1. An overview of data protection
Data collection on out website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
2. General information and mandatory information
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Note to the responsible unit
The responsible data processing unit on this website is:
AYLUNA NATURKOSMETIK GMBH
31840 Hessisch Oldendorf
Phone: 0049 5152 5254455
Fax: 0049 5152 5254456
Responsible entity is the natural or legal person who, alone or in concert with others, decides on the purposes and means of processing personal data (such as names, e-mail addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints woth regulator authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
Information, Blocking, Deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
SSL or TLS-Encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If, after the conclusion of a fee-based contract, there is an obligation to provide us with your payment details (eg account number for direct debit authorization), this data will be required for payment processing.
Payment transactions via the common means of payment (Visa / MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. An encrypted connection is indicated by the browser's address bar changing from "http: //" to "https: //" and the lock icon in your browser bar.
In the case of encrypted communication, your payment details that you send to us can not be read by third parties.
3. Data collection on our website
Necessary processing of data to provide the website
When our website is accessed, your web browser automatically sends data to our web server. These are:
- IP address respectively hostname of the accessing computer
- Browser type and browser version
- Operating system used
- Time of the server request
- Referrer URL
Purpose of the data collection to provide the website
Your IP address has to be collected by our system while providing the website to accomplish your access to the website technically. This constitutes a justified interest pursuant to Art. 6 (1) (b) DSGVO.
Revocation and deletion possibilities
Since the collection of the data for the delivery of the website is technically mandatory, there is no possibility for the user of the objection or for us the possibility of the deletion of the data. The IP address is automatically deleted when you leave the website.
The provider of the pages automatically collects and stores information in so-called server log files. The data transmitted correspond to the data collected for the provision of the website.
Your IP address is changed during transmission to the server log files and thus anonymized. A personal assignment of the stored data is thus no longer possible.
A merge of this data with other data sources will not be done.
The basis for data processing is Art. 6 para. 1 lit. f DSGVO, which allows the processing of data for the performance of a contract or pre-contractual measures.
Duration of storage
Your IP address will be stored for the duration of your session. The deletion of the server log files takes place after one day.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent.
The processing of the data entered into the contact form takes place exclusively on the basis of your consent (Art. 6 (1) lit. DSGVO). You can revoke this consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The information you provide in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or delete the purpose for data storage (for example, after your request has been processed). Mandatory statutory provisions - especially retention periods - remain unaffected.
Registration on this website
You can register on our website to use additional features on the site. We only use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be given in full. Otherwise we will reject the registration.
For important changes, for example, in the scope of the offer or in case of technically necessary changes, we use the e-mail address specified during the registration in order to inform you in this way.
The processing of the data entered during registration takes place on the basis of your consent (Art. 6 (1) lit. DSGVO). You can revoke your consent at any time. An informal message by e-mail to us is sufficient. The legality of the already completed data processing remains unaffected by the revocation.
The data collected during registration will be stored by us as long as you are registered on our website and will subsequently be deleted. Legal retention periods remain unaffected.
Comment function on this website
In addition to your comment, the comment function on this page will also include information on when the comment was created, your e-mail address and, if you are not anonymous, the username you have chosen.
Storage of the IP address
Our comment function stores the IP addresses of the users who write comments. Since we do not check comments on our site before activation, we need this data in order to be able to act against the author in the case of infringements such as insults or propaganda.
Storage duration of the comments
The comments and related data (e.g., IP address) are stored and remain on our website until the commented content has been completely deleted or the comments must be deleted for legal reasons (e.g., offensive comments).
The comments are stored on the basis of your consent (Art. 6 (1) lit. DSGVO). You can revoke your consent at any time. An informal message by e-mail to us is sufficient. The legality of the already completed data processing operations remains unaffected by the revocation.
Processing of data
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmission at the conclusion of the contract for online shops, dealers and goods dispatch
We only transfer personal data to third parties if this is necessary in the course of the contract, for example to the companies entrusted with the delivery of the goods or to the bank responsible for processing the payment. A further transmission of the data does not take place or only if you have expressly consented to the transmission. A transfer of your data to third parties without explicit consent, such as for advertising purposes, does not occur.
The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which allows the processing of data for the performance of a contract or precontractual measures.
4. Plugins und Tools
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube takes place only after explicit consent of the user of this website.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps takes place only after explicit consent of the user of this website.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.
Auf unserer Website bieten wir u.a. die Bezahlung via PayPal an. Anbieter dieses Zahlungsdienstes ist die PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (im Folgenden “PayPal”).
Wenn Sie die Bezahlung via PayPal auswählen, werden die von Ihnen eingegebenen Zahlungsdaten an PayPal übermittelt.
Die Übermittlung Ihrer Daten an PayPal erfolgt auf Grundlage von Art. 6 Abs. 1 lit. a DSGVO (Einwilligung) und Art. 6 Abs. 1 lit. b DSGVO (Verarbeitung zur Erfüllung eines Vertrags). Sie haben die Möglichkeit, Ihre Einwilligung zur Datenverarbeitung jederzeit zu widerrufen. Ein Widerruf wirkt sich auf die Wirksamkeit von in der Vergangenheit liegenden Datenverarbeitungsvorgängen nicht aus.
Auf unserer Website bieten wir u.a. die Bezahlung mittels “Sofortüberweisung” an. Anbieter dieses Zahlungsdienstes ist die Sofort GmbH, Theresienhöhe 12, 80339 München (im Folgenden “Sofort GmbH”).
Mit Hilfe des Verfahrens “Sofortüberweisung” erhalten wir in Echtzeit eine Zahlungsbestätigung von der Sofort GmbH und können unverzüglich mit der Erfüllung unserer Verbindlichkeiten beginnen.
Wenn Sie sich für die Zahlungsart “Sofortüberweisung” entschieden haben, übermitteln Sie die PIN und eine gültige TAN an die Sofort GmbH, mit der diese sich in Ihr Online-Banking-Konto einloggen kann. Sofort GmbH überprüft nach dem Einloggen automatisch Ihren Kontostand und führt die Überweisung an uns mit Hilfe der von Ihnen übermittelten TAN durch. Anschließend übermittelt sie uns unverzüglich eine Transaktionsbestätigung. Nach dem Einloggen werden außerdem Ihre Umsätze, der Kreditrahmen des Dispokredits und das Vorhandensein anderer Konten sowie deren Bestände automatisiert geprüft.
Neben der PIN und der TAN werden auch die von Ihnen eingegebenen Zahlungsdaten sowie Daten zu Ihrer Person an die Sofort GmbH übermittelt. Bei den Daten zu Ihrer Person handelt es sich um Vor- und Nachname, Adresse, Telefonnummer(n), Email-Adresse, IP-Adresse und ggf. weitere zur Zahlungsabwicklung erforderliche Daten. Die Übermittlung dieser Daten ist notwendig, um Ihre Identität zweifelsfrei zu festzustellen und Betrugsversuchen vorzubeugen.
Die Übermittlung Ihrer Daten an die Sofort GmbH erfolgt auf Grundlage von Art. 6 Abs. 1 lit. a DSGVO (Einwilligung) und Art. 6 Abs. 1 lit. b DSGVO (Verarbeitung zur Erfüllung eines Vertrags). Sie haben die Möglichkeit, Ihre Einwilligung zur Datenverarbeitung jederzeit zu widerrufen. Ein Widerruf wirkt sich auf die Wirksamkeit von in der Vergangenheit liegenden Datenverarbeitungsvorgängen nicht aus.
Details zur Zahlung mit Sofortüberweisung entnehmen Sie folgenden Links: https://www.sofort.de/datenschutz.html und https://www.klarna.com/sofort/.
Hessisch Oldendorf, 26.11.2019