VThe responsible party for the operation of the website www.undgretel.com (including the integrated online shop) according to the terms of the GDPR, as well as provider in terms of the German Telemedia Act, is DRTJ Organic Cosmetics GmbH, Rosenstraße 19, 10178 Berlin, Germany, Phone: +49 (0)30-31196190, Fax: +49 (0)30-62939713,
DRTJ Organic Cosmetics GmbH Managing director: Tim Jaudszims
If you have any questions about data privacy, please send us an email to this address: firstname.lastname@example.org.
AAUTOMATED DATA COLLECTION AND PROCESSING VIA WEB SERVER
It is generally possible for you to visit our website (including the integrated online shop) without providing any personal data yourself as long as you do not buy anything or register. When accessing individual web pages belonging to our website, however, the following data is automatically collected and processed by the server:
• Referrer (previously visited website)
• Requested website or file
• Browser type and browser version
• Operating system used
• Device used
• Time of access
• IP address (anonymized).
You are not recognizable to us as an identifiable, specific person on the basis of this data, which is automatically deleted 7 days after its collection. The data mentioned above will be processed by us for the following purposes: Ensuring smooth connection of the website, ensuring comfortable use of our website, evaluation of system security and stability and for other administrative purposes. The legal basis for data processing is Art. 6(1)(1)(f) of the GDPR. Our legitimate interest arises from the purposes listed above.
Cookies enable us to automatically recognize you the next time you visit our website. This helps us make our website more user-friendly and effective. These purposes represent a legitimate interest. We use two types of cookies: “session cookies” and
“permanent cookies.” Session cookies are temporary cookies which are automatically deleted when the browser is closed. Permanent cookies are automatically deleted when their expiration date passes. The basis for processing is Art. 6(1)(f) of the GDPR.
This website uses Google Analytics, a web analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses what are known as “cookies” (see explanation above under Section 3). The information generated by the cookie about your use of the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for the website operator and providing other services for the website operator relating to website activity and Internet usage. These purposes also include our legitimate interest in data processing in accordance with Art. 6(1)(f) of the GDPR.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. We would like to point out that, on this website, Google Analytics has been provided with the extension "anonymizeIp" in order to guarantee an anonymous collection of IP addresses. Your IP address transmitted by Google Analytics is not combined with other data from Google. The data sent and linked to cookies, user IDs or advertising IDs are automatically deleted after 14 months.
USE OF HOTJAR
We use Hotjar, which is primarily a tracking-code-based web analysis tool from Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta. Hotjar is used to anonymously record interactions of randomly selected individual visitors to our website. This creates a log of information such as mouse movements and clicks, with the aim of identifying possibilities for improvement of our offer. In addition, Hotjar is used to evaluate information on the operating system, browser, incoming and outgoing references (links), geographical origin, as well as resolution and type of the terminal device accessing our website offer, for statistical purposes. We also offer the possibility of anonymous user feedback via Hotjar using what are known as “feedback pools.” The information collected is not associated with a specific person. It is stored by Hotjar Ltd. and is not shared with other third parties. Additional information on Hotjar functions and data usage can be found at: https://www.hotjar.com/privacy (see the “Passive Collection” category in particular).
If you do not want website analysis using Hotjar, you can deactivate it (opt out) on all Internet pages that use Hotjar by setting a DoNotTrack header in your browser. You will find more information on the following page:
USE OF YANDEX.METRICA
This site uses Yandex.Metrica, a web-analysis and click-tracking service of the company Yandex, ООО "Яндекс" in Russia, 119021 Moscow, L. Tolstoj Street, 16. The information generated by this service about your use of our website (including your anonymous IP address) is transferred to a Yandex server in the Russian Federation and stored there.
Cookies may be used for this purpose, text files which are stored on your computer and which enable analysis of your use of the website.
Yandex will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Yandex may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Yandex's behalf. You can object to this form of data collection and storage at any time with effect for the future.
As part of our legitimate interest in optimizing our website, we use the services of Outbrain UK Limited, 5 New Bridge Street, London. Through a widget on some of our websites, website users are directed to additional content within our website and to third-party websites that may be of interest to them. The content displayed in the Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology.
LinkedIn Conversion Tracking
The BrandTrust website uses the analysis and conversion tracking technology of the LinkedIn platform. This LinkedIn technology allows you to see more relevant advertising based on your interests. In addition, UND GRETEL receives aggregated and anonymous reports from LinkedIn about ad activity and information about how you interact with the UND GRETEL site.
You may opt out of LinkedIn's analysis of your usage patterns and the display of interest-based recommendations. To do so, please click this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
On our website, we use what is known as a “Pinterest Tag”; this is used for the purpose of our legitimate interests in the analysis, optimization, and economic operation of our website.
With the help of the Pinterest tag, Pinterest is able to derive a target group for the presentation of ads (what are known as “Promoted Pins”) from visitors to our website.
Accordingly, we use the Pinterest Tag to display the Promoted Pins only to those Pinterest users who have shown an interest in our website. With the help of the Pinterest Tag, we also want to make sure that our Promoted Pins match the potential interest of the users and do not annoy them.
The processing of data by Pinterest is subject to Pinterest's Data Use Policy: https://policy.pinterest.com/de/ad-data-terms
In addition, you have the option of turning off behavioral advertising in the Pinterest settings (Edit settings >> Privacy and data >> Personalization).
DATA COLLECTION AND USE FOR CONTRACT PROCESSING AND WHEN OPENING A CUSTOMER ACCOUNT
If you order as a guest, we will store your data for the purpose of fulfilling the contract and delete it as soon as we are no longer legally obliged to store it, i.e. after completion of the contract and expiration of all tax and commercial storage obligations. Mandatory information (required for the processing of the contracts) is marked separately as such; entering any further information is voluntary. When you create a customer account, the data you enter there will be stored in such a way that it can be removed; you can always delete the account in the customer area.
As part of the ordering process and to create a customer account, we collect, process, store, and use the following personal data provided by you: salutation, name, billing address, delivery address, date of birth, email address, telephone number; depending on the type of payment method selected: bank details, credit card data (name of card-holder, credit card number, expiration date and card verification number).
For the purpose of delivering your order, we will pass on your name and delivery address to an authorized shipping company. To process the payment, we pass on the following data to the respective payment service provider:
• Paypal: customer ID in the shop, order number, name of the customer, address of the customer, total amount
• Ingenico ePayment: customer ID in the shop, order number, total amount
• Instant bank transfer: customer ID in the shop, order number, total amount
The legal basis for the collection, processing, and transmission of data for orders in the online shop is Art. 6(1)(1)(b) of the GDPR. The contract cannot be executed without the processing of the data marked as mandatory.
PRODUCT INFORMATION/EMAIL ADVERTISING
As our customer, if you have ordered our products before, you will regularly receive product information from us by email – regardless of whether you have subscribed to a newsletter. Our goal here is to send you information about products from our range that may interest you based on your recent purchases from us. If you no longer wish to receive product information or any (advertising) messages from us, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do this, simply send a message in written form (e.g. email, fax, letter) to the contact above. You will of course also find an unsubscribe link in every email from us.
The legal basis for this data processing is Art. 6(1)(1)(f) of the GDPR, as it is in our legitimate interest to provide specific information to existing customers.
SUBSCRIBE TO THE EMAIL NEWSLETTER
You can give your consent to subscribe to our newsletter, in which we keep you informed about our current interesting offers. For registration to our newsletter, we use what is known as a double-opt-in procedure. In other words, after you register, we will send you an email to the address you provided, in which you will be asked to confirm that you actually wish to receive the newsletter. In addition, we will store your IP address and the time of registration and confirmation. The purpose of this is to be able to prove that you have registered and, if necessary, to investigate any potential misuse of your personal data.
Only your email address is required in order for us to send the newsletter. The provision of further, separately marked data is voluntary and is used to address you more personally. After you submit your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis for this is Art. 6(1)(1)(a) of the GDPR. 4
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter without incurring any costs other than the message transmission costs according to the basic rates. To do this, simply send a message of cancellation in written form (e.g. email, fax, letter) to the contact above. You will of course also find an unsubscribe link in every email from us.
Your payment data is encrypted during the ordering process and transmitted over the Internet. We employ technical and organizational measures to secure our website and other systems against loss, destruction, access, modification, or distribution of your data by unauthorized persons. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.
…to information (Art. 15 of the GDPR)
You have the right to receive information about whether we have processed any personal data about you (and, if so, exactly what data), free of charge and at any time.
…to correction (Art. 16 of the GDPR)
You have the right to demand at any time that we correct data we have stored about you.
...to deletion and limitation (Art. 17 and 18 of the GDPR)
You have the right to demand at any time that we delete data we have stored about you. We will then delete the data, unless we are entitled or obligated to store it for other reasons. Accordingly, you can demand that we limit the processing of your data.
…to portability (Art. 20 of the GDPR)
With regard to personal data which you have provided to us and which we have processed automatically on the basis of your consent, you may at any time request us to provide you with your relevant personal data. You can then transmit this data to other companies. Upon request – and if technically possible – we can also transfer the data directly to a specific company indicated by you.
…to object and to withdraw consent (Art. 21 and Art. 7(3) of the GDPR)
As we have already informed you, you can object to the use of your data for advertising purposes at any time. You can revoke your consent to the processing of your personal data at any time.
…to lodge a complaint (Art. 77 of the GDPR)
If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with the competent data protection authority.
...to exercise your rights
To exercise any of your rights or in case of questions regarding the collection, processing or use of your personal data, for information, correction, transfer or deletion of data and revocation of consent previously granted, contact us using the contact information above (by email, fax, or letter).
USE OF LIVEREACH (UGC)
1. Users of social media (“users”), in particular Instagram, regularly contact us in their own photo and video contributions (“content”). This happens e.g. by linking a photo or comment to our Instagram profile @und_gretel_cosmetics, or using one of our campaign hashtags, e.g. #undgretel.
2. Linked content includes products that we sell. In order to search for this relevant content and to make it usable for us, we use the software solution of the third-party provider “Livereach”, operated by Gorilla GmbH, Geisbergweg 8, 48143 Münster, Germany.
3. If Livereach has found a publicly available content that is relevant to us, we will contact the user who published the content. The user then has the opportunity to grant us the rights of use by agreeing to the conditions of participation.
5. Livereach is used in our interest to advertise our brand and products. The lawfulness of the processing of personal data results from Art. 6 Para. 1 S. 1 lit. b, f GDPR
6. The data protection provisions of the third party provider Livereach can be viewed here.
Here you can find out more about user-generated content and why we use it: (https://undgretel.com/pages/user-generated-content-ugc).