This privacy statement informs you about our handling of your data. In order to make the processing of your data comprehensible for you, we would like to give you an overview of the processing operations with the following information. In order to ensure fair processing, this privacy statement contains general information about our handling of your data as well as information about your rights according to the European General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018.
We also inform you in detail about
- General information
- Data processing on our website
- Data processing on our Facebook fan page and Instagram
- Further data processing
Responsible for the data processing is Sanity Care GmbH (hereinafter referred to as "we" or "us").
I. GENERAL INFORMATION
Sanity Care GmbH
Jägerstr. 28-31, 10117 Berlin, Deutschland
Tel.: +49 (0) 30 887 89 192
2. LEGAL BASES
The term "personal data" in data protection law refers to all information relating to an identified or identifiable individual.
We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the Data Protection Act 2018. Data processing by us is only carried out on the basis of a legal permission. We process personal data
- only with your consent, article 6 para. 1 letter a) GDPR,
- for the performance of any contract to which you are a party,
- in response to your request to carry out pre-contractual measures, article 6 para. 1 letter b) GDPR,
- to fulfil a legal obligation, article 6 para. 1 letter c) GDPR
- or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights or freedoms, which require the protection of personal data, prevail, article 6 para. 1 letter f) GDPR.
3. DURATION OF STORAGE
Unless otherwise stated in the following information, we only store personal data for as long as is necessary to achieve the processing purpose or to fulfil our contractual or legal obligations. Such statutory storage obligations may result in particular from commercial or tax law regulations.
4. CATEGORIES OF RECIPIENTS
We use processors to process your data. This includes, for example, hosting, maintenance and support of IT systems, order processing, marketing measures or the destruction of files and data carriers. A processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively on behalf of the controller and are contractually bound to ensure appropriate technical and organisational measures to protect data.
Furthermore, we may transfer your personal data to bodies such as postal and delivery services, house bank, tax advisor/auditor or the tax authorities.
If your data is transferred to other recipients, we will inform you about the respective processing.
5. PROCESSING IN THE EXERCISE OF YOUR RIGHTS ACCORDING TO article 15 TO 22 GDPR
If you exercise your rights under articles 15 to 22 GDPR, we process the personal data provided for the purpose of implementing these rights by us and to provide proof of this. We will process data stored for the purpose of providing information and preparing it only for this purpose as well as for the purposes of data protection control and otherwise restrict processing in accordance with article 18 GDPR.
These processing operations are based on the legal basis of article 6 para. 1 letter. c) GDPR in conjunction with articles 15 to 22 GDPR.
6. YOUR RIGHTS
As a data subject, you have the right to assert your data subject rights against us. You have the following rights in particular:
- In accordance with article 15 GDPR you have the right to request information as to whether and, if applicable, to what extent we process personal data relating to your person or not.
- In accordance with article 16 GDPR, you have the right to demand that we correct your data.
- You have the right to demand that we delete your personal data in accordance with article 17 GDPR.
- You have the right to have the processing of your personal data restricted in accordance with article 18 GDPR.
- In accordance with article 20 GDPR, you have the right to receive the personal data concerning you that you have provided us with in a structured, common and machine-readable format and to transfer this data to another person responsible.
- If you have given us separate consent for data processing, you may revoke this consent at any time in accordance with article 7 para. 3 GDPR. Such a revocation does not affect the lawfulness of the processing, which has been carried out on the basis of the consent until revocation.
- If you believe that the processing of your personal data is in breach of the provisions of the GDPR, you have the right to appeal to a supervisory authority in accordance with article 77 GDPR.
7. RIGHT OF OBJECTION
Under article 21 para. 1 GDPR, you have the right to object to processing operations based on the legal basis of article 6 para. 1 letter e) or f) GDPR for reasons arising from your particular situation. If personal data relating to you are processed by us for the purpose of direct marketing, you may object to this processing in accordance with article 21 para. 2 and para. 3 GDPR.
8. DATA PROTECTION OFFICER
You can reach our data protection officer at the following contact details: firstname.lastname@example.org
II. DATA PROCESSING ON OUR WEBSITE
When using the website, we collect information that you provide yourself. In addition, certain information about your use of the Site is automatically collected during your visit to the Site. In data protection law, the IP address is also considered a personal data. An IP address is assigned to each device connected to the internet by your internet service provider so that it can send and receive data.
1. HOSTING THROUGH SHOPIFY
We use the Shopify shop system for the purpose of hosting and displaying our website. Shopify is provided by the service provider Shopify International Limited (Ireland). All personal data collected on our website is processed on our behalf on the servers of Shopify International Limited.
As part of the above services, data may be transferred to Shopify Inc. in Canada. For data transfer to Canada as a third country, i.e. a country where the GDPR is not applicable law, an adequacy finding by the European Commission is in place. The European Commission has thus decided that an adequate level of protection exists in Canada and that the transfer can be carried out in an acceptable manner.
Data may also be transferred to the USA to the companies Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc.
2. PROCESSING OF SERVER LOG FILES
When you use our website for purely informative purposes, general information is initially stored automatically (i.e. not via registration), which your browser sends to our server. This includes by default: (i) browser type/version, (ii) operating system used, (iii) page accessed, (iv) the page previously visited (referrer URL), (v) IP address, (vi) date and time of the server request and (vii) HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of article 6 para. 1 letter f) GDPR. This processing serves the technical management and security of the website.
The stored data will be deleted after 30 days, unless there is a justified suspicion of illegal use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not in a position to identify you as a data subject on the basis of the stored information. Therefore, according to article 11 para. 2 GDPR, article 15 to 22 GDPR do not apply unless, in order to exercise your rights under these articles, you provide additional information that enables your identification.
3. CONTACT OPTIONS AND ENQUIRIES
A. CONTACT FORM
Our website contains a contact form where you can send us messages. The transfer of your data is encrypted (you can recognize this by the "https" in the address line of your browser). All data fields marked as mandatory fields are required to process your request. Failure to provide this information means that we will not be able to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact e-mail address.
B. CHAT FORM
We use on our website chat forms of the service re:amaze, which is operated by Lantirn Incorporated (USA). If you send us inquiries via chat form, your data from the form will be stored for the purpose of processing the inquiry and in case of follow-up questions. This may also result in the transfer of personal data to the USA.
For our telephony we use the services of the provider RingCentral, Inc. (USA). This may also involve the transfer of personal data to the USA.
D. LEGAL BASIS
If your inquiry is directed at the conclusion or execution of a contract with us, article 6 para. 1 letter b) GDPR is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in getting in contact with requesting persons. The legal basis for data processing is then article 6 para. 1 letter f) GDPR.
4. SHOP DATA PROCESSING FOR PURCHASE PROCESSING
A. DATA PROCESSING FOR THE PURCHASE PROCEDURE
If you order a product via our website, we process personal data for the purpose of contract processing or to provide you with the ordered product. Within the scope of the booking or ordering process, we only process the data that you yourself have entered in the input mask and, if applicable, payment information if you pay by advance bank transfer. In order to be able to deliver the ordered products to you, we transmit your data required for the delivery to one of our delivery service providers as indicated in the order.
You also have the possibility to create a customer account.
The legal basis for the processing is in each case article 6 para. 1 letter b) GDPR. All data fields marked as mandatory fields are required to process your booking or order. Failure to provide these fields means that we cannot process your booking or order. The provision of further data is voluntary.
B. PAYMENT BY CREDIT CARD
We offer you the possibility to pay by credit card. Please note that the respective payment information is collected and processed by the respective payment service providers on their own responsibility.
C. INVOICE AND INSTALMENT PURCHASE WITH KLARNA
We offer the payment method invoice and instalment purchase in cooperation with Klarna AB (Sweden, "Klarna"). For this Klarna must carry out an identity and credit check. To be able to offer you Klarna's payment options, we will therefore provide Klarna with personal information, such as contact details and order details, when you choose invoice and instalment purchase. Klarna can then assess whether you can use the payment options offered by Klarna and adapt the payment options to your needs. The legal basis for the transmission to Klarna is article 6 para. 1 letter b) GDPR. Klarna processes the data on its own responsibility.
You can find further information on data protection at Klarna at https://www.klarna.com/uk/privacy-notice/.
D. INSTANT BANK TRANSFER WITH KLARNA
We offer the payment method "Sofort" in cooperation with the service provider Sofort GmbH, a company of the Klarna Group (Germany). If you use this service, Sofort GmbH will send us a confirmation of the successful setting of the transfer order to your order. This includes only the data from the transfer form (name, account number, bank code, subject, transfer amount) as well as the date (with time) and the transaction identification chosen by us (eg order number). For SEPA transfers and if, depending on your bank, BIC and IBAN are required to set up the transfer to your online banking account, the confirmation sent to us will also contain BIC and IBAN. These data can also be found on our bank statement. Further personal data will not be transmitted to us by Sofort GmbH. We process the received data for the purpose of contract implementation on the legal basis of article 6 para. 1 letter b) GDPR. In all other respects Sofort GmbH processes the data independently.
Further information on data protection at Sofort GmbH can be found at the address https://www.klarna.com/uk/privacy-notice/.
5. PRODUCT EVALUATIONS AND EVALUATION REQUESTS WITH YOTPO
On our website we offer you the possibility to give reviews on our products. We use a service of the provider Yotpo.
You can leave a review directly on our website. In addition to your review, you must enter a name of your choice and an e-mail address. We will send a message with a confirmation link to this e-mail address. Your rating will only be displayed after confirmation. This is to ensure that only serious reviews are displayed.
If you purchase a product from our website, we will send a message to the email address you provide within a fortnight and ask you to rate it. As long as you have not submitted a review, we will send the maximum of three reminder emails. They will be sent five days after the previous email.
The processing of personal data in connection with a product evaluation, in particular the use of the e-mail address provided, is based on the legal basis of article6 para. 1 letter f) GDPR. The processing serves our legitimate interest in direct advertising.
We work with the service provider Yotpo Inc. for the display of the ratings and the management of rating requests. (USA).
6. E-MAIL MARKETING
A. REGISTRATION AND DEREGISTRATION
On our website we offer the possibility to register for our newsletter. After your registration we will regularly inform you about current news on our offers and events and remind you about shop items in your shopping cart if necessary. A valid e-mail address is required to register for the newsletter. To verify the email address you will first receive a registration email which you have to confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name based on the consent you have given
The processing is based on the legal basis of article 6 para. 1 letter a) GDPR. You can revoke the consent you have given at any time with effect for the future, for example by using the "unsubscribe" link in the newsletter or by contacting us via the above-mentioned channels. The legality of the data processing operations already carried out remains unaffected by the revocation. When registering for the newsletter, we also save the IP address and the date and time of registration. The processing of this data is necessary to prove that you have given your consent. The legal basis results from our legal obligation to document your consent according to article 6 para. 1 letter c GDPR in connection with article 7 para. 1 GDPR.
B. NEWSLETTER ANALYSIS
The newsletters contain a so-called "web-beacon", i.e. a pixel file that is retrieved when the newsletter is opened. When you open it, technical information such as your browser and system information, IP address and the time of opening is collected. This data and information is used to technically improve our service based on your reading behaviour. This also includes recording when an e-mail or newsletter is opened and whether a link is clicked on. For technical reasons, this information can be assigned to individual newsletter recipients. It is not our intention to observe individual users. The statistical collection and evaluation of the data helps us to identify the reading habits of our users and thus to better adapt our content to the users. This also serves the purpose of sending different content to the users, according to the interest of our users.
The legal basis for statistical collection and evaluation is article 6 para. 1 letter f) GDPR. We are interested in the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users.
You can object to the statistical survey and evaluation by unsubscribing from the newsletter. Unfortunately, a separate withdrawal of the statistical evaluation is not possible.
C. SERVICE PROVIDER KLAVIYO
We use the Klaviyo service to manage subscribers and send out the newsletter. Klaviyo is an offer of the company Klaviyo Inc. from Boston (USA). The data provided for sending the newsletter and the data from the newsletter analysis are transferred to the servers of the company Klaviyo Inc. in the USA and processed there.
Information on how cookies and comparable technologies are used by us can be found below under the description of the specific processing activity. Further information on the cookies used on our website can also be found under our cookie settings/references.
Show more cookie settings
8. CONTENT MANAGEMENT VIA USERCENTRICS
On our website we use the Consent Management Platform Usercentrics. Usercentrics is a product of the company Usercentrics GmbH (Germany).
Usercentrics enables the users of our website to give their consent to certain data processing procedures or to revoke any consent given. In addition, Usercentrics supports us in being able to provide evidence of the declaration of consent. For this purpose, Usercentrics processes information on the declaration of consent and further protocol data on this declaration. Cookies are also used to collect this data. The IP address collected is only processed in anonymized form.
To enable us to meet our obligation to provide evidence, the certificate of revocation of a previously granted consent is kept for three years.
The processing of this data is necessary in order to be able to prove that consent has been granted. The legal basis is derived from our legal obligation to document your consent according to article 6 para. 1 letter c) in conjunction with article 7 para. 1 GDPR.
9. ANALYSIS OF OUR WEBSITE
A. SHOPIFY STATISTICS
We use the Shopify statistics function on our website. This allows us to measure the reach of our website and provides us with statistical analysis of visitor behaviour on our website. Those data are processed on servers of Shopify International Limited (Ireland), which is contracted by us to process the data.
The legal basis for the data processing in connection with the Shopify statistics function is article 6 para. 1 letter f) GDPR and the processing serves our legitimate interest in the analysis of user behaviour on our website and the possible needs-based design. You can object to this processing at any time in the cookie settings.
B. GOOGLE ANALYTICS
We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other Google data.
We use the variant Google Universal Analytics. This enables us to assign interaction data from different devices and from different sessions to a unique user ID. This enables us to put individual user actions into context and analyse long-term relationships.
The data on user actions are stored for a period of 14 months and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.
The setting of cookies and the further processing of personal data described here is done with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore article 6 para. 1 letter a) GDPR. You can revoke your consent at any time under the item "Cookie settings".
You can also prevent the storage of cookies by Google Analytics using the appropriate setting in your browser software. You can also prevent the collection of the information generated by the cookie by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout. If you visit our website via a mobile device, you can deactivate Google Analytics by clicking on this link. Please also note that we will document your consent in order to comply with our obligation to provide evidence under article 7 para. 1 GDPR. As we are obliged to do so, this storage is based on the legal basis of article 6 para. 1 letter. c) GDPR).
When using Google Analytics, a transmission of the processed data to Google LLC, which is based in the USA, cannot be excluded by us.
10. TRACKING & RETARGETING
A. FACEBOOK PIXEL
Within our internet presence we use the Facebook pixel of Facebook Inc. (USA), or if you are located in the EU, Facebook Ireland Ltd. (Ireland/EU) ("Facebook").
The Facebook pixel is triggered by Facebook when you call up our website and can save a so-called cookie, i.e. a small file, on your device. This allows us to perform various functions, which we describe in detail below.
Function: Conversion Tracking
The Facebook pixel enables us to track the behaviour of users after they have been redirected to the provider's website by clicking on a Facebook advertisement (so-called "conversion"). We can also use it to measure the effectiveness of Facebook Ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which we will inform you about according to our state of knowledge. Facebook may link this data to your Facebook account and also use it for its own advertising purposes, in accordance with the Facebook Data Usage Policy https://www.facebook.com/about/privacy/. You can enable Facebook and its partners to serve ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
If you then log in to Facebook or visit Facebook when logged in, the visit to our online offer will be noted in your profile. The data collected about you is still anonymous for us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook as well as for our own market research and advertising purposes.
This processing is done for the purpose of obtaining information about the effectiveness of Facebook advertisements. It takes place exclusively with your consent and is based on the legal basis of article 6 para. 1 letter a) GDPR.
You can revoke your consent by clicking on "Cookie settings" on our website and withdraw your consent.
You can also object to the collection by the Facebook pixel and the use of your data to display Facebook Ads at the following address: https://www.facebook.com/settings?tab=ads.
Function: Custom Audience
We also use the Custom Audience service via the Facebook pixel. Here, Facebook uses the integrated pixel to record visitors to our website and their data as the basis for playing out advertisements (Facebook Ads). Through the pixel, general information about the browser session is transmitted to Facebook, as well as a non-reversible and non-personal checksum (hash value), which is generated from your Facebook ID.
We also use the Custom Audience function in Advanced Adjustment mode. This allows certain information (email address) that you enter on our website to be sent to Facebook encrypted as a hash value. Facebook can match these hash values with the corresponding hash values of data already provided by Facebook users. In this way, it is possible to determine which customers are also Facebook users so that they can be shown targeted advertising on the Facebook platform.
This processing is carried out for the purpose of marketing our offers via the target-group-specific display of advertisements and takes place with your consent. It is based on the legal basis of article 6 para. 1 letter a) GDPR.
You can revoke your consent by withdrawing it under the item "Cookie settings" on our website.
In addition, if you as a Facebook user wish to object ("opt out") of the use of Facebook website Custom Audiences for the future, you can do so at https://www.facebook.com/ads/Webseite_custom_audiences.
For this purpose, we use the Criteo service of Criteo SA (France) to display advertisements on third party sites similar to products you have viewed on our website. When you visit our website, a Criteo cookie stores information about your behavior on our website (e.g. offers clicked on). Criteo uses this information in its sole discretion and on its own responsibility to display appropriate third-party ads to you.
This information is only processed with your consent. The legal basis for the processing is article 6 para. 1 letter a) GDPR. You can revoke your consent by clicking on "Cookie settings" on our website and withdraw your consent.
Criteo provides information on the processing of personal data at https://www.criteo.com/privacy/ and also offers special objection options here: https://www.criteo.com/privacy/disable-criteo-services-on-internet-browsers/.
C. GOOGLE ADS
We use the online advertising program Google Ads of Google Ireland Limited (Ireland/EU), through which we display ads on the Google search engine. If you reach our website via a Google ad, Google sets a cookie on your device ("conversion cookie"). Each Google Ads client has a different conversion cookie associated with it, so the cookies are not tracked across the sites of different ads clients. The information collected through the cookie is used to compile conversion statistics. This helps us learn the total number of users who clicked on one of our Google ads. However, we do not receive any information that personally identifies users.
Insofar as personal data is processed in this process, this is done with your consent and is based on the legal basis of article 6 Para. 1 letter a) GDPR. You can revoke your consent by clicking on "Cookie settings" to withdraw your consent. You can also object to being included in conversion tracking by disabling the setting of cookies via your browser settings.
When using Google Ads, we cannot exclude the possibility that the processed data may be transferred by us to Google LLC, which is based in the USA.
D. MICROSOFT BING ADS
We use the conversion and tracking tool Bing Ads from Microsoft Corporation (USA) on our website. Microsoft stores a cookie on the user's computer to enable an analysis of the use of our online offer. A prerequisite for this is that the user has reached our website via an advertisement from Microsoft Bing Ads. In this way, Microsoft and we can recognize that someone who clicked on an ad was redirected to our online offer and reached a previously determined target page. We only learn the total number of users who clicked on a Bing ad and were then redirected to the destination page ("conversions"). No IP addresses are stored. No other personal information about the identity of the user is disclosed.
We only use Microsoft Bing Ads with your permission. The legal basis for the use of this service is article 6 para. 1 letter a) GDPR. You can revoke your consent at any time by going to "Cookie settings" and withdraw your consent. If you do not wish to participate in the tracking process of Bing Ads, you can also object here at Microsoft: http://choice.microsoft.com/opt-out.
E. THE TRADE DESK
On our website we use the technology of The Trade Desk, 42 N. Chestnut Street, Ventura, CA 93001 The Trade Desk provides technology known in the advertising industry as Demand Side Platform (DSP). In simple terms, this means that it can manage digital advertising campaigns across a variety of channels including websites, apps, audio platforms and smart TVs. Cookies are used to collect pseudonymous data and data that does not identify individuals and transmit it to The Trade Desk. This includes in particular, but not exclusively, your abbreviated and thus pseudonymised IP address, date and time of the website call, location of the device with which you access our website (e.g. by the GPS signal of the device used, Bluetooth or the WLAN signal), page calls and interaction with the page and the referencing page (referrer). This data is transmitted to the Demand Side Platform and linked there with your pseudonymous ID. This happens across all websites on all platforms that use this technology. The purpose of data collection and processing is to deliver only advertisements that are based on your previous interests and are therefore more relevant to you. Your personal data will be pseudonymized before being transferred to the Demand Side Platform of The Trade Desk. The data is not passed on to third parties and is automatically deleted after a storage period of maximum 90 days. There is a third country transfer to the USA.
Further information on the technology used by The Trade Desk and on data protection can be found under the following link: http://thetradedesk.com/general/privacy-policy
11. INTEGRATED SERVICES AND THIRD PARTY CONTENT
We use on our website services, services and content provided by third parties (hereinafter collectively referred to as "Content"). For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to the respective third party provider.
This data processing is carried out in each case to protect our legitimate interests in the optimisation and economic operation of our website and is based on the legal basis of article 6 para. 1 letter f) GDPR. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Such an extension is for example the matrix-based firewall uMatrix for the browsers Firefox and Google-Chrome. Please note that this may result in functional restrictions on the website.
We have incorporated into our website content from the following third-party services:
- "Google Maps" by Google Ireland Limited (Ireland/EU) for the display of maps. When using Google services, we cannot exclude the possibility that the processed data may be transferred to Google LLC (USA) based in the USA.
- "YouTube" of YouTube LLC (USA) for the display of videos.
- "Cloudflare" of Cloudflare Inc (USA) for the display of content.
- "gettyimages" from Getty Images Deutschland GmbH (Germany) for the display of images.
- "Soundcloud" from SoundCloud Limited (Germany) for embedding audio content.
- "Spotify" from Spotify AB (Sweden) for embedding audio content.
- "Yotpo" from Yotpo Inc. (USA) for displaying product reviews.
III. DATA PROCESSING ON OUR FACEBOOK FANPAGE AND INSTAGRAM
When you visit our Facebook or Instagram page, through which we present our company and/or individual products from our range, certain information about you is processed. The sole responsible party for this processing of personal data is Facebook Ireland Ltd (Ireland/EU). For more information about Facebook's processing of personal data, please visit https://www.facebook.com/privacy/explanation.
1. PROCESSING OF PAGE INSIGHTS
Facebook provides us with anonymous statistics and insights for our Facebook and Instagram pages that help us understand the types of actions that people take on our site (known as "page insights"). These Page-Insights are created based on certain information about people who have visited our site. This processing of personal data is done by Facebook and us as jointly responsible parties. The processing serves our legitimate interest in evaluating the types of actions performed on our site and improving our site based on this information. The legal basis for this processing is article 6 para. 1 letter f) GDPR. We will never assign the information obtained via the Page Insights to a specific Facebook or Instagram profile via the reference to "Like" information for our Page.
We have entered into an agreement with Facebook on processing as jointly responsible parties, which defines the distribution of data protection obligations between us and Facebook. For details about the processing of personal data to create Page Insights and the agreement between us and Facebook, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data.
2. PROCESSING OF DATA COMMUNICATED TO US VIA OUR SITE
We also process information that you have provided to us through our Facebook or Instagram page. Such information may include your profile name, contact information or a message to us. We only process this personal information if we have previously asked you to provide us with this information, for example, as part of a survey or contest. We process these data as the sole responsible party.
If your inquiry is directed at the conclusion or implementation of a contract with us, article 6 para. 1 letter b) GDPR is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in getting in contact with requesting persons. The legal basis for data processing is then article 6 para. 1 Letter f) GDPR.
If you have provided us with information about your participation in a competition, we will only process this information in order to send you a prize if necessary. We will delete the data after the prize has been sent to you or if you have not won. The legal basis for the processing is article 6 para. 1 letter b) GDPR.
IV. FURTHER DATA PROCESSING
1. CONTRACTUAL RELATIONSHIP
In order to establish or implement the contractual relationship with our customers, it is regularly necessary to process the personal master, contract and payment data provided to us. The legal basis for this processing is article 6 para. 1 letter b) GDPR. We also process customer and prospective customer data for evaluation and marketing purposes. This processing takes place on the legal basis of article 6 para. 1 letter f) GDPR and serves our interest to further develop our offer and to inform you specifically about offers of Sanity Care GmbH. Further data processing can take place if you have given your consent (article 6 para. 1 letter a) GDPR) or if this serves the fulfilment of a legal obligation (article 6 para. 1 letter c) GDPR).
2. USE OF THE E-MAIL ADDRESS
We may use the e-mail address you provide when registering or ordering to inform you about our own similar products and services from VAAY. The legal basis is article 6 para. 1 letter f) GDPR. You can object to this at any time without incurring any costs other than the transmission costs according to the basic tariffs. To do so, you can unsubscribe by clicking on the unsubscribe link included in every mailing or by sending an e-mail to email@example.com.
3. OFFLINE ORDERS
If you order a product via our order form or by phone, we process personal data for the purpose of contract processing or to provide you with the ordered product. Within the scope of the ordering process, we only process the data that you yourself have provided. In order to be able to deliver the ordered products to you, we transmit your data required for delivery to one of our delivery service providers as specified in the order. The legal basis for the processing is in each case article 6 para. 1 letter b) GDPR. All data fields marked as mandatory fields are required to process your order. Failure to provide these fields means that we cannot process your order. The provision of further data is voluntary.
Updated: July 2020