Privacy Policy

We appreciate your interest in our company and would like you to feel safe when visiting our website and using our online shop with regards to the protection of your personal data. Gaia Sustainable Concept UG (limited liability) takes the protection of your personal data very seriously. Personal data are all data that can be personally related to you, e.g. name, address, e-mail address, user behaviour. When you visit our website, personal data is collected and processed in accordance with the applicable data protection regulations.

We process your personal data only for the purposes stated in this data protection declaration. Your personal data will not be transferred to third parties for purposes other than those mentioned. We will only pass on your personal data to third parties if:

You have given your express consent to do so,

The processing is necessary for the execution of a contract with you,

The processing is necessary for the fulfilment of a legal obligation,

The processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

If a data transfer to third countries outside the European Union takes place, it is carried out on the basis of contractual provisions laid down by law which are intended to ensure adequate protection of your data and which you can consult on request.

The person responsible for processing your data on the website www.gaiastore.de (hereinafter: “website”) within the meaning of the basic data protection regulation (DSGVO) is Gaia Sustainable Concept UG (limited liability), Offakamp 9a, 22529, Hamburg, Germany.

With this data protection declaration, we would like to inform you about which data we collect during your visit to our website and how this data is used.

This online offer is not intended for children under 16 years of age.

 

  1. Data processing when visiting our website

 

If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only process the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security:

IP address

Date and time of the request

Time zone difference to Greenwich Mean Time (GMT)

Content of the request (concrete page)

Access status/HTTP status code

Amount of data transmitted in each case

Referral website

Browser

Operating system and its interface

Language and version of the browser software

Processing is carried out in accordance with Art. 6 Para. 1 letter F (DSGVO) on the basis of our justified interest in improving the stability and functionality of our website.

 

  1. Data processing within the scope of contact

 

Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the form in question. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 letter F (DSGVO). If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after the final processing of your enquiry. This is the case if it can be concluded from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal obligations to retain data.

 

  1. Use of social plug-ins

 

Gaia Sustainable Concept UG (limited liability) uses the social media plug-ins of Facebook (“Like-Button”), Pinterest, Google and Twitter. Through the plug-ins Gaia Sustainable Concept UG (limited liabilty) offers you the possibility to interact with social networks and other users. This enables Gaia Sustainable Concept UG (limited liability) to improve the website and make it more relevant to your interests. The legal basis for the use of the plug-ins is Art. 6 para. 1 lit. f DSGVO.

When using the social plug-ins, Gaia Sustainable Concept UG (limited liability) uses the so-called two-click solution: When you access the Gaia Sustainable Concept UG (limited liability) website, no personal data is initially passed on to the providers of the plug-ins. Only if you click on the marked field of the plug-in will the plug-in provider collect your IP address and the information that you are visiting the website of Gaia Sustainable Concept UG (limited liability). In the case of Facebook, the IP address is anonymised immediately after collection, according to the information provided by the respective providers in Germany.

Gaia Sustainable Concept UG (limited liability) has no influence on the data processing procedures of the plug-in providers. Nor do we have any information on the deletion of the collected data by the plug-in provider.

Data is passed on regardless of whether you have an account with the plug-in provider and/or are logged in. If you are logged in with the plug-in provider, the data we collect from you will be directly allocated to your account with the plug-in provider. If you click on the activated button and, for example, link to the page, the plug-in provider will also save this information in your user account and publicly share it with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as you can then avoid being assigned to your profile with the plug-in provider.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers, which are provided below. There you will also find further information on your rights in this regard and setting options for protecting your privacy:

Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US- Framework.

Twitter, Inc, 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework

Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103, USA (“Pinterest”) https://about.pinterest.com/de/privacy-policy

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Further information can be found in the Google Privacy Policy: google.com/intl/en/+/policy/+1button.html

 

  1. Data processing when opening a customer account and for contract processing

 

In accordance with Art. 6 Para. 1 letter b DSGVO, personal data will continue to be collected and processed if you provide us with such data in order to execute a contract or open a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above mentioned address to the person responsible. We store and use the data you provide us with to process the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us, about which we will inform you accordingly below.

 

  1. Data transfer for contract fulfilment

 

Data necessary for the fulfilment of the contract will be passed on to the service providers used, as far as this is necessary for the order processing and the delivery of your goods. The data passed on in this way may only be used by our service providers to fulfil their task. Any other use of the information is not permitted and will not be made by any of the service providers we entrust with this. In order to process payments, the necessary payment data will be passed on to the credit institution commissioned with the payment, the payment service selected by you in the ordering process and, if applicable, to payment service providers commissioned by us. If you create an account yourself, the selected payment service providers may collect some of this data themselves, provided that you log in to the payment service provider with your access data during the ordering process. In these cases, the data protection declaration of the respective payment service provider applies. The legal basis for the transfer of data in section 5 is Art. 6 para. 1 lit. b DSGVO.

In order to fulfil our contractual obligations towards our customers, we work together with external shipping partners. We will pass on your name and delivery address to a shipping partner selected by us exclusively for the purpose of delivering goods in accordance with Art. 6 Para. 1 lit. b DSGVO.

 

  1. PayPal

 

In the event of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we will pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) within the framework of the payment processing. The data will be passed on in accordance with Art. 6 para. 1 lit. b DSGVO and only to the extent necessary for the processing of payments.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal. For this purpose, your payment data may be passed on to credit agencies pursuant to Art. 6 para. 1 lit. f DSGVO on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit assessment with regard to the statistical probability of non-payment to decide on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the creditworthiness information, these are based on a scientifically recognised mathematical-statistical procedure. Among other things, but not exclusively, address data are included in the calculation of the score values. For further information on data protection, including information on the credit agencies used, please refer to PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.

 

  1. Use of data when registering for the e-mail newsletter

 

If you register for our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis. You can unsubscribe from the newsletter at any time, either by sending a message to the contact option described below or by using the unsubscribe link provided in the newsletter. The dispatch of the newsletter and the measurement of success associated with it are based on the consent of the recipients in accordance with Art. 6 Para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 Para. 2 No. 3 UWG or, if consent is not required, on our legitimate interests in direct marketing in accordance with Art. 6 Para. 1 lt. DSGVO in conjunction with § Article 7 paragraph 3 of the UWG. We may store the deleted e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.

 

  1. Use of cookies

 

To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.

In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). Insofar as personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 letter b DSGVO either for the execution of the contract or in accordance with Art. 6 Para. 1 letter f DSGVO to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

Under certain circumstances, we work together with advertising partners who can help us to make our online shop more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (cookies from third parties). If we work with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following paragraphs.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/kb/ph21411?locale=de_DE

Opera: http://help.opera.com/Windows/10.20/de/cookies.html

Please note that the functionality of our website may be limited if cookies are not accepted.

 

  1. Use of Google Analytics for web analysis

 

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website (including the abbreviated IP address) is usually transferred to a Google server in the USA and stored there.

This website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures anonymisation of the IP address by shortening it and excludes any direct personal reference. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 letter f DSGVO on the basis of our justified interest in the statistical analysis of user behaviour for optimisation and marketing purposes.

On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide us with further services related to website and internet use. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin or within browsers on mobile devices, please click on the following link to set an opt-out cookie which will prevent Google Analytics from collecting data within this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you will have to click this link again): Deactivate Google Analytics

Google LLC, based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU.

This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “my data”, then “personal data”.

You can find more information on how Google Analytics handles user data in the Google privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

 

  1. Use of the Facebook pixel

 

Within our online shop, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimisation and economic operation of our online offer in accordance with Art. 6 Para. 1 letter f DSGVO and for these purposes.

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

On the one hand, the Facebook pixel enables Facebook to determine visitors to our online shop as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook Pixel to display the Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online offer or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) which we transmit to Facebook (so-called “custom audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of the users and are not annoying. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook Ad (so-called “conversion”).

The processing of data by Facebook takes place within the framework of Facebook’s Data Use Policy. Accordingly, general information on the display of Facebook Ads, in the Facebook Data Use Policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and its functionality can be found in the Facebook help section: https://www.facebook.com/business/help/651294705016616.

You may object to the collection by the Facebook Pixel and use of your information to display Facebook Ads. To control what types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

You can also opt-out of the use of cookies for audience measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

 

  1. Customer account

 

For each customer who registers accordingly, we set up password-protected direct access account (customer account). Here you can view data on your completed, open and recently dispatched orders and manage your address data, among other things. We undertake to treat the personal access data confidentially and not to make them available to any unauthorised third parties. We cannot accept liability for misused passwords unless we are responsible for the misuse. With the function “stay logged in” we want to make your visit to our website as pleasant as possible. This function enables you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, your personal data is to be changed or you wish to place an order. We recommend that you do not use this function if the computer is used by several users. We would like to point out that the “stay logged in” function is not available if you use a setting that automatically deletes stored cookies after each session.

 

  1. Your rights

 

The applicable data protection law grants you comprehensive data protection rights (rights of information and intervention) vis-à-vis the person responsible for processing your personal data, about which we inform you below. To assert your rights, please use the information in section 15, ensuring that we are able to identify you unambiguously.

You have the following rights vis-à-vis us with regard to the personal data concerning your:

Right to access your information

Right of correction or deletion

Right to restrict processing

Right to object to processing

Right to data transferability

In addition, you have the right to object to data processing by us at any time, insofar as this is based on the legal basis of Art. 6 Para. 1 letter f DSGVO. We will then stop processing your data unless we can prove – in accordance with the legal requirements – that there are compelling reasons for further processing worthy of protection which outweigh your rights.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

 

  1. Questions, suggestions and complaints

 

If you have any questions regarding our information on data protection and the processing of your personal data or if you wish to exercise your rights under Section 14, you can contact the responsible body directly at hallo@gaiastore.de.

 

  1. Rejection of advertising mails

 

We hereby object to the use of our contact data published in the context of this imprint to send advertising and information material not expressly requested by us. The operators of the website expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, e.g. via spam e-mails.

 

  1. Scope of application

 

This privacy policy applies to all pages of www.gaiastore.de that are located on our server. It does not extend to any linked websites of third parties.

 

  1. Security

 

Gaia Sustainable Concept UG (limited liabilty) uses technical and organisational security measures to protect your personal data against misuse, loss, destruction or access by unauthorised persons. Our security measures reflect the latest standard of technology.

 

  1. Duration of the storage of personal data

 

The duration of the storage of personal data is determined by the respective legal retention period (e.g. retention periods under commercial and tax law). After expiry of the period, the corresponding data is routinely deleted if it is no longer required for the fulfilment or initiation of the contract and/or if we have no justified interest in further storage.

 

Status: 14.06.2018