Data protection statement
1. General information and mandatory information
Protecting your personal data is something that the operators of these pages take very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection statement.
If you use this website, various personal data will be collected. Personal data are data that can be used to identify you personally. This data protection statement explains what data are collected and how we use them. It also explains how this is done and for what purpose.
We hereby expressly point out that data transmission on the internet (e.g. in email communication) is not completely secure. It is not possible to completely protect your data from third-party access.
Note regarding the responsible authority
The responsible authority for data processing on this website is:
HAIDER BIOSWING GmbH
Dechantseeser Str. 4
Telephone: +49 (0) 9234 / 9922-0
The responsible authority is the natural or legal person that decides on the purposes and means of the processing of personal data (e.g. names and email addresses), alone or together with others.
Legally prescribed data protection officer
We have appointed a data protection officer for our company.
Brunner & Kollegen Datenschutz GbR
Lübener Str. 6
Telephone: +49 (0) 911 3765250
Right to lodge a complaint with the competent supervisory authority
In the event of breaches of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of the subject’s ordinary residence, workplace or the location of the suspected breach. The right to lodge a complaint applies without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to demand that data processed automatically by us on the basis of your consent or in fulfilment of a contract be provided to you or to a third party in a standard, machine-readable format. Insofar as you demand direct transfer of the data to another controller, this is only performed insofar as it is technical feasible.
Right of access, right to blocking, erasure and rectification
In connection with the applicable legislation, you are entitled at any time to receive information on your saved personal data, their origin and recipients and the purpose of the data processing free of charge and, in some cases, to have this data rectified, blocked or erased. You can contact us at any time with regard to this topic and other questions relating to personal data at the address stated in the Legal Notice.
Right to restriction of processing
You have the right to demand that the processing of your personal data be restricted. You can contact us at any time with regard to this topic at the address stated in the Legal Notice. The right to restriction of processing applies in the following cases:
- If you are contesting the accuracy of the personal data we have saved, we generally need time to verify this. For the duration of the verification, you have the right to demand that the processing of your personal data be restricted.
- If the processing of your personal data is/was performed unlawfully, you can instead demand restriction of the data processing rather than erasure.
- If we no longer need your personal data but you do need them for the exercise, defence or establishment of legal claims, you have the right to demand restriction of the processing of your personal data rather than erasure.
- If you have objected in accordance with Art. 21(1) GDPR, a balance needs to be struck between your interests and ours. As long as it has not been determined whose interests prevail, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, these data may only be processed – with the exception of being saved – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the European Union or a member state.
Withdrawal of your consent to data processing
Many data processing procedures are only possible with your express consent. You may withdraw consent that you have previously declared at any time. You can do this simply by sending us an informal email. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal of consent.
Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)
If the data processing is performed on the basis of Art. 6(1) point e or f GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your specific situation, including profiling based on those provisions. The particular legal basis for processing is given in this data protection statement. If you object, we will no longer process your affected personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims (objection pursuant to Art. 21(1) GDPR).
If we process your personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will then no longer be used for direct marketing (objection pursuant to Art. 21(2) GDPR).
Objection to marketing emails
We hereby object to the contact data made available in relation to our obligation to disclose legal information relating to our website being used to send promotional and information material, unless expressly requested. The operators of the web pages hereby expressly reserve the right to take legal action in the event of promotional material, such as that sent by spam emails, being sent without request.
SSL or TLS encryption
For reasons of security and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, our site uses SSL or TLS encryption. You can identify an encrypted connection from the padlock symbol in your browser bar and the fact that the “http://” in the address bar changes to “https://”.
If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.
2. Data collection on our website
Some parts of this website use so-called “cookies”. Cookies do not damage your computer or contain viruses. They are designed to make our services more user-friendly, more effective and more secure. Cookies are small text files that are placed on your computer and stored by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser on your next visit to our website.
You can set your browser so that you are informed when cookies are stored on your computer so that you can allow cookies to be used once only, accept cookies in certain cases only, always refuse them, or automatically delete cookies when you close your browser. The functionality of this website may be restricted if you disable cookies.
Cookies that are required for the execution of the electronic communication procedure or to provide certain functions desired by you (e.g. the shopping basket function) are saved on the basis of Art. 6(1) point f GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimised service provided free of technical errors. Insofar as other cookies are stored (e.g. cookies for analysing your surfing behaviour), they will be addressed separately in this data protection statement.
Server log files
The site provider automatically collects and stores information in so-called server log files, which your browser sends to us automatically. These are:
- Type of browser and browser version
- Operating system used
- Referrer URL
- Host name of the computer accessing the site
- Time of server request
- IP address
This data will not be merged with other data sources.
The collection of these data is based on Art. 6(1) point f GDPR. The website operator has a legitimate interest in a display that is free of technical errors and optimised – to this end, it is necessary to collect server log files.
If you use the contact form to send us enquiries, we will save the information you have entered in the enquiry form, including your contact details, to process your enquiry and for any follow-up questions. We may disclose these data to our specialist retailer partners in your region to process your request. Any other disclosure will not be performed without your consent.
The processing of the data entered in the contact form is thus exclusively based on your consent (Art. 6(1) point a GDPR). You may withdraw this consent at any time. You can do this simply by sending us an informal email. The legality of the data processing procedures performed until the withdrawal remains unaffected by the withdrawal of consent.
The data you have entered in the contact form remain with us until you request their erasure, you withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g. once the processing of your enquiry has been concluded), but no later than after 12 months if no commissioning or contractual relationship has materialised. Mandatory legal provisions – in particular data retention periods – remain unaffected.
Enquiry via email, phone or fax
If you contact us be email, phone or fax, your enquiry, including all personal data arising therefrom (name, enquiry), will be saved by us and processed for the purpose of processing your enquiry. We will not disclose these data without your consent.
The collection of these data is based on Art. 6(1) point b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is required for the execution of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6(1) point a GDPR) and/or your legitimate interests (Art. 6(1) point f GDPR), as we have a legitimate interest in the effective processing of the requests issued to us.
The data you have sent to us via the contact form remain with us until you request their erasure, you withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g. once the processing of your request has been concluded). Mandatory legal provisions – in particular legal data retention periods – remain unaffected.
Processing of data (customer and contract data)
We collect, process and use personal data only insofar as they are required to establish, define or modify the legal relationship (contract data). This is based on Art. 6(1) point b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. In addition to the responsible authority itself, there may be further recipients. These include contractors that require your data to fulfil the order or service providers that are given access to your data because of their activities. In each case, further recipients are entitled to process your data or obliged to maintain confidentiality. Further recipients may receive your data because of legal obligations. We collect, process and use personal data concerning the use of our web pages (usage data) only insofar as this is necessary to enable the user to use the service or to charge them for this use.
The collected customer data are erased after the order has been concluded or the business relationship has ended. Legal data retention periods remain unaffected.
If you send us an application, we will save your data for the duration of the application procedure or for a maximum of six months after receipt of your application. As security risks can never be fully eliminated when data are sent over the Internet, we will also gladly accept your application via post. Your data will not be disclosed to third parties without your consent.
4. Analysis tools and advertising
This website uses the functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called “cookies”. These are text files that are saved on your computer and allow your use of the website to be analysed. The cookie collects information on your use of this website and generally sends it to a Google server in the US, where it is stored.
The storing of Google Analytics cookies and the use of this analysis tool are based on Art. 6(1) point f GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both the operator’s online service and the operator’s advertising.
We have activated IP anonymisation on this website. Accordingly, Google will shorten your IP address within European Union member states or in other Contracting States of the Agreement on the European Economic Area before it is sent to the US. In exceptional cases only, the full IP address will be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, compile reports on the website activities and provide other services relating to website and internet use to the operator of the website. The IP address transmitted by your browser in connection with Google Analytics will not be linked to other Google data.
You can prevent the cookies from being stored by adjusting your browser software’s settings; please be aware, however, that doing so may prevent you from using all of our website’s functions to their full extent. Furthermore, you can prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. This stores an opt-out cookie that prevents the collection of your data in future visits to this website: deactivate Google Analytics.
We have concluded a contract with Google for data processing and fully implement the strict requirements of the German data protection authorities in the use of Google Analytics.
Demographic characteristics from Google Analytics
This website uses the “demographic characteristics” feature of Google Analytics. This feature makes it possible to compile reports containing information on the age, gender and interests of the website visitors. These data originate from interest-based advertising by Google and from the visitor data of third-party providers. These data cannot be traced back to any specific individual. You can deactivate this function at any time via the display settings in your Google account or generally prohibit the collection of your data on the part of Google Analytics as described under “Objection to data collection”.
Duration of storage
Data stored by Google at user and incident level that are linked with cookies, user identification features (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised/erased after 14 months. Related details are available at the following link: https://support.google.com/analytics/answer/7667196?hl=de
5. Plugins and tools
YouTube with enhanced data protection
Our website uses plug-ins from the website YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced data protection mode. According to YouTube, this mode prevents YouTube from saving information on the visitors to this website before they view the video. The use of enhanced data protection does not, however, eliminate the possibility of data being disclosed to YouTube partners. This is because YouTube establishes a connection to the Google DoubleClick network – regardless of whether you view a video.
As soon as you start a YouTube video on our website, a connection is established to the YouTube servers. The YouTube server is informed about which of our pages you have visited. If you are logged in to your YouTube account, you make it possible for YouTube to match your surfing behaviour to your personal profile directly. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can save various cookies on your device once a video has started. YouTube can use these cookies to obtain information on visitors to our website. This information is used to compile video statistics that improve user-friendliness and prevent attempted fraud. The cookies remain stored on your device until you delete them.
In some cases, starting a YouTube video may trigger further data processing procedures over which we have no influence.
YouTube is used in the interest of an appealing display of our online services. This constitutes a legitimate interest under Art. 6(1) point f GDPR.
Adobe Typekit Web Fonts
Our website uses web fonts from Adobe Typekit for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When our pages are visited, your browser loads the required fonts directly from Adobe in order to display them on your device correctly. This involves your browser establishing a connection to the Adobe servers in the US. This informs Adobe that our website has been accessed via your IP address. According to Adobe, no cookies are stored in the provision of the fonts.
Adobe is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the United States of America and the European Union intended to ensure compliance with the European data protection standards. More information can be found at: https://www.adobe.com/de/privacy/eudatatransfers.html.
The use of Adobe Typekit Web Fonts is necessary to ensure consistent typography on our website. This constitutes a legitimate interest under Art. 6(1) point f GDPR.
More information on Adobe Typekit Web Fonts can be found at: https://www.adobe.com/de/privacy/policies/typekit.html.
This page uses the map service Google Maps via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to save your IP address. This information is generally sent to a Google server in the US, where it is stored. The provider of this website has no influence on this data transmission.
Google Maps is used in the interest of an appealing display of our online services and to make it easy to find the locations specified by us on the website. This constitutes a legitimate interest under Art. 6(1) point f GDPR.
6. Note on protecting your personal data
Data transmission to a country outside the EU
Personal data are not transmitted to service providers outside the European Economic Area (EEA).
Automated decision-making (including profiling) is not used.
Changes to our data protection provisions
We reserve the right to alter this data protection statement from time to time to ensure that it complies with the currently applicable legal requirements at all times, or to implement changes to our services in the data protection statement. When the website is visited again, the updated data protection statement will apply.
References and links
For direct and indirect references to third-party websites (links) that are outside the company’s sphere of responsibility, a liability obligation would come into force exclusively in cases where the company is aware of the content and where the company can be reasonably expected and is technically able to prevent use in the event of illegal content. The company hereby expressly declares that no illegal content was discernible on the linked sites at the time when the link was created. This also applies for documents that are provided for download. The company has no influence on the current and future layout, content or authorship of the linked pages. It therefore expressly distances itself from all content of linked pages that was changed after the link was created. This statements applies to all links and references embedded in the company’s own website content. Illegal, incorrect or incomplete content and, in particular, loss or damage arising from the use or non-use of information thus provided are the sole liability of the provider of the linked page and not the party that simply refers to the respective publication via links.