Privacy policy

Privacy Policy Marvin Karrenbauer (Sole Proprietorship)

 

Principally, you can use the Websites without giving out any Data specific to the individual person (you). If a certain person wants to use the services offered online on the websites of the enterprise, a processing and handling of personal data could become necessary. If this is the case, but there is no legal foundation for this, i will always ask the concerned person if this is agreeable to them beforehand. The processing of personal data (Name, address, e-mail address or telephone number of a concerned person), is always done in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations (Bundesdatenschutzgesetz - The enterprise is based in Germany).

 

With the following privacy policy, i want to inform the public about the nature, extend, and purpose of the personal data that is collected, processed, and used by me. Concerned persons of such a data collection are also informed about their legal rights concerning those matters.

 

As the one responsible for the processing of such data, i have implemented technical and organisatory means to offer a protection of personal data that is processed through my websites that is as gapless as possible. Data transfer through the internet however, is never totally secure and there can be security gaps. A hundred percent protection cannot be guaranteed. Therefore, every concerned person can send me personal data alternatively in other ways, such as for example via telephone.

 

 

 

1. Definitions

 

This privacy policy is based on the definitions which were used through the european giver of directives and regulations when the General Data Protection Regulation was decreed. (Article 4 GDPR). This privacy policy is intended to be easily readable as well as understandable. To ensure this, i want to explain the used terminology. In this privacy policy, there are used among others those definitions:

 

 

 

„personal data“ all data that relates to an identified or identificable natural person (in the following ’’concerned person’’); a natural person is considered identificable, who is directly or indirectly, especially via attribution to an identifier such as a name, to a recocnition code, to location data, to an online identifier or to one or more special attributes (which are an expression of the physical, physiological, genetical, psychological, economical, cultural, or social identity of this concerned person), identificable;

 

„affected person“ every identified or identificable natural person, whose personal data is processed through the one responsible for processing personal data.

 

„Processing“ Every process (or sequence of processes) executed with or without the help of automated procedures in correlation to personal data such as the gathering, organizing, ordering, storing/saving, adjusting, modifying, selecting/reading out, retrieving, using, disclosing through transmission, disseminating or another form of supplicating, reconciling/comparing, relating, restricting, deleting, or terminating;

 

„Restriction of processing“ the marking of saved personal data with the goal to restrict their future processing;

 

„Profiling“ every kind of automated processing of personal data, that utilizes personal data to rate certain personal aspects of the natural person, especially (to analyze and predict) aspects related to work efficiency, economical situation, health, personal preferences, interests, reliability, behavior, location or change of location;

 

„responsible person“ the natural or juridical person, agency, institution or other establishment, which (alone or mutually with others) decides over the means and purposes of the processing of personal data; if the means and purposes of this processing are predefined through the union law or laws of the member states, the responsible person, or the specific criteria of his designation after the union law or the law of the member states can be scheduled

 

„Recipient“ a natural or juridical person, agency, institution or other establishment, which personal data belonging to it is disclosed, not depending upon if the person is a third person or not. Agencies, which may obtain personal data in accordance with the union law or the law of the member states in the context of an investigation order, are not counted as recipients; the processing of such data through the mentioned agencies takes place in accordance with the current data protection legislation corresponding to the means of processing;

 

„Third (person)“ a natural or juridicial person, agency, institution or other establishment, except the concerned person, the responsible one, the one processing the order/assignment/commission, and the persons which under the immediate responsibility of the responsible one or of the one processing the order/assignment/commission are authorized to process the personal data;

 

„Consent“ every voluntary declaration of intention/will for a certain case, made unambiguously through the (informed) concerned person in the form of a declaration or other clear and approving action with which the concerned person makes clear that he/she/it is agreeing with the processing of personal data which pertains to him/her/it.

 

 

 

2. Name and contact information of the one responsible for the processing

 

Those data protection statements apply to the processing of data through:

 

Responsible one: Marvin Karrenbauer (Sole Proprietorship), represented by the business executive Marvin Karrenbauer, E-Mail: herbs-and-more@web.de, Tel: +49 (0)681 – 38722500

 

 

 

3. Elicitation and storage of personal data, as well as the means and purpose of their usage

 

a) When visiting the websites

 

You can visit my websites without disclosing your identity. When entering the websites, the browser used by you on your device will automatically send information to the server of my websites. This information is saved temporarily in a so-called logfile. The following information is recorded and stored without your action up to the point of automatic deletion:

 

IP-Address of the asking device (your device used to access the websites),

 

Date and time of the access,

 

Name and URL of the accessed file,

 

Website(s), from which the access is taking place (Referrer-URL),

 

used browser and as the case may be, the operating system of your device aswell as the name of your access-provider.

 

The named data is processed through me for the following reasons:

 

warranty of a smooth connection build-up of the website(s),

 

warranty of a comfortable usage of my websites,

 

evaluation of system security and stability, as well as

 

for other administrative purposes

 

The legal basis for the processing of data is Article 6 paragraph 1 site 1 lit. f GDPR. My eligible interest follows from purposes for the elicitation of data listed above. In no instance am i using the collected data for the purpose of making conclusions to your person. Furthermore, if visiting my websites, i am using cookies. More precise elucidations you can get under the cypher 5 of this privacy policy.

 

b) when using my contact form

 

When you got any questions, you can use my contact form on my websites. You have to specify a valid e-mail address, in order that i can know from which person the request came as well as to be able to answer the question/s. More data/information is not mandatory, you can hand it out voluntarily. The processing of data for the purpose of making contact with me is in accordance with article 6 paragraph 1 site 1 lit. a GDPR, on the basis of your voluntariliy granted consent.

 

The personal data collected by me for the use of my contact form is deleted automatically after the enquiry is finished with processing and answering.

 

c) when making orders through my websites

 

You can order through my websites as a guest without making a registration, or you can register to make future orders. A registration has the advantage that you can log in directly with your e-mail address and password when making future orders without having to type in your personal data again.

 

When registering, your personal data is put in a input mask and then send to me as well as saved/stored. If you make an order through my websites, i will initially request the following data, regardless if you order as a guest or as a registered customer:

 

salutation, prename, surname,

 

a valid e-mail address,

 

address,

 

telephone number (fixed line or mobile phone)

 

The elicitation of this data takes place:

 

to be able to identify you as a customer;

 

to be able to process and fulfill your order;

 

to be able to correspond with you;

 

to be able to make an invoice and send it to you;

 

for handling and processing of possible liability claims, as well as the enforcement of possible claims against you;

 

to ensure the technical administration of my websites;

 

to administrate and manage my customer data.

 

In the process of making an order, you have to agree to the terms of this privacy policy, which includes your consent for the processing of this data according to the here mentioned terms and conditions.

 

The processing of data takes place after you place an order and/or register on my websites as a customer in accordance with article 6 paragraph 1 site 1 lit. b GDPR and is mandatory for the named purposes of the appropriate processing of your order as well as for the bilateral fulfillment of obligations (from the sales contract).

 

The personal data compiled by me for the processing of your order is stored as long as the duty to preserve records demands. After that, the data is deleted. An exception to this is when i am obliged in accordance with article 6 paragraph 1 site 1 lit. c GDPR to store the data for a longer period of time because of tax- and commercial obligations relating to storing and documentation (German HGB, StGB or AO). Also, if you agreed to a longer storage according to article 6 paragraph 1 site 1 lit. a, the data will be stored for a longer period of time accordingly.

 

 

4. Passing on of data

 

A passing on of your personal data by me to third persons is done only to the service-partners involved in processing the content and demands of the sales contract. This for example includes the logistics/delivery company, or the credit institute that is assigned the matters of payment.

 

In the cases where personal data is passed on to third persons, the amount of personal data passed on is limited to the necessary minimum.

 

A transfer of your personal data to third persons for other reasons as those mentioned is not done.

 

I will only give your personal data out to third persons if:

 

you have given a clear agreement in accordance to article 6 paragraph 1 site 1 lit. a GDPR to this,

 

the transfer is necessary according to article 6 paragraph 1 site 1 lit. f for the enforcement, practice, and defense of legal claims, and if there is no reason for the assumption that you have a predominant interest worthy of protection in the data concerning your person not being passed on,

 

for the case that the passing on of such data is legally mandatory according to article 6 paragraph 1 site 1 lit. c GDPR,

 

if it is legally valid and according to article 6 paragraph 1 site 1 lit.b GDPR necessary for the processing/carrying out of contractual relationships

 

In the process of making an order, you have to agree to the terms of this privacy policy, which includes your clear agreement to handing out your personal data to third parties in agreement with the here mentioned terms and conditions.

 

 

 

5. Use of cookies

 

I am using cookies on my websites. Cookies are small files, which the used browser generates automatically. When visiting my websites, they are stored on your device used to access my websites (Notebook, Tablet, Smartphone, and so forth). Cookies are not malicious and do not deal any damage. The also do not contain trojans, malware, or viruses. Information is stored in the cookie, which is related in context to the device used to access the websites. This does not mean that i can use this process to get knowledge about your identity.

 

The use of cookies has the reason of making the use of the offers on my websites more comfortable for you. Therefore, i am using so-called session-cookies to be able to recognize which websites of my online store you already visited. Those are deleted automatically after leaving my websites.

 

I also use temporal cookies for the optimization of the user-friendliness. Those are stored for a predetermined period of time on your device. If you visit my websites again to utilize my services, it is automatically detected that you already visited my websites as well as what kind of entries/input and what kind of settings you have made in the past. Therefore, you don’t have to repeat those.

 

The data processed with and through cookies is mandatory for the named purposes of preserving my eligible interests as well as those of third persons according to article 6 paragraph 1 site 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser in a way that it doesn’t store cookies on your device. You can also configure the browser in a way that it always asks you beforehand when new cookies are to be stored. The full deactivation of cookies can result in that not all functions of my websites are available to you.

 

 

 

6. Links to third person websites

 

Links published on my websites are researched and compiled with diligence beforehand.

 

However, i have no influence on the current and future design as well as the current and future content of the pages that are linked. I am not responsible for their content and i am explicitly not the owner of their content. The owners of those sites alone are liable for illegal, faulty, and incomplete contents as well as for the possible damage that results from using or not using the information contained on those sites. The liability of the one who is only pointing out the puplication/s through a link, is impossible. I am only responsible for foreign references, if i definitely knew of them and of possible illegal content. Adding to this, it must also be appropriate to ask of me the prevention of their use. Last, i also would have to be technically able to prevent their use.

 

 

 

7. Rights of concerned persons

 

You have the right:

 

to get information about the personal data concerning you that is processed by me, according to article 15 GDPR. Especially about the purposes of the processing, the categories of the personal data, the categories of recipients of personal data concerning you, the planned period of time in which the concerned personal data is stored, over the right of amendment that may exist, deletion, constraint of processing or objection, the right of complaint that may exist, the origin of your data (if it was not me who gathered the concerned data), and about the existence of an automated decision-making, including profiling as well as significant information concerning the details of such automated processes;

 

according to article 16 GDPR to demand immediately the amendment of wrong personal data relating to you as well as the completion of incomplete personal data relating to you that is already stored by me;

 

according to article 17 GDPR to demand the deletion of personal data relating to you that is stored by me, as long as processing of the concerned data is not needed for exercising the right of free expression of opinion and information, for fulfilling a legal obligation, for reasons of public interest, or for enforcement, execution and defense of legal claims;

 

According to article 18 GDPR to demand the constraint of the processing of personal data that relates to you insofar as you dispute their validity, the processing is illegitimate but you refuse the deletion of the concerned data and i have no need for the data anymore but you need it for the enforcement, exercise or defense of legal claims, or if you have filed an objection according to article 21 GDPR against the processing of concerned data;

 

according to article 20 GDPR to demand the personal data concerning you that you have provided me in a structured, common, and by machines readable format or to demand the forwarding of concerned data to another responsible person;

 

according to article 7 paragraph 3 GDPR to revoke your granted consent. This has the consequence that i cannot continue the processing of your personal data that is concerned by the revoked consent;

 

according to article 77 GDPR to make a complaint to a regulatory authority. Usually you can complain to the regulatory authority located in your usual abode or workplace, as well as the regulatory authority located in the abode of my office.

 

 

 

8. Right of objection

 

As far as your personal data is processed on the basis of justified interests according to article 6 paragraph 1 site 1 lit. f GDPR, you have the right, according to article 21 GDPR, to

 

file an objection against the processing of your personal data if you got justified reasons, as your special situation, or if the filed objection is intended against direct advertising. In the latter case you have a general right of objection which is accepted without the need of a special situation.

 

If you want to make use of your right of objection or cancellation, you can send an e-mail to: herbs-and-more@web.de

 

 

 

9. Data security

 

I use in the scope of visiting my websites the widely used SSL -Secure Socket Layer (now known as TLS - Transport Layer Security) at the highest encryption level that your browser supports. This is usually 256 Bit encryption. If your browser does not support this level, the next level under this would be 128- Bit. You can see by the closed key- or lock symbol in the status bar of your browser.

 

I also employ suitable technical and organisational means to secure your data against accidental as well as intended manipulation, partial or total loss, destruction,as well as against unauthorized access by third persons. My security measures are developed a technology advances.

 

 

 

10. Actuality and alteration of this privacy policy

 

This privacy policy is up to date as of July 2018.

 

Through the development of my websites and offerings, or because of changing legislation and/or magisterial requirements it can become a necessity to change this privacy policy. The latest version of this privacy policy can at all times be read and printed on my websites (you may use the following link):

 

 

 

https://www.herbs-and-more.eu/epages/82098528.sf/en_GB/?ViewObjectPath=%2FShops%2F82098528%2FCategories%2FPrivacyPolicy

 

___________________________________________________________________________

 

 

 

Source (German): ‘‘Muster-Datenschutzerklärung erstellt durch Rechtsanwalt Andreas Gerstel‘‘

Source (English): ‘‘Exemplary privacy policy created by lawyer Andreas Gerstel’’

(http://www.anwaltblog24.de/)