Front of Kneipp building

Privacy Policy

Introduction


Kneipp GmbH. ("Company" or "We") respect your privacy and are committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you visit the website kneipp.com (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

•   On this Website.

•   In email, text, and other electronic messages between you and this Website.

•   When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this Website or policy.

It does not apply to information collected by:

•   us offline or through any other means, including on any other website operated by Company or any third party [(including our affiliates and subsidiaries)]; or

•   any third party [(including our affiliates and subsidiaries)], including through any application or content (including advertising) that may link to or be accessible from [or on] the Website]

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Children Under the Age of 13

Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at info@kneipp.com.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website, including information:

•   by which you may be personally identified, such as name, postal address, e-mail address, password, communications preferences, telephone number, and any other identifier by which you may be contacted online or offline ("Personal Information");

•   that is about you but individually does not identify you, such as age, gender, zip code, state of residence, or other geolocation data or interests, your Internet Protocol (IP) address, cookies; and/or

•   about your internet connection, the equipment you use to access our Website and usage details.

We collect this information:

•   Directly from you when you provide it to us.

•   Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

•   From third parties, for example, our business partners.


Information You Provide to Us. The information we collect on or through our Website may include:

•   Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, signing up for email, joining our loyalty program, purchasing a product on the Website, posting material, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.

•   Records and copies of your correspondence (including email addresses), if you contact us.

•   Your responses to surveys that we might ask you to complete for research purposes.

•   Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website.

•   Your search queries on the Website.



You also may provide information to be published or displayed (hereinafter, "posted") on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies. As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

•   Details of your visits to our Website, including [traffic data,] [location data,] [logs,] and other communication data and the resources that you access and use on the Website.

•   Information about your computer and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Refer to your web browsers policy settings for information on how you can opt out of behavioral tracking on this website and other mechanisms that enable consumers to exercise choice about behavioral tracking.

The information we collect automatically is statistical data and may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:

•   Estimate our audience size and usage patterns.

•   Store information about your preferences, allowing us to customize our Website according to your individual interests.

•   Speed up your searches.

•   Recognize you when you return to our Website.

The technologies we use for this automatic data collection may include:

•   Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.

•   Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.

•   Web Beacons. Pages of our Website [and our e-mails] may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages [or opened an email] and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us.

Third-Party Use of Cookies and Other Tracking Technologies.

Some content or applications, including advertisements, on the Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

•   To present our Website and its contents to you.

•   To provide you with information, products, or services that you request from us.

•   To fulfill any other purpose for which you provide it.

•   To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

•   To notify you about changes to our Website or any products or services we offer or provide though it.

•   To allow you to participate in interactive features on our Website.

•   In any other way we may describe when you provide the information.

•   For any other purpose with your consent.

We may also use your information to contact you about our own and third-parties' goods and services that may be of interest to you. If you do not want us to use your information in this way, please adjust your user preferences in your account profile. For more information, see Choices About How We Use and Disclose Your Information.

We may use the information we have collected from you to enable us to display advertisements to our advertisers' target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.]

Disclosure of Your Information

We may disclose aggregated information about our users [, and information that does not identify any individual,] without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

•   To our subsidiaries and affiliates.

•   To contractors, service providers, and other third parties we use to support our business [ and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them].

•   To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Kneipp GmbH's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Kneipp Corporation of America, Inc. about our Website users is among the assets transferred.

•   To fulfill the purpose for which you provide it. For example, if you give us an email address to use the "email a friend" feature of our Website, we will transmit the contents of that email and your email address to the recipients.

•   For any other purpose disclosed by us when you provide the information.

•   With your consent.


We may also disclose your personal information:

•   To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

•   To enforce or apply our terms of use or terms of sale and other agreements, including for billing and collection purposes.

•   If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Kneipp GmbH, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

•   Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

•   Promotional Offers from the Company. If you do not wish to have your contact information used by the Company to promote our own or third parties' products or services, you can opt-out by logging into the Website and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes or by sending us an email stating your request to customerservice@kneipp.com. It may take up to six weeks to be removed from our mailing lists.

Product Ratings: 

You have the option to rate and review our products. This is done in a separate form, on which you will be asked to provide further personal data. In order to guarantee your anonymity, it is sufficient to provide a "nickname", i.e. you do not have to provide any clear names. However, if you do, your rating will be published with your given name. Your e-mail address will not be published.

Your product evaluation will also be passed on to trade partners who will also verify and evaluate this evaluation and possibly publish it on their websites. These are in the United States among others:

Walmart.com

Ulta.com 

The legal basis for data processing is based on Art. 6 Paragraph 1 S. 1 lit. a, lit. b and lit. f DS-GVO. Our legitimate interest is to create a more attractive offer for users by offering customer opinions to other users.For the product reviews we work together with our commissioned data processor Bazaarvoice Inc. 10901 Stonelake Blvd, on whose servers the submitted product reviews are stored. For further information you can read the privacy policy of Bazaarvoice under the following link: https://www.bazaarvoice.com/de/legal/datenschutzrichtlinie/


We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.


Your California Privacy Rights

California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to info@kneipp.com or write us at: Kneipp GmbH, Winterhaeuser Straße 85, 97084 Wuerzburg, Germany.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Website home page. If we make material changes to how we treat our users' personal information, we will notify you by email to the email address specified in your account and/or through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

By Mail:   Kneipp GmbH, Winterhaeuser Straße 85, 97084 Wuerzburg, Germany.

By Email:   customersupport@kneipp.com


or via our toll-free number: 1-855-KNEIPPWORKS

1. contact details responsible person and contact details data protection

Person responsible:

Kneipp GmbH

Winterhäuser Str. 85

97084 Würzburg

Phone: +49-931-8002-0

E-Mail: info[at]kneipp.de


Contact data Privacy:

Kneipp GmbH

Data protection

Winterhäuser Str. 85

97084 Würzburg

E-mail: datenschutz[at]kneipp.de

2 What data is processed and for what purpose?


2.1 Use of the website


2.1.1 Access data

We collect information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and register data about your computer or mobile device. We collect, store and use data about each access to our online offer (so-called server log files). The access data includes:


  • Name and URL of the file accessed
  • date and time of the retrieval
  • amount of data transferred
  • message about successful retrieval (HTTP response code)
  • browser type and browser version
  • Referrer URL (i.e. the previously visited page)
  • IP address


We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of operating, securing and optimizing our online offering, but also to anonymously record the number of visitors to our website (traffic), as well as the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. This information serves our legitimate interest in providing personalized and location-based content and analyzing traffic, troubleshooting and improving our services. The legal basis is therefore Art. 6 para. 1 p. 1 lit. f DS-GVO.


2.1.2 Cookies

We use cookies on our website. Cookies are small text files in which information is stored. This allows a web server to recognize a user and save settings.


When you visit our website for the first time, the so-called cookie banner appears. You have the choice of either accepting all cookies or clicking on "Save" under "Setting" in order to select, for example, only technically necessary cookies.


To change the consent from the cookie declaration, please delete the saved cookies in your browser and reopen the Kneipp website so that the cookie banner appears again and you can make a new selection.


Information about the respective cookies, such as storage duration, provider, collected data, etc., can be found in the cookie banner. To do so, simply click on "Settings" and then on the question mark to the right of the respective cookie category.


The use of technically necessary cookies has its legal basis in Art. 6 para. 1 p. 1 lit. f DS-GVO. For all other cookies, the legal basis is the consent according to Art. 6 para. 1 p. 1 lit. a DS-GVO, which you give with the corresponding settings of the cookie banner.



2.2 Integration of third-party services and content


2.2.1 Social media

We use content or service offers from third-party providers within our online offer. This is done on the basis of our legitimate interests (interest in the analysis, optimization and economic operation of our online offer within the meaning of Art.6 para.1 lit.f DS-GVO) or on the basis of your consent pursuant to Art.6 para.1 lit.a DS-GVO. This means that we integrate content and services from third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content"). The prerequisite for this is that the third-party providers perceive your IP address, as without the IP address they would not be able to send the content to your browser. The IP address is thus required for the display of content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to analyze information such as visitor traffic on the website. The pseudonymous information may also be stored in cookies on your device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.


In the following presentation, we have compiled an overview of third-party providers together with their offered content as well as links to their data protection declarations, which may contain further information on the processing of data as well as information on how to object.


Provider: (Youtube) Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Opt-Out: https://adssettings.google.com


We have integrated components of YouTube within our online offers. YouTube allows the free posting of video clips and their free viewing, rating and commenting. By calling up one of the individual pages of our online offers on which YouTube content has been integrated, a connection to YouTube is established in order to download the necessary elements for displaying the corresponding video. In the process, YouTube or the operating company Google receives information about which sub-page within our online offers has been called up by the respective user. In addition, further information, such as the IP address, the browser used, the operating system and technical device information, date and duration of the visit are forwarded. If the user is logged into YouTube with the same device at the same time as visiting our online offers, YouTube recognizes the user when a single page containing a YouTube video is called up. This takes place regardless of whether the data subject clicks on a YouTube video or not. This information can be collected by YouTube or Google and assigned to the profile of the respective user, unless the elements have been integrated in "Privacy Mode".


Provider: (Vimeo) Vimeo Inc, 555 West 18th Street, New York, NY 10011, USA.

Privacy policy: https://vimeo.com/privacy

Opt-Out: https://vimeo.com/cookie_policy


We have integrated components of Vimeo within our online offer. When you call up such components, a connection is established to the Vimeo servers and the content is displayed. This transmits to the Vimeo server which of our Internet pages you have visited. If you are logged in to Vimeo at the same time, Vimeo assigns this information to your personal user account. When you click on the start button of a video, for example, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.


Provider: (Instagram) Meta Platform Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

Privacy Policy: https://help.instagram.com/519522125107875


Provider: (Meta Pixel) Meta Platform Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

Privacy Policy: https://www.facebook.com/about/privacy/

Opt-Out: https://www.facebook.com/settings?tab=ads


With the help of the meta pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the meta pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the meta pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. Furthermore, with the help of the meta pixel, we can track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion measurement").


2.2.2 Social media plug-ins

We have plug-ins of the social networks Facebook, Instagram, YouTube on our website. However, this does not collect any data, but merely provides a link for the corresponding websites. If you click on one of the plug-ins, you will be redirected to the corresponding page. Which data is collected there, please refer to the privacy policy of the respective social network:

- Facebook https://de-de.facebook.com/policy.php

- Instagram https://help.instagram.com/519522125107875

- Youtube https://policies.google.com/privacy?hl=de


2.2.3 Google Analytics

In order to continuously improve our site and design it to meet your needs, we use Google Analytics, a web analytics service provided by Google, Inc ("Google").

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about the use of this website by site visitors is usually transmitted to a Google server in the USA and stored there.

In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the transfer of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again): Google Analytics Disable.

Optimizing our web offer through the collected data is in our legitimate interest and is therefore lawful according to Art. 6 para. 1 p. 1 lit. f DS-GVO.


2.2.4 Google Ads/Remarketing

We use Google Ads, an online advertising platform from Google. Through the remarketing function, we have the option of displaying interest-based advertisements to our website users on other websites within the Google display network (either on Google itself, so-called "Google Ads" or on other websites). When you click on such an advertisement, a cookie is placed on your terminal device. This does not contain any personal data and loses its validity after 30 days.

If you do not want this, you can deactivate the interest-related Google advertisements in your browser at http://www.google.de/settings/ads.

The collection of data for advertising purposes is a legitimate interest on our part and has its legal basis in Art. 6 para. 1 p. 1 lit. f DS-GVO.


2.2.5 Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our website, a service provided by Google Inc, 1600 Amphiteatre Parkway, Mountain View, CA 94043, U.S.A. This service helps to verify when data is entered on our website (e.g. in a contact form) whether this is done by a human, or by an automated program. For this purpose, the behavior of the website visitor is analyzed by reCAPTCHA on the basis of various information (e.g. IP address, time spent on the website, mouse movements made by the user). The analysis starts automatically when the website is called up and then runs completely in the background. The website visitor does not receive any separate notice of the analysis currently taking place. The collected data is forwarded to Google. The legal basis for this is Art. 6 para. 1 p. 1 lit. f DS-GVO. We have a legitimate interest in protecting our web offers from abusive automated spying and from SPAM. More information about reCAPTCHA, as well as Google's privacy policy can be found at:

https://policies.google.com/privacy?hl=de and https://www.google.com/recaptcha/intro/android.html.


2.2.6 Microsoft Advertising

We use Microsoft Advertising on our website, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). By clicking on an advertisement placed by Microsoft, a cookie for conversion tracking is set on your terminal device.

With the help of conversion tracking, we can find out whether a previously defined action has taken place after clicking on the ad, e.g. purchase of one of our products in our online store.

We thereby obtain non-personal data (time spent on the website, areas of the website accessed, ad from which the user accessed the website). Information about your identity is not collected. The cookie itself has limited validity and is also not used for personal identification.

The collected data may be transferred to the USA.

The collection of data for advertising purposes is a legitimate interest on our part and has its legal basis in Art. 6 (1) p. 1 lit. f DS-GVO.

You can find more information about Microsoft Advertising at: https://privacy.microsoft.com/de-de/privacystatement


2.2.7 AB Tasty

We use the web analytics service AB Tasty, a service of AB Tasty GmbH, Lebacherstr. 4, 66113 Saarbrücken, Germany, for A/B and multivariate testing on our website. This service uses cookies to identify a website visitor's browser and analyze the use of our website.

More information on data processing by AB Tasty, as well as instructions on how to deactivate tracking, can be found at: https://www.abtasty.com/de/nutzungsbedingungen/.


2.2.8 Google Maps

We use Google Maps, a mapping service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service is intended to make it easier for you to plan your route to our stores and is therefore provided on the basis of Art. 6 para. 1 p. 1 lit. f. DS-GVO, as we have a legitimate interest in making our stores as easy to reach as possible.

In order for you to use the functions of Google Maps, your IP address must be stored. This is usually transmitted to a Google server in the USA and stored there. We have no influence on this. For more information on the use and collection of your data in connection with Google Maps, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de.


2.2.9 Google Web Fonts

We use the Web Fonts, a service of Google, to ensure a consistent display of fonts. By calling up the website, the web fonts required for your browser are loaded into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using connects to Google's servers. Google thus becomes aware that our website has been accessed via your IP address. This is done on the basis of Art. 6 (1) p. 1 lit. f DS-GVO, as we have a legitimate interest in a uniform and appealing presentation of our website. If your browser does not support web fonts, then a standard font from your computer will be used. The following links provide more detailed information on web fonts and Google's privacy policy:

https://developers.google.com/fonts/faq and https://policies.google.com/privacy?hl=de.



2.3 Orders/ Conclusion of contract

2.3.1 Orders in the online store, by phone or fax

For an order, we need your master data and communication data so that we can process your order. By master data we mean your name, address and date of birth. We need your date of birth to ensure that you are over 18 years old and to distinguish between duplicate names. Communication data is your e-mail address and, if specified, your telephone number. In this context, your telephone number will only be used for customer service queries during contract processing and not for marketing purposes. We also use your e-mail address to give you the opportunity to submit a product review (you can unsubscribe at any time). The submission of a product review is voluntary. The processing is based on Art. 6 para. 1 p. 1 lit. b DS-GVO (fulfillment of a contract). In the case of an order in the online store, the collection of your e-mail address is required by law in order to be able to send you an electronic confirmation of receipt and is therefore necessary pursuant to Art. 6 para. 1 p. 1 lit. c DS-GVO.


2.3.2 Customer account

For a more convenient shopping experience in our online store, you can register on our website by entering your personal data and create a customer account. This way, you do not have to re-enter your data every time you place an order.

For the new registration, we collect master data (e.g. name, address), communication data (e.g. e-mail address), and access data (user name and password).

To ensure your proper registration and to prevent unauthorized logins by third parties, you will receive an activation link by e-mail after your registration to activate your account. Only after registration is complete do we permanently store the data you provide in our system. For the administration and processing of your data, we use the system of a third party service provider. Agreements have been made with this third party regarding technical and organizational measures to protect your personal data.

You can have a once created customer account deleted by us at any time. We will then delete your stored personal data, unless we still need to store them for the processing of orders or due to legal storage obligations. The legal basis is Art. 6 para. 1 p. 1 lit. a and lit. b DS-GVO.



2.4 Payments

If you make your payment via Sofortüberweisung (Klarna), PayPal or credit card, we may work with the payment service provider Adyen N.V. (hereinafter "Adyen"), Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, the Netherlands. Adyen is a full payment service provider that, among other things, handles payment processing.

The data required for the respective payment method is transmitted to Adyen, unless this data is collected directly by the respective payment service (e.g. PayPal) itself.

The purpose of the transmission is identity verification, payment administration, credit assessment and fraud prevention. To the extent necessary for the fulfillment of contractual obligations, Adyen also discloses the personal data to service providers or subcontractors. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b and f DS-GVO. For more information on how Adyen handles your data, please visit: https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/privacy-policy


2.4.1 PayPal

If you use PayPal for payment, we will forward the contract data directly or indirectly via Adyen to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The legal basis for this is Art. 6 para. 1 p. 1 lit. b DS-GVO.

PayPal reserves the right to obtain credit information for certain payment methods (credit card, direct debit, "purchase on account via PayPal") for the purpose of deciding whether to provide the respective payment method. This may contain so-called score values (probability values). The score values are based on a scientifically recognized mathematical-statistical procedure, insofar as they are included in the credit report. Among other things, data such as the customer's address is included in the calculation. More information about data processing at PayPal can be found in their privacy policy at:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full


2.4.2 Credit card payment

If you have chosen to pay by credit card, we will forward the contract data to the payment service provider Adyen as part of the payment processing. The legal basis for this is Art. 6 para. 1 p. 1 lit. b DS-GVO. You can find more information about data processing at Adyen in their privacy policy at https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/privacy-policy.


2.4.3 Sofortüberweisung

If you have chosen to pay via Sofortüberweisung, we forward the contract data directly or indirectly via Adyen to Klarna Bank Ab (publ) Sveavägen 46, 11134 Stockholm Sweden, hereinafter ("Klarna"). For more information about Klarna's data processing, please see their privacy policy: https://www.klarna.com/sofort/datenschutz/.


We do not collect payment data as part of the online ordering process. Your data such as name and e-mail address will be forwarded to the appropriate credit institution depending on the payment method. This is done on the basis of Art. 6 para. 1 p. 1 lit. b DS-GVO.


2.4.4 Purchase on account

If you decide to pay on account, we will send you an invoice, which you will then settle. We do not collect any data in the process. However, we regularly check your creditworthiness when concluding contracts and in certain cases where there is a legitimate interest, also for existing customers. For this purpose, we cooperate with Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss ("Creditreform"), from which we receive the data required for this purpose. For this purpose, we transmit your name and contact details to Creditreform. The information pursuant to Art. 14 DS-GVO on the data processing taking place at Creditreform can be found here: www.boniversum.de/EU-DSGVO



2.5 Data processing for advertising purposes

2.5.1 Email marketing/ Newsletter

You can register for the newsletter via various actions. We will then send you an activation e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail (double opt-in procedure). We will process your data for this purpose until you object. For this purpose, you can send us an informal message or click on the unsubscribe link in each newsletter. The lawfulness of the data processing results from Art. 6 para. 1 p. 1 lit. a DS-GVO.


2.5.2 Postal mailings

We use your data to send you attractive offers by mail. In doing so, we process your first name, last name, postal address and year of birth. In addition, we store further data, e.g. your last purchases, in order to send you advertising that is geared to your actual or perceived needs. The lawfulness of the data processing results from Art. 6 para. 1 p. 1 lit. f DS-GVO.


2.5.3 Sweepstakes

If you participate in a sweepstakes offered by Kneipp, we may collect, store and process your name, address, email address and telephone number in order to conduct the sweepstakes. This also includes communication for any prize notifications.

After the competition has been completed and all prizes have been sent out, we will delete your data within three months.

The lawfulness of the data processing results from Art. 6 para. 1 p. 1 lit. b DS-GVO.


2.5.4 Customer relationship management (CRM) system

So that we can manage your data in one place and access one source for the respective advertising measures described here, we use the Marketing Cloud of salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (hereinafter "Salesforce"). This CRM platform enables customer interaction in compliance with the framework you have specified for this purpose. The legal basis for this is Art. 6 para. 1 p. 1 lit. b, f DS-GVO. For more information about data processing at Salesforce, please refer to their privacy policy at https://www.salesforce.com/de/company/privacy/.



2.6 Data processing within the Kneipp® family.

We store the mandatory information provided by you during registration (e.g. name, address, date of birth) for the purpose of administering your membership, corresponding with you in this regard and for the purpose of granting benefits (e.g. bonus programs). Mandatory registration data are marked accordingly (*). In addition, you also have the option of voluntarily entering your e-mail address. For the administration of your online customer account and for the purpose of the bonus program, the entry of an e-mail address is necessary or, in the case of online registrations, obligatory.


The customer number on the card is assigned to your customer account and stores your purchases made online and in the stores (using the card). This serves to improve our offer for you.


The legal basis for the processing of your data is the implementation of the Kneipp® Family contract and the pursuit of our legitimate interests (Art. 6 para. 1 p. 1 lit. b and lit. f DS-GVO). With your signature under the registration form, or by checking the box for online registration, you consent to the processing of your data. Our legitimate interest is to provide our customers with attractive offers within the framework of a customer program.


With the analog application form, you can additionally revocably consent to the use of the data for the Kneipp® newsletter and further information about products, competitions, etc.. This consent is voluntary and forms the legal basis according to Art. 6 para. 1 p. 1 lit. a DS-GVO for the data processing within the scope of the newsletter (see also 3.4.1). You can also become a member of the Kneipp® family without this consent.

We store your data as long as it is legally required and permitted. In the event of revocation on your part or if storage is no longer necessary to fulfill the purpose pursued with the storage or is inadmissible for legal reasons, your data will be deleted. You also do not have the possibility to change the data stored in your customer account yourself. If your card is not activated and the customer status "Member of the Kneipp® Family" is subsequently blocked, we will delete the data required to apply for membership of the Kneipp® Family. The data collected for other purposes (e.g. newsletter) will not be deleted in the process.

In principle, we only use your personal data within our company. If and to the extent that we involve third parties in the performance of contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.

We outsource certain parts of data processing to our commissioned data processors and contractually oblige them to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.



2.7 Data processing in the context of the Kneipp® VIP Author Community

We store the mandatory information provided by you when applying to become a Kneipp® VIP author (e.g. name, e-mail, date of birth) for the purpose of administering your membership, corresponding with you in this regard and for the purpose of granting benefits. Mandatory registration information is marked accordingly (*). In addition, you have the option to voluntarily provide your username of your various social media accounts, if any. The legal basis for this is both Art. 6 para. 1 p. 1 lit. b DS-GVO and Art. 6 para. 1 p. 1 lit. c DS-GVO. The data will be stored for subsequent participation for up to 5 years and then deleted to the extent permitted by law.

If you have given your consent to be contacted (also for advertising purposes), this is based on Art. 6 (1) p. 1 lit. a DS-GVO. You can revoke this consent at any time.



2.8 Customer interactions

2.8.1 E-mail contact

If you contact us (e.g., via contact form or e-mail), we store your information to process the request and in the event that follow-up questions arise. We only store and use further personal data if you consent to this or if this is legally permissible without special consent. The legal basis is therefore on the one hand your consent (Art. 6 para. 1 p. 1 lit. a DS-GVO) and our legitimate interest in establishing customer contact with you in accordance with Art. 6 para. 1 p. 1 lit. f DS-GVO. As soon as your request has been dealt with from our point of view, we will delete your data.


2.8.2 Contact form

In the case of inquiries via contact form, the data you provide from the application form will be stored by us for the purpose of processing the inquiry and any follow-up questions. The data will not be passed on without your consent. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. a DS-GVO. You can revoke this consent at any time. We only store the data until the purpose for storing the data no longer applies (e.g. after processing your request has been completed), until you request us to delete it, or until you revoke your consent to store it.


For the latter two purposes, we use Salesforce (see section 2.5.4)


2.8.3 Product ratings

You have the opportunity to rate our products. This is done using a separate form on which you are asked to provide additional personal data. To ensure your anonymity, it is sufficient to provide a "nickname", i.e. you do not have to provide a clear name. However, if you do, your rating will also be published with your given name. Your e-mail address will not be published.

Your product rating will also be passed on to trading partners who will also verify and evaluate this rating as well as possibly also publish it on their websites. These are in Germany among others:

www.dm.de

www.rossmann.de

www.douglas.de

The legal basis for data processing is based on Art. 6 para. 1 p. 1 lit. a, lit. b and lit. f DS-GVO. Our legitimate interest is to create a more attractive offer for users through customer opinion other users. If you voluntarily provide information about your health in your product review (e.g. skin diseases), this is health data, the processing of which you expressly consent to by voluntarily providing and sending the review in accordance with Art. 9 para. 2 lit. a DS-GVO.


For product ratings, we work together with our commissioned data processor Bazaarvoice Inc, 10901 Stonelake Blvd, on whose servers the submitted product ratings are stored. For more information, you can read Bazaarvoice's privacy notice at the following link: https://www.bazaarvoice.com/de/legal/datenschutzrichtlinie/


2.8.4 User-generated content (UGC)

If you send us digital image material (photos, videos, images), you consent to its use in accordance with the respective purpose described. The purpose of the processing is defined with the respective action description, possibly concretized by participation conditions. You submit the image material with the intention of publishing it.

You are aware that by posting the material and processing it by us in the anniversary film, you have made your material public and from then on your consent to use it can be waived, according to Art. 9 para. 2 lit. e DS-GVO.



2.9 Booking of applications

For our application area in the Outlet Rottendorf, you can book various treatments online via a form. In doing so, we request your data (first name, last name, e-mail and address data). This data is used exclusively for the purpose of processing the booked treatment and the resulting contractual relationship in accordance with Art. 6 para. 1 p. 1 lit. b DS-GVO and deleted 6 months after completion of the application. For the technical provision of the booking portal, we use a service provider who processes the data on our behalf.



2.10 Applications

If you apply online for a Kneipp job, you will be taken to the Kneipp Career website of our parent company Paul Hartmann AG. You can create a user account here and apply for one or more of the listed positions. Please note the information on data protection provided there.

Applications submitted outside our applicant management system will not be considered and will be destroyed in accordance with data protection regulations.



2.11 Purposes for the fulfillment of legal requirements (Art. 6 para. 1 lit. c DS-GVO) or in the public interest (Art. 6 para. 1 lit. e DS-GVO).

Like anyone who participates in economic activity, we are subject to a variety of legal obligations. Primarily, these are legal requirements (e.g. Works Constitution Act, Social Code, commercial and tax laws, tax code), but also, where applicable, supervisory or other official requirements (e.g. employers' liability insurance association). The purposes of processing may include identity and age verification, fraud and money laundering prevention (e.g. matching with European and international anti-terror lists), company health management and ensuring occupational safety. In addition, the disclosure of personal data may become necessary in the context of official/court measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil claims.



3. the personal data we process and their origin

Insofar as it is necessary for the decision on the establishment of a contractual relationship with you, we process personal data received directly from you in addition to any personal data lawfully received from third parties (cf. Art. 14 DS-GVO).


In particular, we process the following categories of data:

  • Inventory data (e.g. title, first name, last name, title, residential address, country, company address, date of birth if applicable, full legal capacity, industry);
  • Contact data (e.g. e-mail address, telephone number, landline/mobile phone, fax number);
  • Content data (e.g. text entries contact form, photographs, videos);
  • Contract data (e.g. subject matter of the contract, invoice amount, term, customer category, user name) in particular for the fulfillment of our contractual obligations and services pursuant to Art. 6 (1) lit. b DS-GVO, for the implementation of marketing measures based on our legitimate interests pursuant to Art. 6 (1) lit. f DS-GVO as well as based on your consent pursuant to Art. 6 (1) lit. a DS-GVO (e.g. in the context of customer satisfaction surveys);
  • Payment data (e.g. bank details, account data, credit card data, payment history);
  • Health data (e.g. severely disabled status, general physical condition, diagnosis).


4. your rights as a person affected by data processing

For the exercise of your rights, we would like to point out that, for example, in the case of an advertising objection, you may still receive mail from us 2 - 6 weeks after the advertising objection. This is due to technical and organizational reasons.

If you exercise your right to object to advertising, we will store this objection under your customer number. If you have been completely deleted due to inactivity in accordance with the deletion periods, we also no longer store any information about the fact that you have issued an advertising objection. If you then order again, you must declare the objection again.


4.1 Right of objection (Art. 21 DSGVO)

If the data processing is carried out on the basis of Art. 6 (1) p. 1 lit. e or f DS-GVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. This also applies to profiling that takes place on the basis of the same legal basis.

You can find out which legal basis is relevant for the respective data processing in this privacy policy.

If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) DSGVO).


If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Article 21 (2) DSGVO).


If you wish to object to the collection, processing or use of your data by us, in accordance with these data protection provisions as a whole or for individual measures in accordance with Art. 21 DSGVO, you can address your objection to the controller. There must be reasons for the objection that arise from the particular situation of the data subject.


4.2 Right of withdrawal

Consent to data processing can be revoked without giving reasons. For this purpose, an e-mail to datenschutz[at]kneipp.de is sufficient.


4.3 Other rights

In addition to the aforementioned rights of revocation and objection, you also have the following rights:

  • Right to information against the controller with regard to personal data (Art. 15 DS-GVO).
  • Right to rectification (Art. 16 DS-GVO)
  • Right to erasure (Art. 17 DS-GVO)
  • Right to restriction of processing (Art. 18 DS-GVO)
  • Right to data portability (Art. 20 DS-GVO)
  • Right to lodge a complaint with a supervisory authority (Art. 77 DS-GVO)


If you wish to exercise your rights, please send your request by e-mail or by post, clearly identifying yourself (name and address), to the address mentioned in point 1.



5. data security

We make maximum efforts to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data will be transmitted encrypted for your orders and also for the customer login. For this purpose, we use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

To protect your data, we maintain technical and organizational security measures in accordance with Art. 32 DSGVO, which we constantly adapt to the state of the art.

We also do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.



6. recipients or categories of recipients of your personal data

As a matter of principle, we only process your personal data internally. As a 100% subsidiary of PAUL HARTMANN AG, we also use the systems or contractual partners of PAUL HARTMANN AG for processing. Within our company, those internal departments or organizational units receive your personal data insofar as they require it to fulfill the purpose and within the scope of processing. Internal data recipients are obliged in each case to use your personal data only to the aforementioned extent.

If we transfer your personal data to other persons and companies (third parties) or grant them other access to the personal data, this will only be done on the basis of legal permission. Insofar as we commission third parties with the processing of personal data on the basis of a so-called "order processing agreement" and thereby secure for ourselves, among other things, the necessary powers of influence or control with regard to the processing and use of personal data, this is done on the basis of Article 28 DS-GVO. However, we remain responsible to you for the lawfulness of the data processing.



7 Processing of your personal data in a third country.

A transfer of data to bodies in states outside the European Economic Area EU/EEA (so-called third countries) occurs in particular if it is necessary for the decision on the establishment of a contractual relationship.

In this context, the processing of your personal data in a third country may also take place in connection with the involvement of service providers as part of commissioned processing. If there is no EU Commission decision on an adequate level of data protection for the country in question, we will ensure - in accordance with Article 13 (1) (f) of the GDPR - that your rights and freedoms are protected in the case of transfers pursuant to Articles 46, 47 or 49 (1) (2) of the GDPR by means of suitable and adequate safeguards. Information on the appropriate or adequate safeguards and how and where to obtain a copy of them is available upon request at the Data Protection Department.



8. reservation of right to change

There may also be occasions in the future that make it necessary to change the privacy policy. We therefore reserve the right to adapt this data protection declaration to any changes in the legal situation. You will always find the current version on the website.