you do not need to submit any personal data yourself. However, when you access individual pages of our website, the server automatically collects and processes the following data:

• referring website
• accessed website or file
• browser type and version
• operating system used
• device type
• time of access
• anonymized IP address.


This data, which is automatically deleted 7 days after it was collected, does not enable us to identify you as an individual. The data listed is, however, processed by us for the following purposes: ensuring a comfortable use of our website, analysis of system security and stabil-ity and further administrative purposes. The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR. Our legitimate interest follows the above-mentioned purposes.

Cookies


We use cookies on our website. Cookies are small text files assigned to the browser you use that are stored on your hard disk and which send us particular information. Cookies enable us to automatically recognize you at your next visit of our webpage. This allows us to make our website more user-friendly and effective. These purposes are a legitimate interest. We use two kinds of cookies: “session cookies” and “permanent cookies”. Session cookies are temporary cookies which are automatically deleted when the browser is closed. Permanent cookies are automatically deleted when they expire. Processing is based on Art. 6 Sec. 1 lit. f) GDPR.

Of course, you can also view our website without cookies. Most browsers accept cookies automatically. You can prevent the storing of cookies or have your browser warn you before saving a cookie by choosing these options in your browser options. Furthermore, you can delete stored cookies from your computer. Further information about these functions are found in the Help menu of your browser. It is possible, however, that some functions of our website will be available only in part or not at all if you do not permit the use of cookies. If you accepted cookies int eh past, you can use your browser options to delete your existing cook-ies and refuse the storing of cookies in the future.

Google Analytics


This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphithea-tre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies” (see above cf. 3). The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to analyze your use of this website in or-der to compile reports about website activities for the website owner and to provide other services to the website owner in connection with website use and internet use. Our legitimate interest follows the above-mentioned purposes according to Art. 6 Sec. 1 lit. f GDPR.
Google may transmit this data to third parties if this is legally compulsory or if third parties process the data on behalf of Google. This website is run with the extension „anonymizeIp“ in order to anonymize the collected IP addresses. Google will not associate your IP address transmitted by Google Analytics with any other data held by Google. The data sent and con-nected with cookies, user IDs or advertising IDs is deleted automatically after 14 months.
You may prevent the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can prevent Google’s collection and use of data (including IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=de. This opt-out is set to browser and device. If you use this website with different browsers or devices, you need to install the opt-out on each one.

Data collection and processing to fulfil contracts and when opening a customer ac-count


If you want to make a purchase through our online shop, you may choose if you wish to enter the data necessary for your order one time only (guest access) or if you wish to open a cus-tomer account to save your data for later purchases. If you order with guest access, we save your data in order to fulfil our contract and delete it as soon as we are no longer legally obli-gated to store it, i.e. after we have fulfilled our contract and when the obligations under tax and commercial law to retain data have ceased. Fields which are mandatory for the fulfilment of contracts are marked; other fields are voluntary. When a customer account is opened, the data entered by you is saved revocably, you can always delete your account in your custom-er area.

During the order process and in order to open a customer account, we collect, process, store and use the following data: form of address, name, billing address, delivery address, date of birth, email address, telephone number, depending on the billing information chosen bank details, credit card data (name of card holder, credit card number, validity date, security number). In order to deliver your ordered goods to you, we transmit your name and delivery address to the commissioned shipping company. In order to facilitate payment, we transmit your bank details or credit card data to the commissioned credit institute::

• Paypal: customer ID in the shop, order number, customer name, customer address, total sum
• Ingenico ePayment: customer ID in the shop, order number, total sum
• Sofortüberweisung: customer ID in the shop, order number, total sum

The legal basis for this data processing is Art. 6 Sec. 1 lit. b) GDPR since this data is neces-sary in order to fulfil our contractual obligations. Without collection, storage or processing of the mandatory fields, fulfilling the contract is impossible.

Product information/email advertising


As our customer, i.e. when you have ordered our products at least once before, you will re-ceive regular product information by email, independently from any newsletter subscription. We wish to inform you about products we offer which you might be interested in on the basis of your last purchases with us. If you do not wish to receive any product information or any (advertising) messages from us, you can at any time object to this without incurring any costs other than the transmission costs according to the standard rates. A message in text form to the above contact data (e.g. e-mail, fax, letter) is sufficient for this. Of course, you will also find an unsubscribe link in every e-mail.

The legal basis for this data processing is Art. 6 Sec. 1 lit. f) GDPR since the targeted infor-mation of existing customers is our legitimate interest.

Subscription of email newsletter


With your agreement, you can subscribe to our newsletter with which we will inform you about our current interesting offers. For the subscription to our newsletter, we use the so-called double opt-in process. This means that once you have subscribed, we will send you an email to the email address you gave us with which we request that you confirm your subscription. We also store the IP addresses you used at subscription and confirmation. The purpose of this process is to be able to prove that you subscribed and to be able to clear up any misuse of your personal data.

The only mandatory data for the subscription of the newsletter is your email address. The submission of any other separately marked data is voluntary and is used to be able to ad-dress you personally. After your confirmation, we store your email address in order to send you the newsletter. Art. 6 Sec. 1 lit. a GDPR is the legal basis.

You can withdraw your consent for sending you the newsletter at any time and unsubscribe from the newsletter without incurring any costs other than the transmission costs according to the standard rates. A message in text form to the above contact data (e.g. e-mail, fax, let-ter) is sufficient for this. Of course, you will also find an unsubscribe link in every e-mail.

Data security


During the order process, your order data are sent through with an encryption. We protect our website and other systems by technical and organizational measures against loss, de-struction, access, modification and distribution of your data by unauthorized persons. You should always keep your login information confidential and close the browser window when you have finished communicating with us, especially when you share your computer with others.

Your rights


…Access (Art. 15 GDPR)
You have at any time the right to access to confirm as to whether or not personal data con-cerning you has been processed, and if so which personal data has been processed.

… Rectification (Art. 16 GDPR)
You have at any time the right to have us rectify personal data concerning you that is stored by us.

…Erasure and Restriction (Art. 17 and Art. 18 GDPR)
You have at any time the right to request the erasure of your personal data stored by us. We will delete your data unless we are authorized or obligated to store your data for other rea-sons. You can similarly request the restriction of our processing of your personal data.

…Data Portability (Art. 20 GDPR)
Regarding personal data which you have provided to us and which we have due to your con-sent processed automatically, you can at any time request that we provide you with this per-sonal data. You then can transmit this data to other companies. If you wish - and if it is tech-nically possible - we can also transmit the data to the company you named to us.

…Right to Objection and Withdrawal of Consent (Art. 21 and Art. 7 Sec. 3 GDPR)
As we have already informed you, you can at any time object to the use of your data for ad-vertising. If you have granted us your consent to process your personal data, you can with-draw it at any time.

…Right to Lodge a Complaint (Art. 77 DSGVO)
If you believe that the processing of the personal data concerning you is illegal, you can lodge a complaint with the competent supervisory authority.

… Exercise of rights
In order to exercise your rights or if you have questions regarding collection, processing and use of your personal data, in case of access, rectification, data portability or erasure of data as well as withdrawal of consent granted, you can contact us at the above contact data (e.g. email, telefax, letter).

Change of Privacy Policy
Occasionally, for example when we develop our website further or legal changes are made, it may become necessary to change this Privacy Policy. UND GRETEL Naturkosmetik GmbH therefore reserves the right to change the Privacy Policy at any time with effect to the future. We therefore recommend that you read this Privacy Policy at regular intervals. The current status of this Privacy Policy is May 2018.