Data privacy
Data privacy policy Vita 34
In the following, we would like to inform you about the collection of personal data when you use our website and establish contact via the contact form, by e-mail or telephone. Personal data are all such data that refer to you in person, e.g. name, address, e-mail addresses, and user behavior.
I. Name and contact details of controller and data protection officer
1. Controller pursuant to article 4, section 7 of the General Data Privacy Regulation (GDPR) is Vita 34 AG, Deutscher Platz 5, D-04103 Leipzig; telephone: +49 (0)341 48792-0, fax: +49 (0)341 48792-20, e-mail: info@vita34.de (see our imprint).
2. Our data protection officer is available for contact by telephone at +49 (0)341 48792-96 or by e-mail to: datenschutz@vita34.de or by mail to our address, adding “Der Datenschutzbeauftragte” (data protection officer).
II. General information on the collection, transfer, and maximum storage time of personal data
1. We process your personal data in compliance with the provisions as specified in the EU GDPR, the Federal Data Protection Act (BDSGneu) and all other applicable laws (e.g. German Broadcast Media Act).
2. First and foremost, data processing serves to establish and fulfil a contractual relationship with you. When you contact us by e-mail, via a contact form or by telephone, the data you provide us with (your e-mail address, your name, your address, your phone number, and, if available, your calculated date of delivery) will be stored to answer your questions. The prior legal basis for this is article 6, section 1b) GDPR. In addition, your separate consent pursuant to article 6, section 1a GDPR may be obtained, if necessary, to comply with the requirements under data privacy law.
The data obtained in this connection will be deleted, when their storage is not required anymore or restrict their processing, if record retention periods are required by law.
3. If we resort to commissioned service providers to fulfil individual functions of our offered services or want to use your data for commercial purposes, we will inform you about the respective procedures as specified below, also indicating the criteria defined for the maximum storage time.
4. Your personal data will not be passed onto third parties for other than the purposes given below. We pass your data onto third parties only, if you gave your express consent to such pursuant to article 6, section 1, clause a) GDPR, transmission is required to pursue, exercise, or defend legitimate interests pursuant to article 6, section 1, clause f) GDPR and there is no reason to assume that you have a predominantly legitimate interest in not passing your data on, in case the transmission is necessary to comply with a legal obligation pursuant to article 6, section 1, clause c) GDPR as permitted by law and if necessary to perform a contract with you pursuant to article 6, section 1, clause b) GDPR. We do not intend to pass your data onto a recipient in a third country (non-member state of EU/EEA) or an international organization.
5. We will delete your personal data, when they are not needed anymore for the intended purposes. After termination of the contract, your personal data will be stored for the period stipulated by law. This follows regularly from legal obligations to produce supporting documents and obligations to retain data specified in the German Commercial Code or the German Medicinal Products Act and other documents. Accordingly, the storage periods are up to ten years for accounting data and up to 30 years for data concerning medical findings. Personal data may be furthermore stored for the period, in which claims against us can be asserted.
III. Collection of personal data on our website
1. Our website
1.1 When you use the website for information purposes only, i.e. you do not register or submit information otherwise, we collect only those personal data that your browser transmits to our server. When you want to view our website, we collect data that are technically necessary for us to show you the website and to ensure its stability and safety. The data are also stored in the system log files. Such data will not be stored together with other personal user data. Such data include the IP address, date and time of inquiry, time zone difference to Greenwich Mean Time (GMT), content of inquiry (specific page), access status/http status code, respectively transmitted data amount, website of inquiry, browser, operating system and its surface and language as well as version of browser software.
1.2 The legal basis of storing the data and log files temporarily is article 6, section 1, clause f) GDPR.
1.3 The system needs to store the IP address temporarily to enable the delivery of the website to your browser. For this purpose, your IP address must remain stored until the end of the session. It is stored in log files to ensure that the website operates correctly. Furthermore, the data serve to optimize the website and to ensure the safety of our IT systems. These aims constitute our legitimate interest in data processing pursuant to article 6, section 1, clause f) GDPR. The data will not be analyzed for marketing purposes in this connection.
1.4 The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. In the case of collecting the data to provide the website, this is when the respective session has ended. Log files will be deleted within seven days after you accessed the website.
1.5 Collecting data when you visit the website and storing the data in log files is compulsory to operate the website. You have therefore no right to object whatsoever.
Among other data, the following will be collected: name of website, file, date, amount of data, web browser, and version of web browser, operating system, domain name of your internet provider, the so-called referrer URL (the site from which you accessed our website), and the IP address.
Without these data, it would be technically impossible to some extent to provide and represent the website contents. Therefore, collecting data is compulsory. Furthermore, we use the anonymous information for statistical purposes. They help us to optimize our offer and our technology. In addition, we reserve the right to check the log files retroactively, if we suspect that our offer was used unlawfully.
2. Use of cookies
2.1 When you use our website, cookies will be stored on your computer system. Cookies are text files stored on the internet browser or by the internet browser on your computer system. When you access a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters, allowing for distinct identification of the browser when you access the website again.
This website uses the following types of cookies, the scope and function of which will be explained in the following:
- Transient cookies (temporary use)
- Persistent cookies (unlimited use)
- Third-party cookies (by third-party providers according to separate information).
2.3 Transient cookies will be deleted automatically, when you close the browser. They are usually session cookies, which store a so-called session ID in order to assign different inquiries from your browser to the joint session. Thereby, your computer can be recognized, when you return to our website. Session cookies will be deleted, when you log off or exit the browser. The legal basis of processing personal data applying transient cookies is article 6, section 1, clause f) GDPR. The purpose of applying cookies is to make using the website easier for you. Some of the website functions cannot be provided without applying cookies. They require recognition of the browser after you switched pages. These aims constitute our legitimate interest in processing personal data pursuant to article 6, section 1, clause f) GDPR.
2.4 We use persistent cookies exclusively in connection with the web analysis services we apply and only as long as the purpose requires; their lifetime is two years maximum. You can delete the cookies at any time in the safety settings of your browser. In that case, functions and user-friendliness of the website may be limited. The legal basis of processing personal data applying persistent cookies is article 6, section 1, clause f) GDPR. Analysis cookies are used to improve the quality of our website and its contents. Analysis cookies provide us with information on how the website is used and thus help us in optimizing our offer. These aims constitute our legitimate interest in processing personal data pursuant to article 6, section 1, clause f) GDPR.
2.5 Cookies, which are not technically required to provide our service, are set only with your consent, which you may withdraw at any time. You agree to the use of cookies by continuing to use the website and the respective setting in the browser settings enabled within the bounds of this data privacy statement. You can give us your consent by setting your browser accordingly, e.g. by defining that you will be informed about cookies being set and them being accepted only after you expressly agreed. You can also define that cookies will be accepted in certain cases or in general. You can configure your browser settings accordingly at your own options and e.g. control the acceptance or rejection of third-party cookies or all cookies. Please note though that you may then not be able to use all functions of this website. The legal basis of processing personal data applying cookies for analysis purposes is article 6, section 1, clause a) GDPR, if the user gives his or her consent.
3. Other functions and offers of our website
3.1 In addition to the merely informational use of our website, we offer various services you can use, if you want to. For this purpose, you usually have to enter further personal data, which we use to provide the respective service and to which the principles of data processing as given above apply.
3.2 To some extent, we resort to third-party service providers to process your data. We chose and assigned them carefully, they are bound by our instructions and will be inspected regularly.
3.3 We may furthermore pass your personal data onto third parties, when we offer the participation in sales campaigns, competitions, conclusions of contracts, or similar services in collaboration with partners. You will be provided with further information in this regard, when you indicate your personal data or below in the description of the respective service.
3.4 If our service providers or partners are officially registered in a country outside the European Economic Area (EEA), we will inform you about the consequences of this fact in the description of the respective service.
4. Use of contact forms
4.1 We will collect further personal data only, if you provide them of your own accord in our contact forms. In that case, we will collect the information provided in the course of establishing contact. These are in particular names and submitted contact details, date and occasion of contacting. We will use your collected personal data only to the purpose of providing you with the requested products or services (legal basis article 6, section 1 b) GDPR) or to other purposes, to which you gave your consent (legal basis article 6, section 1 a) GDPR) and which are described in the present data privacy statement. You may give your consent, e.g. to set cookies by third parties or to web tracking by those, in the corresponding technical browser settings. You have the possibility to withdraw your consent to the processing of personal data at any time.
4.2 The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. With regard to the personal data from the input mask of the contact form, this is the case, when the respective conversation with you has ended. The conversation has ended, when we can assume from the circumstances that the concerned issue has been settled finally. If the provided data are subject to obligations to retain data under tax or commercial law, they will be stored for the defined time of retention of ten years and deleted afterwards, unless you agreed to storage exceeding such time.
5. Integration of social media plug-ins
5.1 At present, we integrate the following social media plug-ins: Facebook, Xing, LinkedIn. The social networks are operated exclusively by third parties, some of whom are officially registered outside the EU or the EEA – the data privacy level pursuant to§§ 4b, 4c BDSG may therefore possibly be inadequate. The browser plug-ins and links are identified by means of icons or other references on our website. When you visit websites containing such browser plug-ins, a connection between your device (browser) and the servers of the respective social network is established automatically, thus passing the information that you visited our website onto the social network. The visit to our website will then, if you are logged into your personal user account in the social network or log in during your visit to our website, be assigned to your account. Interacting with browser plug-ins or links, e.g. by pressing a “Like” button or leaving a comment, transmits the information to the respective social network, where they are saved. You can prevent the assignment of data to your account on the one hand by logging out of your account (in the respective social network) before you visit our website. On the other hand, you can prevent the respective plug-ins from being loaded at all by applying a browser add-on, e.g. by implementing the script blocker “NoScript” (http://noscript.net/).
5.2 For the purpose and scope of data collection by social networks as well as the further processing and use of such data and your rights in this regards as well as setting options to protect your privacy, please refer to the respective data privacy statements of the providers:
Facebook: https://www.facebook.com/policy.php
Facebook Inc., 1601 Willow Road, Nelo Park, CA 94025, USA
XING: https://www.xing.com/privacy
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland
LinkedIn: https://www.linkedin.com/legal/privacy-policy
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
5.3 On our website, we also use the “visitor action pixel” by
Facebook Inc.
1601 S. California Ave,
Palo Alto, CA 94304, USA
(“Facebook”)
This way, the user behavior is tracked, when users were forwarded to the website of the provider after clicking a Facebook ad. This method serves to analyze the effectiveness of Facebook ads for statistical and marketing purposes and may help to optimize future advertisement campaigns.
The data collected are anonymous to us and do not provide us with any reference to the user identity. However, the data are stored and processed by Facebook, so that the association to the respective user profile is possible and Facebook can use the data for its own marketing purposes in accordance with the Facebook data usage policy. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
Consent to the implementation of the visitor action pixel may be declared only by users older than 13 years. If you are younger, please ask your parents or legal guardian for permission. Click here to withdraw your consent.
6. Integration of Google Maps
6.1 On our website, we use Google Maps, a service offered by Google LLC. Thus, we are able to show you interactive maps directly on the website and allow you to conveniently use the map feature. The legal basis of using Google Maps is article 6, section 1, clause f) GDPR.
6.2 By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in section III. 1. of this statement will be transmitted. This happens irrespective of whether you have a Google user account, to which you are logged in, or not. When you are logged into Google, your data will be allocated directly to your account. If you do not wish to be associated with your Google profile, you have to log out before activating the button. Google stores your data in usage profiles and uses them for purposes of advertising, market research and/or tailor-made design of its website. Such analysis will be carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users about your activities on our website. You have the right to object to the formation of such user profiles. To exercise this right, you have to contact Google.
6.3 For further information on the purpose and scope of Google’s data collection and data processing, please refer to the supplier’s privacy policy. You will also find more information about your rights in this regard and privacy settings at: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has submitted to the EU-US Privacy Shield
www.privacyshield.gov/EU-US-Framework.
Opt-Out: https://adssettings.google.com/authenticated
7. Use of our online shop
7.1 If you want to order from our online shop, it is necessary for the conclusion of the contract that you enter the personal data required to process your order. Compulsory data required to process the order are marked specifically; other data are optional. The legal basis of processing such personal data is article 6, section 1, sentence 1, clause b) GDPR.
7.2 Optionally, you can set up a customer account, which we use to store your data for other future purchases. When you create an account after clicking “Register”, the data you enter will be stored. Such storage may be revoked. The legal basis of processing such personal data is article 6, section 1, sentence 1, clause b) GDPR.
7.3 Your address, payment, and order data will be stored for ten years after the contract was processed subject to obligations to retain data under tax or commercial law and deleted afterwards, unless you agreed to storage exceeding such time or further data processing is required to assert, exercise, or defend legal claims. The legal basis for the processing of personal data to the purpose of complying with the archiving and retention obligations provided by law is article 6, section 1, sentence 1, clause c) GDPR.
7.4 We will process the data you entered in order to handle your order. For this purpose, we possibly forward your data to our main bank as well as to logistics companies and the provider of payment services you chose. We are entitled to forwarding such personal data pursuant to article 6, section 1, sentence 1, clause b) GDPR. Our service providers may process and use your data only for the purpose, the fulfilment of which the data were forwarded to them for. You can access the data at any time. As far as data are passed onto external service providers, we make sure that the data privacy regulations are complied with through technical and organizational measures.
7.5 You are not obligated to provide the above given personal data. The data given are required to conclude a contract. Without providing the data, communication, conclusion of a contract, or processing of the contract may be impossible.
8. Newsletter
8.1 By giving your consent, you may subscribe to our newsletter to inform you about our latest interesting offers. The advertised goods and services will be specified in the declaration of consent.
8.2 The registration for our newsletter follows the so-called double-opt-in procedure. That means, after the registration, we will send you an e-mail to the given e-mail address, asking you to confirm your subscription to the newsletter. If we do not receive the confirmation within 24 hours, we will block your information and delete it after one month. Furthermore, we store the IP addresses you used, the time of registration, and the time of the confirmation. The purpose of this procedure is to prove your registration and, if necessary, to be able to resolve the possible misuse of your personal data. The legal basis is article 6, sections 1 a) and c), article 7, section 1 GDPR.
8.3 The only compulsory indication we need for the delivery of the newsletter is your e-mail address. Other, separately marked data are optional and used to be able to address you personally. After your confirmation, we store your e-mail address with the purpose of sending you the newsletter. The legal basis is article 6, section 1, clause a) GDPR. The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. Accordingly, the e-mail address of the user will be stored as long as the subscription to the newsletter is active.
8.4 You can revoke your consent to the delivery of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking the link provided in each newsletter e-mail or by sending a message to the contact details stated in the imprint.
8.5 The newsletter will be delivered by the newsletter service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. For the data privacy policy of the service provider, please refer to: www.cleverreach.com/de/datenschutz/. The newsletter service provider is assigned on the basis of our legitimate interests pursuant to article 6, section 1, clause f GDPR and a commissioned data processing agreement pursuant to article 28, section 3, sentence 1, clause 1 GDPR.
The newsletter service provider may use the recipients’ data in pseudonymous form, i.e. without assignment to users, to optimize or improve its own services, e.g. for technical optimization of the delivery and representation of newsletters, or for statistical purposes. The newsletter service provider, however, shall not use the data of our newsletter recipients to contact them or forward the data to third parties.
9. Use of Google Analytics
9.1 On our website, we use Google Analytics, a web analytics service provided by Google Inc. (”Google“). Google Analytics uses so-called “cookies”, text files saved on your computer and allowing for the analysis of your website usage. The information generated by the cookie about your usage of the website will be transmitted to and stored by Google on servers in the United States. If the IP anonymizer is active on this website, your IP address will shortened beforehand by Google in the member states of the European Union and in other contracting states of the EEA Agreement. Only in exceptional cases will the full IP address be transferred to Google servers in the USA and shortened there. By order of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
9.2 Within the scope of Google Analytics, Google will not associate your IP address submitted by your browser with any other data held by Google.
9.3 You may prevent the storage of cookies by selecting the appropriate settings in your browser software, however, please note that, when you do this you may not be able to use the full functionality of this website. You can furthermore prevent the collection of the data generated by cookies and related to your website usage (including your IP address) and them being sent to and processed by Google by downloading and installing the following browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=de.
Sie können die Erfassung durch Google Analytics verhindern, indem Sie auf folgenden Link klicken. Es wird ein Opt-Out-Cookie gesetzt, das die zukünftige Erfassung Ihrer Daten beim Besuch dieser Website verhindert: Google Analytics deaktivieren
9.4 This website uses Google Analytics with the extension “_anonymizeIp()”.As a result, IP addresses will be further processed in shortened form, thus excluding reference to persons. If the data collected about you have a personal reference, this will be excluded promptly and the personal data deleted immediately.
9.5 5 We use Google Analytics to analyze the usage of our website and be able to improve it on a regular basis. We can improve our offer and make it more interesting for users by means of the obtained statistics. Regarding the exceptional cases, in which personal data are transmitted to the USA, Google has submitted to the EU-US Privacy Shield EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis of using Google Analytics is article 6, section 1, clause f) GDPR.
9.6 For information on the third-party provider, please refer to: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, terms of use: www.google.com/analytics/terms/de.html, data privacy: www.google.com/intl/de/analytics/learn/privacy.html and the data privacy policy: www.google.de/intl/de/policies/privacy.
9.7 The website uses Google Analytics furthermore to carry out cross-device analysis of visitor traffic via the user ID. You can disable the cross-device analysis of your usage in your customer account in “My data”, “Personal data”.
10. Online conferences, meetings, and webinars
10.1 We use platforms and applications of other providers (hereinafter referred to as “third-party providers”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we comply with the legal requirements.
In this context, data of the communication participants are processed and stored on the servers of third-party providers, as far as they are part of communication processes with us. Such data may include, in particular, registration and contact data, visual and vocal contributions, as well as entries in chats and shared screen content.
We provided the use of the third-party providers has been agreed in this context. Otherwise, the user data will be collected on the basis of our legitimate interests. In this context, please refer additionally to the information on the use of cookies in this privacy policy.
- Purposes of the processing: Contractual and other services, contact requests and communication, office and organizational procedures
- Legal foundation: Consent (art. 6 sec. 1 clause 1 (a) GDPR), performance of the contract and precontractual requests (art. 6 sec. 1 clause 1 (b) GDPR), legitimate interests (art. 6 sec. 1 clause 1 (f) GDPR)
Services and service providers used:
- Cisco WebEx: Konferenz-Software; Dienstanbieter: Webex Communications Deutschland GmbH, Hansaallee 249, c/o Cisco Systems GmbH, 40549 Düsseldorf, Mutterunternehmen: Cisco Systems, Inc. 170 West Tasman Dr., San Jose, CA 95134, USA; Website: https://www.webex.com/de; Datenschutzerklärung: https://www.cisco.com/c/de_de/about/legal/privacy-full.html (Gewährleistung Datenschutzniveau bei Verarbeitung von Daten in den USA): info@vita34.de
VI. Your rights
1. . Pursuant to article 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of recipients to whom we disclose or disclosed your data, the planned storage time, the existence of the right to rectification, deletion or restriction of the processing or to objection, the existence of the right to claim, the origin of the data, if they were not collected by us, as well as on the existence of automated decision-making including profiling and, if necessary, significant information on the relevant details.
2. Pursuant to article 16 GDPR, you have the right to request the prompt correction of incorrect personal data or completion of incomplete personal data that are stored by us. Pursuant to article 17 GDPR, you have the right to request deletion of your stored personal data, unless the processing is required to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
3. Pursuant to article 18 GDPR, you have the right to restrict the processing of your personal data, if you contest the accuracy of the data, processing is unlawful, but you oppose the erasure of the data and we do no longer need the data, but you require them to assert, exercise or defend legal claims or you have objected to processing pursuant to article 21 GDPR.
4. Pursuant to article 20 GDPR, you have the right to receive your personal data that you provided to us in a structured, commonly used and machine-readable format or to request the transmission of the data to another controller.
5. Pursuant to article 7, section 3 GDPR, you have the right to withdraw your once given consent at any time. The consequence will be that we are not permitted to continue the data processing based on this consent as before.
6. Furthermore, pursuant to article 77 GDPR, you have the right to lodge a complaint concerning the processing of your personal data by us with a supervisory authority, e.g. with the competent Saxon data protection officer: Sächsischer Datenschutzbeauftragter, Bernhard-von-Lindenau-Platz 1, D-01067 Dresden, telephone: +49 (0)351 / 49 3-5401, e-mail: saechsdsb@slt.sachsen.de.
VII. Timeliness and amendment of this data privacy statement
1. This data privacy statement is up to date and was amended last in April 2020.
2. The further development of our website and offers or owing to changes of statutory provisions or official requirements may result in amendments of this data privacy statement. You can retrieve and print the respectively up-to-date data privacy statement at any time on our website at www.vita34.de/datenschutz.