The Controller pursuant to Art. 4(7) EU GDPR is:
Laverana GmbH & Co. KG
Personally liable shareholder/company:
1. Claudia Haase
2. Haase Verwaltungs GmbH Wennigsen, Hanover Commercial Register Court, (Commercial Register, Companies’ Section) Record No. 202460
Executive Board: Thomas Haase
Registered Office of the company:
Am Weingarten 4
VAT ID: DE 266832075
Commercial register: HRA (Commercial Register, Partnerships' Section), Record No. 201478
Tel.: + 49-511 54549-700
Fax: + 49- 510 39391-7984
You can reach our Data Protection Officer at Datenschutz@lavera.de or our postal address, marking it for the attention of “The Data Protection Officer”.
Laverana GmbH & Co. KG is committed to protecting the personal rights of anyone whose personal data is processed at our company. Your personal data (e.g. form of address, name, address, e-mail address and user conduct) will only be processed by us in line with the data privacy provisions.
The provisions below inform you about the nature, scope and purpose of gathering, processing and using personal data. This data privacy statement only relates to our web pages. Should you be redirected to other pages via links set on our pages, please find out there about how your data is handled.
c) When you get in touch with us by e-mail or via a contact form, in particular via our consumer portal, the data given by you (in particular your e-mail address, name and telephone number) and any further information that you provide us with in the e-mails, will be saved by us in order to answer your questions. We delete or anonymise the data arising in this context once it is no longer necessary to save it, or limit the processing, should statutory archival obligations exist.
d) Should we resort to commissioned service providers for individual functions of our range of services or should we wish to use your data for commercial purposes, we will inform you about the respective procedures below in detail. In this context, we will also specify the criteria laid down for the period of storage.
a) You have the following rights vis-à-vis us in regard to the personal data concerning you:
- The right to information;
- the right to correction or deletion;
- the right to limitation of the processing;
- the right to oppose said processing;
- the right to the data being transmittable.
b) In addition, you are entitled to complain to a data protection supervisory authority about the processing of your personal data by us.
a) When you use the website merely to obtain information, even if you do not register or transmit information to us in any other way, we will only gather the personal data that your browser transmits to our servers. If you would like to view our website, we gather the following data, that is technically necessary for us, in order to display our website to you and ensure its stability and security (the legal basis is Art. 6(1)(1)(f) GDPR);
- IP address
- Date and time of the request
- Time zone difference in relation to Greenwich Mean Time (GMT)
- The content of the request (specific page)
- The access status/http status code
- The respective volume of data transmitted
- The website from which the request comes
- Operating system and its graphic user interface
- Language and version of the browser software.
b) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser used by you, and by means of which the organisation that places the cookie (in this case, us) receives certain information. Cookies are not able to execute any programs or transmit viruses to your computer. They serve the purpose of making the range of our online services more user-friendly and effective.
- i) This website uses the following types of cookies, the scope and functioning of which is explained below:
- (1) Transient cookies are automatically deleted when you close the browser. This in particular includes session cookies. They save a so-called session ID, with which various requests of your browser can be allocated to the joint session. In this way your browser can be recognised again if you return to our website. The session cookies are deleted once you log out or close the browser.
- (2) Persistent cookies are automatically deleted after a predefined period of time, which may vary, depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
- ii) You can configure your browser setting in line with your wishes, and, for example, refuse to accept third party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
We maintain up-to-date technical measures, to guarantee the data security, in particular in order to protect your personal data from any data transmission risks, as well as from third parties becoming aware of it. These are accordingly always adapted in line with the current state of the art.
- a) Beside the purely informational use of our website, we offer various services that you can make use of if you are interested. For that purpose, you generally need to specify further personal data that we use to provide the respective service and for which the data processing principles specified above apply.
- b) In order to process your data, we sometimes make use of external service providers. These are chosen carefully and instructed by us, are bound to our instructions, and are monitored regularly.
- c) We may, furthermore, pass your personal data on to third parties if participation in campaigns, sweepstakes, the conclusion of contracts or similar services is offered by us in conjunction with partners. You can obtain further information on this when you enter your personal data or below in the description of our services.
- d) Should our service providers or partners have their registered office in a country that falls outside the European Economic Area (EEA), we will inform you about the consequences of such a circumstance in the description of the services.
- a) Should you have given consent to your data being processed, you may revoke it at any time. Such a revocation influences the admissibility of the processing of your personal data, once you have declared it to us.
- b) Should we base the processing of your personal data on the weighing up of interests, you may file an objection against such processing. This is the case if the processing is in particular not necessary in order to fulfil a contract with you, which is in each case explained by us in the subsequent description of the functions. When making such an objection, we ask you to state the reasons why we are not supposed to process your personal data in the way that we have been doing. In the event of your making a substantiated objection, we will review the circumstances and will either cease processing the data or adapt it, or point out to you our mandatory reasons, worthy of protection, based on which we will continue to process your data.
- c) You can, of course, object to the processing of your personal data for advertising purposes and data analysis at any time. You can inform us about your objection to your data being used for advertising purposes
- a) For subscribing to our newsletter (by that we mean the regular newsletter and the blogging newsletter), we use the so-called double opt-in procedure. That means that, once you have given us your e-mail address, we send you a confirmation e-mail to the e-mail address specified, where we ask you to confirm that you wish to be sent the newsletter. If you do not confirm it within 24 hours, your subscription is automatically cancelled. Should you confirm that you wish to receive the newsletter, we store your e-mail address until such time as you unsubscribe from the newsletter. Your e-mail address is stored solely for enabling us to send you the newsletter. Whenever you register with us and confirm your registration we moreover save your IP addresses and the time, so that we are able to provide evidence of your registration and prevent any abuse of your personal data.
- b) The only mandatory detail for being sent the newsletter is your e-mail address. Once you have confirmed, we save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6(1)(1)(a) GDPR.
- c) You may revoke your consent to being sent the newsletter at any time. You can declare your revocation by clicking on the link provided in any newsletter e-mail or unsubscribe on the web page accessible at the following link: www.lavera.de/newsletter-abbestellen. Your data specified will not be passed on to third parties.
- d) We would like to point out that, when we send you the newsletter, we evaluate your usage pattern. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. With the data obtained in this way we create a user profile, so that we can customise the newsletter in line with your individual interests. When you read our newsletter, we record what links you click on in it, and, based on that, keep a note of what interests you personally. We link said data to actions carried out by you on our website. You can object to such tracking at any time, by clicking on the separate link that is provided in every e-mail, or inform us by contacting us in another way. The information will be stored for as long as you have subscribed to the newsletter. Once you unsubscribe, we store the data purely for statistical purposes, and anonymously.
- a) If you would like to use our dealer portal, you need to register at www.lavera.de/haendlerbereich/haendler-registrierung/, giving details of your contact and customer data (user name, password, name, company, customer number, if it is to hand, whether you purchase the products directly or indirectly, the type of dealer, street address, house number, postcode, town/city, country, telephone number and e-mail address). If you register to use the dealer portal, we save the above-mentioned contact and customer data. We continue to save any further data given by you voluntarily for the period during which you use the portal, unless you delete it earlier. You can log on to the dealer portal at www.lavera.de/haendlerbereich/login/, based on your login details. You can delete your account at the dealer portal at any time by sending an e-mail to firstname.lastname@example.org. Your data stored in connection with the dealer portal will, in this case, be deleted.
- b) To register for the press portal, please send an e-mail to email@example.com, giving your contact details (name, street address, house number, postcode, town/city, country, telephone, e-mail address). We will process your enquiry without delay and provide you with the login details. If you register to use the press portal, we save the above-mentioned contact data. We continue to save any further data given by you voluntarily for the period during which you use the portal. You can delete your account at the press portal at any time by sending an e-mail to firstname.lastname@example.org. Your data stored in connection with the press portal will, in this case, be deleted.
- c) The legal basis is Art. 6(1)(1)(f) GDPR.
- b) The IP address transmitted by your browser within the scope of Google Analytics is not merged with any other data of Google.
- c) You can, moreover, prevent the data generated by the cookie which relates to your use of the website (incl. your IP address) from being recorded by Google, as well as the processing of such data by Google, by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout
- d) We use Google Analytics to be able to analyse the use of our website and regularly enhance it. The statistics obtained help us to enhance our website and design it in a more interesting way for you, as the user. For the exceptional cases, where personal data is transmitted to the USA, Google has submitted to the EU/US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1)(1)(f) GDPR.
- e) Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms and conditions of use: www.google.com/analytics/terms/de.html; overview on data privacy: www.google.com/intl/de/analytics/learn/privacy.html, and the data privacy statement: www.google.de/intl/de/policies/privacy.
- a) On this website we use the services of Google Maps. We can thereby show you interactive maps directly on the website and enable you to use the map function conveniently.
- b) Through the visit to the website Google obtains the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned in Art. 3 of this statement is transmitted. This is done irrespective of whether Google provides a user account, via which you are logged in, or whether no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not wish it to be allocated to your profile at Google, you need to log out prior to activating the button. Google stores your data as a usage profile and uses it for the purpose of advertising, market research and/or designing its website in line with your requirements. Such an evaluation is in particular performed (even for non-logged in users) to provide customised advertising and to inform other users of the social network about your activities on our website. You have a right of opposition to such a user profile being created, in regard to which you need to contact Google in order to exercise said right.
- c) You can obtain further information on the purpose and scope of gathering data and having it processed by the plug-in provider in the provider’s data privacy statements. There you will also receive further information on your rights and setting options to protect your privacy, in this respect: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU/US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Maps is Art. 6(1)(1)(f) GDPR.
- a) In addition, we use the conversion tracking program of Commerce Connector GmbH, Eberhardstr. 69-71, 70173 Stuttgart, on our website. We provide links to dealers who distribute our products on our website.
- b) If you click on the link, our partner – Commerce Connector GmbH – will store a cookie on your terminal for a limited period of time. Should you make a purchase from the dealer within this period of time, Commerce Connector may access the cookie to obtain information on your purchase from the dealer, and likewise if you reach the dealer’s order confirmation page. After seven days, such a cookie will usually lose its validity.
- c) Should you wish further information on this “sales tracking” or wish to know how you can deactivate it, please read the Commerce Connector Online Data Privacy Statement at www.commerce-connector.com/web/de/policy-cco/. The legal basis is Art. 6(1)(1)(f) GDPR.
- a) We use technologies of the ad server provider Adform in order to gather data in an anonymised form, for the purposes of marketing and optimisation, and store it. Cookies may likewise be deployed for this purpose. You can find further information on the data privacy provisions of Adform, as well as deactivating the option of cookies being stored by the provider Adform, at: site.adform.com/privacy-policy-opt-out/.
- b) At the link site.adform.com/privacy-policy-opt-out/ you can additionally object to the gathering and storage of data at any time, and with effect for the future. Adform points out in its data privacy provisions (site.adform.com/privacy-policy-opt-out/) that data may be transmitted to the USA, in regard to which, in such a case, the requirements of the EU-U.S. Privacy Shield are complied with. You can send any enquiries in regard to data privacy to email@example.com or Adform, Wildersgade 10B, 1408 Copenhagen, Denmark.
- c) The data gathered by Adform is evaluated via the media agency CROSSMEDIA GmbH, which further aggregates the data gathered by Adform, so that it is not possible for us to make any inference to personal data. The legal basis is Art. 6(1)(1)(f) GDPR.
- a) We currently use the following social media plug-ins: Facebook, Google+, Instagram and Twitter. In that respect, we use the so-called two-click solution. That means that if you visit our website, no personal data will be passed on the provider of the plug-in initially. You can recognise the provider of the plug-in via the marking on the box, going by its initial letter, or by the logo. We give you the opportunity to communicate directly with the provider via the button. Only if you click on the field marked and thereby activate it does the plug-in provider receive the information that you have accessed the corresponding website of our online services. In addition, the data specified in Clause 3) of this statement is transmitted. In the case of Facebook, as per details given by the respective providers in Germany the IP address is anonymised immediately once the data is gathered. That means that, through the plug-in being activated, personal data of yours is transmitted to the respective plug-in provider and stored there (in the case of US-based providers, in the United States). The plug-in provider in particular undertakes the gathering of data using cookies.
- b) We neither have any control over the data gathered or the data processing procedures nor are we are aware of the full extent of the data gathered, the purposes of the processing or the storage periods. We also have no information about the deletion of the data gathered by the plug-in provider.
- c) The plug-in provider stores the data gathered about you as a usage profile and uses it for the purpose of advertising, market research and/or designing its website in line with user requirements. Such an evaluation is in particular performed (also for non-logged in users) to display customised advertising and to inform other users of the social network about your activities on our website. You have a right to object to such a user profile being created, in regard to which you need to contact the respective plug-in provider in order to exercise said right. Via the plug-ins we give you the opportunity to interact with the social networks and other users, so that we can improve our website and design it in a more interesting way for you as a user. The legal basis for the use of the plug-ins is Art. 6(1)(1)(f) GDPR.
- d) Data is passed on irrespective of whether or not you have an account with the plug-in provider or are logged in there. If you are logged in with the plug-in provider, your data gathered by us will be directly assigned to your account kept with the plug-in provider. If you press the activated button and link the page, for example, the plug-in provider also stores this information in your user account and notifies your contacts about it publicly. We recommend you to regularly log out after using a social network, in particular, however, prior to activating the button, as in this way you can avoid any of your user activities being assigned to your profile kept with the plug-in provider.
- e) You can obtain further information on the purpose and scope of gathering data and having it processed by the plug-in provider from these providers’ data privacy statements specified below. There you will also receive further information on your rights and setting options to protect your private sphere, in this respect.
- f) Addresses of the respective plug-in providers and URLs containing their data privacy policies:
- i) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other, as well as www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU/US Privacy Shield, see www.privacyshield.gov/EU-US-Framework.
- ii) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/. Google has submitted to the EU/US Privacy Shield, see www.privacyshield.gov/EU-US-Framework.
- iii) Social media plug-in of Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA; help.instagram.com/519522125107875
- iv) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; twitter.com/privacy. Twitter has submitted to the EU/US Privacy Shield, see www.privacyshield.gov/EU-US-Framework.
- a) We have included YouTube videos in our online services, and these are stored at www.youtube.com and can be played back directly from our website. They are all included in “extended data privacy mode”, i.e. no data is transmitted to YouTube via you as a user if you do not play back the videos. Only if you play back the videos is the data referred to under
- b) transmitted. We have no control over such data transmission. b) Through the visit to the website YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data referred to in Art. 3 of this statement is transmitted. This is done irrespective of whether YouTube provides a user account, via which you are logged in, or whether no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not wish it to be allocated to your profile at YouTube, you need to log out prior to activating the button. YouTube stores your data as a usage profile and uses it for the purposes of advertising, market research and/or designing its website in line with your requirements. Such an evaluation is in particular undertaken (even for non-logged in users) to provide customised advertising and to inform other users of the social network about your activities on our website. You have a right of opposition to such a user profile being created. You need to contact YouTube in order to exercise said right.
- c) You can find further information on the purpose and scope of data being gathered and the processing of it by YouTube in the data privacy statement. There you can also find further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU/US Privacy Shield, see www.privacyshield.gov/EU-US-Framework.
a) We collaborate with earnesto GmbH in order to respond to your queries and comments on our social media channels and in our blog, and to improve our customer contact. Insofar as earnesto GmbH stores your queries and comments, these are anonymised as far as possible, in particular through the deletion of the user name.
b) The processing of your data takes place exclusively in either a country which is a member of the European Union or otherwise in a country which is a signatory to the Agreement on the European Economic Area.
c) Insofar as your enquiry is necessary for the fulfilment of a contract or for the execution of pre-contractual measures, the legal basis for our processing is Art. 6, para. 1, sentence 1 (b) of the GDPR; otherwise the basis for our processing is our justified interest in the improvement and maintenance of our customer contact and, in this case, the legal basis is Art. 6, para. 1, sentence 1 (f) of the GDPR. In the latter case, you have the right to file an objection to the processing of your data. You can address this to our Data Protection Officer (firstname.lastname@example.org)
d) Further notes on the provider and their Privacy Statement can be found here: https://www.lavera.de/fileadmin/redaktion/datenschutzerklaerungen-pdf/earnesto-datenschutz-EN.pdf
Information on data processing with respect to the Facebook page: www.facebook.com/laveradeutschland/, www.facebook.com/laveraitaliano/, www.facebook.com/laveraunitedkingdom/, www.facebook.com/laverafrance/
The Facebook page of Lavera serves to enable communication with Lavera fans, end consumers and customers and to highlight news items, products, campaigns and such like. Please note that in this respect user data may be processed outside the area of the European Union. However, Facebook is subject to the terms of the EU-US Privacy Shield and guarantees compliance with the data protection standards of the EU. (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).The Lavera natural cosmetics Facebook page, including the processing of personal user data, reflects the company’s justified interest in contemporary and supportive opportunities for information and interaction for and with our customers, fans and friends as defined in Art. 6 (1) lit. f. DSGVO (General Data Protection Regulation). The processing of data on this Facebook page is subject to an Agreement on the Joint Processing of Personal Data with Facebook. Processing of Personal Data by Facebook In its judgement of 5 June 2018, the Court of Justice of the European Union (CJEU) decided that the operator of a Facebook page is responsible together with Facebook for the processing of personal user data. Lavera is aware that Facebook processes user data for the following reasons: Advertising (analysis, compilation of customised adverts), Preparation of user profiles Market research. As a rule, the data are processed to satisfy the requirements of market research and advertising. From the usage pattern and the user’s interests thereby traced, it is possible to generate user profiles. The user profiles can then, for example, serve to place advertisements in and outside Facebook that can be assumed to reflect the interests of the user. To this end, cookies are stored on the user computers in which the usage pattern and user interests are saved. Furthermore, irrespective of the user’s hardware, it is also possible to save data in the user profiles (in particular if the user is a Facebook member and is actually logged in). The following data privacy statement gives information about the data processing carried out by Facebook: www.facebook.com/about/privacy/ . Facebook also provides options for the user to object to advertisements (so-called opt out). These can be set under the following link: www.facebook.com/settings. Via the so-called “insights” from the Facebook page, statistical data of various categories can be called up for Lavera. These statistics are generated and provided by Facebook. We, as site operators, have no influence on the generation and display of these statistics. We are not able to deactivate this function or prevent data being generated and processed. Requests for information and enquiries on the assertion of user rights can be addressed the most effectively to Facebook directly. Only Facebook has access to the user data and can take the necessary measures and provide information. If you no longer wish your data to be processed in future as described here, then you may cancel your user profile’s link to our page by using the functions “I don’t like this page any more” and/or “Cancel subscription to this page”. Best of all, just call up the Facebook page for Lavera natural cosmetics - lavera_Naturkosmetik - and make use of the buttons there to confirm. (https://www.facebook.com/laveradeutschland/)