Privacy statement

We welcome you visiting our website and are very pleased about your interest in our company. We take the protection of your personal data very seriously. We process your data in compliance with the applicable legal provisions for the protection of personal data, in particular the EU’s General Data Protection Regulation (GDPR) and the country-specific implementation laws applicable to us. By means of this privacy statement, we comprehensively inform you about the processing of your personal data by Abtswinder Naturheilmittel GmbH & Co. KG and the rights you are entitled to.

 

In this context, personal data are pieces of information allowing for an identification of a natural person. In particular, this includes the name, date of birth, address, telephone number and email address, but also your IP address.

 

Anonymous data are data in which no personal reference can be established to the user.

 

Responsible body and data protection officer

 

Anschrift
Abtswinder Naturheilmittel GmbH & Co. KG
Gewürzstraße 1-3
D-97355 Abtswind

Internetadresse
www.abtswinder.de

Telefon
+49 (0) 9383 / 9711-0

Telefax
+49 (0) 9383 / 9711-97

E-Mail
[email protected]

 

Contact of the data protection officer
[email protected]

 

Your rights as a concerned person

 

First, we want to inform you about your rights as a concerned person here. These rights are standardized in the Art. 15 - 22 GDPR. This includes:

 

  • The right of information (Art. 15 GDPR),
  • The right of deletion (Art. 17 GDPR),
  • The right of correction (Art. 16 GDPR),
  • The right of data transferability (Art. 20 GDPR),
  • The right of restriction of data processing (Art. 18 GDPR),
  • The right of refusal of data processing (Art. 21 GDPR).

 

To exercise these rights, please contact: [email protected]. The same applies if you have any questions on the data processing in our company. Besides, you have a right of complaint with a privacy supervisory authority.

 

Rights of refusal

 

Please note the following in relation to rights of refusal:


If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing any time without indicating any reasons. This also applies to a profiling as far as it is related to the direct advertising.

 

If you object to the processing for direct advertising, we will not process your personal data anymore for these purposes. The objection is free of charge and can be expressed without formal requirements, if possible to: .

 

If we process your data to preserve justified interests, you can object to this processing any time for reasons caused by your special situation; this also applies to a profiling based on these provisions.

 

In such case, we will not process your personal data any longer, unless we can prove compulsory reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal rights.

 

Purposes and legal bases of data processing

 

In processing your personal data, the provisions of the GDPR, the BDSG (Federal Data Protection Act) (new) and all other applicable privacy provisions are respected. In particular, the legal basis for the data processing results from Art. 6 GDPR.

 

We use your data to initiate business, to fulfil contractual and legal obligations, to execute the contractual relation, to offer products and services and to strengthen the client relationship, which can also include analyses for marketing purposes and direct advertising.

 

Your consent also represents a mandatory approval according to privacy law. At this occasion, we inform you about the purposes of the data processing and your right of revocation. If the consent also refers to the processing of special categories of personal data, we will explicitly indicate this to you in the consent, Art. 88 par. 1 GDPR in connection with § 26 par. 3 BDSG (new).

 

A processing of special categories of personal data within the meaning of Art. 9 par. 1 GDPR will only occur if this is required due to legal provisions and there is no reason to assume that your interest in the exclusion of processing worthy of protection prevails, Art. 88 par. 1 GDPR in connection with § 26 par. 3 BDSG (new).


Forwarding to third parties

 

We will forward your data to third parties only within the legal provisions or with a corresponding consent. Apart from that, there will be no transfer to any third parties, unless we are obliged to that due to compulsory legal provisions (forwarding to external bodies as e.g. supervisory authorities or prosecution authorities).


Recipients of the data / categories of recipients

 

Within our company, we will ensure that your data will only be received by those persons who need them to fulfil their contractual and legal obligations.

In many cases, service providers support our specialized departments in fulfilling their tasks. The necessary privacy contracts have been concluded with all service providers.

 

Transfer to third countries / intention to transfer to third countries

 

A data transfer to third countries (outside the European Union/the European Economic Area) only occurs as far as this is required to execute the obligations or prescribed by law or you have granted us your consent to it.

 

There is no data transmission to third countries outside the EU/the European Economic Area.

 

Duration of data storage

 

We store your data as long as they are required for the respective processing purposes. Please note that many conservation periods require that data (must) be continued to store. In particular, this concerns conservation periods according to trade or tax law (e.g. commercial code, tax code, etc.). As far as there are no further conservation obligations beyond that, the data will routinely be deleted after the achievement of the purpose.

 

In addition, we can conserve data if you have given us your consent for that or if there are legal disputes and we use evidence within the legal limitation periods, which can last up to 30 years; the regular imitation period is three years.


Safe transmission of your data

 

In order to protect the data stored with us as well as possible from accidental or intentional manipulations, loss, destruction or access by unauthorized persons, we use respective technical and organizational safety measures. The safety levels are constantly reviewed in collaboration with safety experts and adapted to new safety standards.

 

The data exchange from and to our website takes place in encrypted form, respectively. For our web presence, we offer HTTPS as a transfer protocol, respectively using the current encryption protocols (TLS_AES_128_GCM_SHA256, 128-bit key, TLS1.3. Besides, it is possible to use alternative communication paths (e.g. postal mail).

 

Obligation to provide the data

 

Various personal data are necessary for the foundation, execution and termination of obligations and the fulfilment of the associated contractual and legal duties. The same applies to the use of our website and the different functions provided by it.

 

We have summarized details on that for you in the above-mentioned paragraph. In certain cases, data must also be collected/provided due to legal provisions. Please note that a processing of your requests or the execution of the underlying obligations is not possible without the provision of these data.

Categories, sources and origin of the data

 

The respective context determines which data we process: this depends on the question whether e.g. you place an order online or enter a request in our contact form, whether you send us a job application or a complaint.

 

Please note that we might also provide information for special processing situations separately in an appropriate location, e.g. when uploading application documents or at the occasion of a contact request.

 

During a visit of our website, we collect and process the following data:

 

The provider of the pages collects and stores information automatically in so-called server log files that your browser automatically transmits to us. These are:

 

  • Browser type and browser version 
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

 

These data will not be compiled with other data sources.
The basis for the data processing is Art. 6 par. 1 f GDPR, which allows for the processing of data for the fulfilment of a contract or precontractual measures.

 

Within a contact request, we collect and process the following data:

 

  • First name and last name
  • Email address
  • Company
  • Subject


Any voluntary information additionally provided by you will also be processed.

 

Automatic decisions in individual cases

 

We do not use any purely automatic processing procedures to initiate any decisions.

 

Handling of data of clients, suppliers, contract partners and interested persons

 

Categories / origin of the data
Within the contractual relationship and for the initiation of contracts, we process the following personal data:

  • Contact data (e.g. first/last names of the current and, if applicable, prior contact persons and name extensions, company name and address of the client (employer), phone number with extension, mobile and fixed-line telephone number, email address, fax number, business email address)
  • Deviating delivery/invoice address (e.g. name and address (if applicable, floor, city district, federal state), if applicable, telephone number, if applicable, email address)
  • Order history
  • Professional data (e.g. function in the company, department)
  • Bank details, if applicable (within a SEPA direct debit mandate also first/last name of the account holder)
  • If applicable, the preferred payment system, information on creditworthiness and credit behavior

 

In principle, we obtain your personal data from you within the initiation of the contract or during the ongoing contractual relationship. In certain constellations, exceptionally, your personal data will also be collected from other parties. This includes occasional inquiries on relevant information with credit agencies, in particular on creditworthiness and credit behavior.


Purposes and legal bases of the data processing
The provisions of the EU GDPR, of the Federal Privacy Act (BDSG) (new) and other relevant regulations will always be respected in the processing of your personal data.

 

Your personal data will only be processed to take pre-contractual measures (e.g. communication, preparation of offers for products or services) and to fulfill contractual obligations (e.g. to provide our service or process purchases/orders/payments), (art. 6 par. 1 lit. b EU GDPR) or if there is a legal processing obligation (e.g. due to tax law regulations) (art. 6 par. 1 lit. c EU GDPR). Originally, the personal data have been collected for these purposes.

 

Your consent to the data processing, of course, can also be a permission under privacy law (art. 6 par. 1 lit. a EU GDPR). Before it is granted, we will inform you about the purpose of the data processing and about your right of revocation according to art. 7 par. 3 of the EU GDPR.

 

For the detection of crimes, your personal data will only be processed under the preconditions of art. 10 EU GDPR.

 

Handling of candidate data

 

Categories / origin of the data
Within the application process, we process the following personal data:

  • Your master data (name, first name, name extensions, birth date)
  • Contact data (address, phone number, email address)
  • Work permit/residence permit, if applicable
  • Previous convictions, criminal record, if applicable

 

In principle, your personal data are directly collected from you within the application process.
In addition, we use personal data which we have lawfully obtained from publicly accessible directories (e.g. professional networks).

 

Purposes and legal bases of the data processing
The provisions of the EU GDPR, of the Federal Privacy Act (BDSG) (new) and of all other regulations under the (employment) law will always be respected in the collection and processing of your personal data.

 

According to art. 88 par. 1 EU GDPR in connection with § 26 par. 1 BDSG (new), personal data may be processed by employees for purposes of the employment relationship if this serves the decision on the creation of a new employment relationship or the execution or termination of an employment relationship after its creation.

 

Besides, a permission of data processing, including special categories of personal data, can result from certain other laws, in particular due to industry-specific (compliance) regulations.

 

Your consent to the data processing, of course, can also be a permission under privacy law. In this context, we will inform you about the purpose of the data processing and about your right of revocation according to art. 7 par. 3 of the EU GDPR, art. 88 par. 1 EU GDPR in connection with § 26 Abs. 2 BDSG (new). If the consent also refers to the processing of special categories of personal data, we will explicitly indicate this to you in the consent, art. 88 par. 1 EU GDPR in connection with § 26 par. 3 BDSG (new).

 

A processing of special categories of personal data within the meaning of art. 9 par 1 EU GDPR will only occur if this is required by legal provisions and there is no reason to assume that your interest in the exclusion of the processing worthy of protection prevails, art. 88 par. 1 EU GDPR in connection with § 26 par. 3 BDSG (new).

 

APPENDIX


Links to other providers

 

Our website also contains – clearly recognizable – links to websites of other companies. As far as there are any links to the websites of other providers, we have no influence on their content. Therefore, no warranty or liability can be assumed for these contents. The responsibility for the contents of these pages always lies with the respective provider or operator of the pages.

 

When inserting the link, the linked pages were checked for potential infringements and recognizable violations of rights. At this time, no unlawful contents were recognizable. However, a permanent control of the content of the linked pages is not reasonable without any concrete indications of an infringement of rights. When any infringements of rights become known, such links will be removed immediately.

 

Cookies (art. 6, par. 1 lit. f EU GDPR)

 

In several parts, our website uses so-called cookies. They serve to make our offer more user-friendly and effective and safer. Cookies are small text files that are deposited on your device and saved there.


Most of the cookies used by us are so-called „session cookies“. These cookies are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer when their term of validity is reached (in general six months) or when you delete them yourself before the end of the term of validity.


The cookies used by us operate e. g. to correctly display our website as well as pictures.


Therefore, it is in our legitimate interest according to art. 6 par. I lit. f EU GDPR to place these technically necessary cookies.


Most web browser automatically accept cookies. In general, however, you can also change the settings of your browser if you prefer not to send the information. In such case, however, you can still use the offers of our website without any restrictions.

 

Protection of our website by Cloudflare (art. 6 par. 1 lit. f EU GDPR)


On our website, we have used the content delivery network service of the company Cloudflare Inc. (101 Townsend St San Francisco, CA 94107). Technically speaking, the connection from your device to our website is channeled through the network of Cloudflare. This enables Cloudflare e. g. to detect attacks on our website. However, due to the TLS encryption, which is permanently activated on our website, Cloudflare has no access to any data provided by you. When opening our website, cookies from Cloudflare are placed in your web browser. Cloudflare collects statistical data on the visit of that website. The access data include: Name of the opened website, file, data and time of access, transmitted data volume, notification of successful access, browser type including version, the operating system of the user, the referrer-URL (the website visited before), IP address and the requesting provider. Cloudflare uses the protocol data for statistical evaluations for the purpose of operation, safety and optimization of the offer (e. g. to identify and block abusive mass access within denial-of-service-attacks (DDoS) or to identify several legitimate accesses by different devices using one IP addresses). On this topic, please also read Cloudflare’s privacy provisions which are accessible at https://www.cloudflare.com/de-de/privacypolicy/. We use this service to guarantee the availability of our website, protect us from attacks and optimize the load times of our website.


The tool is used on the basis of our legitimate interest according to art. 6 sec. 1 lit f EU GDPR.


For evaluation, your data will be sent to Cloudflare, i. e. to a third country. In this context, please see: Drittlandübermittlung / Drittlandübermittlungsabsicht

 

Google Maps


On the basis of your consent and according to art. 6 par. 1 lit. a EU GDPR, we use Google Maps (API) by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google”) on our website. Google Maps is a webservice to display interactive maps to visually represent geographic information.


Information on your use of our website (e. g. your IP address) is transmitted to Google servers in the USA and saved there already when accessing those sub-pages in which the Google map is integrated. This occurs irrespective of whether Google provides a user account in which you are logged in or if there is no user account. If you are logged in at Google, your data will be directly attributed to your account. If you refuse the attribution to your Google profile, you must log out before activating the button. Google saves your data (even for the users not logged in themselves) as user profiles and evaluates them. You have a right to object to the creation of those user profiles, if you want to exercise it, you must contact Google.


Contact form / making contact by email (Art. 6 par. 1 a, b GDPR)

 

There is a contact form on our website that can be used for making contact electronically. If you send us a message via the contact form, we process your data provided within the contact form to contact you and reply to your questions and desires.

 

In doing this, the principles of data economy and data avoidance are respected by having you provide only data that we absolutely need from you to make contact. These are your email address and the message text itself. In addition, your IP address will be processed due to technical requirements and for legal security reasons. All other data are voluntary fields and can be provided optionally (e.g. for a more individual reply to your questions).

 

If you contact us by email, we will only process the personal data provided in the email for the purpose of replying to your request. As far as you do not use the proposed forms to make contact, no additional data will be collected beyond that.


Advertising purposes for existing clients (Art. 6 par. 1 f GDPR)

 

Abtswinder Naturheilmittel GmbH & Co. KG is interested in maintaining the client relationship with you and sending you information and offers about our products/services as well as price information. Therefore, we process your data to send you the respective information and offers by email.

 

If you do not want that, you can object to the use of your personal data for the purpose of direct advertising anytime; this also applies to a profiling as far as it is associated with the direct advertising. If you object to that, we will not process your data anymore for this purpose.

 

The objection can be expressed without indicating any reasons free of charge and without form requirement and should be addressed, if possible, to 09383 / 97 11 – 0, by email to [email protected] or by postal mail to Abtswinder Naturheilmittel GmbH & Co. KG, Gewürzstraße 1-3, 97355 Abtswind.