Privacy policy

Privacy policy

The aim of this privacy policy is to inform the users of this website about the personal data that will be collected and used by the website operator [TAUTROPFEN Naturkosmetik GmbH] and the nature and purpose of such data processing. The website operator finds it very important to ensure data protection and will process your data confidentially in accordance with the legal regulations. As this privacy policy may have to be amended to account for new technologies and the constant development of our website, we would advise you to re-read this privacy policy on a regular basis. If you have any questions or concerns regarding the collection of your data, you will find the relevant contact details at the top of the privacy policy. The terms used in this privacy policy are defined in Art. 4 of the General Data Protection Regulation (GDPR).

1. Name and contact details of the controller

This privacy policy applies to data processing performed by:

TAUTROPFEN Naturkosmetik GmbH
Louis-Appia-Passage 9
D-60314 Frankfurt am Main

Tel.: +49 69 247 480 510
Fax: +49 69 247 480 520
E-Mail: info@tautropfen.com

2. Collection and storage of personal data & nature and purpose of the use of personal data

We will only collect your personal data to the extent permitted by law. We will not collect any “special categories of personal data”, as defined in Art. 9 GDPR.

a) When you visit our website

When you visit our website (www.tautropfen.com), information will be sent automatically from your browser to our website server. This information will be temporarily stored in a “server log file”. This server log file will not be stored for longer than seven days. The following data will be logged:

· The IP address of the requesting computer;
· The date, time and frequency of page access;
· The date and time of access;
· The name and URL of the accessed file;
· The volume of data transmitted;
· The website from which the site is accessed (referrer URL);
· The browser used and, if applicable, the operating system of your computer and the name of your access provider.

We will process this data for the following purposes:

· To ensure a smooth connection to our website;
· To ensure the comfortable use of our website;
· To evaluate the security and stability of our system; and
· To perform other administrative tasks and improve our services.

The legal basis for data processing is point (f) of Art. 6 (1) GDPR. We have a legitimate interest in the purposes of data collection listed above. We will never use your personal data to draw conclusions about your person. When you visit our website, we will also use cookies and analytical services. You can find more detailed information in sections 4 and 5 of this privacy policy.

b) When you subscribe to our newsletter

If you give your explicit consent in accordance with point (a) of Art. 6 (1) GDPR, we will use your email address to send you our regular newsletter. If you would like to receive our newsletter, you only have to provide your email address. You can unsubscribe at any time (e.g. by clicking on the link at the bottom of each newsletter). Alternatively, you can always submit a subscription cancellation request to info@tautropfen.com.

c) When you contact us or place an order

If you have any questions, we offer you the opportunity to get in touch with us by filling out the contact form on our website. You will have to enter a valid email address, so that we know who has sent the enquiry and can respond accordingly. Further information may be provided voluntarily. We will process your data for the purpose of communicating with you on the basis of your optional consent provided in accordance with point (a) of Art. 6 (1) GDPR. The personal data collected via the contact form will be automatically deleted once we have dealt with your enquiry. We will comply with the statutory deletion requirements. If you submit an enquiry or place an order, we will process the following types of personal data when necessary:

· Your basic data (e.g. name, address, date of birth);
· Your account details;
· Your email address;
· Your order details; and
· Your previous orders

d) When you submit an application

We generally collect personal data over the course of our application processes. You can send your application to recruitment@tautropfen.com. If you do this, all personal data collected from you will be immediately deleted after we have checked your documents.

In accordance with Art. 13 (1) and (2) GDPR, our employees will immediately inform you in writing that your documents have been received and explain how and why your data is being collected and how long it will be kept prior to deletion.

Your data will generally be stored for the duration of the application process and, when the vacancy is filled, for a further 3 months thereafter. We will take the appropriate technical and organisational measures to prevent the necessary data collected over the course of the application process from being accessed and manipulated by unauthorised third parties. As this cannot currently be ensured if you submit your application data via email, however, we would advise you to send us confidential information by post.

If you still wish to submit your application via email, we recommend attaching all documents as an encrypted .zip folder. You can share the password needed to open the compressed files by phone. We will not collect any “special categories of personal data”, as defined in Art. 9 GDPR.

3. Disclosure of data

We will not disclose your personal data to third parties for any purposes other than those listed below. We will only disclose your personal data to third parties if…

· … you have given your explicit consent (point (a) of Art. 6 (1) GDPR);
· … the disclosure of such information is necessary for the establishment, exercise or defence of legal claims and we have no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data (point (f) of Art. 6 (1) GDPR);
· … we are legally obliged to disclose the information (point (c) of Art. 6 (1) GDPR); and
· … this is legally permissible and necessary for the performance of a contract with you (point (b) of Art. 6 (1) GDPR).

We assure that your data will only ever be disclosed in accordance with the legal requirements and will only be passed on to third parties for the purposes mentioned above. In addition, we will take appropriate measures and carry out regular checks to ensure that the data we collect cannot be accessed or intercepted by external third parties.

4. Links from our partners

Our website contains links to external websites operated by our partners and other third parties; we have no control over the content of such websites. Clicking on the logo of a third-party provider will take you to their website. We cannot assume liability for any third-party content. The respective provider or operator of the linked pages is responsible for their content. We checked the pages for legal violations when creating the links and did not find any unlawful content. If we become aware of any legal violations, we will immediately remove the offending link.

5. Cookies

This website uses cookies. These are small files that will be automatically generated by your browser and saved on your device (e.g. laptop, tablet, smartphone) if you visit our website. As cookies do not contain any viruses, Trojan horses or other malware, they will not cause any damage to your device. The cookies will be used to store information, the contents of which will depend on the specific device you are using. However, this does not mean we will obtain any information regarding your identity. On the one hand, cookies help us create a more appealing website for our users. For example, we will use “session cookies” to determine whether you have ever visited individual pages on our website in the past. They will be automatically deleted when you leave our website.

In addition, we use “temporary cookies” to make our website as user-friendly as possible; these will be stored on your device for a certain period of time. If you return to our website to use our services, we will be able to automatically detect whether you have visited our website in the past and we will be able to see which data you have entered and which settings you have made to save you from re-entering this information each time. On the other hand, we use cookies to statistically record and evaluate the use of our website, so that we can optimise it for our users. These cookies will be automatically deleted after a defined period of time. The data processed by cookies is required for the purposes indicated above to pursue our legitimate interests and those of third parties in accordance with point (f) of Art. 6 (1) GDPR.

Cookies are automatically enabled by most browsers. However, you can configure your browser to prevent cookies from being saved on your computer or to notify you whenever a new cookie is about to be created. If you fully disable cookies, however, you may not be able to use all the features of our website.

6. Third-party tools

We use the analysis and tracking measures listed below on the basis of point (f) of Art. 6 (1) GDPR. We use these tools to constantly optimise our website and make sure it meets our users’ needs. On the other hand, we use the tools to statistically record and evaluate the use of our website, so that we can optimise it for our users. This constitutes our “legitimate interest”, as defined in the GDPR. In accordance with Art. 28 GDPR, we have concluded a data processing agreement with every third-party provider who processes personal data for us.

a) Google reCAPTCHA

This website uses Google reCaptcha (“reCAPTCHA”), a web analysis tool provided by Google (https://about.google/intl/de/): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043).

The purpose of reCAPTCHA is to check whether data has been entered on our website by a person or an automated programme. To do this, reCaptcha will analyse your behaviour based on various characteristics. This analysis will begin automatically as soon as you access our website. The data evaluated by reCAPTCHA will include:

· Your IP address;
· The amount of time you spend on our website;
· Your mouse movements on our website

The data collected will be sent to Google. The legal basis for data processing is point (f) of Art. 6 (1) GDPR. For more information on data protection in relation to reCAPTCHA, please refer to the following website: https://policies.google.com/privacy.

b) Hotjar

This website uses Hotjar, a web analysis tool provided by Hotjar Ltd. (https://www.hotjar.com/about-us/): Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta. If you visit our website, Hotjar will use a combination of various analysis and feedback tools to evaluate your behaviour and feedback. Hotjar will send us reports and visual representations to show us how you have used our website. Your personal data will be analysed by automated means and will not be stored on Hotjar’s servers at any time.

The data processed by Hotjar will include:

· Your IP address;
· Information about your device;
· Your screen resolution;
· Your operating system;
· Your clicks;
· Your mouse movements;
· Your geographical data;
· The length of your stay

For more information on data protection in relation to Hotjar, please refer to the following website: https://www.hotjar.com/legal/policies/privacy/.

c) Google Analytics

In the interest of constantly optimising our website and tailoring it to users’ needs, we use Google Analytics, a web analysis service provided by Google (https://about.google/intl/de/): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043).

The reports generated by this service enable us to see how our website is being used and adapt our website to our users’ needs.

If you visit our website, the following data will be generated and collected:

· Your browser (incl. version);
· Your operating system;
· The time you spend on our website;
· The referrer URL;
· Your IP address

As IP anonymisation has been enabled for this service on our website, your IP address will first be truncated within member states of the European Union and the European Economic Area. Only in exceptional cases will your IP address first be transferred to a server in the USA and then truncated there.

The data collected in this way will not be merged with any other data collected by Google services. You can find more information on how the programme works here:

Google Analytics will save its own cookies on your device, and these cookies will usually transfer the collected data to a server in the USA and save it there.

If you would like to disable such cookies, you can install the relevant browser plug-in here: https://tools.google.com/dlpage/gaoptout?hl=de (or insert relevant hyperlink).

If you do not want your data to be collected by Google Analytics in any way, you can install an opt-out cookie via the following link to prevent your information from being collected in the future.

d) Bounce Commerce

This website uses the plugin of the professional bounce management service provider Bounce Commerce GmbH, Lindenallee 39, 47608 Geldern, Germany.
No personal or personally identifiable data is transmitted to the technical service provider.

Technically necessary date are used, which contain purely technical information, but no personal data. These were stored in the localStorage of the Browser.

Further information on the data protection of Bounce Commerce GmbH can be found at www.bounce-commerce.de/datenschutz.

7. Social media plug-ins

Our website features external links that allow you to share content on social media or by email. We do this using social bookmarks. These are buttons that can be recognised by the logo of the social network in question. The plug-in will establish a connection between your browser and the servers of the respective provider. If you use these social bookmarks, you will usually be redirected to the provider’s website and the relevant user information will be disclosed.

If you would like to share our content and you are logged in to your account with one of these social networks while using our website, this information will be matched to your account. Your IP address may also be collected. As the operator of this website, we have no control over the data that may be sent to social network servers by such plug-ins.

For more information on the use of your data, please refer to the provider’s privacy policy: https://de-de.facebook.com/policy.php.

8. Other features

Our website also features Google Maps and YouTube, a video streaming service provided by Google (https://about.google/intl/de/): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043).

Some of the data processed by Google Maps may include IP addresses and location data; however, this data will not be collected without your consent (usually based on your device settings).

Some of the data collected by YouTube may include IP addresses the date and time of access, the name and URL of the accessed file, the volume of data transmitted, and the website from which the file is accessed (referrer URL). For more information, please refer to the provider’s privacy policy: https://policies.google.com/privacy.

9. Your rights / rights of data subjects

Needless to say, you have rights with regard to the collection of your data. In accordance with the applicable laws, we are obliged to inform you about your rights. You can exercise and enforce your rights free of charge.

You have the right…

· … to request access to the personal data we are processing on you (Art. 15 GDPR). You may particularly request information on: the purposes of the processing; the categories of personal data concerned; the categories of recipient to whom your personal data has or will be disclosed; the envisaged storage period; whether you have the right to request the rectification or erasure of your personal data or the restriction of processing or to object to such processing; whether you have the right to lodge a complaint; the source of any data not provided by yourself, and whether we carry out automated decision-making, including profiling, and meaningful information about any such processes;

· … to request the immediate rectification of any incorrect data or the immediate supplementation of any incomplete data we hold on you (Art. 16 GDPR);

· … to request the deletion of any personal data we hold on you (Art. 17 GDPR), unless our processing is necessary to exercise freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;

· … to request the restriction of the processing of your personal data (Art. 18 GDPR) if you contest its accuracy, if the processing is unlawful but you oppose the deletion of your data, if we no longer need your data but you require it for the establishment, exercise or defence of legal claims, or if you have objected to processing in accordance with Art. 21 GDPR;

· … to receive any personal data you have provided to us in a structured, commonly used and machine-readable format, or to have this data transferred to another controller (Art. 20 GDPR);

· … to withdraw any consent you have previously given us (Art. 7 (3) GDPR); we will then be prohibited from continuing any data processing performed on the basis of your consent; and

· … to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can usually do this by contacting the supervisory authority in your habitual place of residence or at our place of business.

If your personal data is being processed on the basis of our legitimate interests pursuant to point (f) of Art. 6 (1) GDPR, you are entitled to object to the processing of your personal data, provided your reasons for doing so relate to your particular situation or your objection concerns direct marketing (Art. 21 GDPR). If the latter is the case, you have a general right to object, and we will honour your right without you having to name a specific situation. If you would like to exercise your right to object or withdraw your consent, you just have to send an email to info@tautropfen.com.

10. Data security

Whenever you visit our website, we will use the widespread SSL / TSL protocol (Secure Sockets Layer / Transport Layer Security) and the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether a page on our website is transmitted in an encrypted form by the closed key or padlock symbol in the lower status bar of your browser. We will also take the appropriate technical and organisational security measures to prevent your data from being accidentally or deliberately manipulated, fully or partially lost, destroyed or accessed by unauthorised third parties. Our safety measures are constantly being improved in line with technical developments.

11. Validity and changes to this privacy policy

This privacy policy is currently valid and was last updated in March 2021. It may be necessary to change this privacy policy if our website and its features are developed, or if statutory and/or official regulations are amended. The current version of this privacy policy can always be viewed and printed out at https://tautropfen.de/datenschutz.