top of page

PRIVACY POLICY

Introduction

This privacy policy informs visitors and users (hereinafter collectively referred to as "users") about the nature, scope, and purposes of the collection and use of their data by EBENHOLZ skincare e.K., Auf dem Gesetz 7a, 56075 Stolzenfels (hereinafter "provider"), which is responsible for data protection.

For questions about data protection, you can reach us on weekdays from 9:00 AM to 6:00 PM at +49 (0)261 134 974 0 or via email at info@ebenholz-skincare.com.

Collection of Access Data / Creation of Logfiles

The provider collects data about every access to the online offer (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

These data are also stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

The storage in log files is done to ensure the functionality of the website. In addition, the data helps us optimize the website and ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

In these purposes also lies our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

The data will be deleted as soon as it is no longer necessary for achieving the purpose of its collection.

The collection of data for providing the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no option for the user to object.

The provider uses the protocol data without assignment to the person of the user or other profiling according to the legal provisions only for statistical evaluations for the purpose of operation, security, and optimization of the online offer. However, the provider reserves the right to check the protocol data retrospectively if, based on concrete evidence, there is a legitimate suspicion of unlawful use.

Collection and Use of Personal Data

Personal data is only collected and used by the provider if this is legally permitted or if the users consent to the data collection. In general, it is evident to the users when using the service which data is stored, such as name, email address, and message when using the order form.

The personal data provided for ordering goods (such as name, email address, address, payment data) are used by the seller for fulfilling and processing the contract. These data are treated confidentially, encrypted, and not passed on to third parties not involved in the ordering, delivery, and payment process.

If we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply.

When contacting the provider (via contact form or email), the user's details are stored for processing the request and in case follow-up questions arise.

The provider has taken organizational, contractual, and technical security measures to ensure that the provisions of data protection laws are observed and accidental or intentional manipulation, loss, destruction, or access by unauthorized persons is prevented.

Data Sharing with Third Parties

User data is only passed on to third parties (company service providers) if this is necessary for the processing of the order. Personal data is transmitted to these service providers to the extent necessary. The personal data collected is forwarded to the transport company commissioned with the delivery as part of the contract processing, provided this is necessary for the delivery of the goods and the shipment tracking (shipping confirmation via email). The payment data is forwarded to the commissioned credit institution as part of the payment processing, provided this is necessary for the payment process. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR. The data may also be passed on legally in case of a request from competent authorities such as law enforcement agencies.

Personal data of users is not sold or transferred to third parties for advertising purposes or for creating user profiles.

Cookies

The provider uses cookies to make the website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. Cookies are small files that are stored on the user's computer and can store information for providers. Temporary cookies are deleted after closing the browser, while permanent cookies remain for a predefined period and can provide stored information when the online offer is called up again.

Cookies are used to simplify the use of the service.

The following data is stored and transmitted in the cookies:

  • Language settings

  • Items in a shopping cart

  • Log-in information

The data collected in this way is pseudonymized through technical measures. Therefore, assigning the data to the calling user is no longer possible. The data is not stored together with other personal data of the users.

When accessing our website, users are informed about the use of cookies for analysis purposes via an info banner and referred to this privacy policy. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings. The user can influence the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. The provider endeavors to design the online offer so that the use of cookies is not necessary. However, it is pointed out that the use and, in particular, the comfort of use without cookies are limited.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR, if the user has given their consent.

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

Information Dispatch by Newsletter

On the provider's website, there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask (name and email address) are transmitted to the provider.

Emails with promotional information about the provider and its services are only sent with the explicit consent of the users. Users can object to receiving the newsletter at any time. An option to object can be found in every email.

Before sending the newsletter, the email owner receives a confirmation email in which they must confirm the newsletter registration. Unconfirmed registrations are automatically deleted within four weeks at the latest.

Non-promotional information includes messages in the context of the contractual relationship with the user. This includes sending technical information, information on payment processing, inquiries about orders, and similar messages.

Users can subsequently request to be removed from the notification list via email to the above contact options. The provider stores the registration and confirmation time and the IP address of the user. The provider is legally obliged to log registrations to prove proper registration.

If you purchase goods on the provider's website and provide your email address, this may subsequently be used by the provider to send a newsletter. In this case, the newsletter will only send direct advertising for the provider’s own similar goods.

The legal basis for the processing of data after the user registers for the newsletter is Art. 6 para. 1 lit. a GDPR if the user has given their consent.

The legal basis for sending the newsletter as a result of the sale of goods is § 7 para. 3 UWG.

The collection of the user's email address serves to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

The data will be deleted as soon as it is no longer necessary for achieving the purpose of its collection. The email address of the user will therefore be stored as long as the subscription to the newsletter is active.

Contact Form and Email Contact

There is a contact form on the provider's website that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask (name and email address) is transmitted to the provider and stored.

At the time of sending the message, the following data is also stored:

  • The IP address of the user

  • Date and time of registration

For processing the data, your consent is obtained during the submission process, and this privacy policy is referred to.

Alternatively, it is possible to contact us via the provided email address. In this case, the user's personal data transmitted with the email will be stored.

The data will not be passed on to third parties in this context. The data will be used exclusively for processing the conversation.

The legal basis for the processing of data, if the user has given their consent, is Art. 6 para. 1 lit. a GDPR.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract, then the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

The processing of personal data from the input mask serves us solely for processing the contact. In the case of contact via email, this also includes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form

bottom of page