Privacy Policy Website

 

With this privacy policy we inform the visitors of our website about the data processing of personal information (data). If you are also using one of our apps the following privacy policy for our apps applies additionally: [https://api.gaia-nutrition.de/static/hercules/privacy?lc=en]

 

I. Who is responsible for the data processing and who can I contact?

 

 Responsible for the processing of the data on the website: 

 

Gaia Nutrition GmbH & Co KG

Im Gehölz 11

20255 Hamburg

Germany

 

E-Mail:             hi@gaia-nutrition.de

Telefon:          +49 17630435195

 

II. What kind of data processing ist happening on the website?

 

  1. Transfer of data over the internet

 

When you visit our websites we process your IP-address, date and time of your visit, information about the used browser including language selection and operating system as well as the site which referred you to our website. 

 

Why do we process this data?

 

We process this data so that you can load our website and for the purpose of checking and if necessary restoring system security and stability and possibly for statistical purposes. We can not assign this data to a specific person. The legal basis of this processing is Article 6 (1) (f) GDPR. We have a legitimate interest in ensuring that our website is displayed correctly on your screen and that we can identify and correct the causes of malfunction.

 

How long will this data be stored?

 

This data is stored in log files for a maximum of 2 years.

 

Do I have to provide this data?

 

The provision of this data is neither legally nor contractually required. Is not necessary to enter a contract with us. However, visiting our website without processing this data is not possible for technical reasons.

 

  1. Analysis by Mixpanel 

 

We use analysis tools provided by Mixpanel, Inc. (Mixpanel). Mixpanel uses persistent cookies. The information generated by the cookie about your use of our website is processed by Mixpanel in the USA. This information is the data mentioned above under II. 1. as well as any further anonymised device, connection information and error messages. Mixpanel also keeps track of which page you viewed on our website and which links you clicked on.

 

Why is this data being processed?

 

The data will be used to improve and optimize the features of our website and our apps to make them more interesting to you. Mixpanel processes this data on our behalf to statistically evaluate the use of our website. Legal basis for this is your consent in accordance with Art. 6 para. 1 f) GDPR.


How long will this data be stored?

 

The data is stored for 5 years.

 

Do I have to provide this data?

 

The provision of this data is not required. The cookies can be deactivated in the cookie settings on the website after the consent was given. You can also prevent the storage of cookies and thus the use of Mixpanel by adjusting the settings in your browser. Alternatively, you can click on the following link: http://mixpanel.com/optout. By doing so an opt-out cookie will be set for our website. Please repeat this process for all browsers and devices you would like to delete the cookies from.

 

  1. Cookies by Stripe 

 

We use the payment provider Stripe Inc. (Stripe). Stripe uses persistent cookies. The information generated by the cookie is used for payment processing and is processed by Stripe in the United States. This information is the data mentioned above under II. 1. and any other anonymous device and connection information.

 

Why is this data being processed?


The data will be used to facilitate the payment through Stripe. The legal basis for this is a legitimate interest in the processing of data in accordance with Article 6 (1) (f) GDPR. The legitimate interest is the facilitation of payments.

 

How long will this data be stored?

 

The data is stored for 5 years.

 

Do I have to provide this data? 


The provision of this data is required in order to enter a contract with us. You can prevent the storage of cookies and thus the use of Stripe by respectively changing your browser settings. Without these cookies however the full use of the website is not possible.

 

  1. Cookies durch PayPal (Europe) S.à r.l. et Cie, S.C.A.

 

We use the payment provider PayPal (Europe) S.à r.l. et Cie, S.C.A (PayPal). Stripe uses persistent cookies. The information generated by the cookie is used for payment processing and is processed by PayPal in Europe. This information is the data mentioned above under II. 1. and any other anonymous device and connection information.

 

Why is this data being processed?


The data will be used to facilitate the payment through PayPal. The legal basis for this is a legitimate interest in the processing of data in accordance with Article 6 (1) (f) GDPR. The legitimate interest is the facilitation of payments.

 

How long will this data be stored?

 

The data is stored for 5 years.

 

Do I have to provide this data? 


The provision of this data is required in order to enter a contract with us. You can prevent the storage of cookies and thus the use of PayPal by respectively changing your browser settings. Without these cookies however the full use of the website is not possible.


  1. Contact Form

 

We process data that you have entered in our contact form or sent us by e-mail so that we can process and respond to your request.

 

Why is this data being processed?


We may process data that you enter in our contact form in accordance with Art. 6 (1) (a) GDPR provided that you have agreed to the processing by ticking the respective tick box. 

If you enter sensitive data (such as origin, political or religious beliefs, union affiliation, health or sexual data) into the "Message" field you consent to the processing of such information. If you provide us with data by e-mail, the legal basis is Art. 6 (1) (f) GDPR. If you are also our customer Art. 6 para. 1 b) DSGVO is also the legal basis.

 

How long is the data stored? Do I have to provide this data?

 

This data will be deleted no later than 24 months after receipt of your request unless we are entitled or obliged to a longer storage due to statutory provisions in respect to Art. 6 para. 1 c) GDPR. If you are our customer at the same time different storage periods of up to 10 years may apply for you provided that we are legally obliged or entitled to do so.

 

The provision of this data is neither required nor necessary to enter a contract with us. However, using the contact form requires that you provide an e-mail address since otherwise we will not be able to respond. If you provide further data this is done voluntarily.

 

III. Will my data be shared with third parties?


We share the above mentioned data with the following data processors: 

 

  • Mixpanel Inc., 589 Howard Street, #4 San Francisco, CA 94105, USA (web analysis)
  • If necessary, additional processors like cloud providers, web hosting services, IT services and data carrier destruction


The data processors process data only according to our instructions and not for their own purposes. If the processors are based in the US your data may also be transmitted to the US. Mixpanel has submitted to the "EU-US-Privacy-Shield". In a decision on adequacy (“Angemessenheitsbeschluss”) the European Commission has decided that this will create an adequate level of data protection.


In some cases, some of your data may be shared with the following categories of recipients if required to do so by law (Article 6 (1) (c) GDPR) or required to enforce or defend legal claims or to protect other legitimate interests ( Art. 6 para. 1 f) GDPR):

 

  • Telecommunications company to communicate with you
  • Law enforcement and courts to enforce or defend legal claims

 

IV. What rights do I have with respect to my data?

 

Under in respect to Art. 15 DSGVO you can request information about whether and which of your data we process. You may request the correction and possibly the completion of your data in accordance with Art. 16 GDPR. You have the right to delete your data under the conditions of Art. 17 GDPR or to seal it under the conditions of Art. 18 DSGVO. According to Art. 21 GDPR you have the right to receive the data you have transmitted to us on the basis of a consent or a contract, provided that the processing is automated. If it is technically possible you may ask us to transmit this data to a third party. Your rights may be restricted or excluded by law under certain conditions.

 

Insofar as we process data in accordance to our interests exclusively on the basis of Art. 6 para. 1 f) GDPR, for reasons arising from your particular situation you have the right to object to the processing of your data.

If you object we will not process the data in question unless we can demonstrate compelling legitimate grounds that outweigh your interests, rights and freedoms or in the case that the processing of your data is required to enforce legal claims.

 

In addition, you may object to the processing of your data for promotional purposes at any time without any costs other than the transmission costs according to the basic rates. You may opt-out of receiving emails for advertising purposes at any time by clicking on the corresponding unsubscribe link at the end of such e-mail. Alternatively you can also send an e-mail to privacy@gaia-nutrition.de to opt-out.

 

If you have consented to the data processing you have the right to revoke your consent at any time. Revoking your consent does not affect the legality of the data processing prior to revoking your consent. You can revoke your consent by sending e-mail to privacy@gaia-nutrition.de declaring that you would like to revoke the rights to processing your data. Once you have revoked these rights your data will no longer be processed. This does not apply if we are legally entitled or obliged to do so.

 

You have the right to file data protection complaints with a data protection authority, in particular with the Hamburg Commissioner for Data Protection, Klosterwall 6, 20095 Hamburg.

 

Version: 18. May 2018