Data protection

HomeData protection

The protection of your personal data is very important to us. We would like to provide you with detailed information about how we handle it below. In doing so, we naturally comply with all legal requirements, in particular those of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as well as other data protection regulations.

1) Data collection and processing

  1. Information we collect about you when you visit our website: In order to visit our website and use our online services, it is not necessary to provide personal data. Only access data without direct personal reference is stored, such as the name of your internet service provider, the page from which you visit us, the names of the requested files and their retrieval date. This data is used solely to improve our services and does not allow any direct conclusions to be drawn about you as a person.
  2. Information you provide to us voluntarily: Personal data is collected when you voluntarily provide it to us. This can be done by using our contact form when you fill it out on our website, provided that you enter the ‘Name’ field (which is not mandatory).

In line with our values, we treat all personal data we receive in accordance with the data protection principles set out in Art. 5 GDPR, i.e. 1) lawful and transparent processing in good faith, 2) purpose limitation, 3) data minimisation, 4) accuracy and data quality, 5) storage limitation, 6) integrity and confidentiality and 7) accountability.

2) Use and disclosure of personal data

We use your personal data only to the extent permitted by law. This is done primarily for the purpose of establishing contact, with you having previously contacted us via our contact form.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and the applicable data protection regulations. To the extent permitted by law, we have entered into or will enter into written agreements with third-party recipients that are consistent with this Privacy Policy.

We require all third-party recipients to respect the security of your personal data and to treat it in accordance with the law, in particular the applicable data protection provisions. Your data will only be passed on to third parties to the extent necessary and as permitted by law. In the event of an international transfer of personal data to countries outside the EU, we ensure that at least one of the following measures is implemented: a transfer will only take place

  • to countries for which the EU Commission has determined an adequate level of data protection; or
  • on the basis of the standard data protection clauses approved by the EU Commission; or
  • on the basis of binding corporate rules (Art. 47 GDPR) or an approved certification mechanism (Art. 42 GDPR); or
  • in the case of the destination country being the USA, on the basis of the regulations of the EU/US Privacy Shield certification of the recipient.

3) Use of cookies, advertising and tracking tools

We use cookies on some pages to make visiting our website and using our online services more attractive and to enable the use of certain functions.

Cookies are small text files that are stored on your computer by your browser and are used to store certain information during your navigation of our website or for future visits. Our partner companies are not permitted to collect, process or use personal data via our website using cookies.

There are basically two different technical types of cookies: session cookies and persistent cookies. They are used for different purposes and store different information.

Session cookies store information that is used during your current visit to our website. They help, for example, to put together the shopping basket when you place an order. Session cookies are automatically deleted when you close your browser. No information remains on your hard drive after you have left our website.

Persistent cookies store information between visits to our website. They remain on your computer and enable us to recognise you as a returning customer the next time you visit.

A distinction is also made according to the source, i.e. who sets the cookie. There are so-called ‘first-party cookies’, i.e. our website itself sets a cookie, or so-called ‘third-party cookies’, i.e. a third party sets a cookie. Third-party cookies often occur as so-called ‘conversion cookies’ (a form of persistent cookie) in online marketing and are also used by our website. Third-party cookies make it possible to collect information about a visitor’s behaviour on the website. They are regularly evaluated to determine the strategy and success of the website or serve to deliver relevant advertising material.

You have the option to prevent cookies from being stored on your computer by selecting the appropriate browser settings. However, this may limit the functionality of our website.

  1. Privacy Policy for the Use of Google Analytics
    In order to analyse your use of our websites, we use ‘Google Analytics’, a service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (‘Google’). Google Analytics uses cookies for this purpose and the information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there.

In order to ensure that your IP address is recorded anonymously (so-called IP masking), IP anonymisation is activated on our website through the use of the Google Analytics add-on ‘_gat._anonymizeIp’. This means that Google will automatically shorten your IP address if our website is accessed from an EU country or another EEA country. Only in exceptional cases will your full IP address be transmitted to a Google server in the US and shortened there.’

On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet use. These purposes also constitute our legitimate interest in the data processing. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

You can prevent cookies from being stored by selecting the appropriate settings on your browser. However, this may result in partial or complete functional restrictions on our website.

You can prevent data collection by Google Analytics by clicking on the following link and downloading and installing the browser plug-in. This sets an opt-out cookie that prevents the future collection of your data when you visit this website: https://tools.google.com/dlpage/gaoptout.
You can find more information about the terms and conditions of use and data protection at http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.

5) Your rights

Under the provisions of the GDPR, you have the following rights in particular:

the right to access and correct your personal data: for example, you can request a copy of your personal data that we hold and check that we are processing it lawfully

  1. the right to have your personal data deleted: for example, you can ask us to delete your data if we no longer have a legitimate reason to process it further or if you have effectively exercised your right to object.
  2. the right to object to the processing of your personal data with effect for the future. However, in some cases, we may be able to demonstrate that we have an overriding legitimate interest or other justification to continue processing your personal data.
  3. the right to restrict or suspend the processing of your personal data: e.g. to determine the accuracy of your data or if you have the right to delete, but do not want to exercise it or if you ask us to store your data only so that you can establish, exercise or defend claims.
  4. The right to transmit your personal data to you or to third parties in a commonly used, machine-readable format. Please note that this right applies only to automated data that you have consented to use or that we have used to fulfil a contract with you.
  5. The right to withdraw your consent at any time with effect for the future, in cases where we rely on your consent to process your personal data. Please note that this does not affect the lawfulness of the processing before the withdrawal. If you withdraw your consent, we may not be able to provide certain products or services to you.
  6. Right to lodge a complaint. In legitimate cases, you can lodge a complaint with the competent data protection authority. However, we would prefer that you initially contact us with your concerns so that we can attempt to resolve them amicably. We would be happy to be your first point of contact.

In connection with your request, we may need to request specific information from you to help us confirm your identity and ensure your rights. This is for your and our security, so that your personal data is not disclosed to any unauthorised third parties. To speed up our response, we may also contact you to ask you to provide us with further information in relation to your request.

We try to respond to all legitimate requests within a reasonable time frame, if possible within one month. Occasionally it may take longer, for example if we have follow-up questions, your request is complex or you have made multiple requests. In this case, we will notify you and keep you informed.

In principle, you can exercise all of the rights mentioned free of charge. In individual cases, we are entitled under the GDPR to charge a reasonable processing fee if your request is manifestly unfounded, repetitive or excessive. Alternatively, we may refuse your request under these circumstances.

6) How long do we store your personal data?

We will not store your personal data for longer than is necessary for the respective purpose of the processing for which it was collected. This also includes the fulfilment of legal, in particular commercial and company law, as well as tax and regulatory requirements. To determine the appropriate retention period for personal data, we consider, among other things, the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure, for example; the purposes for which we process your personal data; and whether we can achieve those purposes through other, less intrusive means, within the applicable legal requirements.

We will take all reasonable steps to destroy or delete from our systems any data that is no longer required.

7) Security

We protect your data against accidental or intentional manipulation, destruction or loss, and against unauthorised access by third parties by using appropriate technical and organisational security measures. These are continuously reviewed and improved in line with technological developments.

8) Contact person and data protection

If you have any questions about the collection, processing or use of your personal data or if you wish to exercise one of the rights under E, i.e. to access, correct, block or delete data, please contact kundenservice@nutrilabs.eu.

This data protection declaration was last revised on 28 December 2018.