Welcome to the privacy policy from our website allyouneat.com, an offer from GERMANBEAUTYLAB GmbH & Co. KG, Wilhelm-Blos-Strasse 33, 12623 Berlin.
Data protection is a very special concern for us. So that you know when we collect and use which personal data, please take note of the following information. You will also find details of your rights.
1. Person responsible
The person responsible for data processing in accordance with data protection regulations is GERMANBEAUTYLAB GmbH & Co. KG, Wilhelm-Blos-Strasse 33, 12623 Berlin, represented by the managing and personally liable partner Just It GmbH, which in turn is represented by the managing director Mr. Robert Scharrenberg.
Phone: +49 (0) 15252 888 354
Email: shop@allyouneat.com
Web: allyouneat.com
2. Definitions
Our privacy policy is based on the relevant provisions of the European General Data Protection Regulation (GDPR). In order to make the privacy policy understandable for everyone, we would like to first explain the key terms according to the GDPR (not exhaustive):
- Personal data is any information relating to an identified or identifiable natural person (“data subject”), whereby a natural person is deemed to be identifiable if he or she can be identified, directly or indirectly, in particular
by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, Art. 4 No. 1 GDPR; - processing is any operation or set of operations, performed with or without the aid of automated means, concerning personal data, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, Art. 4 No. 2 GDPR;
- Restriction of processing is the marking of stored personal data with the aim of restricting their future processing, Art. 4 No. 3 GDPR;
- profiling is any type of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change of location of that natural person, Art. 4 No. 4 GDPR;
- Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the inclusion of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data is not assigned to an identified or identifiable natural person, Art. 4 No. 5 GDPR;
- controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his or her designation may be laid down by Union law or by the law of the Member States, Art. 4 No. 7 GDPR;
- processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, Art. 4 No. 8 GDPR;
- Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing, Art. 4 No. 9 GDPR;
- third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data, Art. 4 No. 10 GDPR;
- Consent of the data subject means any voluntary expression of will, in a specific case, given in an informed and unequivocal manner, in the form of a declaration or any other unequivocal affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her, Art. 4 No. 11 GDPR;
- breach of personal data protection is a breach of security leading to destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed, Art. 4 No. 12 GDPR;
- Health data are personal data relating to the physical or mental health of a natural person, including the provision of health services, and from which information on his or her state of health is derived, Art. 4 No. 15 GDPR;
3. Data processing
We always process personal data in compliance with the relevant data protection regulations (GDPR, BDSG, etc.).
In principle, you can visit our website without having to provide any personal data.
However, if and insofar as a data subject wishes to make use of certain offers via our website, it may be necessary to process personal data.
Personal data will only be processed if there is legal legitimation for data processing or if the person concerned has consented to data processing.
As the controller responsible for the processing of personal data, we have taken a large number of technical and organizational measures to ensure comprehensive protection of the personal data processed via our website. Nevertheless, we cannot rule out the possibility that security gaps may exist in the transmission of personal data via the Internet, meaning that we cannot guarantee absolute protection. Every data subject is therefore free to transmit their personal data to us by other means (telephone, post, etc.).
4. General data
Each time our website is visited by the data subject or by an automated system, general data and information is collected and stored in the server log file.
This may include, among other things
- Browser type and version
- Operating system used
- Website from which you visit us (referrer URL)
- Website you visit
- Date and time of your access
- Your Internet Protocol (IP) address
- other data and information that serve to ward off dangers in the event of attacks on our IT system
This general data and information does not allow us to draw any conclusions about the data subject. The general data and information are stored separately from any personal data you may have provided and therefore do not allow any conclusions to be drawn about a specific person. They are only evaluated for statistical purposes in order to optimize the website and our offers, to display our content correctly, to ensure the permanent functioning of our IT systems and our technology or to provide law enforcement authorities with the information necessary for prosecution in the event of a system attack.
We want to ensure that we obtain statistical information through the evaluation and that we can also increase data protection and data security in order to ultimately achieve a high level of protection for the personal data we process.
5. Cookies
We use cookies on our website.
These do not damage your computer and do not contain viruses.
Cookies are small files that are stored on your access or end device (computer, smartphone, tablet, etc.) and saved by your browser.
They serve to increase the user-friendliness, effectiveness and security of our website.
In addition, cookies can be used to collect statistical data on website usage and analyze it to improve our offering.
Cookies are possible as so-called “session cookies”, which are automatically deleted at the end of your visit.
Other cookies remain stored on your end device until you delete them.
These cookies allow your browser to be recognized on your next visit.
The personal data processed via cookies is used either on the legal basis of consent or on the legal basis of legitimate interest.
Consent is always the legal basis if we ask you for it.
Otherwise, the legal basis is our legitimate interest in data processing.
Our legitimate interest in data processing exists in particular in relation to the improvement and continuous further development and optimization of our online offering.
As the data subject, you can exclude the acceptance of cookies for certain cases or in general, prevent or restrict the storage of cookies and activate the automatic deletion of cookies when closing the browser.
However, this may limit the functionality of our website.
By using the link below, you can adjust the settings once selected.
Privatsphäre-Einstellungen ändernHistorie der Privatsphäre-EinstellungenEinwilligungen widerrufenWe use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/.
Legal bases for the processing of personal data in this context are Art. 6 para. 1 lit. c DS-GVO and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to manage the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consent.
6. Contact possibility
For legal reasons, we provide information on our website (e.g. e-mail, telephone, etc.) that enables you to contact us quickly and communicate directly with us electronically.
If and insofar as the data subject contacts us in this way, the information provided by you will be stored for the purpose of processing the contact.
We do not pass this data on to third parties.
We also do not compare the data collected in this way with data that may be collected by other components of the website.
7. SSL/TLS Encryption
We, as the controller, use SSL/TLS encryption for security reasons and to protect the transmission of confidential content (e.g. contact requests) that data subjects send to us.
Data subjects can recognize such an encrypted connection in the address bar of the browser if it contains the “https://” specification and/or the lock symbol is displayed.
If encryption is activated, data that affected users send to us cannot be viewed or read by third parties.
8. Registration function
We, as the controller, make it possible for data subjects to register on our website by providing personal data.
The personal data to be provided, which are transmitted to us in this context, result from the input mask on our website.
We process the personal data entered by the data subject for the purpose of registration and to enable access to the limited content accessible through registration.
When registering on our website, the IP address of the data subject and the date and time of registration are also stored.
The data is stored for the purpose of preventing misuse of our services.
If necessary, the data can also be used for the purpose of detecting criminal offenses.
Data processing is necessary to protect us as the controller.
The data processed in this way will not be passed on to third parties unless this is necessary for the execution of the contract, required by law and/or the disclosure serves the purpose of criminal prosecution.
Data subjects have the right to have their data stored for registration changed/corrected or completely deleted at any time.
Upon request, we, as the controller, will provide data subjects with information at any time as to whether and, if so, what data we have stored about the data subject.
In addition, we will correct or delete personal data at the request of the data subject, provided that there are no statutory retention obligations to the contrary.
9. Subscription
As the data controller, we offer our customers the option of subscribing to our products at regular intervals.
The personal data required for the subscription, which is transmitted to us, results from the self-explanatory input mask as part of the ordering process, in particular surname, first name, address, e-mail, telephone.
In connection with the subscription, we also process the IP address of the person concerned, which was assigned to him by the respective Internet provider at the time of the order, as well as the date and time of the order.
We, as the data controllers, process the personal data collected in connection with the subscription order exclusively for the purpose of fulfilling the contract and to send reminders to the data subject by e-mail, to give the data subject the opportunity to inform us in good time of any changes regarding delivery address, delivery time, delivery stop and, alternatively, to make changes independently in his customer account.
Affected users can cancel the subscription at any time in the customer account or by e-mail, whereby the concrete contact information is communicated to the respective user separately by e-mail.
Data subjects have the right to have their data stored for the subscription order changed/corrected or completely deleted at any time.
Upon request, we, as the controller, will provide data subjects with information at any time as to whether and, if so, what data we have stored about the data subject.
In addition, we will correct or delete personal data at the request of the data subject, provided that there are no statutory retention obligations to the contrary.
10. Cart
We collect information about your shopping cart during the checkout process on our store.
What personal data we collect and why we collect it
We start tracking your cart as soon as you add an item to your cart and enter your email address or phone number in the checkout form or pop-up window.
If you are logged into your account, we will start tracking your cart as soon as you add an item to your cart.
We are storing both shopping cart contents as well as data you provide in the checkout form or popup to:
- send you a transactional email about your abandoned cart
- improve customer experience by restoring data that has been entered in the checkout form in case you leave or accidentally refresh the page
How long we retain your data
We store your abandoned cart data for 180 days to recover your abandoned cart and order form data.
This includes your first and last name, your billing address, your delivery address, your email address, your phone number, your location and other information.
Who has access
Our store Administrators have access to the abandoned cart data you have provided.
Who we share your data with
The data is not shared, it is bound to the store.
11. Google Analytics with anonymization function and Signals
We, as the controller, use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Analytics enables a web-based analysis of the use of our website by the data subject.
This is done with the help of text files that are stored on the computer of the respective user, so-called “cookies” (see above).
The information generated in this way is usually transferred to a server operated by Google and stored there.
However, this website uses the IP mask method, which means that your IP address is shortened by Google and thus anonymized.
Google uses this information for the purpose of evaluating the use of the website on behalf of the operator, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
You can prevent the storage of cookies by setting your browser accordingly.
In this case, however, you may no longer be able to use all the functions of this website to their full extent.
You can also use the browser plugin to prevent Google from collecting and processing the data collected by the cookie.
You can also prevent the collection of data relating to your use of the website by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout/.
You can read more about Google Signals here: https://support.google.com/analytics/answer/7532985?hl=en
12. Google-AdWords (Google Ads)
We, as the controller, use the Google AdWords service on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
With the help of Google AdWords, we can place advertisements on the Internet, i.e. we can place advertisements that are displayed in Google’s search results as well as advertisements that appear directly in Google’s advertising network.
As part of Google AdWords, we can define certain keywords before placing the advertisement.
If a user enters one of these keywords in the Google search engine, our ads with these keywords are displayed in the results.
Within the advertising network of Google, the ads with keywords are distributed to the matching web pages by an automated algorithm, taking into account the previously determined keywords.
We use the Google AdWords service for the purpose of advertising our website, on the one hand to display relevant advertising on third-party websites or to display third-party advertising on our website and on the other hand to appear in Google’s search results.
A cookie in the form of a conversion cookie is automatically set on the computer of the user who accesses our website via a Google ad.
See above for the definition of cookies.
The user cannot be identified by the conversion cookie.
In addition, the conversion cookie loses its validity after 30 days.
During the period in which the conversion cookie is valid, it can be used to track whether and, if so, which subpages of our website have been visited or accessed.
The conversion cookie enables us and Google to track whether, for example, the user has reached our website via a Google AdWords ad.
Google uses the data obtained via the conversion cookie to compile statistics about visits to our website.
We, as the controller, in turn use the results of the statistics to determine how many visits have reached us via a Google AdWords ad.
It is therefore used to evaluate whether the Google AdWords ad was successful or not.
This allows us to optimize future advertisements.
Neither we nor other Google AdWords advertisers obtain information about users through the analysis that could help us identify users.
The conversion cookie stores personal data, such as the website visited, including the IP address, and forwards it to Google.
This data is stored there by Google.
It is possible that Google will pass the data on to third parties.
Users who wish to prevent the setting of a cookie can do so by making the appropriate setting, e.g. in their Internet browser, by permanently objecting to the setting of cookies.
This setting also prevents the setting of a conversion cookie.
At the same time, cookies that have already been set can be deleted at any time via the setting in the Internet browser or via other software programs.
Data subjects can also object to interest-based advertising by Google.
This requires the data subject to make the appropriate settings in Google from any browser: https://adssettings.google.com/.
Users can find further information and Google’s privacy policy at the following link: https://www.google.com/intl/en/policies/privacy/.
13. Google Adsense (Google Ads)
As the controller, we use Google AdSense, a service for integrating advertisements from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The purpose of using Google AdSense is to enable the implementation of advertising on our website.
Google AdSense uses “cookies”, which are text files placed on the data subject’s computer, to help the website analyze how users use the site.
What is meant by a cookie has already been explained above.
The cookie enables Google to analyze the use of our website by the data subject.
If a website with a Google AdSense component is accessed, the data subject’s internet browser automatically transmits data to Google for the purpose of advertising and billing commission payments.
As a result, Google obtains knowledge of the data subject’s personal data, such as the IP address.
This data enables Google to trace the origin of the data subject and the clicks made and to settle the corresponding commissions.
Data subjects can prevent the setting of cookies at any time by making the appropriate setting (see below).
This setting also prevents Google from placing a cookie on the data subject’s IT system.
Data subjects can also delete cookies already set by Google through the Internet browser or other software solutions.
Google AdSense also uses so-called tracking pixels.
This is a miniature graphic embedded in the website that enables the log file to be recorded and analyzed.
This in turn is used to carry out a statistical evaluation of the flow of visitors to our website.
The integrated tracking pixel enables Google to recognize whether and at what time the data subject has accessed one of our websites and which link the data subject has clicked on.
Google AdSense transfers and processes personal data of the data subject, such as the IP address, to Google, which is necessary for the collection and billing of the displayed advertising.
It is possible that the personal data may be passed on to third parties.
Further information on Google AdSense can be found under the link https://www.google.de/intl/de/adsense/start/.
Every user can prevent the setting of cookies by changing the settings in the browser accordingly.
The suppression of cookies by third-party providers also prevents you from being shown advertisements from these third parties.
The setting of cookies in the context of Google Ads can also be prevented in whole or in part by the plug-in provided by Google.
The link for this is: https://support.google.com/ads/answer/7395996.
You can also modify the setting of cookies through appropriate cookie settings, whereby we would like to point out that under certain circumstances and depending on the settings, not all of our functions may be fully usable.
14. Google Remarketing (Google Ads)
As the controller, we use Google Remarketing, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The remarketing service enables us to show you advertisements that match your interests on other websites within the Google advertising network.
For this purpose, your activities and interactions on our website are analyzed, including, for example, the analysis of your interests with regard to our offers.
This enables us to show you targeted advertising in line with your interests, even after you have finished visiting our website.
For this purpose, Google stores cookies (see above) on the end device you are using, which record you as a visitor to the website if you visit certain Google services or websites from the Google network.
By setting the cookies, only a unique identification of the web browser on the respective end device is ensured.
This does not identify you as a person.
You can find more information on Google’s data protection policy at https://policies.google.com/privacy?hl=en and https://services.google.com/sitestats/en.html.
Every user can prevent the setting of cookies by changing the settings in the browser accordingly.
The suppression of cookies by third-party providers also prevents you from being shown advertisements from these third parties.
The setting of cookies in the context of Google Ads can also be prevented in whole or in part by the plug-in provided by Google.
The link for this is: https://support.google.com/ads/answer/7395996.
You can also modify the setting of cookies by means of appropriate cookie settings, whereby we would like to point out that under certain circumstances and depending on the settings, not all of our functions may be fully usable.
15. Flexoffers
We, as the data controller, have implemented the “Flexoffers” element on our website, an offer from Flexoffers LLC, 1201 North Federal Highway #7520, Fort Lauderdale, FL 33304, USA.
Flexoffers is an affiliate partner program that enables us to conduct affiliate marketing.
Affiliate marketing is an online-based form of distribution through which we, as commercial operators, display advertising to sales partners, whereby the remuneration for the advertising is based on click or sales commissions.
In this context, Awin uses cookies (see above) for the purpose of being able to track which partner was used to conclude the contract.
In particular, Flexoffers can recognize that the user concerned has clicked on the respective partner link and then concluded a contract via or with Flexoffers.
The purpose of the data processing is to process the commissions generated via the contracts concluded via the affiliate network.
Affected users can prevent the setting of cookies in their browser settings (see above), whereby cookies already set can also be deleted.
Further information on data processing by and the privacy policy of Flexoffers, including possible objection possibilities, can be found under the following link:
https://www.flexoffers.com/privacy-policy/
16. Instagram
As the controller, we use the Instagram service component on our website.
This service is offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If the users concerned are logged into their Instagram account, they can link the content of our website to their Instagram profile by clicking on the Instagram button.
This allows Instagram to assign the visit to our website to the respective user account of the user concerned.
We would like to point out that we have no knowledge of the content of the transmitted data or its use by Instagram.
Further information on this can be found in Instagram’s privacy policy.
This is available at: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
17. Google +1
We use the social media functions of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on our website.
When pages with Google plug-ins are accessed, a connection is established between the data subject’s browser and Google’s servers.
Data is already transmitted to Google in the process.
If the data subject has a Google account, this data can be linked to it.
If the data subject does not wish this data to be associated with the Google account, it is necessary to log out of Google before visiting the Off The Path page.
Interactions, in particular the use of a comment function or clicking on a “+1” or “Share” button, are also passed on to Google.
Further information on the collection and use of data by Google and the rights of the data subject can be found at https://www.google.de/intl/de/policies/privacy.
18. YouTube
We, as the controller, use the YouTube service component on our website.
YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
YouTube enables publishers to post videos on the internet-based video portal free of charge.
YouTube also allows other users to view, rate and comment on the videos posted free of charge.
As YouTube makes it possible to publish all types of videos, complete film and television programs, trailers, music videos or videos created by the respective users themselves can be accessed.
If users access an individual page of our website on which a YouTube component has been embedded, the YouTube component automatically prompts the data subject’s browser to download a representation of the respective YouTube component from YouTube.
Users can view detailed information about YouTube at https://www.youtube.com/intl/de/about/.
Through this automated technical process, YouTube and Google gain knowledge of which individual sub-page of our website is visited by the user/person concerned.
If the user is also logged in to YouTube when visiting our website, YouTube is able to recognize which specific subpage is visited when our subpage containing the YouTube component is accessed.
YouTube and Google collect this information and assign it to the user’s YouTube account accordingly.
Both YouTube and Google are informed via the YouTube component that the user has visited our website if the user is also logged in to YouTube when accessing our website.
This occurs regardless of whether the user actually clicks on a video or not.
If users wish to prevent such transmission to YouTube and Google, they must log out of their YouTube account before accessing our website.
YouTube’s privacy policy is available at https://www.google.de/intl/de/policies/privacy/.
These provide information about the collection, processing and use of personal data by YouTube and Google.
19. Facebook
We use the component of the provider Facebook.
Facebook is a service of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Each time our website, which is equipped with such a component, is accessed, this component causes the browser used by the user to download a corresponding representation of the component from Facebook.
This process informs Facebook which specific page of our website is currently being visited.
If you visit our website while you are logged in to Facebook, Facebook recognizes which specific page you are visiting and assigns this information to your personal account on Facebook.
For example, if you click on the “Like” button or make comments, this information is transmitted to your personal user account on Facebook and stored there.
In addition, the information that you have visited one of our pages is passed on to Facebook.
This happens regardless of whether you click on the component or not.
If you want to prevent the transmission and storage of data about you and your behavior by Facebook, you must log out of Facebook before visiting our website.
Facebook’s data protection information provides more detailed information on this, in particular on the collection and use of data by Facebook, your rights in this regard and the setting options for protecting your privacy: https://de-de.facebook.com/about/privacy/
In addition, external tools are available on the market that can be used to block Facebook social plug-ins with add-ons for all common browsers.
An overview of the Facebook plugins can be found at https://developers.facebook.com/docs/plugins/
20. Payments/ payment service providers
As the controller, we offer data subjects the opportunity to make payments quickly and securely within our business relationships due to legal obligations or our legitimate interest.
For this purpose, we use the services of banks, credit institutions and other payment service providers.
The personal data processed in the context of payment transactions originate in particular from the category of inventory data (e.g. surname, first name, address, bank data (IBAN, BIC, passwords, TAN, contract data, payment totals and data relating to the recipient, etc.).
In addition, the following data or data categories in particular are also processed: Invoice data and payment histories, contract data (such as subject matter of the contract, duration, etc.), metadata and communication data (e.g. IP addresses, data on the device used).
Data processing is required to carry out and process the payment transaction.
However, the personal data collected in this respect will only be processed and stored by the selected payment service provider.
We do not obtain information about the account, nor do we obtain data about any credit card used.
We only receive information about whether the payment has been made or not.
The respective payment service providers may forward the personal data to credit agencies.
This is done for the purpose of checking the identity and creditworthiness of the data subject.
In this respect, reference is made to the respective terms and conditions and data protection provisions of the payment service providers used.
Information on the rights of data subjects (revocation, information, etc.) can also be viewed here.
We use the following payment service providers on our website:
- PayPal
PayPal (Europe) S.à r.l. et Cie, S.C.A
22-24 Boulevard Royal
L-2449 Luxembourg
Tel: 0800 723 4500
E-mail: impressum@paypal.com
Website: https://www.paypal.com/home
Privacy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE - Stripe
Stripe, Inc.
510 Townsend Street
San Francisco, CA 94103, USA
E-mail: support@stripe.com
Website: https://stripe.com/
Privacy: https://stripe.com/privacy - Bancontact
Mollie B.V.
Keizersgracht 126
1015CW Amsterdam, Netherlands
Tel: +49 (032) 240 9020
E-mail: info@mollie.com
Website: https://www.mollie.com/payments/bancontact
Privacy: https://www.mollie.com/privacy - EPS-Überweisung
STUZZA Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH
Frankgasse 10/8
1090 Vienna (Austria)
Tel: +43/1/505 32 80
Email: office@stuzza.at
Website: https://www.eps-ueberweisung.at/
Privacy: https://eservice.psa.at/de/datenschutzerklaerung.html - Alipay
Ant Group Co., Ltd.
Z Space 556 Xixi Road Hangzhou
310000 China
Tel: 86-571-2688-8888
Website: https://intl.alipay.com/ & www.antgroup.com
Data protection: https://render.alipay.com/p/f/agreementpages/alipayglobalprivacypolicy.html & https://www.antgroup.com - Multibanco
Sociedade Interbancaria de Servicos, S.A. (SIBS)
Rua Soeiro Pereira Gomes, Lote 1
1649 – 031 Lisbon
Tel: (00 351) 217 918 780
Website: https://www.sibs.com/en/marcas/multibanco/
Privacy: https://www.sibs.com/en/privacy/ - Przelewy24
PayPro SA
ul. Kanclerska 15
60-327 Poznań
Tel: +48616429344
E-mail: serwis@przelewy24.pl
Website: https://www.przelewy24.pl/o-firmie
Privacy:
https://www.przelewy24.pl/en/cookies-policy & https://www.przelewy24.pl/en/information-obligation-gdpr-payer & https://www.przelewy24.pl/en/information-obligation-gdpr-merchant - OnePay
OnePAY JSC
5th Floor, BIDV Tower
194 Tran Quang Khai street, Hoan Kiem district
Ha Noi, Viet Nam
Tel: +84 24 3936 6668
E-Mail: Sales department: info@onepay.vn, sales@onepay.vn
Commercial services: support@onepay.vn
Risk management: risk@onepay.vn
Website: https://www.onepay.vn/
Privacy: https://www.onepay.vn/home/en/about-us/security-and-privacy-policy.html
21. Shipping Service Providers
We, as the controller, use shipping service providers (e.g. DHL, UPS etc.) to carry out and fulfill our contractual obligations with regard to the delivery of goods to our customers.
For this purpose, it is necessary for us to pass on the address data of the recipient of our goods specified in the order to the respective shipping service provider for the purpose of delivering the goods, i.e. for the purpose of fulfilling the contract (Art. 6 para. 1 sentence 1 lit. b GDPR).
In addition, personal data (telephone number, e-mail) will only be passed on to the respective shipping service provider if this data is essential for the fulfillment of the contract, e.g. regional peculiarities in delivery countries, for the transport of goods that cannot be delivered by parcel, which must be delivered by a forwarding agent and for which a delivery date must be agreed with the recipient or if we have previously obtained consent within the meaning of Art. 6 para.
1 sentence 1 lit.
a GDPR for this purpose.
22. Deletion and blocking
The processing of personal data is only carried out for the period of time required to achieve the storage purpose or as long as required by relevant legal provisions.
After the storage purpose has ceased to apply or after a statutory storage period has expired, we delete or block the personal data in accordance with the statutory provisions.
23. Data subject rights
The data subjects are entitled to the following rights in particular:
- Confirmation
Data subjects may request confirmation from us, as the controller, as to whether we are processing personal data. To exercise this right, the data subject can contact one of our employees at any time. - Information
Any data subject may request information from us, as the controller, at any time and free of charge as to whether and, if so, what personal data we have stored about them. A copy of this information shall be provided to the data subject. In addition, the data subject may request information about (a) the purposes of the processing, (b) the categories of personal data processed, (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed (d) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period (e) the existence of the right to rectification or erasure or the right to restriction of processing by the controller or the right to object to such processing (f) the existence of the right to lodge a complaint with a supervisory authority; and (g) the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. If personal data is not collected directly from the data subject, the data subject must be provided with all available information about the origin of the data. The data subject also has a right to information as to whether personal data has been transferred to a third country or to an international organization. If the answer is yes, the data subject must be informed of the appropriate safeguards in connection with the transfer. To exercise this right, the data subject can contact one of our employees at any time. - Correction
Any data subject may at any time request us, as the controller, to rectify inaccurate personal data concerning him or her without undue delay. In addition, the data subject is entitled to request the completion of incomplete personal data, taking into account the purposes of the processing. To exercise this right, the data subject may contact one of our employees at any time. - Cancellation/ Right to be forgotten
Any data subject may request from us, as data controller, that the personal data relating to him/her be deleted without delay if one of the following reasons applies and provided that the processing is not necessary:- The processing of personal data is no longer necessary for the original purpose for which it was collected or otherwise processed,
- Consent to data processing has been withdrawn by the data subject and there is no legal basis for data processing
- The data subject has objected to data processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the data processing
- The data subject has objected to data processing pursuant to Art. 21 para. 2 GDPR
- The processing of personal data is unlawful
- The deletion is required for legal reasons
- The data was collected in connection with information society services offered within the meaning of Art. 8 para. 1 GDPR. If one of the aforementioned reasons applies and the data subject requests the deletion of the personal data stored by us, they can contact one of our employees at any time, who will arrange for the deletion. If the personal data is published, we as the controller are obliged pursuant to Art. 17 para. 1 GDPR, we will take appropriate (technical) measures, taking into account the available technology and the costs of implementation, to inform other data controllers who process the published personal data of the data subject of the data subject’s request for erasure. This includes, in particular, informing the other data controllers that the data subject has requested them to erase all links to the personal data or copies or replications of this personal data, unless the processing is necessary. Our employees will take all necessary steps in individual cases.
- Restricted processing
Any data subject may request us, as data controller, to restrict the processing of personal data if and to the extent that one of the following conditions applies:- The data subject contests the accuracy of the personal data for a period enabling us, as the controller, to verify the accuracy of the personal data
- The data processing is unlawful and the data subject requests the restricted processing of personal data instead of erasure
- We, as the controller, no longer need the personal data of the data subject; the data subject, on the other hand, needs the personal data to assert, exercise and/or defend their legal claims
- The data subject has objected to data processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether we, as the controller, have any overriding legitimate grounds for processing the data. If one of the aforementioned conditions is met and the data subject wishes to restrict the processing of personal data held by us, they can contact one of our employees at any time, who will arrange for the processing to be restricted.
- Right to data portability
Any data subject may require us, as data controller, to transfer personal data concerning him/her in a structured, common/known and machine-readable format. The data subject may also request that the personal data relating to him/her be transferred to another controller without our hindering this, provided that the data processing is based on consent within the meaning of Art. 6 para. 1 lit. 1 letter a GDPR, Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and is carried out with the aid of an automated procedure, unless the data processing is necessary for the performance of a task carried out in the public interest or is carried out in the exercise of official authority vested in us as the controller.
In exercising his or her right to data portability, the data subject shall have the right to have his or her personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others. To exercise this right, the data subject can contact one of our employees at any time. - Right of objection
Any data subject may object to us, as the controller, at any time to the processing of personal data concerning him or her, provided that the data processing is in accordance with Art. 6 para. 1 lit. e or f GDPR. This applies equally to profiling based on this provision.
We, as the controller, will no longer process the personal data after an objection has been made unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject. This applies equally to cases in which the data processing serves the assertion, exercise or defense of claims. In the event that we process personal data for the purpose of direct marketing, the data subject may object to this at any time. This applies accordingly to profiling if and to the extent that it is related to direct advertising. Once the data subject has objected to data processing for direct marketing purposes, we will no longer process the personal data for these purposes. The data subject also has the right to object to the processing of personal data concerning them by us for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, if there are grounds relating to the particular situation of the data subject, unless the data processing is necessary for the performance of a task carried out for reasons of public interest. To exercise this right, the data subject can contact one of our employees at any time. In addition, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications. - Automated individual case decisions/ profiling
Any data subject may require us, as the controller, to make decisions that produce legal effects concerning the data subject or significantly affect him or her in a similar way, not solely on the basis of automated processing, including profiling, provided that the decision is based on automated processing. profiling, provided that the decision is (a) is not necessary for entering into, or performance of, a contract between the data subject and us; or (b) is permissible on the basis of relevant legal provisions and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or (c) is made with the express consent of the data subject. If the decision is necessary for entering into, or the performance of, a contract between the data subject and us as the controller, or if the data subject has given his or her explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests. This includes at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
In order to exercise this right, the person concerned can contact one of our employees at any time. - Withdrawal of consent
Any data subject may withdraw consent to the processing of personal data at any time. To exercise this right, the data subject can contact one of our employees at any time. - Right of appeal
Data subjects have the right to lodge a complaint with the competent supervisory authority at any time. The data protection officers responsible for each federal state and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html
24. Legal basis for data processing
For us, the legal basis for data processing is Art. 6 Par. 1 lit. a GDPR, if we obtain the consent of the data subject for a specific processing purpose. In the case of data processing for the performance of a contract to which the data subject is a party, the legal basis for processing is Art. 6 Paragraph 1 lit. b GDPR. This applies equally to processing operations that are necessary to carry out pre-contractual measures, such as inquiries about our products or services. If we are subject to a legal obligation according to which we must process personal data (e.g. tax obligations), the legal basis for data processing is Art. 6 para. 1 lit. c GDPR. In certain situations, data processing may be necessary to protect vital interests of the data subject or another natural person, for example if injuries occur when visiting our company. In this case, we would have to transmit the name, age, health insurance data or other vital information to a doctor, hospital or other third party. The legal basis for data processing here is Art. 6 para. 1 lit. d GDPR. Data processing may also be based on Art. 6 Para. 1 lit. f GDPR if none of the above-mentioned legal bases is relevant and the data processing is necessary to safeguard the legitimate interests of us or a third party, provided that the interests, fundamental rights and freedoms of the person concerned do not prevail. In the case of data processing based on Article 6 Paragraph 1 lit. 1 letter f GDPR, our legitimate interest is the execution, exercise and continuous optimization of our business activities for the benefit of the well-being of all our employees.
25. Duration of storage
The duration of the storage of personal data is largely determined by the statutory retention periods.
After expiry of the respective period, the corresponding personal data is routinely deleted if and insofar as it is no longer necessary for the fulfillment of the contract or the initiation of the contract.
26. Provision of personal data
We hereby inform you that there are some legal regulations that prescribe the provision of personal data (e.g. tax law) or that such an obligation to provide data may also arise from contractual provisions.
It may be necessary for the conclusion of a contract for the data subject to provide us with personal data that we must process in the course of the contract, e.g. as is necessary for the conclusion of a contract.
If the personal data is not provided in these cases, we would not be able to conclude the contract with the data subject.
Before the data subject provides the personal data, he or she must contact us, who will inform the data subject for each individual case whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
27. Objection of advertising mails
We hereby expressly prohibit the use of the contact data provided in the legal notice and on the website for sending unsolicited advertising and information material.
We reserve the right to take legal action in the event of any infringement of unsolicited sending of advertising and the like, for example through spam e-mails.
28. Changes to our data protection policy
We reserve the right to adapt this data protection notice so that it always complies with current legal requirements or to implement changes to our services in the data protection notice, e.g. when introducing new services.
The new data protection notice will then apply to your next visit.