Privacy policy

1) Information on the collection of personal data and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2Responsible for the data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Stefan Christmann, Georg-Burkhardt-Str. 2, 73312 Geislingen, Germany, tel.: +49 (0)170 772 7079, e-mail: stefan@nature-in-focus.de. The controller of personal data is the natural or legal person who decides, alone or jointly with others, on the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the controller), this website uses an SSL or/or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser line.

2) Data collection when visiting our website

When using our website in an informative way, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following information, which is technically necessary for us to show you the website:

  • Our website visited
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used (possibly: in anonymized form)

The processing is carried out in accordance with Art. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or otherwise used. However, we reserve the right to check the server log files retrospectively if specific indications indicate illegal use.

3) Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow you to recognize your browser the next time you visit (so-called persistent cookies). When cookies are set, they collect and process specific user information such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a predetermined duration, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.

In some cases, the cookies are used to simplify the ordering process by storing settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as individual cookies used by us also process personal data, the processing will be carried out in accordance with Art. 1 lit. b GDPR either for the implementation of the contract, in accordance with Article 6(3) 1 lit. a GDPR in the event of consent or in accordance with Article 6(0). 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the website visit.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browsers under the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if cookies are not accepted, the functionality of our website may be limited.

4) Contacting

Personal data is collected as part of the contact with us (e.g. via contact form or e-mail). The data collected in the case of a contact form can be seen from the respective contact form. This data will be stored and used exclusively for the purpose of answering your request or for contacting and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 sec. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 1 lit. b GDPR. Your data will be deleted after your request is processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified and that there are no statutory retention obligations.

5) Data processing when opening a customer account and for contract processing

In accordance with Art. 1 lit. b GDPR will continue to collect and process personal data if you provide it to us for the performance of a contract or when opening a customer account. The data collected can be seen from the respective input forms. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the controller. We store and use the data you provide for the execution of the contract. After the complete execution of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by our site.

6) Data processing for order processing

6.1 In order to process your order, we cooperate with the following service providers, who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery in the course of the contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution as part of the payment processing process, if this is necessary for payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of data is Art. 1 lit. b GDPR.

6.2 In order to fulfil our contractual obligations towards our customers, we cooperate with external shipping partners. We provide your name as well as your delivery address and, if necessary for delivery, your telephone number, exclusively for the purpose of the delivery of goods Art. 1 lit. b GDPR to a shipping partner selected by us.

6.3 Use of payment service providers (payment services)

– Apple Pay
If you choose the Apple Pay payment method of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is made via the “Apple Pay” function of your device operated with iOS, watchOS or macOS by debiting a payment card deposited with Apple Pay. Apple Pay uses security features built into your device’s hardware and software to protect your transactions. For the release of a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the “Face ID” or “Touch ID” function of your terminal device.
For the purpose of payment processing, your information provided during the ordering process, together with the information about your order, will be passed on to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the payment data is transferred to the payment service provider of the payment card stored in Apple Pay. Encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the source site to confirm payment success.
Insofar as personal data are processed in the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes a personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase that you made through Safari on your Mac, the Mac and the authorization device communicate through an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that identifies you. You can turn off the ability to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and turn off “Allow payments on Mac”.
Further information on Apple Pay data protection can be found at the following Internet address: https://support.apple.com/de-de/HT203027
– giropay
In case of payment via “giropay”, payment is processed via giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, to which we pass on your information provided during the ordering process, together with the information about your order. Your data will be passed on in accordance with Art. 1 lit. b GDPR exclusively for the purpose of payment processing and only to the extent that it is necessary for this purpose. Further information on the data protection regulations of giropay GmbH can be found at the following Internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung
– Klarna
If a Klarna payment service is selected, payment is processed via Klarna Bank AB (publ) [https://www .klarna.com/de] , Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable payment to be processed, your personal data (first and last name, street, house number, postcode, location, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, item, mode of delivery) will be passed on to Klarna for the purpose of identity and credit check, provided that you use this in accordance with Art. 6 sec. 1 lit. a GDPR have expressly consented in the context of the ordering process. You can view to which information agencies your data can be forwarded here:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report can contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based in a scientifically recognised mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values, but not exclusively. The information obtained on the statistical probability of a default is used by Klarna for a balanced decision on the establishment, implementation or termination of the contractual relationship.
You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for the contractual payment processing.
Your personal data will be https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy in accordance with the applicable data protection regulations and in accordance with the information in Klarna’s data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
or for those affected, who are based in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy
Treated.
– Paypal
In case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “instalment payment” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer will take place in accordance with Art. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to provide credit card information via PayPal, direct debit via PayPal or , if offered – “purchase on account” or “instalment payment” via PayPal. For this purpose, your payment data may be processed in accordance with Art. 1 lit. f GDPR based on PayPal’s legitimate interest in determining your solvency. The result of the credit check in relation to the statistical probability of default uses PayPal for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based in a scientifically recognised mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values, but not exclusively. Further data protection information, including the information agencies used, can be found in PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
– SOFORT
If the payment method “SOFORT” is selected, payment processing is carried out via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to which we receive your information provided during the ordering process, together with the information about your order in accordance with Art. 6 sec. 1 lit. b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider SOFORT and only to the extent that it is necessary for this purpose. You can obtain further information on SOFORT’s privacy policy at the following Internet address: https://www.klarna.com/sofort/datenschutz.
– Stripe
If you choose a payment method from the payment service provider Stripe, payment is processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we will share your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possible credit card number, invoice amount, currency and transaction number) in accordance with Art. The transfer of your data takes place exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. For more information about Stripe’s privacy, see the URL https://stripe.com/de/privacy#translation.

7) Use of rating and seal graphics

Trusted Shops Trustbadge

The Trusted Shops Trustbadge is included on this website for displaying our Trusted Shops seal of approval as well as for offering the Trusted Shops membership for buyers after an order.

This serves to safeguard our overriding legitimate interests in the optimal marketing of our offer, Art. 6 sec. 1 lit. f GDPR. The Trustbadge and the services advertised are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.

When the trust badge is called, the web server automatically stores a so-called server log file, which is Contains your IP address, date and time of retrieval, transferred data volume and the requesting provider (access data) and documents the retrieval. This access data will not be evaluated and will be automatically overwritten no later than seven days after the end of your page visit.

Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.

8) Online marketing

Facebook Pixel for creating Custom Audiences with advanced data matching (with cookie-consent tool)
Within our online offer, the so-called “Facebook pixel” of the social network Facebook is used in the extended data matching mode, which is operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”).
On the basis of his express consent, when a user clicks on an ad played on Facebook and placed by us, an addition is added to the URL of our linked page by Facebook Pixel. This URL parameter is then inscribed in the user’s browser via cookie, which sets our linked page itself. In addition, this cookie collects specific customer data, such as the e-mail address that we collect on our website linked to the Facebook ad during transactions such as purchases, account registrations or registrations (extended data matching). The cookie is then read out by Facebook Pixel and allows the data, including the specific customer data, to be forwarded to Facebook.
With the help of the Facebook pixel with extended data matching, Facebook is on the one hand possible to precisely identify the visitors of our online offer as the target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel with extended data matching to display the Facebook ads we serve only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined by the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel with extended data matching, we also want to ensure that our Facebook ads meet the potential interest of users and do not have a harassing effect. This allows us to further evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion”). Compared to the standard version of Facebook Pixel, the advanced data matching feature helps us better measure the effectiveness of our advertising campaigns by capturing more associated conversions.
All transmitted data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). The data may allow Facebook and its partners to run ads on and off Facebook.
These processing operations shall be carried out exclusively upon the granting of express consent in accordance with Article 6(s). 1 lit. a GDPR.
Consent to the use of the Facebook pixel may only be given by users older than 16 years of age. If you are younger, we ask you to ask your legal guardian for permission.
The information generated by Facebook is usually transmitted to a Facebook server and stored there, where it can also be transmitted to the servers of Facebook Inc. in the United States. You can revoke your consent at any time with effect for the future. To exercise your revocation, remove the check mark placed in the “Cookie Consent Tool” on the website next to the “Facebook Pixel” setting.

9) Tools and miscellaneous

Borlabs
This website uses the cookie-consent tool Borlabs of the provider Mr. Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (“Borlabs”), which sets two technically necessary cookies (“borlabsCookie” and “borlabsCookieUnblockConten”t) to store your cookie preference. The aforementioned processing is carried out in accordance with Art. 1 lit. f GDPR based on our legitimate interest in providing cookie preference management to website visitors.
The “Borlabs Cookie” does not process any personal data. The “borlabsCookie” cookie stores your chosen preference, which you have selected when you enter the website. The cookie “borlabsCookieUnblockContent” stores which (external) media/content you always want to have automatically unlocked. If you wish to revoke these settings, simply delete the cookies in your browser. When you re-enter/reload the website, you will be asked again for your cookie preference.

10) Rights of the person concerned

10.1 The applicable data protection law grants you comprehensive data subjects’ rights (information and intervention rights) with regard to the processing of your personal data, about which we inform you below:

  • Right of access pursuant to Article 15 GDPR: In particular, you have the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or become disclosed, the planned storage period or the criteria for determining the retention period, the existence of a right to rectification, deletion, restriction of processing of the data. , opposition to the processing, complaint to a supervisory authority, the origin of your data, if not collected by us from you, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the scope and impact of such processing, and your right to be informed of the guarantees provided for in Article 46 GDPR when your data is transferred to third countries;
  • Right to rectification in accordance with Article 16 GDPR: You have the right to immediate rectification of any inaccurate data concerning you and/or completion of your incomplete data stored by us;
  • Right to erasure in accordance with Article 17 GDPR: You have the right to delete your personal data if the conditions of Article 17(1) are met. 1 GDPR. However, this right does not exist, in particular, where the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • Right to restrict processing in accordance with Article 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse to delete your data due to improper data processing and instead request the restriction of the processing of your data if you need your data to assert, exercise or defend legal claims , since we no longer need this information after the purpose has been achieved, or if you have objected on the grounds of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
  • Right to information pursuant to Article 19 GDPR: If you have asserted the right to rectification, erasure or restriction of the processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed this rectification or deletion of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort. They have the right to be informed of these recipients.
  • Right to data portability in accordance with Article 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller, insofar as this is technically feasible;
  • Right to revoke consents given in accordance with Art. 3 GDPR: You have the right to revoke once consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for non-consent processing. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation;
  • Right to appeal under Article 77 GDPR: If you consider that the processing of personal data concerning you is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

10.2 WIDERSPRUCHSRECHT

IF WE ARE IN THE FRAME OF AN INTEREST DEVELOPMENT YOUR PERSONAL DATA OF OUR EXPERIENCE OF INTEREST, YOU HAVE THE EVERY RIGHT, FROM THE RIGHT TO BE FROM YOUR SPECIAL SITUATION, AGAINST THIS PROCESSING AGAINST THE FUTURE.
USE OF YOUR DISCLAIMER, WE ARE ENDING THE PROCESSING OF THE RELATED DATA. A FURTHER STAY BUT RESERVED WHEN WE CAN USE RECOMMENDED REASONS FOR THE PROCESSING THAT YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR WHEN THE PROCESSING OF THE EXPERIENCE,

WILL BE YOUR PERSONAL DATA OF US PROCESSED TO USE DIRECT DATA, HAVE THE RIGHT TO AT ANY TIME AGAINST THE PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF THE PERSONAL DATA. YOU CAN EXERCISE THE CONTRADICTION AS DESCRIBED ABOVE.

USE OF YOUR RIGHT RIGHT, WE END THE PROCESSING OF THE RELATED DATA FOR DIRECT ADVERTISING PURPOSES.

11) Duration of storage of personal data

The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of the processing and, if relevant, additionally on the basis of the respective statutory retention period (e.g. commercial and tax retention periods).

When processing personal data on the basis of express consent in accordance with Article 6 sec. 1 lit. a GDPR, this data is stored until the data subject withdraws his consent.

There are legal retention periods for data that is set out in the context of legal or legal business-like obligations on the basis of Article 6 paragraph. 1 lit. b GDPR, these data will be routinely deleted after the retention periods have expired, provided that they are no longer necessary for the performance of the contract or initiation of the contract and/or that there is no legitimate interest in further storage on our part.

When processing personal data on the basis of Article 6(4) 1 lit. f GDPR, this data is stored until the data subject has his right to object under Article 21(0). 1 GDPR, unless we can prove compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Article 6(4) 1 lit. f GDPR, this data is stored until the data subject has his right to object under Article 21(0). 2 GDPR.

Moreover, unless otherwise provided in this declaration about specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.