The protection of your privacy is very important to us. We attach great importance to the protection of your personal data. The following information gives you an overview of how we process your personal data (hereinafter referred to as "data") when you visit our website, use our online shop, contact us or apply for a job with us. We inform you about what data we collect from you and how we use it. We will also inform you of your rights under applicable data protection law and tell you who you can contact if you have any questions.
- Who is responsible for data processing?
Responsible for the processing of your personal data within the scope of our online presence under the domain www.nepenthes.eco (hereinafter also referred to as "website") or when using our online shop provided under this domain and/or contacting us is
Merseburger Strasse 10
E-mail address: [email protected]
- What data do we process from you and for what purpose?
2.1 Visit our website
Our website collects a series of general data and information with every call. This general data and information is stored in the server's log files. In the case of merely informative use of our website,
i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server. In particular, this can be the following data:
a. browser types and versions used by the accessing system;
b. the operating system used by the accessing system;
c. the website from which an accessing system arrives at our website (so-called "referrer");
d. the sub-websites that are accessed via an accessing system on our website;
e. the date and time of an access to our website;
f. an internet protocol (IP) address;
h. the Internet service provider of the accessing system and
i. other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programmes or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective. Specific information on cookies is listed in section 3.1.
When using the general data collected when visiting our website, no conclusions are drawn about you as a data subject. Rather, this data is required in order to
a. to deliver the contents of our website correctly,
b. optimise the content of our website and the advertising for it,
c. to ensure the permanent functionality of our information technology systems and the technology of our website, and
d. provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.
Therefore, the data and information collected anonymously will be used for statistical purposes only and for the purpose of increasing the data protection and data security of our enterprise so as to ensure an optimal level of protection for the personal data we process.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f) DSGVO (balancing of interests), based on our interest in properly operating and optimising the website and ensuring the security of our IT systems.
If you contact us (e.g. by e-mail, contact form), your transmitted data (in particular name, contact and address data, if provided by you) and your message will be processed exclusively for the purpose of handling and processing your enquiry.
The legal basis for this data processing is Art. 6 (1) sentence 1 lit. b) DSGVO, because it is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that take place at the request of the data subject. Another legal basis is Art. 6 para. 1 p. 1 lit. f) DSGVO (balancing of interests) based on our interest in processing your request.
If you contact us by e-mail or via a contact form for application purposes, the personal data you provide to us on a voluntary basis will automatically be stored for the purpose of further processing. The application documents will not be passed on to third parties.
2.3 Use of our online shop, newsletter etc.
You have the option of using our online shop on our website and subscribing to our newsletter. In these cases, your inventory data and your usage data are stored. The inventory data collected is determined by the input form used for the respective action. In particular, the following inventory and usage data may be collected:
a. Data that you provide when ordering (including title, first name, surname, e-mail address, company affiliation, customer number if applicable);
b. Data about your orders placed in the online shop (including goods or, if applicable, services, price, discount amount, place and time of the transaction);
c. Data required for the purchase or delivery of goods or services purchased in the online shop (e.g. different billing address, delivery address, mobile phone number);
d. Data for payment processing (credit card data, account data if applicable, payment service provider if applicable);
e. Data on your shipping settings;
f. Data we receive when redeeming vouchers or coupons and activating credit (redeemed vouchers and coupons, date and place of redemption);
g. Data you generate when you add products to your shopping basket, add them to your shopping list or add them to your favourites;
h. Data about your location (if you have allowed the collection of location data in your device settings);
i. Data that you provide to us when ordering our newsletter (including e-mail address, title, first name, last name, postcode);
j. Data that we need to prove that you have consented to receive our newsletter (IP address and time stamp of the newsletter order and of the click on the link in the confirmation email, declarations of consent given);
k. Data we receive when you read our newsletter or product recommendations sent by e-mail (opening of the e-mail, clicks on links contained in the e-mail, data of the terminal device used, data on the location based on the IP address, accessibility of the e-mail address, execution of a purchase in the online shop or an action on the website after clicking on an offer);
l. Data that we generate based on the evaluation of your data (customer segments, presumed product preferences).
If data to be entered when placing an order is marked as "mandatory data" in the corresponding form, you must provide us with this data in order to be able to send the order. Failure to provide the "mandatory data" would result in us not being able to enter into a contractual relationship with you. Otherwise, the provision of the data is not required by law or contract and is not necessary for the conclusion of a contract.
We process the aforementioned data - only to the extent that it actually accrues to us, for example when placing an order in the online shop - for the following purposes:
2.3.1 Processing of orders in the online shop
If you place orders in our online shop, we process your data for the processing of your orders. This includes the delivery of goods, processing of payments, granting of discounts if applicable, claiming of vouchers if applicable and processing of returns and claims for defects. We use your telephone number to be able to contact you by telephone in the event of problems with the processing of the contract or delivery. We pass on your data to third parties (service providers commissioned by us) insofar as this is necessary for payment processing or delivery.
The legal basis for this data processing is Art. 6 (1) sentence 1 lit. b) DSGVO, because this is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures.
2.3.2 Credit check
When selecting a payment method that is associated with a financial default risk (invoice, direct debit), we may obtain a credit check based on mathematical-statistical methods from credit agencies such as SCHUFA Holding AG, 65201 Wiesbaden, in order to protect our legitimate interests. For this purpose, we transmit the data required for a credit check (for private customers: Name, address, date of birth; for business customers: Company, address, commercial register number) to the credit agency and use the information received on the statistical probability of a payment default for a weighed decision on the establishment, implementation or termination of the contractual relationship. The creditworthiness information may contain probability values (score values) which are calculated on the basis of scientifically recognised mathematical-statistical procedures and in the calculation of which, among other things, address data are included. Your interests worthy of protection are taken into account in accordance with the legal provisions.
The legal basis for this data processing is Art. 6 (1) sentence 1 lit. f) DSGVO (balancing of interests), based on our interest in preventing payment defaults in the case of potentially insecure payment methods.
2.3.3 Fraud prevention
In order to prevent fraud, we may check the correctness and deliverability of address data via postal service providers and, in the case of atypical order transactions (e.g. dispatch to a previously unused delivery address, simultaneous ordering of a large number of goods/services), restrict the payment methods available or refuse to conclude a purchase contract.
The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f) DSGVO (balancing of interests), based on our interest in preventing fraud.
2.3.4 Satisfaction surveys
We process your data to invite you to satisfaction surveys, e.g. following an order.
The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f) DSGVO (balancing of interests), based on our interest in optimising our range of services or our performance of services.
2.3.5 Sending direct advertising by e-mail
We use the e-mail address you provide in connection with an order in our online shop for direct advertising for our own similar offers. You will receive these product recommendations regardless of whether you have subscribed to our newsletter. In this way, we want to send you information about goods and services from our range that may be of interest to you based on the orders you have placed in our online shop to date.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO (balancing of interests), based on our interest in advertising related products and services by way of direct advertising, as well as Section 7 para. 3 UWG.
You can object to the processing of your data for the purpose of direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, simply use the unsubscribe link at the end of each corresponding email. Of course, an informal message to the contact details mentioned under point 1. is also sufficient.
On our website you have the possibility to register for our newsletter. The newsletter informs you about current offers from us. The use of the data for sending the newsletter only takes place if you have clicked on the link in the confirmation e-mail that you receive after registering for the newsletter (double-opt-in procedure) and have thus consented to this use. You are not obliged to give such consent, and failure to give such consent does not affect the use of our services or offers in other respects.
Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. By means of the embedded tracking pixel, we can see whether and when an email has been opened by you and which links in the email have been called up by you. Such data collected via the tracking pixel contained in the newsletters is stored and evaluated by us in order to optimise the newsletter dispatch and to better adapt the content of future newsletters to your interests. This data will not be passed on to third parties. After a revocation, this personal data will be deleted by us.
The legal basis for this data processing is Art. 6 para. 1 lit. a) DSGVO, namely your consent.
You can revoke this consent at any time. Simply use the unsubscribe link at the end of each newsletter. Of course, an informal message to the contact details mentioned under point 1. is also sufficient. Unsubscribing from the newsletter will automatically be interpreted as a revocation.
- What analytics and social media tools do we use and how do they work?
We use "cookies". Cookies are text files that are placed and stored on a computer system via an internet browser.
This website uses the following types of cookies, the scope and functionality of which are explained below:
3.1.1 Necessary cookies
Necessary cookies and technologies are required for our website to function properly so that you can use the most important functions and navigate the website without any problems. These technologies and cookies cannot be disabled.
3.1.2 Non-essential cookies (comfort cookies)
Non-essential cookies and technologies (convenience cookies) enable improved functionality and personalisation and we can use analytics tools to improve our website for you. This means that our website or the services on our website may not function properly if they are disabled.
You can prevent the setting of non-essential cookies or technologies by our website at any time by means of a corresponding setting of the Internet browser used (in the "Privacy overview" pop-up) and thus permanently object to the setting of cookies.
3.2 Google Analytics (with anonymisation function)
We have integrated the Google Analytics component (with anonymisation function) on our website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data on the website from which a data subject has accessed a website (so-called referrers), which sub-pages of the website have been accessed or how often and for how long a sub-page has been viewed. A web analysis is mainly used to optimise a website and to analyse the costs and benefits of internet advertising.
The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
We use the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this add-on, the IP address of the internet connection of the person concerned is shortened and anonymised by Google if access to our internet pages takes place from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.
Google Analytics sets a non-essential cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. Each time one of the individual pages of this website operated by the data controller is called up and on which a Google Analytics component has been integrated, the internet browser on the data subject's information technology system is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission calculations.
By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
You can prevent the setting of non-essential cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your information technology system. In addition, you can delete a cookie already set by Google Analytics at any time via your internet browser or other software programs.
3.3 Instagram components
We have integrated components of the Instagram service on our website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data in other social networks.
The operator of the Instagram services is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
Each time you call up one of the individual pages of our website on which an Instagram component (Insta button) has been integrated, the internet browser on your information technology system is automatically prompted by the respective Instagram component to download a representation of the corresponding component from Instagram. As part of this technical process, Instagram receives information about which specific subpage of our website you are visiting.
If you are logged in to Instagram at the same time, Instagram recognises which specific subpage you are visiting each time you visit our website and for the entire duration of your respective stay on our website. This information is collected by the Instagram component and assigned by Instagram to your Instagram account (if any). If you click on one of the Instagram buttons integrated on our website, the data and information thus transmitted will be assigned to your personal Instagram user account, if any, and stored and processed by Instagram.
Instagram always receives information via the Instagram component that you are visiting our website if you are logged into Instagram at the same time as calling up our website; this takes place regardless of whether you click on the Instagram component or not. If you do not want this information to be transmitted to Instagram, you can prevent the transmission by logging out of your Instagram account before accessing our website.
3.4 LinkedIn components
We have integrated components of the LinkedIn Corporation on our website. LinkedIn is an internet- based social network that allows users to connect with existing business contacts and make new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.
With each individual call-up of our website that is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser you are using to download a corresponding representation of the component from LinkedIn. Further information on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. Within the scope of this technical procedure, LinkedIn receives information about which specific sub-page of our website is visited by you. If you are logged in to LinkedIn at the same time, LinkedIn recognises which specific sub-page of our website you are visiting each time you call up our website and for the entire duration of your respective stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to your LinkedIn account (if any). If you click on a LinkedIn button integrated on our website, LinkedIn assigns this information to your personal LinkedIn user account and stores this personal data.
LinkedIn always receives information via the LinkedIn component that you have visited our website if you are logged into LinkedIn at the same time as calling up our website; this takes place regardless of whether you click on the LinkedIn component or not. If you do not want this information to be transmitted to LinkedIn, you can prevent the transmission by logging out of your LinkedIn account before accessing our website.
3.5 YouTube components
We have integrated YouTube components on our website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, but also music videos, trailers or videos made by users themselves can be accessed via the internet portal.
The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
Each time you call up one of the individual pages of our website on which a
YouTube component (YouTube video) has been integrated, the internet browser on your information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical procedure, YouTube and Google receive information about which specific sub-page of our website is visited by you.
If you are logged in to YouTube at the same time, YouTube recognises which specific subpage of our website you are visiting when you call up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account (if any).
YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged into YouTube at the same time as calling up our website; this takes place regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent it from being transmitted by logging out of your YouTube account before accessing our website. The
data protection provisions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing and use of personal data by YouTube and Google.
3.6 Legal basis for the use of the analysis and social media tools
The legal basis for the data processing described in section 3 (analysis and social media tools) is Art. 6 para. 1 p. 1 lit. f) DSGVO (balancing of interests), based on our interest in measuring and analysing the use of our website.
- Which recipients might receive personal data from us?
We only grant access to your data to persons who need it to perform the tasks assigned to them. Outside of this, the following recipients or categories of recipients could receive personal data insofar as this is necessary for the execution of the respective service:
the providers of the analytics and social media tools listed in section 3; Hosting service provider for the operation of our servers;
Development service provider for programming, development, maintenance and support of software applications;
Postal service provider for the verification, correction or completion of address data; Credit agencies for carrying out credit checks;
Payment service providers and banks for the processing of payments; Collection agencies and law firms for the assertion of claims;
E-mail dispatch service provider for sending e-mails in connection with an order from our online shop;
Service provider for the provision of logistics services; Parcel delivery service provider for the delivery of orders;
Cooperation partner for the delivery of orders via a marketplace; Call centre service provider for customer service;
Email marketing service provider for sending newsletters;
other service providers who support us in the fulfilment of our tasks.
In the event of a suspected criminal offence, we may pass on your data to law enforcement agencies (police, public prosecutor's office).
- Is data processed outside the European Union?
Data transfers to countries in which an adequate level of data protection does not exist by law ("third countries") occur in the context of the use of analysis and social media tools, the details of which are described in more detail in section 3, as well as the use of email marketing service providers for sending newsletters. This only takes place insofar as the transfer is permissible in principle and the special requirements for a transfer to a third country exist, in particular the party processing the data there guarantees an appropriate level of data protection in accordance with the EU standard contractual clauses for the transfer of personal data to data processors in third countries.
The EU standard contractual clauses are available at: http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF
Furthermore, we only use service providers and servers located in the European Union to process your data.
- How long will the data be stored?
We only store data that we process exclusively on the basis of your consent for as long as the consent you have given us has not been revoked by you.
Otherwise, we process and store your personal data only for the period of time required to fulfil the purpose of the processing or storage or if this has been provided for in laws or regulations. After the purpose is no longer applicable or fulfilled, your personal data will be deleted or blocked, insofar as legal, statutory or contractual retention periods prevent the deletion. In the case of blocking, deletion will take place as soon as legal, statutory or contractual retention periods do not (or no longer) conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.
- What rights do you have?
You can request information about your personal data processed by us. With regard to the details, we refer to Art. 15 DSGVO.
If your information is not (or no longer) correct, you can request that your data be corrected. If your data is incomplete, you can request that it be completed. With regard to the details, we refer to Art. 16 DSGVO.
You have the right to request the deletion of your data. Please note that a claim for deletion depends on the existence of a legitimate reason. In addition, there must be no regulations that oblige us to retain your data. With regard to the details, we refer to Art. 17 DSGVO.
7.4 Restriction of processing
You have the right to request the restriction of the processing of your data. Please note that a claim to restriction of processing depends on the existence of a legitimate ground. With regard to the details, we refer to Art. 18 DSGVO.
You have the right to object to the processing of your data on grounds relating to your particular situation. In the event of a justified objection, we will no longer process your data. With regard to the details, we refer to Art. 21 DSGVO.
7.6 Objection to the processing of your data for direct marketing purposes
You have the right to object to the processing of your data for direct marketing purposes at any time. You can send your objection form-free to us, preferably to the contact details listed under point 1, stating the keyword "Objection to the processing of my personal data for advertising purposes". With regard to the details, we refer to Art. 21 DSGVO.
7.7 Right of appeal
You are entitled to lodge a complaint with a data protection supervisory authority if you do not agree with the processing of your data. With regard to the details, we refer to Art. 77 DSGVO.
7.8 Data portability
You have the right to receive personal data that you have provided to us in an electronic format. With regard to the details, we refer to Art. 20 DSGVO.
7.9 Revocation of your consent
You have the right to revoke your consent to the processing of your data, which you have given to us, at any time. This also applies to the revocation of declarations of consent that you gave to us before the General Data Protection Regulation came into force, i.e. before 25 May 2018. The easiest way to revoke consent you have given is to send an email to the contact details mentioned in section1. The revocation of consent does not affect the lawfulness of the processing of your data carried out until the revocation. With regard to the details, we refer to Art. 7 DSGVO.