Last modified: 09/08/2016
Kneipp Corporation of America, Inc. ("Company" or "We") respect your privacy and are committed to protecting it through our compliance with this policy.
This policy describes the types of information we may collect from you or that you may provide when you visit the website kneipp.com (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
• On this Website.
• In email, text, and other electronic messages between you and this Website.
• When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this Website or policy.
It does not apply to information collected by:
• us offline or through any other means, including on any other website operated by Company or any third party [(including our affiliates and subsidiaries)]; or
• any third party [(including our affiliates and subsidiaries)], including through any application or content (including advertising) that may link to or be accessible from [or on] the Website]
Children Under the Age of 13
Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Website, including information:
• by which you may be personally identified, such as name, postal address, e-mail address, password, communications preferences, telephone number, and any other identifier by which you may be contacted online or offline ("Personal Information");
• that is about you but individually does not identify you, such as age, gender, zip code, state of residence, or other geolocation data or interests, your Internet Protocol (IP) address, cookies; and/or
• about your internet connection, the equipment you use to access our Website and usage details.
We collect this information:
• Directly from you when you provide it to us.
• Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
• From third parties, for example, our business partners.
Information You Provide to Us. The information we collect on or through our Website may include:
• Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, signing up for email, joining our loyalty program, purchasing a product on the Website, posting material, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.
• Records and copies of your correspondence (including email addresses), if you contact us.
• Your responses to surveys that we might ask you to complete for research purposes.
• Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website.
• Your search queries on the Website.
You also may provide information to be published or displayed (hereinafter, "posted") on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Information We Collect Through Automatic Data Collection Technologies. As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
• Details of your visits to our Website, including [traffic data,] [location data,] [logs,] and other communication data and the resources that you access and use on the Website.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Refer to your web browsers policy settings for information on how you can opt out of behavioral tracking on this website and other mechanisms that enable consumers to exercise choice about behavioral tracking.
The information we collect automatically is statistical data and may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Website according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Website.
The technologies we use for this automatic data collection may include:
• Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
• Web Beacons. Pages of our Website [and our e-mails] may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages [or opened an email] and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us.
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
• To present our Website and its contents to you.
• To provide you with information, products, or services that you request from us.
• To fulfill any other purpose for which you provide it.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Website or any products or services we offer or provide though it.
• To allow you to participate in interactive features on our Website.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.
We may also use your information to contact you about our own and third-parties' goods and services that may be of interest to you. If you do not want us to use your information in this way, please adjust your user preferences in your account profile. For more information, see Choices About How We Use and Disclose Your Information.
We may use the information we have collected from you to enable us to display advertisements to our advertisers' target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.]
Disclosure of Your Information
We may disclose aggregated information about our users [, and information that does not identify any individual,] without restriction.
• To our subsidiaries and affiliates.
• To contractors, service providers, and other third parties we use to support our business [ and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them].
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Kneipp Corporation of America, Inc.'s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Kneipp Corporation of America, Inc. about our Website users is among the assets transferred.
• To fulfill the purpose for which you provide it. For example, if you give us an email address to use the "email a friend" feature of our Website, we will transmit the contents of that email and your email address to the recipients.
• For any other purpose disclosed by us when you provide the information.
• With your consent.
We may also disclose your personal information:
• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Kneipp Corporation of America, Inc., our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
• Promotional Offers from the Company. If you do not wish to have your contact information used by the Company to promote our own or third parties' products or services, you can opt-out by logging into the Website and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes or by sending us an email stating your request to email@example.com. It may take up to six weeks to be removed from our mailing lists.
You have the option to rate and review our products. This is done in a separate form, on which you will be asked to provide further personal data. In order to guarantee your anonymity, it is sufficient to provide a "nickname", i.e. you do not have to provide any clear names. However, if you do, your rating will be published with your given name. Your e-mail address will not be published.
Your product evaluation will also be passed on to trade partners who will also verify and evaluate this evaluation and possibly publish it on their websites. These are in the United States among others:
We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.
Your California Privacy Rights
California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org or write us at: 54 W 21st St Ste 407 NY,NY 10010.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
By Mail: Kneipp Corporation of America, Inc.
54 W 21st ST Suite 407 NY, NY 10010
By Email: email@example.com
or via our toll-free number: 1-855-KNEIPPWORKS
1. contact details responsible person and contact details data protection
Winterhäuser Str. 85
Contact data Privacy:
Winterhäuser Str. 85
2 What data is processed and for what purpose?
2.1 Use of the website
2.1.1 Access data
We collect information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and register data about your computer or mobile device. We collect, store and use data about each access to our online offer (so-called server log files). The access data includes:
- Name and URL of the file accessed
- date and time of the retrieval
- amount of data transferred
- message about successful retrieval (HTTP response code)
- browser type and browser version
- Referrer URL (i.e. the previously visited page)
- IP address
We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of operating, securing and optimizing our online offering, but also to anonymously record the number of visitors to our website (traffic), as well as the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. This information serves our legitimate interest in providing personalized and location-based content and analyzing traffic, troubleshooting and improving our services. The legal basis is therefore Art. 6 para. 1 p. 1 lit. f DS-GVO.
When you visit our website for the first time, the so-called cookie banner appears. You have the choice of either accepting all cookies or clicking on "Save" under "Setting" in order to select, for example, only technically necessary cookies.
To change the consent from the cookie declaration, please delete the saved cookies in your browser and reopen the Kneipp website so that the cookie banner appears again and you can make a new selection.
Information about the respective cookies, such as storage duration, provider, collected data, etc., can be found in the cookie banner. To do so, simply click on "Settings" and then on the question mark to the right of the respective cookie category.
The use of technically necessary cookies has its legal basis in Art. 6 para. 1 p. 1 lit. f DS-GVO. For all other cookies, the legal basis is the consent according to Art. 6 para. 1 p. 1 lit. a DS-GVO, which you give with the corresponding settings of the cookie banner.
2.2 Integration of third-party services and content
2.2.1 Social media
We use content or service offers from third-party providers within our online offer. This is done on the basis of our legitimate interests (interest in the analysis, optimization and economic operation of our online offer within the meaning of Art.6 para.1 lit.f DS-GVO) or on the basis of your consent pursuant to Art.6 para.1 lit.a DS-GVO. This means that we integrate content and services from third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content"). The prerequisite for this is that the third-party providers perceive your IP address, as without the IP address they would not be able to send the content to your browser. The IP address is thus required for the display of content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to analyze information such as visitor traffic on the website. The pseudonymous information may also be stored in cookies on your device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.
In the following presentation, we have compiled an overview of third-party providers together with their offered content as well as links to their data protection declarations, which may contain further information on the processing of data as well as information on how to object.
Provider: (Youtube) Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
We have integrated components of YouTube within our online offers. YouTube allows the free posting of video clips and their free viewing, rating and commenting. By calling up one of the individual pages of our online offers on which YouTube content has been integrated, a connection to YouTube is established in order to download the necessary elements for displaying the corresponding video. In the process, YouTube or the operating company Google receives information about which sub-page within our online offers has been called up by the respective user. In addition, further information, such as the IP address, the browser used, the operating system and technical device information, date and duration of the visit are forwarded. If the user is logged into YouTube with the same device at the same time as visiting our online offers, YouTube recognizes the user when a single page containing a YouTube video is called up. This takes place regardless of whether the data subject clicks on a YouTube video or not. This information can be collected by YouTube or Google and assigned to the profile of the respective user, unless the elements have been integrated in "Privacy Mode".
Provider: (Vimeo) Vimeo Inc, 555 West 18th Street, New York, NY 10011, USA.
We have integrated components of Vimeo within our online offer. When you call up such components, a connection is established to the Vimeo servers and the content is displayed. This transmits to the Vimeo server which of our Internet pages you have visited. If you are logged in to Vimeo at the same time, Vimeo assigns this information to your personal user account. When you click on the start button of a video, for example, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
Provider: (Instagram) Meta Platform Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.
Provider: (Meta Pixel) Meta Platform Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.
With the help of the meta pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the meta pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the meta pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. Furthermore, with the help of the meta pixel, we can track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion measurement").
2.2.2 Social media plug-ins
- Facebook https://de-de.facebook.com/policy.php
- Instagram https://help.instagram.com/519522125107875
- Youtube https://policies.google.com/privacy?hl=de
2.2.3 Google Analytics
In order to continuously improve our site and design it to meet your needs, we use Google Analytics, a web analytics service provided by Google, Inc ("Google").
Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about the use of this website by site visitors is usually transmitted to a Google server in the USA and stored there.
In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
You can also prevent the transfer of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.
As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again): Google Analytics Disable.
Optimizing our web offer through the collected data is in our legitimate interest and is therefore lawful according to Art. 6 para. 1 p. 1 lit. f DS-GVO.
2.2.4 Google Ads/Remarketing
We use Google Ads, an online advertising platform from Google. Through the remarketing function, we have the option of displaying interest-based advertisements to our website users on other websites within the Google display network (either on Google itself, so-called "Google Ads" or on other websites). When you click on such an advertisement, a cookie is placed on your terminal device. This does not contain any personal data and loses its validity after 30 days.
If you do not want this, you can deactivate the interest-related Google advertisements in your browser at http://www.google.de/settings/ads.
The collection of data for advertising purposes is a legitimate interest on our part and has its legal basis in Art. 6 para. 1 p. 1 lit. f DS-GVO.
2.2.5 Google reCAPTCHA
https://policies.google.com/privacy?hl=de and https://www.google.com/recaptcha/intro/android.html.
2.2.6 Microsoft Advertising
We use Microsoft Advertising on our website, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). By clicking on an advertisement placed by Microsoft, a cookie for conversion tracking is set on your terminal device.
With the help of conversion tracking, we can find out whether a previously defined action has taken place after clicking on the ad, e.g. purchase of one of our products in our online store.
We thereby obtain non-personal data (time spent on the website, areas of the website accessed, ad from which the user accessed the website). Information about your identity is not collected. The cookie itself has limited validity and is also not used for personal identification.
The collected data may be transferred to the USA.
The collection of data for advertising purposes is a legitimate interest on our part and has its legal basis in Art. 6 (1) p. 1 lit. f DS-GVO.
You can find more information about Microsoft Advertising at: https://privacy.microsoft.com/de-de/privacystatement
2.2.7 AB Tasty
More information on data processing by AB Tasty, as well as instructions on how to deactivate tracking, can be found at: https://www.abtasty.com/de/nutzungsbedingungen/.
2.2.8 Google Maps
We use Google Maps, a mapping service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service is intended to make it easier for you to plan your route to our stores and is therefore provided on the basis of Art. 6 para. 1 p. 1 lit. f. DS-GVO, as we have a legitimate interest in making our stores as easy to reach as possible.
2.2.9 Google Web Fonts
https://developers.google.com/fonts/faq and https://policies.google.com/privacy?hl=de.
2.3 Orders/ Conclusion of contract
2.3.1 Orders in the online store, by phone or fax
For an order, we need your master data and communication data so that we can process your order. By master data we mean your name, address and date of birth. We need your date of birth to ensure that you are over 18 years old and to distinguish between duplicate names. Communication data is your e-mail address and, if specified, your telephone number. In this context, your telephone number will only be used for customer service queries during contract processing and not for marketing purposes. We also use your e-mail address to give you the opportunity to submit a product review (you can unsubscribe at any time). The submission of a product review is voluntary. The processing is based on Art. 6 para. 1 p. 1 lit. b DS-GVO (fulfillment of a contract). In the case of an order in the online store, the collection of your e-mail address is required by law in order to be able to send you an electronic confirmation of receipt and is therefore necessary pursuant to Art. 6 para. 1 p. 1 lit. c DS-GVO.
2.3.2 Customer account
For a more convenient shopping experience in our online store, you can register on our website by entering your personal data and create a customer account. This way, you do not have to re-enter your data every time you place an order.
For the new registration, we collect master data (e.g. name, address), communication data (e.g. e-mail address), and access data (user name and password).
To ensure your proper registration and to prevent unauthorized logins by third parties, you will receive an activation link by e-mail after your registration to activate your account. Only after registration is complete do we permanently store the data you provide in our system. For the administration and processing of your data, we use the system of a third party service provider. Agreements have been made with this third party regarding technical and organizational measures to protect your personal data.
You can have a once created customer account deleted by us at any time. We will then delete your stored personal data, unless we still need to store them for the processing of orders or due to legal storage obligations. The legal basis is Art. 6 para. 1 p. 1 lit. a and lit. b DS-GVO.
If you make your payment via Sofortüberweisung (Klarna), PayPal or credit card, we may work with the payment service provider Adyen N.V. (hereinafter "Adyen"), Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, the Netherlands. Adyen is a full payment service provider that, among other things, handles payment processing.
The data required for the respective payment method is transmitted to Adyen, unless this data is collected directly by the respective payment service (e.g. PayPal) itself.
The purpose of the transmission is identity verification, payment administration, credit assessment and fraud prevention. To the extent necessary for the fulfillment of contractual obligations, Adyen also discloses the personal data to service providers or subcontractors. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b and f DS-GVO. For more information on how Adyen handles your data, please visit: https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/privacy-policy
If you use PayPal for payment, we will forward the contract data directly or indirectly via Adyen to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The legal basis for this is Art. 6 para. 1 p. 1 lit. b DS-GVO.
2.4.2 Credit card payment
We do not collect payment data as part of the online ordering process. Your data such as name and e-mail address will be forwarded to the appropriate credit institution depending on the payment method. This is done on the basis of Art. 6 para. 1 p. 1 lit. b DS-GVO.
2.4.4 Purchase on account
If you decide to pay on account, we will send you an invoice, which you will then settle. We do not collect any data in the process. However, we regularly check your creditworthiness when concluding contracts and in certain cases where there is a legitimate interest, also for existing customers. For this purpose, we cooperate with Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss ("Creditreform"), from which we receive the data required for this purpose. For this purpose, we transmit your name and contact details to Creditreform. The information pursuant to Art. 14 DS-GVO on the data processing taking place at Creditreform can be found here: www.boniversum.de/EU-DSGVO
2.5 Data processing for advertising purposes
2.5.1 Email marketing/ Newsletter
You can register for the newsletter via various actions. We will then send you an activation e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail (double opt-in procedure). We will process your data for this purpose until you object. For this purpose, you can send us an informal message or click on the unsubscribe link in each newsletter. The lawfulness of the data processing results from Art. 6 para. 1 p. 1 lit. a DS-GVO.
2.5.2 Postal mailings
We use your data to send you attractive offers by mail. In doing so, we process your first name, last name, postal address and year of birth. In addition, we store further data, e.g. your last purchases, in order to send you advertising that is geared to your actual or perceived needs. The lawfulness of the data processing results from Art. 6 para. 1 p. 1 lit. f DS-GVO.
If you participate in a sweepstakes offered by Kneipp, we may collect, store and process your name, address, email address and telephone number in order to conduct the sweepstakes. This also includes communication for any prize notifications.
After the competition has been completed and all prizes have been sent out, we will delete your data within three months.
The lawfulness of the data processing results from Art. 6 para. 1 p. 1 lit. b DS-GVO.
2.5.4 Customer relationship management (CRM) system
2.6 Data processing within the Kneipp® family.
We store the mandatory information provided by you during registration (e.g. name, address, date of birth) for the purpose of administering your membership, corresponding with you in this regard and for the purpose of granting benefits (e.g. bonus programs). Mandatory registration data are marked accordingly (*). In addition, you also have the option of voluntarily entering your e-mail address. For the administration of your online customer account and for the purpose of the bonus program, the entry of an e-mail address is necessary or, in the case of online registrations, obligatory.
The customer number on the card is assigned to your customer account and stores your purchases made online and in the stores (using the card). This serves to improve our offer for you.
The legal basis for the processing of your data is the implementation of the Kneipp® Family contract and the pursuit of our legitimate interests (Art. 6 para. 1 p. 1 lit. b and lit. f DS-GVO). With your signature under the registration form, or by checking the box for online registration, you consent to the processing of your data. Our legitimate interest is to provide our customers with attractive offers within the framework of a customer program.
With the analog application form, you can additionally revocably consent to the use of the data for the Kneipp® newsletter and further information about products, competitions, etc.. This consent is voluntary and forms the legal basis according to Art. 6 para. 1 p. 1 lit. a DS-GVO for the data processing within the scope of the newsletter (see also 3.4.1). You can also become a member of the Kneipp® family without this consent.
We store your data as long as it is legally required and permitted. In the event of revocation on your part or if storage is no longer necessary to fulfill the purpose pursued with the storage or is inadmissible for legal reasons, your data will be deleted. You also do not have the possibility to change the data stored in your customer account yourself. If your card is not activated and the customer status "Member of the Kneipp® Family" is subsequently blocked, we will delete the data required to apply for membership of the Kneipp® Family. The data collected for other purposes (e.g. newsletter) will not be deleted in the process.
In principle, we only use your personal data within our company. If and to the extent that we involve third parties in the performance of contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
We outsource certain parts of data processing to our commissioned data processors and contractually oblige them to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
2.7 Data processing in the context of the Kneipp® VIP Author Community
We store the mandatory information provided by you when applying to become a Kneipp® VIP author (e.g. name, e-mail, date of birth) for the purpose of administering your membership, corresponding with you in this regard and for the purpose of granting benefits. Mandatory registration information is marked accordingly (*). In addition, you have the option to voluntarily provide your username of your various social media accounts, if any. The legal basis for this is both Art. 6 para. 1 p. 1 lit. b DS-GVO and Art. 6 para. 1 p. 1 lit. c DS-GVO. The data will be stored for subsequent participation for up to 5 years and then deleted to the extent permitted by law.
If you have given your consent to be contacted (also for advertising purposes), this is based on Art. 6 (1) p. 1 lit. a DS-GVO. You can revoke this consent at any time.
2.8 Customer interactions
2.8.1 E-mail contact
If you contact us (e.g., via contact form or e-mail), we store your information to process the request and in the event that follow-up questions arise. We only store and use further personal data if you consent to this or if this is legally permissible without special consent. The legal basis is therefore on the one hand your consent (Art. 6 para. 1 p. 1 lit. a DS-GVO) and our legitimate interest in establishing customer contact with you in accordance with Art. 6 para. 1 p. 1 lit. f DS-GVO. As soon as your request has been dealt with from our point of view, we will delete your data.
2.8.2 Contact form
In the case of inquiries via contact form, the data you provide from the application form will be stored by us for the purpose of processing the inquiry and any follow-up questions. The data will not be passed on without your consent. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. a DS-GVO. You can revoke this consent at any time. We only store the data until the purpose for storing the data no longer applies (e.g. after processing your request has been completed), until you request us to delete it, or until you revoke your consent to store it.
For the latter two purposes, we use Salesforce (see section 2.5.4)
2.8.3 Product ratings
You have the opportunity to rate our products. This is done using a separate form on which you are asked to provide additional personal data. To ensure your anonymity, it is sufficient to provide a "nickname", i.e. you do not have to provide a clear name. However, if you do, your rating will also be published with your given name. Your e-mail address will not be published.
Your product rating will also be passed on to trading partners who will also verify and evaluate this rating as well as possibly also publish it on their websites. These are in Germany among others:
The legal basis for data processing is based on Art. 6 para. 1 p. 1 lit. a, lit. b and lit. f DS-GVO. Our legitimate interest is to create a more attractive offer for users through customer opinion other users. If you voluntarily provide information about your health in your product review (e.g. skin diseases), this is health data, the processing of which you expressly consent to by voluntarily providing and sending the review in accordance with Art. 9 para. 2 lit. a DS-GVO.
For product ratings, we work together with our commissioned data processor Bazaarvoice Inc, 10901 Stonelake Blvd, on whose servers the submitted product ratings are stored. For more information, you can read Bazaarvoice's privacy notice at the following link: https://www.bazaarvoice.com/de/legal/datenschutzrichtlinie/
2.8.4 User-generated content (UGC)
If you send us digital image material (photos, videos, images), you consent to its use in accordance with the respective purpose described. The purpose of the processing is defined with the respective action description, possibly concretized by participation conditions. You submit the image material with the intention of publishing it.
You are aware that by posting the material and processing it by us in the anniversary film, you have made your material public and from then on your consent to use it can be waived, according to Art. 9 para. 2 lit. e DS-GVO.
2.9 Booking of applications
For our application area in the Outlet Rottendorf, you can book various treatments online via a form. In doing so, we request your data (first name, last name, e-mail and address data). This data is used exclusively for the purpose of processing the booked treatment and the resulting contractual relationship in accordance with Art. 6 para. 1 p. 1 lit. b DS-GVO and deleted 6 months after completion of the application. For the technical provision of the booking portal, we use a service provider who processes the data on our behalf.
If you apply online for a Kneipp job, you will be taken to the Kneipp Career website of our parent company Paul Hartmann AG. You can create a user account here and apply for one or more of the listed positions. Please note the information on data protection provided there.
Applications submitted outside our applicant management system will not be considered and will be destroyed in accordance with data protection regulations.
2.11 Purposes for the fulfillment of legal requirements (Art. 6 para. 1 lit. c DS-GVO) or in the public interest (Art. 6 para. 1 lit. e DS-GVO).
Like anyone who participates in economic activity, we are subject to a variety of legal obligations. Primarily, these are legal requirements (e.g. Works Constitution Act, Social Code, commercial and tax laws, tax code), but also, where applicable, supervisory or other official requirements (e.g. employers' liability insurance association). The purposes of processing may include identity and age verification, fraud and money laundering prevention (e.g. matching with European and international anti-terror lists), company health management and ensuring occupational safety. In addition, the disclosure of personal data may become necessary in the context of official/court measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil claims.
3. the personal data we process and their origin
Insofar as it is necessary for the decision on the establishment of a contractual relationship with you, we process personal data received directly from you in addition to any personal data lawfully received from third parties (cf. Art. 14 DS-GVO).
In particular, we process the following categories of data:
- Inventory data (e.g. title, first name, last name, title, residential address, country, company address, date of birth if applicable, full legal capacity, industry);
- Contact data (e.g. e-mail address, telephone number, landline/mobile phone, fax number);
- Content data (e.g. text entries contact form, photographs, videos);
- Contract data (e.g. subject matter of the contract, invoice amount, term, customer category, user name) in particular for the fulfillment of our contractual obligations and services pursuant to Art. 6 (1) lit. b DS-GVO, for the implementation of marketing measures based on our legitimate interests pursuant to Art. 6 (1) lit. f DS-GVO as well as based on your consent pursuant to Art. 6 (1) lit. a DS-GVO (e.g. in the context of customer satisfaction surveys);
- Payment data (e.g. bank details, account data, credit card data, payment history);
- Health data (e.g. severely disabled status, general physical condition, diagnosis).
4. your rights as a person affected by data processing
For the exercise of your rights, we would like to point out that, for example, in the case of an advertising objection, you may still receive mail from us 2 - 6 weeks after the advertising objection. This is due to technical and organizational reasons.
If you exercise your right to object to advertising, we will store this objection under your customer number. If you have been completely deleted due to inactivity in accordance with the deletion periods, we also no longer store any information about the fact that you have issued an advertising objection. If you then order again, you must declare the objection again.
4.1 Right of objection (Art. 21 DSGVO)
If the data processing is carried out on the basis of Art. 6 (1) p. 1 lit. e or f DS-GVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. This also applies to profiling that takes place on the basis of the same legal basis.
If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) DSGVO).
If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Article 21 (2) DSGVO).
If you wish to object to the collection, processing or use of your data by us, in accordance with these data protection provisions as a whole or for individual measures in accordance with Art. 21 DSGVO, you can address your objection to the controller. There must be reasons for the objection that arise from the particular situation of the data subject.
4.2 Right of withdrawal
Consent to data processing can be revoked without giving reasons. For this purpose, an e-mail to datenschutz[at]kneipp.de is sufficient.
4.3 Other rights
In addition to the aforementioned rights of revocation and objection, you also have the following rights:
- Right to information against the controller with regard to personal data (Art. 15 DS-GVO).
- Right to rectification (Art. 16 DS-GVO)
- Right to erasure (Art. 17 DS-GVO)
- Right to restriction of processing (Art. 18 DS-GVO)
- Right to data portability (Art. 20 DS-GVO)
- Right to lodge a complaint with a supervisory authority (Art. 77 DS-GVO)
If you wish to exercise your rights, please send your request by e-mail or by post, clearly identifying yourself (name and address), to the address mentioned in point 1.
5. data security
We make maximum efforts to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data will be transmitted encrypted for your orders and also for the customer login. For this purpose, we use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
To protect your data, we maintain technical and organizational security measures in accordance with Art. 32 DSGVO, which we constantly adapt to the state of the art.
We also do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
6. recipients or categories of recipients of your personal data
As a matter of principle, we only process your personal data internally. As a 100% subsidiary of PAUL HARTMANN AG, we also use the systems or contractual partners of PAUL HARTMANN AG for processing. Within our company, those internal departments or organizational units receive your personal data insofar as they require it to fulfill the purpose and within the scope of processing. Internal data recipients are obliged in each case to use your personal data only to the aforementioned extent.
If we transfer your personal data to other persons and companies (third parties) or grant them other access to the personal data, this will only be done on the basis of legal permission. Insofar as we commission third parties with the processing of personal data on the basis of a so-called "order processing agreement" and thereby secure for ourselves, among other things, the necessary powers of influence or control with regard to the processing and use of personal data, this is done on the basis of Article 28 DS-GVO. However, we remain responsible to you for the lawfulness of the data processing.
7 Processing of your personal data in a third country.
A transfer of data to bodies in states outside the European Economic Area EU/EEA (so-called third countries) occurs in particular if it is necessary for the decision on the establishment of a contractual relationship.
In this context, the processing of your personal data in a third country may also take place in connection with the involvement of service providers as part of commissioned processing. If there is no EU Commission decision on an adequate level of data protection for the country in question, we will ensure - in accordance with Article 13 (1) (f) of the GDPR - that your rights and freedoms are protected in the case of transfers pursuant to Articles 46, 47 or 49 (1) (2) of the GDPR by means of suitable and adequate safeguards. Information on the appropriate or adequate safeguards and how and where to obtain a copy of them is available upon request at the Data Protection Department.
8. reservation of right to change