Our handling of personal data
We take your privacy very seriously and treat your personal information confidentially and in accordance with the law.
Keep in mind that data transmission on the Internet is generally subject to security vulnerabilities. Our employees are expressly subject to the confidentiality obligations of the current version of the General Data Protection Regulation (GDPR).
We only collect, use and transfer your personal data if this is permitted by law or with your consent.
Personal information means all information that is used to identify your person and which can be traced back to you, such as your name, e-mail address and telephone number.
We make sure that personal information you store on the server is located in a controlled and secure environment which prevents unauthorised access and disclosure. Access to your customer account is only possible after entering your personal password. You should always keep your access information confidential and close the browser window when you stop communicating with us, especially if you share your computer with others.
SSL encryption (HTTPS protocol)
To best protect your transmitted data, the website operator uses SSL encryption. Such encrypted connections are recognised by the prefix “https://” in the page link in the address bar of your browser.
All data you submit to this website, such as inquiries or logins, cannot be read by third parties thanks to SSL encryption.
Processing of access data when visiting this website
The website operator collects data about visits to the site and saves these as “server log files”. The following data is logged:
- Website visited
- Point in time of access
- Amount of data sent in bytes
- Source/reference that led you to the page
- Browser used
- Operating system used
- IP address used
The data collected are for statistical purposes only and to improve the website. However, the website operator reserves the right to retrospectively check the server log files should concrete evidence point to unlawful use.
These data cannot be assigned to specific persons for Vita+. A merger of this data with other data sources will not be done.
The basis for data processing is Art. 6 (1) letter f GDPR, which allows the processing of data to safeguard the legitimate interests of the responsible party.
You can set your browser so that you are informed about cookie settings and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. There is no guarantee that you will be able to access all the features of this website without limitations if you restrict your cookie settings.
Cookies are stored on the basis of Art. 6 (1) letter f GDPR. The website operator has a legitimate interest in the technically error-free and optimised provision of its services.
If you contact us through the provided contact options, your details will be stored so they can be used to process and answer your request.
The information you provide in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage has been fulfilled (e.g., after your request has been processed). Mandatory statutory provisions, especially retention periods, remain unaffected.
The processing of the data entered into the contact form takes place exclusively on the basis of your consent (Art. 6 (1) letter a GDPR).
Personal data are only collected if you voluntarily provide us with these within the framework of a goods order or when opening a customer account.
All data our customers enter while processing orders are stored. This includes:
- Last name and first name
- Address (billing and delivery address)
- E-mail address
- Telephone number
- Date of birth
This is done on the basis of Art. 6 (1) letter b DSGVO, which allows the processing of data to fulfil a contract or pre-contractual measures.
We use the data you provide without your separate consent exclusively for the fulfilment and processing of your order. The data contained in the contract are stored and processed for accounting and customer documentation purposes and are used to fulfil legal obligations and process payment transactions, and for the purpose of delivery and any customer queries and/or complaints.
Only those data, which are absolutely necessary for the delivery or order processing are passed on to third service providers:
Your data will be forwarded to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods.
In no case will the data collected be sold or otherwise disclosed to third parties. Contractual partners of Vita+ Naturprodukte GmbH are instructed regarding the applicable data protection regulations and are obliged accordingly. When the storage of your data is no longer required or required by law, it will be deleted.
Our online shop provides the opportunity to pay for your orders online. The data required for this posting process include
- Personal data
- Communications data
- Order data
- Billing data
- Payment data
- Online identifiers (IP address, cookie IDs)
which are transmitted to the server of a PCI DSS certified e-payment clearinghouse for authorisation of payment exclusively for the respective purchase process via an encrypted connection (PCI DSS is the abbreviation for “Payment Card Industry Data Security Standard”). This payment is handled by our partner Viveum Zahlungssysteme GmbH, Riemergasse 14/30, 1010 Vienna.
We accept credit cards, Paypal and Sofortüberweisung as payment methods.
The transfer and processing of your payment data to Viveum, the payment service providers for credit card payments (Visa, Mastercard), Paypal and Sofortüberweisung, are based on Art. 6 (1) letter a GDPR (consent) and Art. 6 (1) letter b DSGVO (processing to fulfil a contract).
Credit card payments
To make a credit card payment, you must provide the card type, card holder, credit card number, card expiration date, and card verification number. We will not store your credit card number; it will be forwarded directly to the payment service provider.
If you choose to use the online payment service PayPal as part of your order process, your contact details will be sent to PayPal as part of the initiated order. PayPal is a service of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal assumes the role of an online payment service provider as well as a trustee and offers buyer protection services.
The personal data transmitted to PayPal are usually first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order such as number of articles, article number, invoice amount and tax, billing information, etc.
This submission is necessary to process your order using the payment method you have selected, in particular to confirm your identity and to administer your payment and the customer relationship.
Please note, however: PayPal may pass on personal data to service providers, subcontractors or other affiliates, as far as this is necessary to fulfil the contractual obligations of your order or the personal data should be processed in the order.
Payments using the Sofortüberweisung payment method
If you choose to use the online payment service Sofortüberweisung to process your order, your contact details will be sent to Sofortüberweisung as part of the initiated order. Sofortüberweisung is a service of SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany.
When paying with Sofortüberweisung, you transfer the PIN and a valid TAN to Sofort GmbH, which they use to log into your online bank account. Sofort GmbH automatically checks your account balance after logging in and transfers the money to us using the TAN you have submitted. Afterwards, it will send us an immediate transaction confirmation.
In addition to the PIN and TAN, the payment data you enter as well as personal data will be transmitted to Sofort GmbH. The personal data are first name, last name, address, telephone number(s), e-mail address, IP address, and possibly additional data required for payment processing. The transmission of this data is necessary to establish your identity beyond a doubt and to prevent fraud.
Please note, however: Sofortüberweisung may also pass on personal data to service providers, subcontractors or other affiliated companies, as far as this is necessary to fulfil the contractual obligations of your order or the personal data are to be processed in the order.
Our website offers you the opportunity to subscribe to our newsletter. The newsletter will be sent by e-mail and contains information about new projects, products and offers. For this we need your e-mail address and your declaration that you agree to receive the newsletter.
To provide you with targeted information, we also collect and process information voluntarily provided, such as areas of interest, birthdays and postcodes.
The processing of the data entered for the subscription to a newsletter takes place exclusively on the basis of your consent (Article 6 (1) letter a GDPR).
When registering for the newsletter, your e-mail address will be used with your consent for your own advertising purposes until you unsubscribe from the newsletter. After you have subscribed to the newsletter, we will send you an email containing a link to confirm your registration.
We use the online services of MailChimp to send our newsletters. MailChimp is a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA.
Your data stored during newsletter subscription (e-mail address, name, IP address, date and time of registration, if applicable) will be transmitted to a server of The Rocket Science Group in the USA, where it is saved in compliance with the “EU-US Privacy Shield”.
Furthermore, we have concluded a contract with MailChimp for order data processing.
For more information about data protection at MailChimp, see: http://mailchimp.com/legal/privacy/.
Otherwise, your personal information that we process for the purpose of sending the newsletter will not be made available or sold to third parties.
Our newsletters include a counting feature that lets us know if and when an email was opened and which links in the email the recipient followed.
We store these data so that we can optimally align our newsletters to the wishes and interests of our subscribers.
You can unsubscribe the newsletter at any time. Please click on the unsubscribe link in the bottom line of the newsletter or send your cancellation to the following e-mail address: email@example.com (or inform us by post). We will immediately delete your data in connection with the newsletter service. By revoking your consent to receive the newsletter, you also revoke consent to the aforementioned tracking.
Comments and posts
If you leave a post or comment on this website, the IP address of the author will be saved. This is for our security as a website operator: If your text violates the law, we want to track your identity. This data is not passed on to third parties. The legal basis of this processing is the predominant legitimate interest of the site operator according to Art. 6 (1) letter f GDPR.
Publication of online job applications
We will electronically collect and process your application data for the purpose of processing the application. If a contract of employment is concluded as a result of your application, we will store your data transmitted for the purpose of the usual organisational and administrative process in compliance with the relevant legal requirements in your personal file.
This is done on the basis of Art. 6 (1) letter b DSGVO, which allows the processing of data to fulfil a contract or pre-contractual measures.
The deletion of the data you transmit takes place with rejection of your job application automatically two months after announcement of the rejection. This does not apply if, due to legal requirements (e.g., burden of proof according to the General Equal Treatment Act), a longer storage is necessary, or if you have expressly consented to a longer storage in our prospect database.
Use of Google Maps
This website uses Google Maps (API) from Google LLC, 1600 Amphitheatre Parway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive (land) maps to visually display geographic information.
By using Google Maps, information about your use of this website (such as your IP address) is transmitted to Google’s servers in the United States and stored there. This is done regardless of whether Google provides a user account that you are logged into, or if there is no user account. When you’re logged in to Google, your data is assigned directly to your account. If you do not wish the information to be assigned to your profile on Google, you will need to log out before enabling the button.
The legal basis for the processing of the data is Article 6, Section 1 S. 1 lit. f GDPR, under which the website operator has a legitimate interest in providing maps for the website’s user.
Use of YouTube
This website uses a Google-powered YouTube plug-in, operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our YouTube plug-in-enabled sites, you will be connected to the YouTube servers. In doing so, the YouTube server is informed of you having visited our pages.
If you are logged into your YouTube account, YouTube will assign your visit directly to your user account. You can prevent this by logging out of your YouTube account.
The legal basis for the processing of the data is Article 6, Section 1 S. 1 lit. f GDPR, under which the website operator has a legitimate interest in providing information via videos for the website’s user.
Analysis tools and advertising
Use of Google Analytics with IP anonymisation
This website uses the “Google Analytics” service provided by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to analyse users’ website usage. The service uses “cookies,” which are text files stored on your device. The information collected by the cookies is usually sent to a Google server in the US, where it is stored.
This website uses IP anonymisation. The IP address of users is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address. Under the terms of the agreement that website owners have signed with Google Inc., they use the information collected to compile an evaluation of the website’s use and website activity, and to provide services related to the use of the Internet.
You have the option of preventing the cookie from being stored on your device by adjusting the appropriate settings in your browser. There is no guarantee that you will be able to access all features of this website without limitation if your browser does not allow cookies.
Furthermore, you may use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and being used by Google Inc. The plug-in is available through the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
This website uses the demographics feature of Google Analytics. As a result, reports can be produced that contain statements on the age, gender and interests of the site visitors. This data originates from interest-related advertising from Google and visitor data from third parties. This data cannot be assigned to a specific person. You can opt-out of this feature at any time through the ad settings in your Google account, or prevent Google Analytics from collecting your data as outlined above.
More information on data usage by Google Inc. is available here.
Use of Google AdWords
We use the advertising tool “Google Adwords” to promote our website. As part of this, we use the “Conversion Tracking” analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA. If you have reached our website through a Google ad, a cookie will be stored on your computer. Cookies are small text files that your Internet browser stores and saves on your computer. These so-called “conversion cookies” lose their validity after 30 days and are not used for your personal identification. If you visit certain pages on our website and the cookie has not expired yet, we and Google may recognise that you, as a user, clicked on one of our Google ads and were redirected to our site.
Google uses the information obtained through the “conversion cookies” to create visitor statistics for our website. Through these statistics, we learn the total number of users who have clicked on our ad and also which pages of our website the respective user has accessed. However, we do not receive any information that personally identifies users.
You can prevent the installation of the “conversion cookies” by setting your browser accordingly, for example, by setting a browser that generally deactivates the automatic setting of cookies or specifically blocks only cookies from the domain “googleadservices.com”.
Use of Google Remarketing
WirWe use the Google Remarketing service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereinafter “Google”, on our website.
The legal basis for the storage of data from the use of Google Analytics, Google Adwords and Google Remarketing is Art. 6 (1) letter f GDPR. The website operator has an overriding legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
Recipients of your personal data
Zu den oben genannten Zwecken werden Ihre personenbezogenen Daten an folgende EmpfängerInnen übermittelt:
- Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany
- Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
- Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Wien, Austria
- Viveum Zahlungssysteme GmbH, Riemergasse 14/30, 1010 Wien, Austria
- SOFORT GmbH, Datenschutz, Theresienhöhe 12, 80339 Munich
- PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
- The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA
- Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA bzw. Facebook Ireland Ltd., 4 Grands Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
We will only store your personal data for as long as we consider reasonably necessary to achieve the purposes set out above and as permitted under applicable law. In any case, we will store your personal data as long as there are statutory retention requirements or statute of limitations of potential legal claims have not yet expired.
Your rights in connection with personal data
Under the conditions of applicable law, you are entitled, among other things, (1) to verify whether and what personal information about you we have stored and obtain copies of that data, (2) to correct, add, or delete information, (3) to require us to restrict the processing of your personal data, (4) in certain circumstances, to object to the processing of your personal data or to revoke consent to the processing of your personal data provided previously, (5) to require the transfer of data, (6) to know the identity of third parties to whom your personal data are transmitted, and (7) to lodge complaints with the competent authority.
Do you still have questions?
Your trust is important to us, so we are happy to answer any further privacy questions. Simply contact us via the contact details provided in the masthead, the contact form or via our contact person for data protection (see below).
Contact information for data protection
For questions about the collection, processing or use of your personal data, as well as for general information, correction, blocking or deletion of data and revocation of consent, you may reach us by email at firstname.lastname@example.org or in writing to Vita+ Naturprodukte GmbH, Sportplatzweg 7, 6336 Langkampfen, Austria.