data protection

Data protection


1. Data protection at a glance

1.1 General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.

1.2 Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the “Note on the responsible body” section in this data protection declaration.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can be e.g. This could, for example, be data that you enter into a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided error-free. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time in the future. You also have the right to request that the processing of your personal data be restricted in certain circumstances. You also have the right to lodge a complaint with the responsible supervisory authority.

You can contact us at any time about this or if you have any further questions about data protection.

2. Shopify hosting

We host the content of our website through Shopify.

The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify”).

Shopify is a tool for building and hosting websites. When you visit our website, Shopify collects your IP address as well as information about the device and browser you use. Shopify also analyzes visitor numbers, visitor sources and customer behavior and creates user statistics. When you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information and other information related to the purchase (e.g. phone number, amount of sales made etc.). Shopify stores cookies in your browser for analysis purposes.

For details, see Shopify’s privacy policy:
https://www.shopify.de/legal/datenschutz .

The use of Shopify is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit . B. Device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

3. Data collection on this website

3.1 Cookies

Our websites use so-called “cookies”. Cookies are small data packages and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions you want (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies). stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this data protection declaration.

3.2 Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of server request, IP address. This data will not be merged with other data sources.

This data is collected on the basis of Article 6 Paragraph 1 Letter f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - for this purpose the server log files must be recorded.

3.3 Registration on our website

A person has the option of registering on the website of the data controller and providing personal data. The specific personal information that is submitted depends on the input form used for registration. The data entered will only be collected and stored for internal purposes by the data controller and for its own purposes. The controller may pass on the data to one or more processors, such as a parcel service provider, who also only uses the data for internal purposes that are attributable to the controller.

When a person registers on the controller's website, the IP address assigned to the person by the Internet service provider as well as the date and time of registration are stored. This information is stored to prevent possible misuse of our services and, if necessary, to investigate crimes. It is therefore necessary to store this data to protect the controller. As a rule, this data is not passed on to third parties. The data will only be passed on if we are legally obliged to do so or if it is required for criminal prosecution.

Voluntary registration and provision of personal data allows the controller to provide the data subject with specific content or services that, by their nature, are only available to registered users. Persons who have registered can change the personal data provided during registration at any time or completely remove them from the controller's database.

Upon request, the person responsible will provide each data subject with information at any time about what personal data is stored about the data subject. In addition, the person responsible will correct or delete personal data at the request or notification of the data subject, provided that there are no legal retention obligations to the contrary. All employees of the person responsible are available to the data subject as contact persons in this context.

3.4 Contact form

If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us in order to process the inquiry and in case of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

3.5 Comment function on this website

For the comment function on this page, in addition to your comment, information about the time the comment was created, your email address and, if you do not post anonymously, your chosen username are stored.
Storage period of the comments The comments and the associated data are stored and remain on this website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).

3.6 Legal basis

The comments are stored based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

4. General information and mandatory information

4.1 Data protection

The operators of these sites take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this data protection declaration.

When you use this website, various personal data is collected. Personal data is data that can be used to personally identify you. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the Internet (e.g. when communicating via email) can have security gaps. Complete protection of data from access by third parties is not possible.

4.2 Note on the responsible body

The responsible body for data processing on this website is:

Natural Balance Supplements - Alexander Willmann

Alexander Willman

Neckarhalde 39

72070 Tübingen

Germany

Email: info@naturalbalance-supplements.de

Website: https://www.naturalbalance-supplements.de

4.3 Storage period

Unless a specific storage period is specified in this data protection declaration, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); In the latter case, the deletion takes place after these reasons no longer apply.

4.4 General information on the legal basis for data processing on this website

If you have consented to data processing, we will process your personal data on the basis of Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit are processed. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 Para. 1 lit. a GDPR. If you have consented to the storage of cookies or to the access to information on your device (e.g. via device fingerprinting), the data processing will also be carried out on the basis of Section 25 Paragraph 1 TTDSG. Consent can be revoked at any time. If your data is necessary to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation on the basis of Art. 6 Para. 1 lit. c GDPR. Data processing can also be carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR. Information about the relevant legal bases in each individual case is provided in the following paragraphs of this data protection declaration.

4.5 Recipients of personal data

As part of our business activities, we work with various external bodies. In some cases, it is also necessary to transmit personal data to these external bodies. We only pass on personal data to external bodies if this is necessary to fulfill a contract, if we are legally obliged to do so (e.g. passing on data to tax authorities), if we have a legitimate interest in accordance with Article 6 Paragraph 1 lit. f DSGVO in the transfer or if another legal basis allows the data transfer. When using order processors, we only pass on our customers' personal data on the basis of a valid order processing contract. In the case of joint processing, a joint processing contract is concluded.

4.6 Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

4.7 Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LITER. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE TERMS. THE APPLICABLE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION POLICY. If you make an objection, we will no longer process your data subject to personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( OBJECTION PURSUANT TO ARTICLE 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING
TO INSERT; THIS ALSO APPLIES TO PROFILING TO THE EXTENT IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ARTICLE 21 (2) GDPR).

4.8 Right to lodge a complaint with the responsible supervisory authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

4.9 Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

4.10 Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right to free information at any time about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. You can contact us at any time about this or if you have any further questions on the subject of personal data.

4.11 Right to restriction of processing

You have the right to request that the processing of your personal data be restricted. You can contact us at any time about this. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data was/is occurring unlawfully, you can request that data processing be restricted instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion.
  • If you have lodged an objection in accordance with Article 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

4.12 SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4.13 Objection to advertising emails

The use of contact details published as part of the imprint obligation to send unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, such as spam emails.

4.14 Image source information

Front view hands holding potted plant:

Image by <a href="https://www.freepik.com/free-photo/front-view-hands-holding-potted-plant_25953571.htm#query=baum%20in%20hand&position=39&from_view=search&track=ais%22 %3EFreepik%3C/a%3E">Freepik</a>

Top view medicine with water glass on the table:

Image from <a href="https://de.freepik.com/fotos-kostenlos/drsicht-medizin-mit-wasserglas-auf-dem-tisch_7946281.htm#page=3&query=futterserg%C3%A4nzmittel%20hand&position=1&from_view =search&track=ais">Freepik</a>

Top view of different people hands holding together in circle hands stack:

<a href="https://de.freepik.com/fotos-kostenlos/top-view-of-various-human-hands-that-hold-together-in-the-circle-haende-stack_21149899.htm#query=team%20miteinander&position=23&from_view=search&track=ais"> Image by fabrikasimf</a> on Freepik

5. Newsletter data

If you would like to receive the newsletter offered on the website, we need an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter . No further data is collected or only collected on a voluntary basis. We use this data exclusively to send the requested information and do not pass it on to third parties.

The data entered into the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of data, the e-mail address and their use to send the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or if the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Article 6 (1) (f) GDPR.

Data stored by us for other purposes remains unaffected.

After you have been unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.

6 Analysis tools and third-party tools

When you visit this website, your surfing behavior can be statistically evaluated. This happens primarily with so-called analysis programs. Detailed information about these analysis programs can be found in the following data protection declaration.

6.1 Data protection regulations on the application and use of Google Analytics (with anonymization function)

We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and advertising measures.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future website visits. The addition “_gat._anonymizeIp” is used for web analysis via Google Analytics. With the help of this addition, the IP address of the data subject's internet connection is shortened and anonymized by Google if our website is accessed from a member state of the European Union or from another contracting state to the Agreement on the European Economic Area.

Cookies are used to store personal information. The cookie stores personal data such as the time of access, the location of the access and the number of visits to our website by the user. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the user, is transmitted to Google in the USA. Google stores this personal data in the USA. It is possible that Google may pass on this personal data collected through technical procedures to third parties.

If you do not agree to the collection, you can prevent it by installing the browser add-on to deactivate Google Analytics once or by rejecting cookies via our cookie settings dialog .

In addition, the user has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website as well as its processing by Google. To do this, the user must download and install a browser add-on, which is available at the link https://tools.google.com/dlpage/gaoptout . This add-on informs Google Analytics via JavaScript that no data and information about website visits may be sent to Google Analytics. Google views installing the add-on as a contradiction. If the user's IT system is later deleted, formatted or reinstalled, the user must reinstall the add-on to deactivate Google Analytics. If the add-on is uninstalled or deactivated by the user or another person within his or her control, it can be reinstalled or activated.

Further information and Google's applicable data protection regulations can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html . Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/ .

6.3 Google Ads

We use the online advertising program “Google Ads” on our website and, in this context, conversion tracking (visit action evaluation). Google Conversion Tracking is an analysis service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google).

If you click on a Google ad, a cookie will be stored on your computer for conversion tracking. These cookies are time-limited, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages on our website and the cookie is still valid, both Google and we can determine that you clicked on the ad and were redirected to that page. Each Google Ads customer receives a different cookie, so it is not possible to track cookies across Ads customers' websites.

The information collected by the conversion cookie is used to create conversion statistics. We learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information that allows users to be personally identified.

Your data may be transferred to Google LLC servers in the USA. There is no adequacy decision from the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks and https://business.safety.google/adscontrollerterms/ .

The use of cookies or similar technologies occurs with your consent in accordance with Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. Your personal data will be processed with your consent in accordance with Article 6 (1) (a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent before its withdrawal.

The user has the option of preventing the setting of cookies through our website at any time by making the appropriate settings in the Internet browser used and thus permanently objecting to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the user's IT system. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

In addition, the user has the option to object to interest-based advertising by Google. To do this, the user must access the link www.google.de/settings/ads from each of the Internet browsers they use and make the desired settings there.

Further information and Google's privacy policy can be found at: https://www.google.de/policies/privacy/

6.4 GDPR Legal Cookies by Shopify

We use the GDPR Legal Cookie cookie consent management tool on our website. ( The provider is beeclever GmbH, Universitätsstraße 3, 56070 Koblenz, Germany)

Further information about GDPR Legal Cookies can be found at https://gdpr-legal-cookie.com and in the data protection declaration of beeclever GmbH: https://gdpr-legal-cookie.com/pages/datenschutzerklarung

6.5 Affiliate Program

If you click on an ad with a partner link, Goaffpro will place a cookie on your computer for conversion tracking. These cookies are used to ensure correct billing within the partner program by recording the success of an advertising medium. The cookies recognize that you have clicked on the ad and the origin of the order from the advertiser can be traced. Goaffpro also uses so-called fingerprinting, which allows the device you are using to be recognized. Among other things, Goaffpro can recognize that the partner link on this website was clicked or viewed. Goaffpro records, among other things, your transaction data (such as order value, product type, distribution channel, use of a voucher) and your user name in the form of an individual numerical sequence, so that no identity is recognizable, but contains information about the specific user actions and the device used by the user. Your data may be transferred to third countries such as the USA. There is no adequacy decision from the EU Commission for the USA. The data transfer is based, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection /standard-contractual-clauses-scc_en

The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.

The data protection declaration with detailed information on how Goaffpro uses the data can be found at https://goaffpro.com/privacy and https://goaffpro.com/policies/compliance

7. Plugins and tools

7.1 Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.

For more information about Google Fonts, see
https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de .

7.2 Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether data entry on this website (e.g. in a contact form) is done by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyzes run completely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit . B. Device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Further information about Google reCAPTCHA can be found in the Google Privacy Policy and the Google Terms of Use under the following links:
https://policies.google.com/privacy?hl=de and
https://policies.google.com/terms?hl=de .

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider using the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

7.3 Google Tag Manager

We use Google Tag Manager on our website.

The provider is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).

This application manages JavaScript tags and HTML tags, which are used to implement tracking and analysis tools in particular. The data processing serves the purpose of tailoring and optimizing our website.

The Google Tag Manager itself neither stores cookies nor processes personal data. However, it enables the triggering of additional tags that can collect and process personal data. Further information on terms of use and data protection can be found at https://support.google.com/tagmanager/answer/9323295?hl=de .

8. Payment method

8.1 Data protection regulations for Klarna as a payment method

We offer the option of processing the payment process via the payment service provider Klarna ( Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden) . This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). The payment options offered by Klarna are “purchase on account” or “installment purchase”. The data is automatically forwarded to Klarna. When choosing the specified payment options, the data subject automatically agrees to the forwarding of the data for contract fulfillment or identity and creditworthiness checks (Art. 6 Para. 1 lit b. GDPR). In this context, to the extent necessary for the fulfillment of the contract (Art. 6 Para. 1 lit b. GDPR), please provide Klarna with your first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number further. In addition, there are personal data that are required to fulfill the respective order.

There may also be a mutual exchange of payment information, including bank details, card number, expiry date and CVC code, as well as information about the number and number of items, product data and services, prices and taxes, information about previous purchases or other financial situation information of the person concerned.

Data transfer is primarily used for identity verification, payment management and fraud prevention. The person responsible for processing will transmit personal data to Klarna, especially if there is a legitimate interest in the transmission. The personal data exchanged by Klarna and the person responsible for processing will be passed on to credit reporting agencies. This serves to check your identity and creditworthiness.

Klarna also transfers personal data to affiliated companies (Klarna Group) and service providers or subcontractors if this is necessary to fulfill contractual obligations or the data is to be processed on behalf of the company.

To decide on the establishment, implementation or termination of a contractual relationship, Klarna collects and uses data and information about the user's previous payment behavior as well as probability values ​​for their future behavior (so-called scoring). The scoring is calculated on the basis of scientifically recognized mathematical and statistical methods.

The user has the option to revoke their consent to the processing of personal data by Klarna at any time. A revocation has no effect on personal data that must be processed, used or transmitted for (contractual) payment processing.

The processing of the data provided under this section is not required by law or contract. Without submitting your personal data, we cannot make a payment via PayPal. [You have the option to choose another payment method.]

All Klarna data protection regulations can be found at https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf .

8.2 Data protection regulations for PayPal as a payment method

We offer the option of processing the payment process via the payment service provider PayPal (PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg).

This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). In this context, we pass on to PayPal, to the extent necessary for the fulfillment of the contract (Art. 6 Para. 1 lit b. GDPR), first name, last name, address, email address, IP address, telephone number, mobile phone number. In addition, there are personal data that are required to fulfill the respective order.

The processing of the data provided under this section is not required by law or contract. Without submitting your personal data, we cannot make a payment via PayPal. [You have the option to choose another payment method.]

PayPal carries out a credit check for various services such as direct debit payments to ensure your willingness and ability to pay. This corresponds to PayPal's legitimate interest (according to Art. 6 Para. 1 lit. f GDPR) and serves to execute the contract (according to Art. 6 Para. 1 lit. b GDPR). For this purpose, your data ( first name, last name, address, email address, IP address, telephone number, mobile phone number or other data ) will be passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made, declined or is pending verification.

The data transfer is used to process payments and prevent fraud. The person responsible for processing will transmit personal data to PayPal, especially if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the person responsible for processing may be passed on by PayPal to credit reporting agencies. This serves to check your identity and creditworthiness.

PayPal may pass on personal data to affiliated companies as well as to service providers or subcontractors if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of the customer.

The user has the option to revoke his consent to the processing of personal data by PayPal at any time. A revocation has no effect on personal data that must be processed, used or transmitted for (contractual) payment processing.

Your data will be stored until payment processing is completed. This also includes the time required to process refunds, manage claims and prevent fraud. [A statutory retention period applies to us in accordance with [§ 147 AO / § 257 HGB]]

Further information on objection and removal options against PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

8.3 Data protection regulations for instant transfer as a payment method

We offer the option of processing the payment process via instant transfer from the payment service provider Klarna GmbH, Theresienhöhe 12, 80339 Munich, Germany (Klarna). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). In this context, to the extent necessary for the fulfillment of the contract (Art. 6 Para. 1 lit b. GDPR), we pass on your first name, cash on delivery and transfer amount to Klarna.

    [We are obliged in accordance with [§ / Money Laundering Regulations] to carry out an identity check before making the payment to ensure that the payment is not made by a third party. In this case, before the actual transfer, your specified name will be compared with the name stored in your online banking and, if the check is successful, the immediate transfer will then be initiated. We have no influence on this process and only receive the result of whether the name check was successful or not.]

    Depending on how your bank manages online accounts, different verification steps are necessary: ​​If your bank only accepts transfer orders if there are sufficient account funds, Klarna will not check the account funds. In all other cases, Klarna checks whether the sum of the account balance and overdraft credit limit, less unaccounted sales, covers the amount to be transferred.

    In cases with an increased risk of misuse, Klarna reserves the right to check instant transfers from the last 30 days to see whether they were carried out successfully. There are no credit checks based on historical payment data.

    The check is carried out either via your bank's HBCI interface or via the user interface of your online banking - as if you were logging in yourself. If you manage multiple accounts, information about unselected accounts will not be saved.

    Klarna also stores your online banking user identification (login name/account number) as a hash value. PIN and TAN codes are not saved.

    We have no influence on this process and only receive the result of whether the payment was made or rejected, your account number, bank code, subject, amount and date.

    Further information on objection and removal options against Klarna can be found at: https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/de

    Klarna stores your name, account number, sort code, subject, date and transfer amount for billing purposes within the statutory retention periods. The basis for this is Section 28 Paragraph 1 Sentence 1 No. 1 BDSG.

    We will store your data until payment processing is completed. This also includes the time required to process refunds, manage claims and prevent fraud. [A statutory retention period applies to us in accordance with [§ 147 AO / § 257 HGB]].

    9. Collection, processing and transfer of personal data when placing orders

    We only collect and process your personal data when placing an order if this is necessary to carry out and process your order and to process your inquiries. Providing the data is necessary to conclude the contract. If the data is not provided, no contract can be concluded. The processing is based on Art. 6 Para. 1 lit. b GDPR and is necessary for the fulfillment of a contract with you.

    For example, your data will be passed on to the shipping companies and dropshipping providers, payment service providers, order processing service providers and IT service providers you have selected. In all cases we strictly adhere to the legal requirements. The scope of data transmission is limited to the necessary minimum.

    As part of the contract processing, we pass on your email address to the transport company, provided you have expressly agreed to this in the ordering process. The purpose of this sharing is to inform you via email about the status of your shipment. The processing takes place on the basis of Article 6 Paragraph 1 Letter a GDPR with your consent. You can withdraw your consent at any time by notifying us or the transport company, without affecting the lawfulness of the processing carried out based on the consent before its withdrawal.

    10. Legal basis for processing

    Our company uses Art. 6 I lit. a GDPR as the legal basis for processing processes in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the user is a party, such as in the case of processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b DS -GMO. The same applies to processing processes that are necessary to carry out pre-contractual measures, such as inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the user or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance details or other vital information would then have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Finally, processing processes could be based on Art. 6 I lit. f GDPR. Processing processes that are not covered by any of the above-mentioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing processes in particular because they have been specifically mentioned by the European legislator. In this respect, he was of the opinion that a legitimate interest could be assumed if the user is a customer of the controller (Recital 47 Sentence 2 GDPR).

    11. Interests that are pursued during processing by the controller or a third party and are considered legitimate

    If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to carry out our business activities for the benefit of all our employees and shareholders.

    12. Period of storage of personal data

    The duration of storage of personal data depends on the respective legal retention period. After this period has expired, the data in question will be routinely deleted unless it is no longer needed to fulfill or initiate a contract.

    13. Legal or contractual requirements for providing personal data; need to conclude a contract; Obligation of the data subject to provide personal data; possible consequences of non-provision

    We would like to point out that in some cases the provision of personal data is required by law (e.g. tax regulations) or can result from contractual provisions (e.g. information about the contractual partner). It may be necessary for a data subject to provide us with personal data, which we then need to process in order to conclude a contract. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject should contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the non-provision of the personal data would have.

    14. Presence of automated decision making

    As a responsible company, we refrain from making decisions that are based solely on automated processing - including profiling.

    15. Reviews with Judge.Me

    If you have given Natural Balance Supplements your express consent during or after your order in accordance with Art. 6 Para. 1 lit. a GDPR, Natural Balance Supplements will send your email address, your order number and the order date to the Judge.me rating platform Company Judge.me (LLC, PO Box 7403, Jackson, Wyoming 83002, USA) so that Judge.Me can send you an email review reminder. You can revoke your consent at any time by sending a message to the person responsible for data processing or to info@naturalbalance-supplements.de.

    The Natural Balance Supplements website also includes functions for collecting and displaying product reviews from the Judge.me service. When submitting a review, certain personal data is processed to verify customer reviews. When you submit a review on the Natural Balance Supplements website, your first name, last name, email address, order date and number, as well as name and international references (GTIN/ISDNF), if applicable, will be collected, sent to Judge.me and evaluated there to decide the legitimacy of a customer review for a specific order. This processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR due to our legitimate interest in ensuring the authenticity of customer reviews by ensuring transaction-relatedness and preventing review abuse. After the evaluation review and approval has been completed, the data will be deleted from Judge.me. All of the aforementioned processing may also involve the transmission of personal data to Judge.me LLC servers in the USA.

    Further information about Judge.me can be found at: https://judge.me/privacy

    16. Processing and processing orders with Billbee

    Natural Balance Supplements uses “Billbee” (Billbee GmbH, Paulinenstrasse 54, 32756 Detmold) to process orders. Name, address and, if necessary, other personal data will only be forwarded to Billbee for the purpose of online order processing in accordance with Article 6 Paragraph 1 Letter b of the GDPR. Data will only be passed on to the extent that is actually necessary for order processing.

    Further information about Billbee's data protection and its data protection declaration can be found at: https://www.billbee.io/gesetzes/datensch utz

    Source: https://www.e-recht24.de