Information pursuant to article 13 GDPR
In the following, we would like to inform you about the collection of personal data when you use our website and establish contact via the contact form, by e-mail or telephone. Personal data are all such data that refer to you in person, e.g. name, address, e-mail addresses, and user behavior.
I. Name and contact details of controller and data protection officer
1. Controller pursuant to article 4, section 7 of the General Data Privacy Regulation (GDPR) is Vita 34 AG, Deutscher Platz 5, D-04103 Leipzig; telephone: +49 (0)341 48792-0, fax: +49 (0)341 48792-20, e-mail: firstname.lastname@example.org (see our imprint).
2. Our data protection officer is available for contact by telephone at +49 (0)341 48792-96 or by e-mail to: email@example.com or by mail to our address, adding “Der Datenschutzbeauftragte” (data protection officer).
II. General information on the collection, transfer, and maximum storage time of personal data
1. We process your personal data in compliance with the provisions as specified in the EU GDPR, the Federal Data Protection Act (BDSGneu) and all other applicable laws (e.g. German Broadcast Media Act).
2. First and foremost, data processing serves to establish and fulfil a contractual relationship with you. When you contact us by e-mail, via a contact form or by telephone, the data you provide us with (your e-mail address, your name, your address, your phone number, and, if available, your calculated date of delivery) will be stored to answer your questions. The prior legal basis for this is article 6, section 1b) GDPR. In addition, your separate consent pursuant to article 6, section 1a GDPR may be obtained, if necessary, to comply with the requirements under data privacy law.
The data obtained in this connection will be deleted, when their storage is not required anymore or restrict their processing, if record retention periods are required by law.
3. If we resort to commissioned service providers to fulfil individual functions of our offered services or want to use your data for commercial purposes, we will inform you about the respective procedures as specified below, also indicating the criteria defined for the maximum storage time.
4. Your personal data will not be passed onto third parties for other than the purposes given below. We pass your data onto third parties only, if you gave your express consent to such pursuant to article 6, section 1, clause a) GDPR, transmission is required to pursue, exercise, or defend legitimate interests pursuant to article 6, section 1, clause f) GDPR and there is no reason to assume that you have a predominantly legitimate interest in not passing your data on, in case the transmission is necessary to comply with a legal obligation pursuant to article 6, section 1, clause c) GDPR as permitted by law and if necessary to perform a contract with you pursuant to article 6, section 1, clause b) GDPR. We do not intend to pass your data onto a recipient in a third country (non-member state of EU/EEA) or an international organization.
5. We will delete your personal data, when they are not needed anymore for the intended purposes. After termination of the contract, your personal data will be stored for the period stipulated by law. This follows regularly from legal obligations to produce supporting documents and obligations to retain data specified in the German Commercial Code or the German Medicinal Products Act and other documents. Accordingly, the storage periods are up to ten years for accounting data and up to 30 years for data concerning medical findings. Personal data may be furthermore stored for the period, in which claims against us can be asserted.
III. Collection of personal data on our website
1. Our website
1.1 When you use the website for information purposes only, i.e. you do not register or submit information otherwise, we collect only those personal data that your browser transmits to our server. When you want to view our website, we collect data that are technically necessary for us to show you the website and to ensure its stability and safety. The data are also stored in the system log files. Such data will not be stored together with other personal user data. Such data include the IP address, date and time of inquiry, time zone difference to Greenwich Mean Time (GMT), content of inquiry (specific page), access status/http status code, respectively transmitted data amount, website of inquiry, browser, operating system and its surface and language as well as version of browser software.
1.2 The legal basis of storing the data and log files temporarily is article 6, section 1, clause f) GDPR.
1.3 The system needs to store the IP address temporarily to enable the delivery of the website to your browser. For this purpose, your IP address must remain stored until the end of the session. It is stored in log files to ensure that the website operates correctly. Furthermore, the data serve to optimize the website and to ensure the safety of our IT systems. These aims constitute our legitimate interest in data processing pursuant to article 6, section 1, clause f) GDPR. The data will not be analyzed for marketing purposes in this connection.
1.4 The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. In the case of collecting the data to provide the website, this is when the respective session has ended. Log files will be deleted within seven days after you accessed the website.
1.5 Collecting data when you visit the website and storing the data in log files is compulsory to operate the website. You have therefore no right to object whatsoever.
Among other data, the following will be collected: name of website, file, date, amount of data, web browser, and version of web browser, operating system, domain name of your internet provider, the so-called referrer URL (the site from which you accessed our website), and the IP address.
Without these data, it would be technically impossible to some extent to provide and represent the website contents. Therefore, collecting data is compulsory. Furthermore, we use the anonymous information for statistical purposes. They help us to optimize our offer and our technology. In addition, we reserve the right to check the log files retroactively, if we suspect that our offer was used unlawfully.
2.1 When you use our website, cookies will be stored on your computer system. Cookies are text files stored on the internet browser or by the internet browser on your computer system. When you access a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters, allowing for distinct identification of the browser when you access the website again.
This website uses the following types of cookies, the scope and function of which will be explained in the following:
- Transient cookies (temporary use)
- Persistent cookies (unlimited use)
- Third-party cookies (by third-party providers according to separate information).
2.3 Transient cookies will be deleted automatically, when you close the browser. They are usually session cookies, which store a so-called session ID in order to assign different inquiries from your browser to the joint session. Thereby, your computer can be recognized, when you return to our website. Session cookies will be deleted, when you log off or exit the browser. The legal basis of processing personal data applying transient cookies is article 6, section 1, clause f) GDPR. The purpose of applying cookies is to make using the website easier for you. Some of the website functions cannot be provided without applying cookies. They require recognition of the browser after you switched pages. These aims constitute our legitimate interest in processing personal data pursuant to article 6, section 1, clause f) GDPR.
2.4 We use persistent cookies exclusively in connection with the web analysis services we apply and only as long as the purpose requires; their lifetime is two years maximum. You can delete the cookies at any time in the safety settings of your browser. In that case, functions and user-friendliness of the website may be limited. The legal basis of processing personal data applying persistent cookies is article 6, section 1, clause f) GDPR. Analysis cookies are used to improve the quality of our website and its contents. Analysis cookies provide us with information on how the website is used and thus help us in optimizing our offer. These aims constitute our legitimate interest in processing personal data pursuant to article 6, section 1, clause f) GDPR.
3. Other functions and offers of our website
3.1 In addition to the merely informational use of our website, we offer various services you can use, if you want to. For this purpose, you usually have to enter further personal data, which we use to provide the respective service and to which the principles of data processing as given above apply.
3.2 To some extent, we resort to third-party service providers to process your data. We chose and assigned them carefully, they are bound by our instructions and will be inspected regularly.
3.3 We may furthermore pass your personal data onto third parties, when we offer the participation in sales campaigns, competitions, conclusions of contracts, or similar services in collaboration with partners. You will be provided with further information in this regard, when you indicate your personal data or below in the description of the respective service.
3.4 If our service providers or partners are officially registered in a country outside the European Economic Area (EEA), we will inform you about the consequences of this fact in the description of the respective service.
4. Use of contact forms
4.1 We will collect further personal data only, if you provide them of your own accord in our contact forms. In that case, we will collect the information provided in the course of establishing contact. These are in particular names and submitted contact details, date and occasion of contacting. We will use your collected personal data only to the purpose of providing you with the requested products or services (legal basis article 6, section 1 b) GDPR) or to other purposes, to which you gave your consent (legal basis article 6, section 1 a) GDPR) and which are described in the present data privacy statement. You may give your consent, e.g. to set cookies by third parties or to web tracking by those, in the corresponding technical browser settings. You have the possibility to withdraw your consent to the processing of personal data at any time.
4.2 The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. With regard to the personal data from the input mask of the contact form, this is the case, when the respective conversation with you has ended. The conversation has ended, when we can assume from the circumstances that the concerned issue has been settled finally. If the provided data are subject to obligations to retain data under tax or commercial law, they will be stored for the defined time of retention of ten years and deleted afterwards, unless you agreed to storage exceeding such time.
5. Integration of social media plug-ins
5.1 At present, we integrate the following social media plug-ins: Facebook, Xing, LinkedIn. The social networks are operated exclusively by third parties, some of whom are officially registered outside the EU or the EEA – the data privacy level pursuant to§§ 4b, 4c BDSG may therefore possibly be inadequate. The browser plug-ins and links are identified by means of icons or other references on our website. When you visit websites containing such browser plug-ins, a connection between your device (browser) and the servers of the respective social network is established automatically, thus passing the information that you visited our website onto the social network. The visit to our website will then, if you are logged into your personal user account in the social network or log in during your visit to our website, be assigned to your account. Interacting with browser plug-ins or links, e.g. by pressing a “Like” button or leaving a comment, transmits the information to the respective social network, where they are saved. You can prevent the assignment of data to your account on the one hand by logging out of your account (in the respective social network) before you visit our website. On the other hand, you can prevent the respective plug-ins from being loaded at all by applying a browser add-on, e.g. by implementing the script blocker “NoScript” (http://noscript.net/).
5.2 For the purpose and scope of data collection by social networks as well as the further processing and use of such data and your rights in this regards as well as setting options to protect your privacy, please refer to the respective data privacy statements of the providers:
Facebook Inc., 1601 Willow Road, Nelo Park, CA 94025, USA
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
5.3 On our website, we also use the “visitor action pixel” by
1601 S. California Ave,
Palo Alto, CA 94304, USA
This way, the user behavior is tracked, when users were forwarded to the website of the provider after clicking a Facebook ad. This method serves to analyze the effectiveness of Facebook ads for statistical and marketing purposes and may help to optimize future advertisement campaigns.
The data collected are anonymous to us and do not provide us with any reference to the user identity. However, the data are stored and processed by Facebook, so that the association to the respective user profile is possible and Facebook can use the data for its own marketing purposes in accordance with the Facebook data usage policy. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
Consent to the implementation of the visitor action pixel may be declared only by users older than 13 years. If you are younger, please ask your parents or legal guardian for permission. Click here to withdraw your consent.
6. Integration of Google Maps
6.1 On our website, we use Google Maps, a service offered by Google LLC. Thus, we are able to show you interactive maps directly on the website and allow you to conveniently use the map feature. The legal basis of using Google Maps is article 6, section 1, clause f) GDPR.
6.2 By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in section III. 1. of this statement will be transmitted. This happens irrespective of whether you have a Google user account, to which you are logged in, or not. When you are logged into Google, your data will be allocated directly to your account. If you do not wish to be associated with your Google profile, you have to log out before activating the button. Google stores your data in usage profiles and uses them for purposes of advertising, market research and/or tailor-made design of its website. Such analysis will be carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users about your activities on our website. You have the right to object to the formation of such user profiles. To exercise this right, you have to contact Google.
7. Use of our online shop
7.1 If you want to order from our online shop, it is necessary for the conclusion of the contract that you enter the personal data required to process your order. Compulsory data required to process the order are marked specifically; other data are optional. The legal basis of processing such personal data is article 6, section 1, sentence 1, clause b) GDPR.
7.2 Optionally, you can set up a customer account, which we use to store your data for other future purchases. When you create an account after clicking “Register”, the data you enter will be stored. Such storage may be revoked. The legal basis of processing such personal data is article 6, section 1, sentence 1, clause b) GDPR.
7.3 Your address, payment, and order data will be stored for ten years after the contract was processed subject to obligations to retain data under tax or commercial law and deleted afterwards, unless you agreed to storage exceeding such time or further data processing is required to assert, exercise, or defend legal claims. The legal basis for the processing of personal data to the purpose of complying with the archiving and retention obligations provided by law is article 6, section 1, sentence 1, clause c) GDPR.
7.4 We will process the data you entered in order to handle your order. For this purpose, we possibly forward your data to our main bank as well as to logistics companies and the provider of payment services you chose. We are entitled to forwarding such personal data pursuant to article 6, section 1, sentence 1, clause b) GDPR. Our service providers may process and use your data only for the purpose, the fulfilment of which the data were forwarded to them for. You can access the data at any time. As far as data are passed onto external service providers, we make sure that the data privacy regulations are complied with through technical and organizational measures.
7.5 You are not obligated to provide the above given personal data. The data given are required to conclude a contract. Without providing the data, communication, conclusion of a contract, or processing of the contract may be impossible.
8.1 By giving your consent, you may subscribe to our newsletter to inform you about our latest interesting offers. The advertised goods and services will be specified in the declaration of consent.
8.2 The registration for our newsletter follows the so-called double-opt-in procedure. That means, after the registration, we will send you an e-mail to the given e-mail address, asking you to confirm your subscription to the newsletter. If we do not receive the confirmation within 24 hours, we will block your information and delete it after one month. Furthermore, we store the IP addresses you used, the time of registration, and the time of the confirmation. The purpose of this procedure is to prove your registration and, if necessary, to be able to resolve the possible misuse of your personal data. The legal basis is article 6, sections 1 a) and c), article 7, section 1 GDPR.
8.3 The only compulsory indication we need for the delivery of the newsletter is your e-mail address. Other, separately marked data are optional and used to be able to address you personally. After your confirmation, we store your e-mail address with the purpose of sending you the newsletter. The legal basis is article 6, section 1, clause a) GDPR. The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. Accordingly, the e-mail address of the user will be stored as long as the subscription to the newsletter is active.
8.4 You can revoke your consent to the delivery of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking the link provided in each newsletter e-mail or by sending a message to the contact details stated in the imprint.
The newsletter service provider may use the recipients’ data in pseudonymous form, i.e. without assignment to users, to optimize or improve its own services, e.g. for technical optimization of the delivery and representation of newsletters, or for statistical purposes. The newsletter service provider, however, shall not use the data of our newsletter recipients to contact them or forward the data to third parties.
9. Use of Google Analytics
9.1 On our website, we use Google Analytics, a web analytics service provided by Google Inc. (”Google“). Google Analytics uses so-called “cookies”, text files saved on your computer and allowing for the analysis of your website usage. The information generated by the cookie about your usage of the website will be transmitted to and stored by Google on servers in the United States. If the IP anonymizer is active on this website, your IP address will shortened beforehand by Google in the member states of the European Union and in other contracting states of the EEA Agreement. Only in exceptional cases will the full IP address be transferred to Google servers in the USA and shortened there. By order of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
9.2 Within the scope of Google Analytics, Google will not associate your IP address submitted by your browser with any other data held by Google.
9.3 You may prevent the storage of cookies by selecting the appropriate settings in your browser software, however, please note that, when you do this you may not be able to use the full functionality of this website. You can furthermore prevent the collection of the data generated by cookies and related to your website usage (including your IP address) and them being sent to and processed by Google by downloading and installing the following browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=de.
Sie können die Erfassung durch Google Analytics verhindern, indem Sie auf folgenden Link klicken. Es wird ein Opt-Out-Cookie gesetzt, das die zukünftige Erfassung Ihrer Daten beim Besuch dieser Website verhindert: Google Analytics deaktivieren
9.4 This website uses Google Analytics with the extension “_anonymizeIp()”.As a result, IP addresses will be further processed in shortened form, thus excluding reference to persons. If the data collected about you have a personal reference, this will be excluded promptly and the personal data deleted immediately.
9.5 5 We use Google Analytics to analyze the usage of our website and be able to improve it on a regular basis. We can improve our offer and make it more interesting for users by means of the obtained statistics. Regarding the exceptional cases, in which personal data are transmitted to the USA, Google has submitted to the EU-US Privacy Shield EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis of using Google Analytics is article 6, section 1, clause f) GDPR.
9.7 The website uses Google Analytics furthermore to carry out cross-device analysis of visitor traffic via the user ID. You can disable the cross-device analysis of your usage in your customer account in “My data”, “Personal data”.
10. Collection, processing, and use of personal data when using and registering via our mobile apps
10.1 If you want to make use of the services of our mobile apps via the smartphone to have one of our products available when you are on the go, such data will be collected, processed and used that are necessary to use the functions of the respective mobile app. This applies in particular to the “Our baby” mobile app, which processes personal data. Because of the sensitivity of such data, it is absolutely necessary that you protect your device from access by others and make sure that unauthorized third parties cannot take note of such data, while you use the app.
10.2 The (personal) data you enter to use the mobile app will be stored and processed at data processing centers of our provider. The provider will use the data only to provide the services. These include in particular maintenance and repair works. When such works are carried out, we cannot exclude in individual cases that provider’s or sub-contractors’ employees may take note of your (personal) data.
11. Data security
11.1 During visits to our website, we use the common SSL technology (Secure Socket Layer) in connection with the respectively highest encryption level supported by your browser. This is usually the 256-bit encryption. If your browser does not support 256-bit encryption, we resort to the 128-bit v3 technology. You can recognize, whether an individual page of our internet presence is transmitted in an encrypted manner, by the closed lock symbol in the status bar of your browser.
11.2 We take suitable technical and organizational safety measures to protect your data from accidental or intentional manipulation, loss in parts or in whole, destruction, and unauthorized access by third parties. We improve our safety measures continuously to keep up with the technological development.
IV Collection of personal data in case of contact by e-mail, mail, and by telephone
1. Collection of personal data of customers, prospective customers, and suppliers
1.1 We collect your personal data as a customer, prospective customer, or supplier only, if you provide them of your own accord by e-mail, mail, or telephone. In that case, we will collect the information provided in the course of establishing contact. These are in particular names and submitted contact details, date and occasion of contacting. We will use your collected personal data only to the purpose of providing you with the requested products or services (legal basis article 6, section 1 b) GDPR) or to other purposes, to which you gave your consent (legal basis article 6, section 1 a) GDPR) and which are described in the present data privacy statement. You have the possibility to withdraw your consent to the processing of personal data at any time.
1.2 You are not obligated to provide the personal data given above. The data given are required to conclude a contract. Without providing the data, communication, conclusion of a contract, or processing of the contract may be impossible.
1.3 The data relevant to the individual case will be passed on in line with the provisions of the law or an agreement to public authorities, in the event that other legal provisions prevail, to external service providers or other sub-contractors, if you gave your express consent to such or the transmission is permitted for predominantly legitimate interests. We do not intend to pass your data onto a recipient in a third country (non-member state of EU/EEA) or an international organization.
1.4 The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. With regard to the personal data provided, this is the case, when the respective conversation with you has ended. The conversation has ended, when we can assume from the circumstances that the concerned issue has been settled finally. If the provided data are subject to obligations to retain data under tax or commercial law, they will be stored for the defined time of retention of ten years and deleted afterwards, unless you agreed to storage exceeding such time or further data processing is required to assert, exercise, or defend legal claims. The legal basis of the processing of personal data to the purpose of complying with the archiving and retention obligations provided by law is article 6, section 1, sentence 1, clause c) GDPR.
2. Collection of personal data of applicants
2.1 We collect your personal data as an applicant only, if you provide them of your own accord by e-mail, mail, or telephone. This applies to applications for job advertisements and to unsolicited applications. We will collect the data provided within the scope of the application, in particular including name, date of birth, contact details, interests, qualification details as well as details of education and career. The personal data collected will be used only to the purpose of handling the application procedure (legal basis article 6, section 1, clauses a), b), and f) GDPR, § 26 BDSG).
2.2 You are not obligated to provide the personal data given above. The data given may be required to conclude a contract after the application procedure has ended. Without providing the data, communication, handling of the application procedure or the conclusion of a contract may be impossible.
2.3 The data relevant to the individual case will be passed on in line with the provisions of the law or an agreement. The data will be passed onto employees of the human resources department, employees of the management, and the respective head of department. Your personal data will not be passed onto third parties. We do not intend to pass your data onto a recipient in a third country (non-member state of EU/EEA) or an international organization.
2.4 The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. Therefore, we will store the data after the application procedure has ended, if you were rejected for six months after you were notified of the rejection. If you agreed to storage for a longer time, the data will be stored for two years. Then, we will either delete your data or obtain your consent to storage again. You have the possibility to withdraw your consent to the processing of personal data at any time.
V. Objection to or revocation of consent to data processing
1. If you have given consent to the processing of your personal data, you can revoke it at any time. Such revocation does not affect the lawfulness of the processing carried out on the basis of the consent given until the revocation.
2. Insofar as we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case, if the processing is not required to fulfil a contract concluded with you, which we explain in the respective description of the functions. When you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or explain to you our imperative legitimate grounds on which we continue the processing.
3. You may object to the processing of your personal data for advertising and data analysis purposes at any time. You can notify us about your objection to advertising through the following contact details:
Vita 34 AG
Deutscher Platz 5, 04103 Leipzig
Telefon: +49 (0)341 48792-0
Telefax: +49 (0)341 4879-20
VI. Your rights
1. . Pursuant to article 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of recipients to whom we disclose or disclosed your data, the planned storage time, the existence of the right to rectification, deletion or restriction of the processing or to objection, the existence of the right to claim, the origin of the data, if they were not collected by us, as well as on the existence of automated decision-making including profiling and, if necessary, significant information on the relevant details.
2. Pursuant to article 16 GDPR, you have the right to request the prompt correction of incorrect personal data or completion of incomplete personal data that are stored by us. Pursuant to article 17 GDPR, you have the right to request deletion of your stored personal data, unless the processing is required to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
3. Pursuant to article 18 GDPR, you have the right to restrict the processing of your personal data, if you contest the accuracy of the data, processing is unlawful, but you oppose the erasure of the data and we do no longer need the data, but you require them to assert, exercise or defend legal claims or you have objected to processing pursuant to article 21 GDPR.
4. Pursuant to article 20 GDPR, you have the right to receive your personal data that you provided to us in a structured, commonly used and machine-readable format or to request the transmission of the data to another controller.
5. Pursuant to article 7, section 3 GDPR, you have the right to withdraw your once given consent at any time. The consequence will be that we are not permitted to continue the data processing based on this consent as before.
6. Furthermore, pursuant to article 77 GDPR, you have the right to lodge a complaint concerning the processing of your personal data by us with a supervisory authority, e.g. with the competent Saxon data protection officer: Sächsischer Datenschutzbeauftragter, Bernhard-von-Lindenau-Platz 1, D-01067 Dresden, telephone: +49 (0)351 / 49 3-5401, e-mail: firstname.lastname@example.org.
VII. Timeliness and amendment of this data privacy statement
1. This data privacy statement is up to date and was amended last in May 2018.
2. The further development of our website and offers or owing to changes of statutory provisions or official requirements may result in amendments of this data privacy statement. You can retrieve and print the respectively up-to-date data privacy statement at any time on our website at www.vita34.de/datenschutz.