The objective of this Privacy Statement is to inform you and the public about the scope and purpose of the personal data that we collect, use and process and at the same time to clarify your legal rights.
Our Privacy Statement is based on concepts found in the General Data Protection Regulation (hereinafter “GDPR”, https://eur-lex.europa.eu/eli/reg/2016/679/oj). When we speak of the following concepts in our Privacy Statement, we intend the following meanings:
- Personal Data
“Personal data” means any information relating to an identified or identifiable natural person (referred to herein as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Person affected (“Data Subject”)
A person is “affected” as a “data subject” if their personal data is processed by the data controller responsible for such data processing.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of Processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the controller’s specific criteria may be provided for by European Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- Third Party
“Third Party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
2. Name and Address of the Controller
Data Protection Officer:
Tanja Liell-Schneider, External data protection officer for the Ayurveda Parkschlösschen Bad Wildstein GmbH
3. Collection of Data and the Legal Basis for Processing of Data
Collection of General Data and Information
When this website is accessed, information of a general nature is recorded automatically. This information (so-called “server log files”) includes the type of Internet browser used, the operating system employed, the domain name of the Internet service provider, and similar. On the basis of this information no personal conclusions can be drawn about the accessing user. This information is technically necessary in order to provide correctly the content requested from websites, and are mandatory when the Internet is accessed. Anonymous information of this kind is statistically evaluated by us in order to optimize our Internet presence and the technology behind it.
The following information is recorded and stored when this website is accessed:
- The IP Address of the PC or other Internet-capable device of the accessing user
- The date of access
- The name und URL of the file accessed
- The referring URL
- The browser / operating system / access provider
The recording and storage of data serve the following purposes:
- Connection setup to the website
- Technical use of the website
- System security
Data processing proceeds according to Art. 6(1)(f) of the GDPR.
For security purposes and for protection of the transmission of personal data and other confidential content (e.g. orders for wares or requests to the controller), this website uses SSL/TLS encryption. The user can recognize an encrypted connection through the browser’s URL address bar character sequence “https://” and the accompanying lock symbol.
Registration and Ordering on this Internet Website
If a user registers on this website or sets up a customer account, personal data about that user is also collected. We draw attention to the fact that while registration offers wider access to the content of this website, it does not represent an absolute precondition for the use of this website. The personal data that is transmitted to the data controller results from the respective input mask that is used for registration. The personal data entered by the affected person (“data subject”) is recorded and stored solely for internal use by the controller and for our own use. The data controller can initiate transmission of personal data to one or more external controllers, who likewise use the personal data for internal purposes attributable to the data controller, for example, parcel services for postal delivery to the user.
The following data from user registration on this website is recorded and subsequently stored by us:
- Name and Postal Address
- E-mail Address
- Telephone Number
The purposes of data recordation and storage are:
- Customer Identification
- Processing and Handling of Orders and Customer Correspondence
- Invoicing and Accounting
- Processing of Any Liability Claims or Assertion of Possible Claims Against Others
- Technical Administration of the Webseite
- Management Administration
Consent from you will be obtained during ordering, prior to the processing of your personal data.
Data processing is made pursuant to Art. 6(1)(b) of the GDPR.
If you choose to subscribe to our free Newsletter (regular advertising information per e-mail with offers or other information), your personal data will be used solely for this purpose and it will not be transmitted to any third parties.
This includes information which is relevant for the subscription service or for registration. Verification of the e-mail address is made via the so-called “double opt-in” process, whereby the newsletter subscription is verified by sending a verification e-mail to the user for an appropriate confirming answer. No other data is recorded.
The newsletter subscription can be cancelled at any time (revocation of consent), either through a message to the contact described herein or via a cancellation link placed for that purpose in the newsletter. Cancellation involves no additional user costs, which do not go beyond the regular communication costs (e.g. the cost of a telephone call). Lawful data processing based on consent of the user is made pursuant to Art. 6(1)(a) of the GDPR.
Transmission of the Newsletter
We reserve the right to e-mail existing customers periodically about offers relating to similar goods or services as those already purchased. Pursuant to § 7(3) of the German UWG (Law Against Unfair Competition) we are not required to obtain any special approval from the user to do this. Data processing is conducted in this regard solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) of the GDPR. If customers have initially rejected the use of their e-mail address for this purpose, then no mail transmission will be made by us. Customers have the right at any time to revoke with future effect the use of their e-mail address for the aforementioned promotional function via a communication to the controller identified herein. The only costs that accrue are the normal communication costs via basic tariffs, e.g. telephone. After our receipt of the revocation of e-mail use, the customer’s e-mail address will be removed from the mailing list.
Contact Via the Internet Website
If you contact us via a contact form or per e-mail, we store data from that inquiry form or from the respective e-mail, including the contact data provided by you therein, to enable our processing of your inquiry and/or to enable your making contact with the right contact person. We do not pass this data on to third parties. The legal basis for our processing of this data is our legitimate interest in answering your inquiry pursuant to Art. 6(1)(f) of the GDPR. If your contact purpose relates to the closing of a contract, additional legal basis for processing of the data is provided by Art. 6(1)(b) of the GDPR. Data processing based on your consent is made pursuant to Art. 6(1)(a) of the GDPR. If you do not have a customer account with us, the personal data provided in your contact form are deleted automatically once your inquiry has been dealt with.
This website uses CleverReach for the transmission of our newsletters. The provider of this service is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany.
CleverReach is a service through which newsletter transmission and receipt can be organized and analyzed. The data provided by you to receive the newsletter (e.g. your e-mail address) is stored on servers in Germany or Ireland. The newsletters as transmitted by CleverReach permit analysis of the behavior of newsletter recipients. One can analyze, among other things, how many recipients of the newsletter have actually opened the newsletter and how often a given link in the newsletter has been clicked. With the assistance of so-called conversion tracking, one can in addition analyze whether a previously defined action (e.g. the purchase of a product on our website) has occurred after the clicking of a given link in the newsletter. Further information about data analysis through CleverReach newsletter transmission can be obtained at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
Data processing is made on the basis of your consent pursuant to Art. 6(1)(a) of the GDPR. You can revoke this consent at any time by cancelling receipt of the newsletter. The lawfulness of the data processing previously made is not affected by this revocation.
If you do not want any analysis to be made through CleverReach, then you must cancel the newsletter. For this purpose, we place a respective cancellation link in every newsletter message. Moreover, the newsletter can be cancelled directly on our website. The data we store for purposes of newsletter transmission remain in storage until you have cancelled the newsletter, and that data is deleted on our servers as well as those of CleverReach after the newsletter cancellation. Data which is stored by us for other purposes (e.g. e-mail addresses for the membership area) remains unaffected thereby.
4. Storage Period
We store data relating to the fulfillment of orders as also the personal data transmitted to us until the expiration of the statutory retention period. Your data is subsequently deleted by us, unless, pursuant to Art. 6(1)(c) of the GDPR, longer storage periods for tax and commercial law retention and documentation are required by law (duties arising under the German Commercial Code (HGB), German Penal Code (StGB) or Regulation of Taxation (AO), or because you have consented to an extended storage period pursuant to Art. 6(1)(a) of the GDPR).
5. Obligation of Data Access – Possible Consequences of Failed Data Access
The obligation of access to personal data is in part legally mandatory (tax law) and can also result from contractual arrangements (transparency of contracting parties). Failure to provide personal data access would be tantamount to contract termination and thus does not happen. The controller can provide you with more information on inquiries about the legal or contractual duty of access to personal data.
6. The Non-Existence of Automated Decision-Making or Profiling
We do not use automated decision-making or profiling of any kind.
7. Routine Deletion and Closure of Personal Data
If the storage period, as described in “4.” above, has expired, personal data will be routinely deleted.
8. Right of Access by the Affected Person (the “DataSubject”)
The person affected by data processing (the “data subject”) has the following rights:
- 15 GDPR: You have the right to request information about personal data about you processed by us. In particular you can request information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority, the right to request available information as to the source of personal data, where the personal data were not collected by us, as well the existence of automated decision-making, including profiling, and the significance and the envisaged consequences of such processing for the data subject:
- 16 GDPR: You have the right to obtain rectification of inaccurate personal data stored by us and the right to have incomplete personal data completed;
- 17 GDPR: You have the right to obtain erasure of your personal data as stored by us, as long as the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
- 18 GDPR: You have the right to request restriction of the processing of your personal data to the degree that the accuracy of the personal data is contested by you, that the processing is unlawful and you oppose the erasure of personal data and we no longer need the data, but which data are needed for the establishment, exercise or defence of legal claims, or, pursuant to Art. 21 of the GDPR, that you have objected to the processing;
- 20 GDPR: You have the right to receive personal data that concerns your person in a structured, commonly used and machine-readable format or to transmit such data to another data controller;
- 7(3) GDPR: You have the right to withdraw your consent to data processing at any time. This has the consequence that the data processing previously made under that consent may no longer be continued in the future;
- 77 GDPR: You have the right to lodge a complaint about the processing of your personal data with a supervisory authority in the Member State of your habitual residence, at your place of work, or at our company domicile (right to lodge a complaint with a supervisory authority).
Use, Legal Basis and Purpose
In order to present optimally and also to update optimally the range of functions as well as the technical representation of our website, we use so-called “cookies”. These are small text files that are written viz. stored on your Internet-accessing device. With the help of these “cookies”, data can be stored on your device when you access our website.
When our website is accessed, the user is informed that cookies are used for analytical purposes and that the consent of the user for the processing of the user’s personal data in this connection is required. In this context a reference to this Privacy Statement is made.
The legal basis for the processing of personal data using technically necessary Cookies is Art. 6(1)(f) of the GDPR.
The legal basis for the processing of personal data using cookies for analytical purposes is the existence of the respective consent of the user pursuant to Art. 6(1)(a) of the GDPR.
The purpose of the utilization of technically necessary cookies is to simplify the the use of websites for the user. Some of the functions of our website could not be offered without the utilisation of cookies. Für such functions to work it is necessary that the user’s browser can be re-identified after a different Internet page has been accessed. For example, we require cookies for the following function: to retain the user’s website choice of language. The user data collected via technically necessary cookies is not used to create user profiles.
Most of the cookies used by us are so-called “session cookies”. These are automatically deleted when you end your visit to our website.
The use of analytical cookies is intended for the purpose of improving our website and its contents. Through analytical cookies we find out how our website is being used and how we can optimize our online product and service offerings.
Duration of Data Retention, Objection and Confirmation Options
10. Social Media
Data Processing in Social Media
Our enterprise is active in various social media. In the course of communication with other users, personal data of the user might be processed outside of the European Union, whereby risks could develop in terms of difficulty in the enforcement of rights. As regards enterprises in the USA that are certified under the EU-US Privacy Shield, we point out here that these enterprises are obligated to abide by EU data protection standards.
Generally speaking, user data is processed for advertising and marketing research purposes in order to be able to create usage profiles via user behaviour. Such usage profiles can, for example, be used to place targeted advertisements. For these purposes, cookies that record user behaviour and user interests are stored on users’ Internet-accessing devices.
The Legal Basis for Data Processing:
The legal basis for processing personal data of the user is our legitimate interest in communicating with the user and providing effective information pursuant to Art. 6(1)(f) of the GDPR. In the event that the user is asked by the respective providers of social media platforms for consent to the described data processing, the legal basis for the processing is Art. 6(1)(a) of the GDPR.
The respective social media provider has the readiest access to user data. Such a provider can implement the most effective measures. The rights of affected persons can therefore be best asserted directly with that provider. Otherwise, we are always there to assist you at any time.
Details of Respective Social Media Data Processing and Raising Objections To It (Opt-Out):
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Facebook pages relating to the foundations of an agreement concerning joint processing of personal data – Privacy Statement: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Part of our website consists of the integration of so-called social plugins (“plugins”) of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are symbolized by a Facebook logo or marked with the writing “social plugin of Facebook” viz. “Facebook social plugin”. An overview of Facebook plugins and how they look is found at: https://developers.facebook.com/docs/plugins.
If you access a page of our Web presence that contains such a plugin, your browser opens a direct connection to the servers of Facebook. The content of the plugin is transmitted by Facebook directly to your browser and embedded in the website page. Through this integration, Facebook obtains the information that your browser accessed the respective page of our Web presence, even if if you have no Facebook profile or are not logged into Facebook at the time. This information (including your IP address) is directly transmitted from your browser to a Facebook server in the USA and is stored there. If you are logged into Facebook, Facebook can immediately assign your visit of our website to your Facebook profile. If you interact with the plugins, for example, by pressing the “Like” button or by writing a comment, this information will likewise be transmitted directly to a Facebook server and stored there. Moreover, this information will be published on your Facebook profile and be shown to your Facebook “Friends”.
Facebook configuration options available for protection of the private sphere of persons affected is explained at https://de-de.facebook.com/about/privacy/.
Part of our website consists of the integration of so-called social plugins (“plugins”) of Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are symbolized by an Instagram logo, for example, in the form of an “Instagram camera”. An overview of the Instagram plugins and how they look is found at: http://blog.instagram.com/post/36222022872/introducing-instagram-badges. If you access a page of our Web presence that contains such a plugin, your browser opens a direct connection to the servers of Instagram. The content of the Plugin is transmitted by Instagram directly to your browser and is embedded in the website page. Through this integration, Instagram obtains the information that your browser accessed the respective page of our Web presence, even if you have no Instagram profile or are not logged into Instagram at the time. This information (including your IP address) is directly transmitted from your browser to an Instagram server in the USA and is stored there. If you are logged into Instagram, Instagram can immediately assign your visit of our website to your Instagram profile. If you interact with the plugins, for example, by pressing the “Instagram” button, this information will likewise be transmitted directly to an Instagram server and stored there. Moreover, this information will be published on your Instagram profile and be shown to your contacts. If you do not wish that Instagram assigns the data collected about your visit of our web presence to your Instagram account, then you must log out of Instagram before you visit our website. You can also totally prevent the loading of Instagram plugins via add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
Part of our website integrates YouTube. This is an Internet video portal which enables video publishers the cost-free upload of video clips and permits other users the cost-free viewing, evaluation and commenting of such video clips. YouTube allows the publication of all kinds of videos, so that complete cinema films and TV shows, as well as music videos, film trailers and self-produced videos by users can be accessed via the YouTube Internet portal. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
When you visit a page of our Internet presence that has a YouTube plugin, a connection to the servers at YouTube is made. The YouTube server is informed about which particular page of our website was visited by you. If you also happened to be logged into your YouTube account at the same time, this would enable YouTube to assign your Internet surfing behaviour to your personal profile. You can block the possibility of this assignment if you log out of your account before visiting us. Further information about the collection and use of your personal data through YouTube can be found in the notes on data protection at www.youtube.com
The privacy statements issued by YouTube provide information concerning the collection, processing and use of personal data by YouTube and Google.
Our Internet website uses a “Pin It” button from the social network Pinterest, which is operated by Pinterest, Inc., domiciled at 808 Brannan St, San Francisco, CA 94103, USA. Through the use of the “Pin It” button, Pinterest obtains the information that you have visited our Internet pages. If at the same time you are logged in to your Pinterest account, it is furthermore possible for Pinterest to assign your visit to your Pinterest account. Clicking the “Pin It” button transmits data to Pinterest, which is stored on servers (in the USA). If you wish to prevent this, you must be logged out of your Pinterest account before you click the “Pin It” button. To be able to protect your private sphere, you can learn more details about data collection, processing and usage of your data by Pinterest as well as your legal options and online adjustment settings at the data protection notices of Pinterest at: http://pinterest.com/about/privacy/
11. Online Marketing
Usage of GoogleMaps
On our website we use the function of embedding maps of Google Maps by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
This function enables the visual presentation of geographic information and interactive geographic maps.
Google collects, processes and uses the personal data of users who access websites in which Google Maps are embedded. Further information regarding collection and usage of personal data by Google is found in the data protection notices of Google at https://www.google.com/privacypolicy.html. In the Google Privacy Centre the user has the possibility to change their privacy settings, so that you can there administer and protect the data processed by Google about you.
Your data in certain cases is transmitted to the USA. For data transfers to the USA, there is an “Adequacy Decision” of the European Commission (pursuant to Art. 45 of the GDPR).
You have the right on the basis of grounds arising out your special situation, to object to this kind of processing of your personal data pursuant to Art. 6(1)(f) of the GDPR.
On our website we use so-called Google Fonts, which are made available by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
Google Fonts is an interactive listing started in 2010 which now lists more than 900 fonts. Using these fonts on our website permits us to use certain fonts without having to download them to our server.
When our website is accessed, a connection is made to Google servers and the user’s browser loads the required fonts into the browser’s cache. Requests to the Google Fonts-API are directed to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com so that your requests for fonts are separate from requests to google.com and contain no login details that you send to google.com while you use other Google services, which are authenticated, such as e.g. Google Mail.
The use of Google Web Fonts is made in the interest of a fast, consistent and qualitatively high presentation of our online offerings. This a legitimate interest pursuant to Art. 6(1)(f) of the GDPR.
For this purpose, the browser that you use must be connected to the Google servers. In so doing, Google receives your IP Address. Google Fonts protocols the records of the CSS and font file requests and access of this data is securely stored. Aggregated usage figures follow how popular the various font families are and these are published on our analysis page. Google uses data from its web crawler to determine which websites use Google Fonts. This data is published in the Google Fonts Big Query database. At the present time it is not clear whether this data is stored by Google.
Requests for CSS resources are stored temporarily for one day. The font files themselves are stored temporarily for one year, which has the cumulative effect of making the entire World Wide Web faster: i.e., if millions of websites all reference the same fonts, then the temporary storage after the visit to the first website leads these fonts to appear immediately on all other later visited websites.
If this stored data is to be deleted, the user must contact Google at: https://support.google.com/?hl=de&tid=331585294560.
Further information about Google Fonts is found at: https://developers.google.com/fonts/faq and in the Privacy Statement of Google: https://www.google.com/policies/privacy/.
Google AdWords [Google Ads since 24 July 2018]
Part of our website integrates the so-called service Google AdWords. This service relates to Internet advertising, permitting advertisers to place advertisements in Google search engine results and also in the Google advertising network. Google AdWords enables an advertiser to preselect specific key words, by which an advertisement in the search engine results of Google is shown only if the user requests a search engine result relevant to a preselected key word. In the Google advertising network, the advertisements are placed on thematically relevant Internet pages by using an automated algorithm and by taking into consideration the previously preselected key words.
The services of Google AdWords are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of Google AdWords is the advertisement of our Internet website through the insertion of interest-relevant advertising on the Internet pages of third party enterprises and in the search engine results of the Google search engine, as well as the insertion of advertising from other firms on our own Internet pages. As already described above with regard to our placement of cookies via our Internet website, an affected person can at any time, through a respective setting in the Internet browser used, reject the usage of cookies and thus permanently block the placement of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion tracking cookie in the information technology system of the person affected. Moreover, a cookie already placed by Google AdWords can be deleted at any time via the Internet browser or by another software program.
Furthermore, the person affected has the possibility to object to Interest-related advertising by Google. To do this, the person affected must access the link www.google.de/settings/ads via every used Internet browser and adjust the settings there as desired.
Google Analytics (with anonymisation function)
Part of our website integrates the so-called service Google Analytics. This is a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”. These are small text files that are stored on your Internet-accessing device and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is normally transmitted to a Google server in the USA and stored there. In the case of the activation of IP anonymisation on this website, your IP address is shortened beforehand however by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and shortened there. Google uses the Information obtained on behalf of the website operator to compile reports about website activities and to provide the website operator with further services relating to website and Internet usage. The IP address transmitted by your browser within the scope of Google Analytics is not joined with other Google data. You can block the storage of cookies through a respective setting in your browser software, but we point out in such a case that not all functions of this website will be usable in full. Beyond that, you can block Google from collecting data generated by this cookie and assigned to your usage of this website (including your IP address) as also the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further Information and the current Privacy Statement of Google can be accessed at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is described in more detail at the following link: https://www.google.com/intl/de_de/analytics.
Contract Data Processing Agreement
We have closed a contract data processing agreement with Google and we implement fully the strict mandates of the data protection authorities in Germany in using Google Analytics.
12. Payment Processing
Components of PayPal are integrated into our website. PayPal is an online payment service provider. Payments are made through accounts that represent virtual private or commercial business accounts. In addition, there is the possibility with PayPal to transact virtual payments by credit cards, if the user maintains no account. An account is managed through an e-mail address, for which reason there is no classic account number. PayPal enables the triggering of the making of online payments to third parties, or the reception of such payments. Moreover, PayPal takes on trust functions and offers buyer protection services.
The operating company in Europe for PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you use such payment options, we transmit to PayPal the personal data necessary for payment processing. Normally, the scope of the personal data transmitted includes your first name, last name, postal address, e-mail address, IP address, telephone number, mobile (cell) telephone number, or other data necessary for payment processing. Necessary for the conclusion of a respective sales contract are also such personal data as relate to a particular order for goods or services.
The transmission of data to PayPal as described under this section takes place only if the user chooses this payment option.
The current data protection provisions of PayPal can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
13. SSL/TLS Encryption
For security purposes and for protection of the transmission of personal data and other confidential content such as for example orders or requests that users send to us in our capacity as the website operator, this website uses SSL/TLS encryption. An encrypted connection can be recognized through the browser’s URL address bar character sequence “https://” and the accompanying “lock” symbol.
If SSL/TLS encryption is activated, third parties cannot read the data that a user sends to us.
The German language legal text was prepared and reviewed by the specialty law firm Heidicker
– www.kanzlei-heidicker.de –