Unless otherwise stated below, the provision of your personal data is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. You are not obligated to provide this data. Failure to provide such data has no consequences. This applies only to the extent that no other information is provided regarding the following processing operations.
"Personal data" refers to any information relating to an identified or identifiable natural person.
Server log files
You can visit our website without providing any personal information.
Every time you access our website, your internet browser transmits usage data to us or our web host/IT service provider, which is then stored in log files (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider. Processing is carried out on the basis of Art. 6(1)(f) GDPR based on our overriding legitimate interest in ensuring the smooth operation of our website and in improving our services.
Contact
Data Controller
Please contact us if you wish. The data controller is: Albert Annan, Theodor-Rupel-Weg 2, 22307 Hamburg, Germany, +49 (0) 176 3450 0801,herbalmsofficial@gmail.com
Unsolicited contact from the customer via email
If you initiate business contact with us via email, we collect your personal data (name, email address, message text) only to the extent you provide it. The data processing serves to process and respond to your contact request.
If the contact serves the purpose of carrying out pre-contractual measures (e.g., consultation regarding purchase interest, preparation of an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6(1)(b) GDPR.
If contact is initiated for other reasons, this data processing is based on Article 6(1)(f) of the GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Article 6(1)(f) of the GDPR.
We use your email address solely to process your inquiry. Your data will subsequently be deleted in accordance with statutory retention periods, provided you have not consented to further processing and use.
Collection and Processing When Using the Contact Form at
When you use the contact form , we collect your personal data (name, email address, message text) only to the extent that you provide it. The data processing serves the purpose of establishing contact.
If the contact serves the purpose of carrying out pre-contractual measures (e.g., consultation regarding purchase interest, preparation of an offer) or relates to a contract already concluded between you and us, this data processing is based on Article 6(1)(b) of the GDPR.
If contact is established for other reasons, this data processing is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time to the processing of your personal data based on Article 6(1)(f) of the GDPR for reasons arising from your particular situation.
We use your email address solely to process your inquiry. Your data will subsequently be deleted in accordance with statutory retention periods, provided you have not consented to further processing and use.
Customer Account Orders
Customer Account
When you open a customer account, we collect your personal data to the extent specified there. The purpose of data processing is to improve your shopping experience and simplify order processing. Processing is based on Article 6(1)(a) of the GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation. Your customer account will then be deleted.
Collection, Processing, and Disclosure of Personal Data in Connection with Orders
When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. Providing this data is necessary for the conclusion of the contract. Failure to provide this data means that a contract cannot be concluded. The processing is based on Article 6(1)(b) of the GDPR and is necessary for the performance of a contract with you.
Your data may be shared, for example, with the shipping companies and dropshipping providers you have selected, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transfer is kept to a minimum.
Advertising
Use of Your Personal Data for Sending Postal Advertising
We use yourpersonal data (name, address) that we have received in connection with the sale of a product or service to send you postal advertising, provided you have not objected to this use. The provision of this data is necessary for the conclusion of the contract. Failure to provide this data means that no contract can be concluded.
Processing is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in direct marketing. You may object to this use of your address data at any time by notifying us. You can find the contact details for exercising your right to object in the legal notice.
Use of the email address for sending newsletters
We use your email address, independently of contract processing, exclusively for our own advertising purposes to send newsletters, provided you have expressly consented to this. Processing is based on Art. 6(1)(a) GDPR with your consent. You may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of your consent prior to withdrawal. To do so, you may unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list.
Payment Service Providers
Use of PayPal Checkout
We use the PayPal Checkout payment service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449, Luxembourg; “PayPal”) on our website. The purpose of this data processing is to enable us to offer you payment via this payment service. When you select and use payment via PayPal, credit card via PayPal, direct debit via PayPal, or “Pay Later” via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR.
Credit card via PayPal, direct debit via PayPal, and "Pay Later" via PayPal
For certain payment methods, such as credit card via PayPal, direct debit via PayPal, or “Pay Later” via PayPal, PayPal reserves the right to obtain a credit check based on mathematical and statistical methods using credit reporting agencies, if necessary. To this end, PayPal transmits the personal data required for a credit check to a credit bureau and uses the information received regarding the statistical probability of a payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated using scientifically recognized mathematical and statistical methods, which incorporate address data, among other factors. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of a credit check for the initiation of a contract. The processing is carried out on the basis of Art. 6(1)(f) GDPR based on our overriding legitimate interest in protection against payment default when PayPal makes an advance payment.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR by notifying PayPal. The provision of this data is necessary for the conclusion of the contract using your preferred payment method. Failure to provide this data will result in the contract not being able to be concluded using your chosen payment method.
Third-party provider
When paying via a third-party payment method, the data required for payment processing is transmitted to PayPal. This processing is based on Article 6(1)(b) of the GDPR. To facilitate this payment method, PayPal may then pass the data on to the respective provider. This processing is based on Article 6(1)(b) of the GDPR. Examples of local third-party providers include:
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main
Purchase on account via PayPal
When paying via the "Purchase on Invoice" payment method, the data required for payment processing is first transmitted to PayPal. To process this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR. Ratepay may conduct a credit check using mathematical-statistical methods (probability or score values) through credit bureaus in accordance with the procedure described above. The data processing serves the purpose of a credit check for the initiation of a contract. The processing is based on Article 6(1)(f) of the GDPR, reflecting our overriding legitimate interest in protecting against payment default when Ratepay makes an advance payment. Further information on data protection and which credit bureaus Ratpay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.
For more information on data processing when using PayPal, please refer to the corresponding privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Use of the payment service provider Stripe
We use the Stripe payment service on our website, provided by Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). The purpose of this data processing is to enable us to offer you payment via this payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR.
Stripe reserves the right to obtain a credit report, if necessary, based on mathematical and statistical methods using credit reporting agencies. To this end, Stripe transmits the personal data required for a credit check to a credit reporting agency and uses the information received regarding the statistical probability of default to make a balanced decision regarding the establishment, performance, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated using scientifically recognized mathematical and statistical methods, which incorporate, among other things, address data. Your legitimate interests will be taken into account in accordance with legal provisions. The data processing serves the purpose of a credit check for the initiation of a contract. The processing is carried out on the basis of Art. 6(1)(f) GDPR based on our overriding legitimate interest in protection against payment default when Stripe makes an advance payment.
You have the right to object at any time to the processing of your personal data based on Article 6(1)(f) of the GDPR for reasons arising from your particular situation by notifying Stripe. The provision of the data is necessary for the conclusion of the contract using your preferred payment method. Failure to provide the data will result in the contract not being able to be concluded using the payment method you have selected.
All Stripe transactions are subject to the Stripe Privacy Policy. You can find it athttps://stripe.com/de/privacy
Cookies
Our website uses cookies. Cookies are small text files that are stored in or by the web browser on a user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a unique string of characters that allows the browser to be uniquely identified when the website is visited again.
Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate settings in your web browser, you can be notified before cookies are set, decide whether to accept them on a case-by-case basis, and prevent cookies from being stored and the data they contain from being transmitted. Cookies that have already been stored can be deleted at any time. However, please note that in such cases, you may not be able to use all features of this website to their full extent.
The links below provide information on how to manage (including disabling) cookies in the most popular browsers:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Technically necessary cookies
Unless otherwise specified in the privacy policy below, we use only these technically necessary cookies for the purpose of making our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after you navigate to another page and to provide you with services. Some features of our website cannot be provided without the use of cookies. For these features, it is necessary for the browser to be recognized even after you navigate to another page.
The use of cookies or similar technologies is based on Section 25(2) of the TTDSG. The processing of your personal data is based on Article 6(1)(f) of the GDPR, which is grounded in our legitimate interest in ensuring the optimal functionality of the website and in providing a user-friendly and effective user experience.
You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation.
Verwendung von Consentmanager
Wir verwenden auf unserer Website das Consent-Management-Tool Consentmanager der Consentmanager AB (Håltegelvägen 1b, 72348 Västerås, Schweden; "Consentmanager").
Das Tool ermöglicht es Ihnen, Einwilligungen in Datenverarbeitungen über die Website, insbesondere das Setzen von Cookies, zu erteilen sowie von Ihrem Widerrufsrecht für bereits erteilte Einwilligungen Gebrauch zu machen.
Die Datenverarbeitung dient dem Zweck, erforderliche Einwilligungen in Datenverarbeitungen einzuholen sowie zu dokumentieren und damit gesetzliche Verpflichtungen einzuhalten.
Hierzu können Cookies eingesetzt werden. Dabei können u. a. folgende Informationen erhoben und an Consentmanager übermittelt werden: Datum und Uhrzeit des Seitenaufrufs, Informationen zu dem von Ihnen verwendeten Browser und das von Ihnen genutzte Gerät, anonymisierte IP-Adresse, Opt-in- und Opt-out-Daten. Eine Weitergabe dieser Daten an sonstige Dritte erfolgt nicht.
Die Datenverarbeitung erfolgt zur Erfüllung einer rechtlichen Verpflichtung auf Grundlage des Art. 6 Abs. 1 lit. c DSGVO.
Nähere Informationen zum Datenschutz bei Consentmanager finden Sie unter: https://www.consentmanager.net/privacy.php
Analyse
Verwendung von Google Analytics
Wir verwenden auf unserer Website den Webanalysedienst Google Analytics der Google Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Irland; „Google“).
Die Datenverarbeitung dient dem Zweck der Analyse dieser Website und ihrer Besucher sowie für Marketing- und Werbezwecke. Dazu wird Google im Auftrag des Betreibers dieser Website die gewonnenen Informationen benutzen, um Ihre Nutzung der Website auszuwerten, um Reports über die Websiteaktivitäten zusammenzustellen und um weitere, mit der Websitenutzung und der Internetnutzung verbundene Dienstleistungen gegenüber dem Websitebetreiber zu erbringen. Dabei können u.a. folgende Informationen erhoben werden: IP-Adresse, Datum und Uhrzeit des Seitenaufrufs, Klickpfad, Informationen über den von Ihnen verwendeten Browser und das von Ihnen verwendete Device (Gerät), besuchte Seiten, Referrer-URL (Webseite, über die Sie unsere Webseite aufgerufen haben), Standortdaten, Kaufaktivitäten. Die im Rahmen von Google Analytics von Ihrem Browser übermittelte IP-Adresse wird nicht mit anderen Daten von Google zusammengeführt.
Google Analytics verwendet Technologien wie Cookies, Webspeicher im Browser und Zählpixel, die eine Analyse der Benutzung der Website durch Sie ermöglichen. Die dadurch erzeugten Informationen über Ihre Benutzung dieser Website werden in der Regel an einen Server von Google in den USA übertragen und dort gespeichert. Für die USA ist kein Angemessenheitsbeschluss der EU-Kommission vorhanden. Die Datenübermittlung erfolgt u.a auf Grundlage von Standardvertragsklauseln als geeignete Garantien für den Schutz der personenbezogenen Daten, einsehbar unter: https://policies.google.com/privacy/frameworks und https://business.safety.google/adsprocessorterms/. Sowohl Google als auch staatliche US-Behörden haben Zugriff auf Ihre Daten. Ihre Daten können von Google mit anderen Daten, wie beispielsweise Ihrem Suchverlauf, Ihren persönlichen Accounts, Ihren Nutzungsdaten anderer Geräte und allen anderen Daten, die Google zu Ihnen vorliegen hat, verknüpft werden.
Auf dieser Website ist die IP-Anonymisierung aktiviert. Dadurch wird Ihre IP-Adresse von Google innerhalb von Mitgliedstaaten der Europäischen Union oder in anderen Vertragsstaaten des Abkommens über den Europäischen Wirtschaftsraum zuvor gekürzt. Nur in Ausnahmefällen wird die volle IP-Adresse an einen Server von Google in den USA übertragen und dort gekürzt.
Die Verarbeitung Ihrer personenbezogenen Daten erfolgt auf Grundlage des Art. 6 Abs. 1 lit. f DSGVO aus unserem überwiegenden berechtigten Interesse an der bedarfsgerechten und zielgerichteten Gestaltung der Website. Sie haben das Recht aus Gründen, die sich aus Ihrer besonderen Situation ergeben, jederzeit dieser Verarbeitungen Sie betreffender personenbezogener Daten zu widersprechen.
Sie können die Erfassung der durch Google Analytics erzeugten und auf Ihre Nutzung der Website bezogenen Daten (inkl. Ihrer IP-Adresse) an Google sowie die Verarbeitung dieser Daten durch Google verhindern, indem Sie das unter dem folgenden Link verfügbare Browser-Plug-in herunterladen und installieren: https://tools.google.com/dlpage/gaoptout?hl=de
Um die Datenerfassung und -speicherung durch Google Analytics geräteübergreifend zu verhindern, können Sie einen Opt-Out-Cookie setzen. Opt-Out-Cookies verhindern die zukünftige Erfassung Ihrer Daten beim Besuch dieser Website. Sie müssen das Opt-Out auf allen genutzten Systemen und Geräten durchführen, damit dies umfassend wirkt. Wenn Sie das Opt-out-Cookie löschen, werden wieder Anfragen an Google übermittelt. Wenn Sie hier klicken, wird das Opt-Out-Cookie gesetzt: Google Analytics deaktivieren.
Nähere Informationen zu Nutzungsbedingungen und Datenschutz finden Sie unter https://www.google.com/analytics/terms/de.html bzw. unter https://www.google.de/intl/de/policies/ sowie unter https://policies.google.com/technologies/cookies?hl=de.
Use of Google Analytics 4
We use the web analytics service Google Analytics, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”), on our website.
Data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. To this end, Google will use the information collected on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator.
The following information, among others, may be collected: IP address, date and time of the page view, click path, information about the browser and device you are using, pages visited, referrer URL (the website from which you accessed our website), location data, and purchase activities. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Google uses technologies such as cookies, browser storage, and web beacons that enable an analysis of your use of the website. The information generated thereby regarding your use of this website is generally transmitted to a Google server in the United States and stored there. There is no adequacy decision by the EU Commission for the U.S. Data transfer is based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, available at: https://policies.google.com/privacy/frameworks. Both Google and U.S. government authorities have access to your data. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices, and all other data that Google has about you.
When using Google Analytics 4, the IP address transmitted by your website is automatically collected and processed in an anonymized form. The IP address is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area.
The processing of your personal data is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in the needs-based and targeted design of the website. You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.
You can prevent the collection of data generated by Google Analytics and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
To prevent data collection and storage by Google Analytics across all devices, you can set an opt-out cookie. Opt-out cookies prevent the future collection of your data when you visit this website. You must perform the opt-out on all systems and devices you use for this to be fully effective. If you delete the opt-out cookie, requests will again be transmitted to Google. Click here to set the opt-out cookie:Disable Google Analytics.
For more information on terms of use and data protection, please visit https://policies.google.com/technologies/partner-sitesand https://policies.google.com/privacy?hl=de&gl=de.
Using Google Translate
We use the translation service of [company name] on our website via an API integration.
Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
The purpose of data processing is to display the information provided on the website in other languages. To automatically display the translation in the language of your choice, the browser you are using connects to Google’s servers. Cookies may be used for this purpose. Among other things, the following information may be collected and processed: IP address, URL of the page visited, date, and time.
Your data may be transferred to the United States. There is no adequacy decision by the European Commission for the United States. The data transfer is based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1), sentence 1 of the TTDSG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is carried out with your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
For more information about how Google collects and uses your data, please visit: https://www.google.com/policies/privacy/.
Data Subject Rights and Retention Period
Retention period
After the contract has been fully executed, the data will initially be stored for the duration of the warranty period, then in accordance with statutory retention periods—particularly those under tax and commercial law—and finally deleted upon expiration of these periods, unless you have consented to further processing and use.
Rights of the data subject
Provided the legal requirements are met, you are entitled to the following rights under Articles 15 through 20 of the GDPR: the right to access, rectification, erasure, restriction of processing, and data portability.
In addition, pursuant to Art. 21(1) GDPR, you have the right to object to processing based on Art. 6(1)(f) GDPR, as well as to processing for the purposes of direct marketing.
Right to lodge a complaint with the supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaintwith the supervisory authority if you believe that the processing of your personal data is not lawful.
You may lodge a complaint, among other places, with the supervisory authority responsible for us, which you can reach at the following contact details:
Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str 22, 7th Floor
20459 Hamburg
Tel.: +49 40 428544040
Fax: +49 40 428544000
Email:mailbox@datenschutz.hamburg.de
Right to Object
If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.
Once an objection has been lodged, the processing of the data in question will be terminated, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.
If personal data is processed for direct marketing purposes, you may object to this processing at any time by notifying us. Once an objection has been filed, we will cease processing the relevant data for direct marketing purposes.
Last updated: November 29, 2022