Data privacy
Thank you for your interest in our website. We take the protection of personal data and thus your privacy very seriously. It is therefore a matter of course for us to handle your personal data responsibly in compliance with the applicable statutory data protection regulations. In this privacy policy, we explain to you what data we collect when you use our website, as well as for what purposes and how we collect, process and use this data and what rights you are entitled to.
RESPONSIBLE PARTY
The responsible party for the operation of the website www.undgretel.com (including the integrated online shop) according to the terms of the GDPR, as well as provider in terms of the German Telemedia Act, is DRTJ Organic Cosmetics GmbH, Rosenstraße 19, 10178 Berlin, Germany, Phone: +49 (0)30-31196190, Fax: +49 (0)30-62939713,
E-Mail: info@undgretel.com
DRTJ Organic Cosmetics GmbH Managing director: Lars Börgel
If you have any questions about data privacy, please send us an email to this address: datenschutz@undgretel.com.
AUTOMATED DATA COLLECTION AND PROCESSING VIA WEB SERVER
It is generally possible for you to visit our website (including the integrated online shop) without providing any personal data yourself as long as you do not buy anything or register. When accessing individual web pages belonging to our website, however, the following data is automatically collected and processed by the server:
• Referrer (previously visited website)
• Requested website or file
• Browser type and browser version
• Operating system used
• Device used
• Time of access
• IP address (anonymized).
You are not recognizable to us as an identifiable, specific person on the basis of this data, which is automatically deleted 7 days after its collection. The data mentioned above will be processed by us for the following purposes: Ensuring smooth connection of the website, ensuring comfortable use of our website, evaluation of system security and stability and for other administrative purposes. The legal basis for data processing is Art. 6(1)(1)(f) of the GDPR. Our legitimate interest arises from the purposes listed above.
COOKIES
We use cookies on our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which we receive certain types of information. Cookies enable us to automatically recognize you the next time you visit our website. This helps us make our website more user-friendly and effective. These purposes represent a legitimate interest. We use two types of cookies: “session cookies” and “permanent cookies.” Session cookies are temporary cookies which are automatically deleted when the browser is closed. Permanent cookies are automatically deleted when their expiration date passes. The basis for processing is Art. 6(1)(f) of the GDPR.
You can of course also view our website without cookies. However, most browsers automatically accept cookies. You can prevent the storage of cookies or have your browser warn you before storing a cookie by setting your browser settings accordingly. You can also delete previously stored cookies from your computer. You can find more information about these functions via the help menu of your browser. However, you may experience limited or no use of some of our website features if you choose to disable the use of cookies. If you have accepted cookies in the past, but have since changed your mind, you have the option in your browser settings to delete your previous cookies and to object to future storage of cookies.
GOOGLE ANALYTICS
This website uses Google Analytics, a web analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses what are known as “cookies” (see explanation above under Section 3). The information generated by the cookie about your use of the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for the website operator and providing other services for the website operator relating to website activity and Internet usage. These purposes also include our legitimate interest in data processing in accordance with Art. 6(1)(f) of the GDPR.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. We would like to point out that, on this website, Google Analytics has been provided with the extension "anonymizeIp" in order to guarantee an anonymous collection of IP addresses. Your IP address transmitted by Google Analytics is not combined with other data from Google. The data sent and linked to cookies, user IDs or advertising IDs are automatically deleted after 14 months.
You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website to Google and the processing of this data by Google by downloading and installing the opt-out cookie (see http://tools.google.com/dlpage/gaoptout?hl=de) ). The opt-out cookie is allocated per browser and computer. This means that if you access this site with different browsers or devices, you will need to add separate opt-out cookies to each one.
KLAVIYO
If you register for our newsletter, we will use the data required for this or separately provided by you in order to regularly send you our e-mail newsletter based on your consent in accordance with Article 6 (1) sentence 1 lit. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to info@undgretel.com or via a link provided for this purpose in the newsletter. After you have unsubscribed, we will delete your e-mail address from the list of recipients, unless you have expressly consented to further use of your data in accordance with Article 6 Paragraph 1 Sentence 1 lit is permitted by law and about which we inform you in this statement. We would like to point out that we evaluate your user behavior when sending the newsletter. We also analyze how you use our newsletter by measuring, storing and evaluating opening rates and click rates for the purpose of designing future newsletter campaigns (“newsletter tracking”).
For this evaluation, the e-mails sent contain one-pixel technologies (e.g. so-called web beacons, tracking pixels), which are stored on our website. In particular, we link the following “newsletter data” for the evaluations:
The page from which the page was requested (so-called referrer URL), the date and time of the call, the description of the type of web browser used, the IP address of the requesting computer, the E-Mail adress, the date and time of registration and confirmation and the one-pixel technologies with your email address or your IP address and possibly a unique ID. Links contained in the newsletter may also contain this ID.
If you do not wish to receive newsletter tracking, you can unsubscribe from the newsletter at any time, as described above. The information will be stored for as long as you have subscribed to the newsletter.
If you have purchased goods and services from us, we are entitled to send you information about our own similar goods and services via the e-mail address provided during the purchase (§ 7 III UWG). You can object to this use of your e-mail address at any time as a whole or for individual measures, e.g. by e-mail (info@undgretel.com) without incurring any costs other than the transmission costs according to the basic tariffs.
The newsletter may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this data protection declaration.
USE OF HOTJAR
We use Hotjar, which is primarily a tracking-code-based web analysis tool from Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta. Hotjar is used to anonymously record interactions of randomly selected individual visitors to our website. This creates a log of information such as mouse movements and clicks, with the aim of identifying possibilities for improvement of our offer. In addition, Hotjar is used to evaluate information on the operating system, browser, incoming and outgoing references (links), geographical origin, as well as resolution and type of the terminal device accessing our website offer, for statistical purposes. We also offer the possibility of anonymous user feedback via Hotjar using what are known as “feedback pools.” The information collected is not associated with a specific person. It is stored by Hotjar Ltd. and is not shared with other third parties. Additional information on Hotjar functions and data usage can be found at: https://www.hotjar.com/privacy (see the “Passive Collection” category in particular).
If you do not want website analysis using Hotjar, you can deactivate it (opt out) on all Internet pages that use Hotjar by setting a DoNotTrack header in your browser. You will find more information on the following page:
https://www.hotjar.com/opt-out.
USE OF YANDEX.METRICA
This site uses Yandex.Metrica, a web-analysis and click-tracking service of the company Yandex, ООО "Яндекс" in Russia, 119021 Moscow, L. Tolstoj Street, 16. The information generated by this service about your use of our website (including your anonymous IP address) is transferred to a Yandex server in the Russian Federation and stored there.
Cookies may be used for this purpose, text files which are stored on your computer and which enable analysis of your use of the website.
Yandex will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Yandex may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Yandex's behalf. You can object to this form of data collection and storage at any time with effect for the future.
OUTBRAIN
As part of our legitimate interest in optimizing our website, we use the services of Outbrain UK Limited, 5 New Bridge Street, London. Through a widget on some of our websites, website users are directed to additional content within our website and to third-party websites that may be of interest to them. The content displayed in the Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology.
These integrated reading recommendations are determined on the basis of the content previously accessed by the user. Outbrain uses cookies, which are stored on the user's device or browser, to display this interest-related additional content. Outbrain collects information on the device source, browser type, and the user's IP address, the last eight characters of which are deleted for anonymization purposes. Outbrain assigns what is known as a Universally Unique Identifier (UUID), which can identify the user by their device when they visit a website on which the Outbrain widget is implemented. Outbrain creates user profiles that aggregate user interactions (e.g. page views and clicks) from a browser or device to derive UUID preferences.
You may opt out of Outbrain's tracking of interest-based recommendations at any time by checking the “Opt Out” box under Outbrain's Privacy Policy (available at http://www.outbrain.com/de/legal/privacy). At this link, you will also find additional information on data privacy. Please note that the opt-out only applies to the device you are currently using and loses its validity if you delete your cookies.
SPLICKY
Analysis and conversion tracking technology from the Splicky platform is used on our website. With the aforementioned technology from Splicky, it can be analyzed whether the user bought a product or looked at other products after clicking on the advertisement. UND GRETEL also receives an anonymous report of advertising activity and information about how you interact with the UND GRETEL website from Splicky. You can find more information about this here: https://www.slicky.com/de/web/privacy
TABOOLA
Our website uses retargeting technology from Taboola Inc., 16 Madison Square West, 7th floor, New York, NY 10010, USA ("Taboola"). Depending on their usage behavior, visitors to our website can therefore be directed to other own content or third-party content that may correspond to their areas of interest via banners. This content is displayed via a cookie for the analysis of previous usage without personal data being saved. For this purpose, a cookie is stored on your computer or mobile device in order to record anonymous data on your surfing behavior and to individualize the content. If the information collected and analyzed is of a personal nature, it will be processed in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interest in the display of personalized content and market research.
In order to generally deactivate the use of cookies on your device, you can configure your Internet browser so that future cookies can no longer be stored on your device or cookies that have already been saved are deleted. Deactivating all cookies can lead to some functions of our website being restricted. You can also permanently object to Taboola's use of cookies for advertising purposes by using the following opt-out cookie: https://www.taboola.com/privacy-policy#optout You can find more information on Taboola's data protection here: https: //www.taboola.com/privacy-policy As far as legally required, we have received your consent to the processing of your data as described above in accordance with the provisions of Article 6 Paragraph 1 Letter a of the GDPR. You can revoke your consent at any time with effect for the future. Follow the procedure described above to exercise your right of withdrawal.
PINTEREST TAG
On our website, we use what is known as a “Pinterest Tag”; this is used for the purpose of our legitimate interests in the analysis, optimization, and economic operation of our website.
With the help of the Pinterest tag, Pinterest is able to derive a target group for the presentation of ads (what are known as “Promoted Pins”) from visitors to our website.
Accordingly, we use the Pinterest Tag to display the Promoted Pins only to those Pinterest users who have shown an interest in our website. With the help of the Pinterest Tag, we also want to make sure that our Promoted Pins match the potential interest of the users and do not annoy them.
The processing of data by Pinterest is subject to Pinterest's Data Use Policy: https://policy.pinterest.com/de/ad-data-terms
You can also opt-out of the use of cookies for audience measurement and advertising purposes by visiting the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) as well as the US-based website (http://www.aboutads.info/choices) or the Europe-based website (http://www.youronlinechoices.com/uk/your-ad-choices/)
In addition, you have the option of turning off behavioral advertising in the Pinterest settings (Edit settings >> Privacy and data >> Personalization).
LIVEREACH (UGC)
1. Social media users (“Users”), particularly Instagram, regularly engage with us in their own photo and video posts (“Content”). This is done, for example, by linking a photo or comment to our Instagram profile @und_gretel_cosmetics, or using one of our campaign hashtags, e.g. #undgretel.
2. Linked content includes products sold by us. In order to search for this relevant content and make it usable for us, we use the third-party software solution "Livereach", operated by Gorilla GmbH, Geisbergweg 8, 48143 Münster.
3. When Livereach finds publicly available content that is relevant to us, we contact the user who posted the content. The user then has the option of granting us the rights of use by agreeing to the conditions of participation.
4. Content to which we have been granted rights of use can then be shared by us in accordance with the terms of use on the Internet (e.g. in our own web shop) and print. Along with the content, personal information associated with the original content, such as username/alias, may then also be shared.
5. Livereach is used in our interest to promote our brand and products. The legality of the processing of personal data results from Art. 6 Para. 1 S. 1 lit. b, f DSGVO
6. The privacy policy of the third party Livereach can be viewed here.
7. We process your username/alias and other personal data from your public contribution in accordance with our data protection declaration. You can exercise your right to information, as well as your right to deletion, correction, restriction of processing of your personal data at any time by sending an email to the following address: support@undgretel.com.
Here you can find out more about user-generated content and why we use it: (https://undgretel.com/pages/user-generated-content-ugc).
LOYALTY LION
This website uses Loyalty Lion. This is a loyalty program that allows our customers to earn loyalty points to redeem for rewards. Loyalty Lion is located at 26 Hatton Garden, London, EC1N 8BR. For more information on how Loyalty Lion handles user data, visit: https://loyaltylion.com/privacy
DATA COLLECTION AND USE FOR CONTRACT PROCESSING AND WHEN OPENING A CUSTOMER ACCOUNT
If you order as a guest, we will store your data for the purpose of fulfilling the contract and delete it as soon as we are no longer legally obliged to store it, i.e. after completion of the contract and expiration of all tax and commercial storage obligations. Mandatory information (required for the processing of the contracts) is marked separately as such; entering any further information is voluntary. When you create a customer account, the data you enter there will be stored in such a way that it can be removed; you can always delete the account in the customer area.
As part of the ordering process and to create a customer account, we collect, process, store, and use the following personal data provided by you: salutation, name, billing address, delivery address, date of birth, email address, telephone number; depending on the type of payment method selected: bank details, credit card data (name of card-holder, credit card number, expiration date and card verification number).
For the purpose of delivering your order, we will pass on your name and delivery address to an authorized shipping company. To process the payment, we pass on the following data to the respective payment service provider:
• Paypal: customer ID in the shop, order number, name of the customer, address of the customer, total amount
• Ingenico ePayment: customer ID in the shop, order number, total amount
• Instant bank transfer: customer ID in the shop, order number, total amount
The legal basis for the collection, processing, and transmission of data for orders in the online shop is Art. 6(1)(1)(b) of the GDPR. The contract cannot be executed without the processing of the data marked as mandatory.
PRODUCT INFORMATION/EMAIL ADVERTISING
As our customer, if you have ordered our products before, you will regularly receive product information from us by email – regardless of whether you have subscribed to a newsletter. Our goal here is to send you information about products from our range that may interest you based on your recent purchases from us. If you no longer wish to receive product information or any (advertising) messages from us, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do this, simply send a message in written form (e.g. email, fax, letter) to the contact above. You will of course also find an unsubscribe link in every email from us.
The legal basis for this data processing is Art. 6(1)(1)(f) of the GDPR, as it is in our legitimate interest to provide specific information to existing customers.
SUBSCRIBE TO THE EMAIL NEWSLETTER
You can give your consent to subscribe to our newsletter, in which we keep you informed about our current interesting offers. For registration to our newsletter, we use what is known as a double-opt-in procedure. In other words, after you register, we will send you an email to the address you provided, in which you will be asked to confirm that you actually wish to receive the newsletter. In addition, we will store your IP address and the time of registration and confirmation. The purpose of this is to be able to prove that you have registered and, if necessary, to investigate any potential misuse of your personal data.
Only your email address is required in order for us to send the newsletter. The provision of further, separately marked data is voluntary and is used to address you more personally. After you submit your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis for this is Art. 6(1)(1)(a) of the GDPR. 4
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter without incurring any costs other than the message transmission costs according to the basic rates. To do this, simply send a message of cancellation in written form (e.g. email, fax, letter) to the contact above. You will of course also find an unsubscribe link in every email from us.
DATA SECURITY
Your payment data is encrypted during the ordering process and transmitted over the Internet. We employ technical and organizational measures to secure our website and other systems against loss, destruction, access, modification, or distribution of your data by unauthorized persons. You should always keep your access information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.
YOUR RIGHTS
…to information (Art. 15 of the GDPR)
You have the right to receive information about whether we have processed any personal data about you (and, if so, exactly what data), free of charge and at any time.
…to correction (Art. 16 of the GDPR)
You have the right to demand at any time that we correct data we have stored about you.
...to deletion and limitation (Art. 17 and 18 of the GDPR)
You have the right to demand at any time that we delete data we have stored about you. We will then delete the data, unless we are entitled or obligated to store it for other reasons. Accordingly, you can demand that we limit the processing of your data.
…to portability (Art. 20 of the GDPR)
With regard to personal data which you have provided to us and which we have processed automatically on the basis of your consent, you may at any time request us to provide you with your relevant personal data. You can then transmit this data to other companies. Upon request – and if technically possible – we can also transfer the data directly to a specific company indicated by you.
…to object and to withdraw consent (Art. 21 and Art. 7(3) of the GDPR)
As we have already informed you, you can object to the use of your data for advertising purposes at any time. You can revoke your consent to the processing of your personal data at any time.
…to lodge a complaint (Art. 77 of the GDPR)
If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with the competent data protection authority.
...to exercise your rights
To exercise any of your rights or in case of questions regarding the collection, processing or use of your personal data, for information, correction, transfer or deletion of data and revocation of consent previously granted, contact us using the contact information above (by email, fax, or letter).
AMENDMENTS TO THE PRIVACY POLICY
It may occasionally become necessary for us to make amendments to this privacy policy, for example in the case of changes to our website or to the law. We therefore reserve the right to change the privacy policy at any time with effect for the future. We therefore recommend that you return to this privacy policy at regular intervals to check if any amendments have been made. This version of the privacy policy is current as of January 2023.