Thank you for your interest in our website. We take the protection of personal data and thus your privacy very seriously. It is therefore a matter of course for us to handle your personal data responsibly in compliance with the applicable statutory data protection regulations. In this privacy policy, we explain to you what data we collect when you use our website, as well as for what purposes and how we collect, process and use this data and what rights you are entitled to.


RESPONSIBLE PARTY

VThe responsible party for the operation of the website www.undgretel.com (including the integrated online shop) according to the terms of the GDPR, as well as provider in terms of the German Telemedia Act, is DRTJ Organic Cosmetics GmbH, Torstraße 177, 10115 Berlin, Germany, Phone: +49 (0)30-31196190, Fax: +49 (0)30-62939713,
E-Mail: info@undgretel.com

DRTJ Organic Cosmetics GmbH Managing director: Tim Jaudszims

If you have any questions about data privacy, please send us an email to this address: datenschutz@undgretel.com.


AAUTOMATED DATA COLLECTION AND PROCESSING VIA WEB SERVER

It is generally possible for you to visit our website (including the integrated online shop) without providing any personal data yourself as long as you do not buy anything or register. When accessing individual web pages belonging to our website, however, the following data is automatically collected and processed by the server:

• Referrer (previously visited website)
• Requested website or file
• Browser type and browser version
• Operating system used
• Device used
• Time of access
• IP address (anonymized).

You are not recognizable to us as an identifiable, specific person on the basis of this data, which is automatically deleted 7 days after its collection. The data mentioned above will be processed by us for the following purposes: Ensuring smooth connection of the website, ensuring comfortable use of our website, evaluation of system security and stability and for other administrative purposes. The legal basis for data processing is Art. 6(1)(1)(f) of the GDPR. Our legitimate interest arises from the purposes listed above.


COOKIES

We use cookies on our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which we receive certain types of information. Cookies enable us to automatically recognize you the next time you visit our website. This helps us make our website more user-friendly and effective. These purposes represent a legitimate interest. We use two types of cookies: “session cookies” and “permanent cookies.” Session cookies are temporary cookies which are automatically deleted when the browser is closed. Permanent cookies are automatically deleted when their expiration date passes. The basis for processing is Art. 6(1)(f) of the GDPR.

You can of course also view our website without cookies. However, most browsers automatically accept cookies. You can prevent the storage of cookies or have your browser warn you before storing a cookie by setting your browser settings accordingly. You can also delete previously stored cookies from your computer. You can find more information about these functions via the help menu of your browser. However, you may experience limited or no use of some of our website features if you choose to disable the use of cookies. If you have accepted cookies in the past, but have since changed your mind, you have the option in your browser settings to delete your previous cookies and to object to future storage of cookies.

For affiliate marketing purposes, “uppr performance network” (a service of the operating company uppr GmbH) sets a cookie on the information technology system of the person concerned (the “data subject”). Affiliate marketing is an Internet-supported form of distribution that enables commercial operators of Internet sites – “advertisers” – to display advertising, which is usually paid for via click or sale commissions, on the Internet sites of third parties, i.e. distribution partners (also known as publishers). The advertiser provides a means of advertising via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by a merchant on their own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing. The tracking cookie from uppr performance network stores the identification number of the publisher as well as the serial number of the visitor to a website and the ad media they have clicked. The purpose of storing this data is to process commission payments between an advertiser and the publisher, which are processed by uppr performance network. By placing the cookie, uppr performance network can analyze the use of this website. Whenever one of the individual pages of this website, which is operated by the data controller and on which a uppr performance network component has been integrated, is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective uppr performance network component to transmit data to uppr GmbH for the purpose of displaying interest-relevant advertising and the settlement of commissions. In the course of this process, uppr GmbH obtains knowledge of personal data, such as the IP address of the data subject, which helps uppr performance network trace the origin of visitors and clicks, mark and re-talk to users, and subsequently enable commission settlements (among other things).

The data subject can prevent the setting of cookies by the uppr GmbH website at any time by means of a corresponding setting in the Internet browser they are using and thus permanently object to the use of cookies. For affiliate marketing purposes, “uppr performance network” places a cookie in the information technology system of the person concerned (the “data subject”). Furthermore, cookies already set by “uppr performance network” can be viewed and/or deleted at any time via an Internet browser or other software programs: - Information on data: https://netzwerk.uppr.de/privacy-mydata.do - Opt-Out: https://netzwerk.uppr.de/content-optout.do.


GOOGLE ANALYTICS

This website uses Google Analytics, a web analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses what are known as “cookies” (see explanation above under Section 3). The information generated by the cookie about your use of the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for the website operator and providing other services for the website operator relating to website activity and Internet usage. These purposes also include our legitimate interest in data processing in accordance with Art. 6(1)(f) of the GDPR.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. We would like to point out that, on this website, Google Analytics has been provided with the extension "anonymizeIp" in order to guarantee an anonymous collection of IP addresses. Your IP address transmitted by Google Analytics is not combined with other data from Google. The data sent and linked to cookies, user IDs or advertising IDs are automatically deleted after 14 months.
You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website to Google and the processing of this data by Google by downloading and installing the opt-out cookie (see http://tools.google.com/dlpage/gaoptout?hl=de) ). The opt-out cookie is allocated per browser and computer. This means that if you access this site with different browsers or devices, you will need to add separate opt-out cookies to each one.

 

USE OF HOTJAR

We use Hotjar, which is primarily a tracking-code-based web analysis tool from Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta. Hotjar is used to anonymously record interactions of randomly selected individual visitors to our website. This creates a log of information such as mouse movements and clicks, with the aim of identifying possibilities for improvement of our offer. In addition, Hotjar is used to evaluate information on the operating system, browser, incoming and outgoing references (links), geographical origin, as well as resolution and type of the terminal device accessing our website offer, for statistical purposes. We also offer the possibility of anonymous user feedback via Hotjar using what are known as “feedback pools.” The information collected is not associated with a specific person. It is stored by Hotjar Ltd. and is not shared with other third parties. Additional information on Hotjar functions and data usage can be found at: https://www.hotjar.com/privacy (see the “Passive Collection” category in particular).

If you do not want website analysis using Hotjar, you can deactivate it (opt out) on all Internet pages that use Hotjar by setting a DoNotTrack header in your browser. You will find more information on the following page:

https://www.hotjar.com/opt-out.

 

USE OF YANDEX.METRICA

This site uses Yandex.Metrica, a web-analysis and click-tracking service of the company Yandex, ООО "Яндекс" in Russia, 119021 Moscow, L. Tolstoj Street, 16. The information generated by this service about your use of our website (including your anonymous IP address) is transferred to a Yandex server in the Russian Federation and stored there.

Cookies may be used for this purpose, text files which are stored on your computer and which enable analysis of your use of the website.

Yandex will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Yandex may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Yandex's behalf. You can object to this form of data collection and storage at any time with effect for the future.

Outbrain

As part of our legitimate interest in optimizing our website, we use the services of Outbrain UK Limited, 5 New Bridge Street, London. Through a widget on some of our websites, website users are directed to additional content within our website and to third-party websites that may be of interest to them. The content displayed in the Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology.

These integrated reading recommendations are determined on the basis of the content previously accessed by the user. Outbrain uses cookies, which are stored on the user's device or browser, to display this interest-related additional content. Outbrain collects information on the device source, browser type, and the user's IP address, the last eight characters of which are deleted for anonymization purposes. Outbrain assigns what is known as a Universally Unique Identifier (UUID), which can identify the user by their device when they visit a website on which the Outbrain widget is implemented. Outbrain creates user profiles that aggregate user interactions (e.g. page views and clicks) from a browser or device to derive UUID preferences.

You may opt out of Outbrain's tracking of interest-based recommendations at any time by checking the “Opt Out” box under Outbrain's Privacy Policy (available at http://www.outbrain.com/de/legal/privacy). At this link, you will also find additional information on data privacy. Please note that the opt-out only applies to the device you are currently using and loses its validity if you delete your cookies.

Snapchat

On our website, we use a marketing tool of Snap Inc., 63 Market Street, Venice, CA 90291, USA ("Snapchat") (legal basis: Art. 6(1)(f) of the GDPR). This feature is used to show you interest-based ads (“Snapchat Ads”) when using the Snapchat instant messaging service. To do this, a “Pixel” from Snapchat has been implemented on this website. This Pixel is used to establish a direct connection to the Snapchat servers when visiting the website. The Snapchat server is notified that you have visited this website and Snapchat associates this information with your personal Snapchat account. We do not share any personal information about you, such as your email address, with Snapchat. For more information about how Snapchat collects and uses your information, and your rights and options for protecting your privacy, please see Snapchat's Privacy Policy.

LinkedIn Conversion Tracking

The BrandTrust website uses the analysis and conversion tracking technology of the LinkedIn platform. This LinkedIn technology allows you to see more relevant advertising based on your interests. In addition, UND GRETEL receives aggregated and anonymous reports from LinkedIn about ad activity and information about how you interact with the UND GRETEL site.

You may opt out of LinkedIn's analysis of your usage patterns and the display of interest-based recommendations. To do so, please click this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

PINTEREST TAG

On our website, we use what is known as a “Pinterest Tag”; this is used for the purpose of our legitimate interests in the analysis, optimization, and economic operation of our website.

With the help of the Pinterest tag, Pinterest is able to derive a target group for the presentation of ads (what are known as “Promoted Pins”) from visitors to our website.

Accordingly, we use the Pinterest Tag to display the Promoted Pins only to those Pinterest users who have shown an interest in our website. With the help of the Pinterest Tag, we also want to make sure that our Promoted Pins match the potential interest of the users and do not annoy them.

The processing of data by Pinterest is subject to Pinterest's Data Use Policy: https://policy.pinterest.com/de/ad-data-terms  

You can also opt-out of the use of cookies for audience measurement and advertising purposes by visiting the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) as well as the US-based website (http://www.aboutads.info/choices) or the Europe-based website (http://www.youronlinechoices.com/uk/your-ad-choices/)

In addition, you have the option of turning off behavioral advertising in the Pinterest settings (Edit settings >> Privacy and data >> Personalization).

 

DATA COLLECTION AND USE FOR CONTRACT PROCESSING AND WHEN OPENING A CUSTOMER ACCOUNT

If you order as a guest, we will store your data for the purpose of fulfilling the contract and delete it as soon as we are no longer legally obliged to store it, i.e. after completion of the contract and expiration of all tax and commercial storage obligations. Mandatory information (required for the processing of the contracts) is marked separately as such; entering any further information is voluntary. When you create a customer account, the data you enter there will be stored in such a way that it can be removed; you can always delete the account in the customer area.

As part of the ordering process and to create a customer account, we collect, process, store, and use the following personal data provided by you: salutation, name, billing address, delivery address, date of birth, email address, telephone number; depending on the type of payment method selected: bank details, credit card data (name of card-holder, credit card number, expiration date and card verification number).
For the purpose of delivering your order, we will pass on your name and delivery address to an authorized shipping company. To process the payment, we pass on the following data to the respective payment service provider:

• Paypal: customer ID in the shop, order number, name of the customer, address of the customer, total amount
• Ingenico ePayment: customer ID in the shop, order number, total amount

• Instant bank transfer: customer ID in the shop, order number, total amount
The legal basis for the collection, processing, and transmission of data for orders in the online shop is Art. 6(1)(1)(b) of the GDPR. The contract cannot be executed without the processing of the data marked as mandatory.


PRODUCT INFORMATION/EMAIL ADVERTISING

As our customer, if you have ordered our products before, you will regularly receive product information from us by email – regardless of whether you have subscribed to a newsletter. Our goal here is to send you information about products from our range that may interest you based on your recent purchases from us. If you no longer wish to receive product information or any (advertising) messages from us, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do this, simply send a message in written form (e.g. email, fax, letter) to the contact above. You will of course also find an unsubscribe link in every email from us.

The legal basis for this data processing is Art. 6(1)(1)(f) of the GDPR, as it is in our legitimate interest to provide specific information to existing customers.


SUBSCRIBE TO THE EMAIL NEWSLETTER

You can give your consent to subscribe to our newsletter, in which we keep you informed about our current interesting offers. For registration to our newsletter, we use what is known as a double-opt-in procedure. In other words, after you register, we will send you an email to the address you provided, in which you will be asked to confirm that you actually wish to receive the newsletter. In addition, we will store your IP address and the time of registration and confirmation. The purpose of this is to be able to prove that you have registered and, if necessary, to investigate any potential misuse of your personal data.

Only your email address is required in order for us to send the newsletter. The provision of further, separately marked data is voluntary and is used to address you more personally. After you submit your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis for this is Art. 6(1)(1)(a) of the GDPR. 4

You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter without incurring any costs other than the message transmission costs according to the basic rates. To do this, simply send a message of cancellation in written form (e.g. email, fax, letter) to the contact above. You will of course also find an unsubscribe link in every email from us.


DATA SECURITY

Your payment data is encrypted during the ordering process and transmitted over the Internet. We employ technical and organizational measures to secure our website and other systems against loss, destruction, access, modification, or distribution of your data by unauthorized persons. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.


YOUR RIGHTS

…to information (Art. 15 of the GDPR)
You have the right to receive information about whether we have processed any personal data about you (and, if so, exactly what data), free of charge and at any time.

…to correction (Art. 16 of the GDPR)
You have the right to demand at any time that we correct data we have stored about you.

...to deletion and limitation (Art. 17 and 18 of the GDPR)
You have the right to demand at any time that we delete data we have stored about you. We will then delete the data, unless we are entitled or obligated to store it for other reasons. Accordingly, you can demand that we limit the processing of your data.

…to portability (Art. 20 of the GDPR)
With regard to personal data which you have provided to us and which we have processed automatically on the basis of your consent, you may at any time request us to provide you with your relevant personal data. You can then transmit this data to other companies. Upon request – and if technically possible – we can also transfer the data directly to a specific company indicated by you.

…to object and to withdraw consent (Art. 21 and Art. 7(3) of the GDPR)
As we have already informed you, you can object to the use of your data for advertising purposes at any time. You can revoke your consent to the processing of your personal data at any time.

…to lodge a complaint (Art. 77 of the GDPR)
If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with the competent data protection authority.

...to exercise your rights
To exercise any of your rights or in case of questions regarding the collection, processing or use of your personal data, for information, correction, transfer or deletion of data and revocation of consent previously granted, contact us using the contact information above (by email, fax, or letter).

USE OF LIVEREACH (UGC)

1. Users of social media (“users”), in particular Instagram, regularly contact us in their own photo and video contributions (“content”). This happens e.g. by linking a photo or comment to our Instagram profile @und_gretel_cosmetics, or using one of our campaign hashtags, e.g. #undgretel.

2. Linked content includes products that we sell. In order to search for this relevant content and to make it usable for us, we use the software solution of the third-party provider “Livereach”, operated by Gorilla GmbH, Geisbergweg 8, 48143 Münster, Germany.

3. If Livereach has found a publicly available content that is relevant to us, we will contact the user who published the content. The user then has the opportunity to grant us the rights of use by agreeing to the conditions of participation.

4. Content to which we have been granted usage rights can then be shared by us in accordance with the terms of use on the internet (e.g. in our own web shop) and in print. Together with the content, personal data associated with the original content, such as the username / alias.

5. Livereach is used in our interest to advertise our brand and products. The lawfulness of the processing of personal data results from Art. 6 Para. 1 S. 1 lit. b, f GDPR

6. The data protection provisions of the third party provider Livereach can be viewed here.

7.We process your username / alias and other personal data from your public contribution in accordance with our privacy policy. You can use your right to information, as well as your right to deletion, correction and restriction of the processing of your personal data at any time by sending an e-mail to the following address: support@undgretel.com.

Here you can find out more about user-generated content and why we use it: (https://undgretel.com/pages/user-generated-content-ugc).


AMENDMENTS TO THE PRIVACY POLICY

It may occasionally become necessary for us to make amendments to this privacy policy, for example in the case of changes to our website or to the law. We therefore reserve the right to change the privacy policy at any time with effect for the future. We therefore recommend that you return to this privacy policy at regular intervals to check if any amendments have been made. This version of the privacy policy is current as of May 2018.