Hessnatur Logo
Data protection

of Hess Natur-Textilien GmbH & Co. KG, Germany / Hess Natur-Textilien AG, Switzerland (hessnatur)

 

With our data protection information, we would like to inform you how personal data is processed at hessnatur in accordance with the EU General Data Protection Regulation. In Austria, the Austrian data protection laws are also observed. In Switzerland, the Federal Act on Data Protection (FADP). Personal data is information that is or can be directly or indirectly assigned to your person.

NAME AND ADDRESS OF THE CONTROLLER

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws is

Germany

Hess Natur-Textilien GmbH & Co. KG

Marie-Curie-Strasse 7

35510 Butzbach

Butzbach, Germany

Phone: 06033 / 991-0

E-Mail: dialog@hess-natur.de

Website: www.hessnatur.com/de/


Austria

 

Hess Natur-Textilien GmbH & Co. KG

Marie-Curie-Strasse 7

35510 Butzbach

Butzbach, Germany

Phone: 0800 / 44 88 88

E-Mail: dialog@hess-natur.at

Website: https://www.hessnatur.com/at/

Switzerland

 

Hess Natur-Textilien AG

Bützbergstrasse 2

4912 Aarwangen

Switzerland

Phone: 0848 / 80 70 70

E-mail: dialog@hess-natur.ch

Website: https://www.hessnatur.com/ch/

NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

Germany, Austria, Switzerland


The data protection officer of the controller can be contacted at


AGOR AG

Niddastrasse 74

D-60329 Frankfurt am Main

Frankfurt am Main, Germany

Phone: +49 69 949432410

E-Mail: info@agor-ag.com

Website: https://www.agor-ag.com

GENERAL INFORMATION ON DATA PROCESSING

Scope of the processing of personal data


We only collect and use the personal data of users of our website insofar as this is necessary to provide a functional website, our content and services.


In principle, the collection and use of our users' personal data only takes place with their consent. An exception to this principle applies in cases where the processing of data is permitted by law or where it is not possible to obtain prior consent for factual reasons.


Legal basis for the processing of personal data


The legal basis for the processing of personal data generally arises from Art:

1. art.6 para. 1 lit. a GDPR, when obtaining the consent of the data subject.

2. art. 6 para. 1 lit. b GDPR, for processing operations necessary for the performance of a contract to which the data subject is party. This includes processing operations that are necessary for the performance of pre-contractual measures.

3. art. 6 para. 1 lit. c GDPR, for processing operations necessary for compliance with a legal obligation.

4. art. 6 para. 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.

5. art. 6 para. 1 lit. f GDPR, if the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest.

Data erasure and storage duration


The personal data of users will be deleted or blocked as soon as the purpose of storage no longer applies. Data may be stored for longer if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

GOOGLE CLOUD WEB HOSTING

We use the "Google Cloud Webhosting" service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for various purposes (in particular: hosting databases).


In this context, personal data may be processed and stored on the provider's servers if they are part of communication processes with us or are otherwise processed by us as set out in this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their content. Google Cloud Webhosting also processes usage data and metadata that it uses for security purposes and service optimization. This information is transferred to Google servers in the USA and processed there. The transfer of this data to Google is based on standard contractual clauses.

The following data may be processed:

Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses)


If we ask for your consent to the use of Google Cloud Webhosting services, the legal basis for processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Furthermore, the use may be part of our (pre-)contractual services pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, provided that the use has been agreed within this framework. Otherwise, user data is processed on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.


You can find further information on data protection from Google at: https://www.google.com/policies/privacy and at: https://cloud.google.com/terms/data-processing-terms

USE OF OUR WEBSITE, GENERAL INFORMATION

Description and scope of data processing


Each time our website is accessed, our system automatically collects data and information from the user's computer system. The following information is collected:

1. information about the browser type and version used

2. the user's operating system

3. the user's internet service provider

4. the IP address of the user

5. date and time of access

6. websites from which the user's system accesses our website

7. websites that are accessed by the user's system via our website

8. the data described is stored in the log files of our system. This data is not stored together with other personal data of the user.

Purpose and legal basis for data processing

The temporary storage of the IP address by our system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR. The collection of your personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. The user therefore has no option to object.


Duration of storage

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended.


If your data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible, in which case the IP addresses of the users are deleted or anonymized. This means that it is no longer possible to identify the accessing client.


General information on the use of cookies

We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When you access a website, a cookie may be stored on your operating system. This contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.


We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change.

TTDSG:


The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG).


Please note that the legal basis for the processing of the personal data collected in this context then results from the GDPR (Art. 6 para. 1 sentence 1 GDPR). The relevant legal basis for the processing of personal data in each specific case can be found below on the respective cookie or on the respective processing itself.

The primary legal basis for the storage of information in the end user's terminal equipment - i.e. in particular for the storage of cookies - is your consent, Section 25 (1) sentence 1 TTDSG. Consent is given when you visit our website - although of course it does not have to be given - and can be revoked at any time in the cookie settings.


According to Section 25 (2) No. 2 TTDSG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user. In the cookie settings, you can see which cookies are to be classified as absolutely necessary (often also referred to as "technically necessary cookies") and therefore fall under the exemption rule of Section 25 (2) TTDSG and therefore do not require consent.


GDPR:


This concerns the following applications:


(1) Customer login

(2) Shopping cart

(3) Notepad

(4) Session identifiers When such technically necessary cookies are used, the following data is stored and transmitted:


(1) Login status (logged in yes/no)

(2) Settings for your shopping cart (payment methods, vouchers, country of delivery)

(3) Items in your shopping cart and in your wish list

(4) SessionIDs


The legal basis for the processing of personal data using cookies results from Art. 6 para. 1 sentence 1 lit. f GDPR. The purpose of using technically necessary cookies is to simplify the use of our website.


We do not use user data collected by technically necessary cookies to create user profiles, unless you have a customer account and activate the "stay logged in" function. In this case, the data described above will be added to your customer account.


Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes in the settings of your Internet browser. Stored cookies can also be deleted there. Please note that you may no longer be able to use all the functions of our website if you deactivate cookies.


Cookies for your shopping cart are stored for a period of 30 days and cookies for your wish list are stored for a period of 60 days. In session cookies, your data is processed until the end of the user session or login and stored for around 90 minutes.


Identity, creditworthiness and transmission to credit agencies

We check your identity and creditworthiness internally and with the help of information from service providers. The authorization to do so is based on the protection of your identity and the avoidance of fraud attempts at our expense. The fact and the result of our inquiry will be stored in your customer account or guest account for the duration of the contractual relationship.


Companies like us, which generally also offer their customers insecure payment methods, have a legitimate interest in protecting themselves as well as possible against the occurrence of payment defaults and fraud attempts by carrying out credit checks before granting insecure payment methods. When you place your order, we will show you the payment methods that you can use.


Germany


We transmit your data (name, address, date of birth) to the credit agency Infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany, which cooperates with us, for the purpose of credit checks and to assess the risk of non-payment on the basis of mathematical-statistical procedures.


You can find detailed information about Infoscore Consumer Data GmbH and its handling of your personal data and your rights here: https://finance.arvato.com/icdinfoblatt

If you do not wish to be checked, please notify us accordingly before you complete your purchase or use the guest order option. In this case, we can offer you payment methods that are not associated with a credit risk for Hess Natur-Textilien GmbH & Co. KG


Austria & Switzerland


We transmit your data (name, address and, if applicable, date of birth) to CRIF Bürgel GmbH, Radlkoferstr. 2, 81373 Munich, Germany, for the purpose of credit assessment, obtaining information to assess the risk of non-payment on the basis of mathematical-statistical procedures using address data.


Detailed information on CRIF Bürgel GmbH, Radlkoferstr. 2, 81373 Munich and its handling of your personal data and your rights can be found here: http://www.crifbuergel.de/de/datenschutz

If you have already made a purchase with us, the data we have stored about you may be supplemented by so-called score values. Scoring is understood to mean the creation of a forecast of future events on the basis of collected information and past experience. The data stored about you is used to assign you to statistical groups of people who have had similar entries in the past. The underlying procedure used is a well-founded mathematical-statistical method for forecasting risk probabilities that has been tried and tested in practice for many years.


In the event of a delay in payment, we transmit the necessary data to a company commissioned to enforce the claim. The assertion of a contractual claim is a legitimate interest for us.


The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

DATA TRANSFER OUTSIDE THE EU

The GDPR guarantees the same high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union as part of the use of third-party services. We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that your data may then only be processed on the basis of special guarantees, such as the EU Commission's officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations, the so-called "standard data protection clauses".

We would also like to point out that your data is processed in the USA in relation to individual service providers. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal recourse.

YOUR RIGHTS / RIGHTS OF THE DATA SUBJECT

According to the EU General Data Protection Regulation, you have the following rights as a data subject:


Right to information


You have the right to receive information from us as the controller as to whether and which personal data concerning you are processed by us and further information in accordance with the legal requirements under Art. 13, 14 GDPR. You can assert your right to information at: datenschutz@hess-natur.de or datenschutz@hess-natur.ch


Right to rectification

If the personal data we process concerning you is incorrect or incomplete, you have the right to have it rectified and/or completed. The correction will be made immediately.


Right to restriction


You have the right to restrict the processing of personal data concerning you in accordance with the statutory provisions (Art. 18 GDPR).


Right to erasure


If the reasons set out in Art. 17 GDPR apply, you can request that the personal data concerning you be deleted immediately.

We would like to point out that the right to erasure does not exist if the processing is necessary for one of the exceptional circumstances mentioned in Art. 17 para. 3.


Right to information


If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.


Right to data portability


Under the GDPR, you also have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.


Right to revoke the declaration of consent under data protection law


You have the right to withdraw your declaration of consent under data protection law at any time. We would like to point out that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.


Right to object


You also have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.


Automated decision-making in individual cases, including profiling


Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to lodge a complaint with a supervisory authority


Finally, if you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

NEWSLETTER

General information


You can subscribe to a free newsletter on our homepage, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. The data that you enter in the input mask during registration will be transmitted to us.

We collect the following data on the basis of the consent obtained from you during the registration process: E-mail address, IP address of the accessing computer, date and time of registration.


Your data will not be passed on in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.


Double opt-in and logging

Registration for our newsletter takes place in a so-called double opt-in procedure. After registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's e-mail addresses.

Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.


Legal basis


The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. The purpose of collecting the user's email address is to send the newsletter.


Deletion, revocation and objection


Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your e-mail address will therefore be stored for as long as the subscription to the newsletter is active. You can unsubscribe from the newsletter at any time by revoking your consent. There is a corresponding link for this purpose in every newsletter.


We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements pursuant to Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.


Dispatch service provider


The newsletter is sent via "Emarsys", a newsletter dispatch platform of the provider Emarsys eMarketing Systems GmbH, Zeppelinstraße 2, 85399 Hallbergmoos, Germany. The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on the Emarsys servers. Emarsys uses this information to send and analyze the newsletter on our behalf. Furthermore, Emarsys may, according to its own information, use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. However, Emarsys does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.

We trust in the reliability and IT and data security of Emarsys. We have concluded a "Data Processing Agreement" with Emarsys. This is a contract in which Emarsys undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view Emarsys' data protection provisions here: https://emarsys.com/de/privacy-policy/


Statistical survey


We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the data mentioned under point 1 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID.


We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data to the actions you take on our website.


You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via another contact channel. The information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously.


Exception for existing customers § 7 III UWG


We would like to point out that we use your e-mail address to send advertising for similar articles or services in accordance with Section 7 III UWG. You can object to this use of your contact address at any time by sending a message to dialog@hess-natur.de or by clicking on the unsubscribe link in our advertising emails. This will not incur any costs for you other than the transmission according to basic rates.

ELECTRONIC CONTACT

If you contact us, a contact form is available on our homepage which you can use to contact us electronically. The data entered in the input mask will be transmitted to us and stored. These data are


The following data is also stored when the message is sent:

  • The IP address of the user

  • Date and time of registration

  • Subject and content of the message

  • Customer number

  • Salutation

  • title

  • First name

  • Last name

  • e-mail address

  • Phone number


It is also possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.


Your data will not be passed on to third parties in this context; the data will be used exclusively for processing the communication. The legal basis for the processing of the contact request and its handling is regularly Art. 6 Para. 1 S.1 lit. b GDPR, additionally Art. 6 Para. 1 S.1 lit. f GDPR.


Should further personal data be processed during the sending process, this will only be used to prevent misuse of the contact form and to ensure the security of our information technology systems.


OMQ Self Service


In our contact form on our website, we use the OMQ Self Service tool from OMQ GmbH, Chausseestraße 22, 10115 Berlin. The tool is a chatbot that uses artificial intelligence to generate and display answers to questions asked via our contact form. This allows us to answer frequently asked questions immediately and automatically and avoids having to answer the same questions manually several times.


Automated decision-making within the meaning of Art. 22 GDPR does not take place.


The artificial intelligence learns independently from the enquiries made in the contact form. Additional personal data may be processed if you enter it in the message field. This data is anonymised using an OMQ system before it is processed for independent learning so that no personal data is processed.


The legal basis for the processing activity of anonymisation is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in being able to use the tool in a legally compliant manner. Anonymisation is equivalent to deletion of the data. The following personal data is processed anonymised if you enter it in the message field in the contact form:

  • Name

  • Place of birth

  • address

  • E-mail address

  • Telephone number

  • National insurance number

  • Tax identification number

  • Health insurance number

  • Identity card number

  • Matriculation number

  • Account details

  • Credit information

  • Location data

  • Licence plate number


Messenger People


For the processing of customer enquiries via WhatsApp, we work together with MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, Germany. You can find MessengerPeople's privacy policy at www.messengerpeople.com/de/datenschutzerklaerung


You will only receive messages from us if you have actively given us your consent via a message with the word "START" or have subscribed to our channel via Notify. You can revoke this consent at any time by sending us a message with the word "STOP". With Notify, all you have to do is deactivate our channel again.


You also have the option of ordering our catalogue as a regular notification in PDF format. You will only receive the catalogue if you have actively given us your consent by sending us a message with the word "Catalogue". You can revoke this consent at any time by sending us a message with the words "Catalogue stop".


For registration, we provide a widget on this homepage that you can use to register for the channels you wish to use. If you use this tool, you must explicitly agree to communication via WhatsApp. The widget guarantees a registration process that complies with both technical and legal requirements (double opt-in).


Your personal data will be used by MessengerPeople exclusively for the operation of the service - i.e. for the delivery of our messages. For this purpose, we need your telephone number, the messenger service you use, information about the messages you have read and sent to us as well as your profile name and picture for the operation and continuous development of our service. This data is not passed on to third parties by us or by MessengerPeople. To have all stored data removed, please send a message with the text


"DELETE ALL DATA" via your Messenger after cancelling the service.


By sending the catalogue or start message to MessengerPeople (or subscribing to our channel on Notify), you consent to MessengerPeople using your personal data for direct communication and the necessary data processing using the selected messenger in accordance with Art. 6 para. 1 lit. a GDPR. An existing messaging account with the respective provider is required to use this service.


Further information on the purpose and scope of data processing by the respective messengers can be found at the responsible providers. For Whatsapp, this is WhatsApp, Inc, 1601 Willow Road, Menlo Park, California 94025, USA (privacy policy available at https://www.whatsapp.com/legal/#privacy-policy), for Facebook Messenger, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (privacy policy available at https://www.facebook.com/about/privacy), for Telegram the Telegram Messenger LLP 71-75 Shelton Street, Covent Garden, London, United Kingdom (privacy policy available at https://telegram.org/privacy) and for Notify MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, Germany (privacy policy available at https://www.messengerpeople.com/de/notify-datenschutzerklaerung/)

REGISTRATION

You have the option of registering on our website by entering your personal data. The data is entered into an input mask, transmitted to us and stored. The data will not be passed on to third parties. The following data is collected as part of the registration process:

  • Salutation

  • First name

  • Surname

  • Telephone number

  • Mobile phone number

  • Country

  • Postcode

  • Place

  • Street and house number

  • e-mail address

  • Date of birth

  • User name

  • password


The following data is also stored at the time of registration:

  • The IP address of the user

  • Date and time of registration


Registration of the user serves to fulfil a contract with the user or to carry out pre-contractual measures.


Registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, therefore the legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.


Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case for the data collected during the registration process if the registration on our website is cancelled or amended.


This is the case for the data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.


You have the option of cancelling your registration on our homepage at any time. To do this, you can deactivate it yourself in your customer account. You can also have the data stored about you amended at any time.


If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

hessnatur friends (Loyalty Program)

By registering on our homepage, you automatically take part in our loyalty program. The purpose of the processing is to provide you with loyalty points and to give you the opportunity to receive rewards. If you participate in our loyalty program, we process the data provided by you during registration and other data required to calculate and manage your loyalty points. Without providing the data, participation in our loyalty program is not possible. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.


For this purpose, we use the service provider "Emarsys", from the provider Emarsys eMarketing Systems GmbH, Zeppelinstraße 2, 85399 Hallbergmoos, Germany. Both the email addresses and the other data described in this notice are stored on the Emarsys servers. Emarsys uses this information to calculate loyalty points and to send corresponding service emails regarding the loyalty program, with information on transactions that have influenced the loyalty point score, as well as information on the current point score or maintenance cycles.


Furthermore, Emarsys may, according to its own information, use this data to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come.


However, Emarsys does not use the data of Loyalty Program participants to write to them itself or pass it on to third parties.


We trust in the reliability and IT and data security of Emarsys. We have concluded a "Data Processing Agreement" with Emarsys. This is a contract in which Emarsys undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view Emarsys' privacy policy here: https://emarsys.com/de/privacy-policy/.


Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for the data collected for the use of the Loyalty Program as soon as the registration on our website is canceled or modified.


This is the case during the registration process for the performance of a contract or for the implementation of pre-contractual measures if the data is no longer required for the performance of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.


You have the option of canceling your registration on our website at any time. You can deactivate it yourself in your customer account. You can also have the data stored about you amended at any time.


If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

GOOGLE TAG MANAGER

This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.


The legal basis for the use of the technically necessary cookie is the legitimate interest of the website operator pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.


Further information can be found in the provider's terms of use at: https://www.google.com/intl/de/tagmanager/use-policy.html

WEB ANALYTICS

Google Analytics 4


This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

The use of Google Analytics 4 allows us a variety of possible uses. We operate Google Analytics 4 using the following technologies:

  • Cookies

  • Scripts


This stores and retrieves information on your computer that enables us to analyse your use of the website. The information generated in this way about your use of this website is usually transferred to a Google server in the USA and stored there. Your IP address is anonymised by default before it is transmitted to us and Google. Although the full IP address is transmitted to a Google server in the USA, it is immediately truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.


During your visit to the website, your user behaviour is recorded in the form of "events". Events can be:

  • Page views

  • First visit to the website

  • Start of the session

  • Your "click path", interaction with the website

  • Scrolls (whenever a user scrolls to the end of the page (90%))

  • Clicks on external links

  • internal search queries

  • Interaction with videos

  • File downloads

  • Viewed / clicked adverts

  • Language setting


It can also be recorded:

  • Your approximate location (region)

  • Your IP address (in abbreviated form)

  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)

  • Your internet provider

  • the referrer URL (via which website/advertising medium you came to this website)


Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.


We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.


We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalised ads (interests and demographic data, such as their gender or interests) and ads can be delivered to these users in cross-device remarketing campaigns.


Recipients of the data may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)

  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA


Predictive analytics


Google Analytics 4 uses machine learning to better understand user behaviour. These algorithms help to close data gaps caused by tracking errors, for example.


They also serve as the basis for predictive metrics, in which data from the past is used to predict user behaviour as accurately as possible in the future. These predictions can be used, for example, to forecast the likelihood of user churn or purchases or sales.


We store your data for a period of 2 months Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms of use: https://marketingplatform.google.com/about/analytics/terms/de/

Overview of data protection: https://policies.google.com/?hl=de, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy.


Econda


In order to design and optimise this website in line with requirements, anonymised data is collected and stored using solutions and technologies from econda GmbH and user profiles are created from this data using pseudonyms. For this purpose, cookies can be used to recognise an Internet browser.


These are the following cookies:

1. emos_jcsid, is deleted at the end of the browser session and stores a SessionId.

2. emos_jcvid is normally deleted after 2 years, stores a visitor ID and is used to recognise visitors.

3. emos_jckamp is deleted after 30 days and saves the marketing channel and timestamp.

4. emos_optout is deleted by the customer and serves as an objection cookie.


However, user profiles are not merged with data about the bearer of the pseudonym without the express consent of the visitor. In particular, IP addresses are made unrecognisable immediately after receipt, which means that it is not possible to assign user profiles to IP addresses. The analysis of user behaviour is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising. Visitors to this website can object to this data collection and storage for the future at any time here: https://www.econda.de/widerruf-zur-datenspeicherung/


The objection only applies to the device and the web browser on which it was set, please repeat the process on all devices if necessary. If you delete the opt-out cookie, requests will be sent to econda again.


Exactag


Exactag GmbH collects and stores data on this website and its subpages for marketing and optimisation purposes. This data can be used to create anonymous user profiles. Cookies and a technology called fingerprinting can be used for this purpose. Cookies are small text files that are stored locally in the cache of the website visitor's Internet browser. Fingerprint technology stores environment variables of the Internet browser in a database without storing unique user-related data such as an IP address. The cookies and/or the fingerprint make it possible to recognise the Internet browser. The data collected using Exactag technologies is not used to personally identify the visitor to this website without the separately granted consent of the person concerned; personal data is generally not collected.


The legal basis for the processing of your personal data is consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can object to the storage of your anonymised visitor data for the future at any time. To ensure this exclusion from data storage, a cookie is set in your browser. This cookie is called "exactag_new_ccoptout" and is set by "exactag.com". It may not be deleted as long as the storage of the data is objected to. If you would like to object to the storage of your anonymised visitor data for the future, please click this link: Object to storage now.


Iridion Optimisation Suite


Our website uses the "Iridion Optimisation Suite" software from Web Arts AG, Seifgrundstraße 2, 61348 Bad Homburg, Germany, for the user-oriented design and optimisation of our web offers.


The software is used to carry out statistical analyses of user behaviour and to change the content and presentation of the website on this basis.


The testing tool is initially loaded together with the website by default and changes the appearance, content and, to a certain extent, the functionality (usability) of the website (through "manipulation") as part of experiments. No personal data is collected during this process and no cookies are set. The legal basis for simply loading the tool and carrying out the experiments is our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, which consists of continuously developing our website and making it more user-friendly.


If you have given your consent to the setting of the Iridion cookie within the consent banner, the above-mentioned experiments will be analysed, whereby the tool stores information on the user's end devices and sends tracking data to a server. The legal basis for this processing is therefore Art. 6 para. 1 sentence 1 lit. a GDPR: Website accessed, file accessed, date and time of access, amount of data transferred, status of access, browser type, browser version, operating system, referrer URL, IP address, user's provider Here, too, no personal data is stored, only pseudonymised data.


The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes. The data is stored until it is no longer required for processing. Iridion retains the data for a maximum period of 2 years.


You can revoke your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR at any time by deactivating the cookie in the consent banner or deleting it from your browser.

You can also object to the collection and storage of data at any time via the opt-out link. Please use the following link to opt out: https://www.hessnatur.com/de/?iridion=notrack Further information on data processing by Iridion can be found at https://www.iridion.com/privacy-policy/


Podigee


We use the podcast hosting service Podigee from the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded by Podigee or transmitted via Podigee.


The use is based on our legitimate interests, i.e. interest in the secure and efficient provision, analysis and optimisation of our podcast offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.


Podigee processes IP addresses and device information in order to enable podcast downloads/playbacks and to determine statistical data, such as call-up figures. This data is anonymised or pseudonymised before being stored in Podigee's database, unless it is required for the provision of the podcasts. Further information and objection options can be found in Podigee's privacy policy.


Dynatrace


We use Dynatrace to gain insights into the performance of our web application and to understand how our users navigate through the application. Dynatrace collects data such as W3C timings, button clicks, link clicks, JavaScript errors, browser types and geographic regions. This data helps us to continuously improve the performance of our website and to recognise and rectify functional problems. For this to work correctly and effectively, Dynatrace requires a number of cookies.


Allow Dynatrace to collect performance data related to button clicks, page views and web requests initiated on my way through this web application. This allows Dynatrace to analyse the use of the application, improve performance and resolve any issues that may arise. If you accept this setting, Dynatrace cookies will also be activated.


You can activate the "do-not-track" function built into your browser to ensure that no personal data is collected.

SOCIAL MEDIA

Social media presence


We maintain fan pages within various social networks and platforms with the aim of communicating with the customers, interested parties and users active there and informing them about our services.


We would like to point out that your personal data may be processed outside the European Union, which may result in risks for you (e.g. when enforcing your rights under European / German law).


As a rule, user data is processed for market research and advertising purposes. For example, user profiles can be created from user behaviour and the resulting interests of users. These user profiles can in turn be used, for example, to place adverts inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).


The processing of users' personal data is based on our legitimate interests in effective user information and communication with users in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. If users are asked by the respective providers to consent to data processing (i.e. to give their consent, e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.


Further information on the processing of your personal data and your options to object can be found under the links of the respective provider listed below. The assertion of information and other rights of the data subjects can also be made against the providers, as only they have direct access to the data of the users and have the corresponding information. We are, of course, available to answer any questions you may have and support you if you need help.


A supplementary agreement is concluded with some social media platforms when operating a fan page. According to this agreement, data subject rights can generally be asserted both with the social media platform and with us. However, the primary responsibility under the GDPR for the processing of Insights data lies with the social media platform and it fulfils all obligations under the GDPR with regard to the processing of Insights data. In this context, the social media platform makes the essentials of the Page Insights supplement available to the data subjects. As the operator of the fan page, we do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, such as the legal basis, the identity of the controller and the storage duration of cookies on user devices.


Provider:


Facebook


Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Privacy policy: https://www.facebook.com/about/privacy/

Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com


Instagram


Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA

Privacy policy/opt-out: https://instagram.com/about/legal/privacy/


Pinterest


Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA

Privacy policy/opt-out:

https://about.pinterest.com/de/privacy-policy


Twitter


Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA Privacy policy: https://twitter.com/de/privacy

Opt-Out: https://twitter.com/personalization


Google/ YouTube


Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) Privacy policy: https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated


LinkedIn


LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland Privacy policy https://www.linkedin.com/legal/privacy-policy

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out


Xing


XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany

Privacy policy/opt-out: https://privacy.xing.com/de/datenschutzerklaerung

ONLINE ADVERTISING

Affiliates


We work together with advertising partners to make the online offer on our site even more interesting for you. For this purpose, cookies are also set by our advertising partners when you visit our site (so-called third-party cookies). Information about your user behaviour and your interests when you visit our website is also stored in the cookies of our advertising partners using pseudonyms. In some cases, information is also collected that was found on other websites before you visited our site. This information is used to show you interest-related adverts from our advertising partners. No personal data is stored and no user profiles are merged with personal data about you.


The cookie is stored for a period specified by the provider and then automatically deleted. You can prevent the interest-based display of advertising by our advertising partners by selecting the appropriate cookie settings in your browser. Further information can be found on the websites of the providers listed below


Provider overview:


Germany:
AWIN AG, Eichhornstr. 3, 10785 Berlin, Germany, https://www.awin.com/de/rechtliches/privacy-policy-DACH


Austria:

AWIN AG, Eichhornstr. 3, 10785 Berlin, Germany, https://www.awin.com/de/rechtliches/privacy-policy-DACH


Switzerland:

Connects GmbH, Theilerstrasse 7, 6300 Zug, https://cct.connects.ch/dataprotection


The legal basis for the processing of your personal data by affiliates is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.


Adtraction


We use the German affiliate network "Adtraction", which offers affiliate marketing. The operating company of Adtraction is Adtraction Deutschland GmbH, Eichhornstraße 3, 10785 Berlin, Germany. Adtraction sets tracking cookies in your browser, which can process the following data:


Your IP address, Date and time of the request, Time zone difference to Greenwich Mean Time (GMT), Content of the request (specific page), Access status / HTTP status code, Amount of data transferred in each case, The website from which the request comes, Browser, Operating system and its interface, Language and version of the browser software.


This data is mainly processed by Adtraction in order to technically implement the service.


The storage period for cookies ranges from 30 to 90 days.


Between Adtraction, us and other affiliate partners, only the identification number of the affiliate, i.e. the partner referring the potential customer, as well as the order number of the visitor to a website and the advertising material clicked on are passed on. The purpose of processing this data is to process commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. Adtraction. All processing entities are independent controllers.


The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.


Further information on Adtraction's data protection provisions can be found at: https://adtraction.com/about-us/privacy-policy.


RTB House GmbH


Hess Natur-Textilien GmbH & Co KG processes certain data about the online activities of users on this website in order to carry out personalised advertising campaigns. This data may include Online identifiers (e.g. cookie ID / mobile advertising ID), information about specific pages visited, products viewed or placed in the shopping basket together with timestamps and purchased, as well as technical device and search programme details. Hess Natur-Textilien GmbH & Co KG commissions RTB House GmbH, Kurfürstendamm 226, 10719 Berlin, an advertising technology company, as a third-party subcontractor to carry out advertising campaigns on the basis of this data and to display personalised advertisements to users. Insofar as this data is "personal data" within the scope of the GDPR, Hess Natur-Textilien GmbH & Co KG acts as the controller and RTB House GmbH as the processor. Further information on RTB House retargeting technology can be found at: https://www.rtbhouse.com/privacy-center/.


The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.


Billiger.de


On the homepage and order confirmation page, our website uses tracking technology from solute GmbH, based at Zeppelinstr. 15 in 76185 Karlsruhe, Germany, to track orders and for billing purposes for customers who have been redirected to our website via billiger.de and other partners of solute GmbH.


For this purpose, we check whether a parameter "soluteclid" is present in the URL. If "soluteclid" exists, it is sent to the servers of solute GmbH together with the URL of the entry page, a unique ID of the order process and the total shopping basket value via HTTP request.


The legal basis for this processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.


The "soluteclid" is deleted after the order process has been completed or after the end of the local storage period of your browser. The duration of the storage of objects in the local storage of a browser may vary depending on the browser and the manufacturer's guidelines. The "soluteclid" is read and processed for a maximum of 30 days after collection.


Further information on data protection at solute can be found at https://www.solute.de/ger/datenschutz/


Shopping24


We use the services of the provider shopping24 for performance tracking and our product placement. The operating company is shopping24 Gesellschaft für multimediale Anwendungen mbH, An der Alster 45, 20099 Hamburg, Germany.


Shopping24 records a self-generated hash ID and order data (net order value, products, order number, number of invoice items) using tracking cookies. These cookies enable shopping24 to track the performance of a campaign for us.


The legal basis for this processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.


The data is deleted as soon as it is no longer required for our logging. The storage period is a maximum of 30 days. You can permanently prevent the setting of cookies at any time by making the appropriate settings in your browser so that Shopping24 cannot set a cookie. In addition, cookies already used by Shopping24 can be deleted at any time via the browser. Shopping24 does not pass on personal data to third parties without the express consent of the user.


Further information on data protection at shopping24 can be found at https://www.shopping24.de/datenschutz


Stylight


We use the tracking services of the provider Stylight GmbH, based in Nymphenburger Straße 86, 80636 Munich. Tracking is used to track orders and for billing purposes of customers who have been redirected to our website via the Stylight GmbH website.


For this purpose, an individually generated ID and the order data (net order value, products, order number, number of invoice items) are forwarded to Stylight. This data is not passed on to other third parties.


The legal basis for this processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.


The data is deleted as soon as it is no longer required for our logging. The storage period is a maximum of 30 days. You can permanently prevent the setting of cookies at any time by making the appropriate settings in your browser so that Stylight cannot set any cookies. In addition, cookies already used by Stylight can be deleted at any time via the browser.


Further information on data protection at Stylight can be found at https://about.stylight.com/privacy-policy-de_de

USE OF GOOGLE ADS

We use Google Ads to draw attention to our attractive offers with the help of advertising material (so-called Google Ads) on external websites. We can determine how successful the individual advertising measures are in relation to the advertising campaign data. We are interested in showing you adverts that are of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.


These adverts are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the display of adverts or clicks by users, can be measured. If you access our website via a Google advert, Google Ads will store a cookie on your PC. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

These cookies enable Google to recognise your internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical analyses from Google. These analyses enable us to recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information.


Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of ads, Google receives the information that you have called up the corresponding part of our website or clicked on an advert from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and save it.


You can prevent participation in this tracking process in various ways:

  1. by setting your browser software accordingly; in particular, the suppression of third-party cookies means that you will not receive any adverts from third-party providers;

  2. by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com",

    https://www.google.de/settings/ads, whereby this setting is deleted when you delete your cookies;

  3. by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices , whereby this setting is deleted when you delete your cookies;

  4. by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this website to their full extent.


The legal basis for the processing of your data is consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.


Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at https://www.networkadvertising.org

REMARKETING WITH GOOGLE ADS

In addition to Google Ads, we use Google's remarketing process. This is a procedure with which we would like to address you again. This application allows our adverts to be displayed to you when you continue to use the internet after visiting our website. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your user behaviour when you visit various websites. This enables Google to recognise your previous visit to our website. According to its own statements, Google does not merge the data collected in the context of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymisation is used in remarketing.

FACEBOOK CUSTOM AUDIENCES/ FACEBOOK-PIXEL

Furthermore, the website uses the remarketing function "Custom Audiences" of Facebook Inc ("Facebook"). This allows users of the website to be shown interest-based adverts ("Facebook Ads") when they visit the Facebook social network or other websites that also use the process. We are interested in showing you adverts that are of interest to you in order to make our website more interesting for you.


Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of our Internet presence or have clicked on an advert from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible for the provider to find out and store your IP address and other identifying features. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR


Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy

A/B TESTING

This website also carries out analyses of user behaviour by means of A/B testing. This allows us to show you our websites with slightly different content, depending on the profile assignment made. This allows us to analyse and regularly improve our offering and make it more interesting for you as a user.


The legal basis for A/B testing is consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR


Cookies (section IV of this declaration) are stored on your computer for this analysis. The information collected in this way is stored by the controller exclusively on its server in [Germany]. You can prevent the analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use our website to its full extent. You can prevent the storage of cookies by changing the settings in your browser.


Before the analyses are carried out, the IP addresses are further processed in abbreviated form so that they cannot be directly linked to individuals. The IP address transmitted by your browser is not merged with other data collected by us.


The service provider for the analysis is Web Arts AG, Seifgrundstraße 2, 61348 Bad Homburg, Germany. Information from the third-party provider on data protection can be found at https://www.iridion.com/privacy-policy/.

COMMENT FUNCTION

You have the option of commenting on individual contributions on our homepage. If you leave a comment, this comment will be made publicly accessible. Furthermore, the chosen user name, if you do not post anonymously, as well as the date and time of the comment entry will be saved and published. We would like to point out that your IP address is also logged for security reasons.


The legal basis for the storage of this personal data is Art. 6 para. 1 lit. f GDPR (legitimate interest), as we must exculpate ourselves in the event of an infringement. Your personal data will not be passed on to third parties. The only exceptions are if the disclosure is required by law or serves the legal defence of the controller.

PAYMENT OPTIONS

Pay by invoice


Payment by invoice with Payolution GmbH (part of the Unzer Group)


When paying via payolution GmbH (part of the Unzer Group), we pass on your payment data to Unzer E-Com GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany, as part of the payment processing. Unzer E-Com GmbH is a payment provider. Unzer is certified in accordance with the Payment Card Industry Data Security Standard (PCI DSS). This is an industry standard in payment transactions that relates to the secure processing of credit card transactions.


Purchase on account, direct debit in conjunction with a credit check


If you purchase from payolution GmbH (part of the Unzer Group) on account or pay by direct debit, a credit check is carried out on our behalf by a credit agency commissioned by Unzer E-Com GmbH on the basis of mathematical-statistical procedures (scoring). Unzer E-Com GmbH passes on your required data (name, address, e-mail, telephone number and date of birth) to the credit agency/institutes named below for the purpose of the credit check:

  • CRIF GmbH, Diefenbachgasse 35, 11 50 Vienna, Austria

  • CRIF AG, Hagenholzstrasse 81, 8050 Zurich, Switzerland

  • CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Germany

  • SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany

  • KSV1870 Information GmbH, Wagenseilgasse 7, 1100 Vienna, Austria

  • Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss, Germany

  • infoscore Consumer Data GmbH, Rheinstrasse 99, 76532 Baden-Baden, Germany

  • ProfileAddress Direktmarketing GmbH, Altmannsdorfer Strasse 311, 1230 Vienna, Austria

  • Emailage LTD, 1 Fore Street Ave, London, EC2Y 5EJ, United Kingdom

  • ThreatMetrix, The Base 3/F, Tower C, Evert van de Beekstraat 1, 1118 CL Schiphol, Netherlands

  • payolution GmbH, Columbuscenter, Columbusplatz 7-8, 1100 Vienna, Austria

  • Universum Business GmbH, Hanauer Landstr. 164, 60314 Frankfurt am Main, Germany

  • SEON Technologies Ltd, Rákóczi út 42, 1072 Budapest, Hungary

  • Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland

  • Intrum AG, Eschenstrasse 12, 8603 Schwerzenbach, Switzerland


The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of the legitimate interest of payolution GmbH (part of the Unzer Group) in determining your solvency, avoiding payment defaults and verifying your identity.


The result of the credit check in relation to the statistical probability of non-payment is used by payolution GmbH (part of the Unzer Group) for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.


Further data protection information, including information on the credit agencies used, can be found here: https://www.unzer.com/de/datenschutz/


Credit card


If you select the "credit card" payment method, payment is processed via the payment service provider to whom we pass on the information you provided during the ordering process together with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider and only to the extent that it is necessary for this purpose.


PayPal


You have the option of making payments via PayPal. When paying via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing.


The transfer takes place in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR and only insofar as this is necessary for payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment by instalments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Further data protection information, including information on the credit agencies used, can be found in PayPal's privacy policy:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full


You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be authorised to process your personal data if this is necessary for contractual payment processing.

INTEGRATION OF WEB FONTS

Google Fonts


We integrate the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. The aim is to optimise and economically operate our website. The integration is carried out locally by our web server, so no data is transferred to Google. By downloading the fonts, the date and time of access and your IP address are processed by our web server.


Hoefler&Co

We integrate the web fonts of the provider Hoefler&Co, 611 Broadway, Room 725, New York, NY 10012-2608, USA, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. The aim is to optimise and economically operate our website. The integration is carried out locally by our web server, so no data is transferred to Hoefler&Co. By downloading the fonts, the date and time of access and your IP address are processed by our web server.


Font Awesome

We integrate the freemium fonts of the provider Font Awesome on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. The aim is the optimisation and economic operation of our website. The integration is carried out locally by our web server, so no data is transferred to Font Awesome. By downloading the fonts, the date and time of access and your IP address are processed by our web server.

USE OF GOOGLE RECAPTCHA

We also use the Google service reCaptcha on our website to determine whether a person or a computer is making a specific entry in our contact or newsletter form. We also use reCaptcha for posts with a comment function.


Google uses the following data to check whether you are a human or a computer IP address of the end device used, the website that you visit on our site and on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks in which you have to identify images.


The legal basis for the aforementioned data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest in this data processing is to ensure the security of our website and to protect against automated input (attacks).


Further information about the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland can be found at https://www.google.com/policies/privacy/

Opt-Out: https://adssettings.google.com/authenticated

CRITEO (CRITEO SA)

Criteo is an advertising service of Criteo SA. Personal data collected are: Cookies and usage data. The place of processing is France

You can access Criteo SA's privacy policy via the following link Privacy Policy. You can object to the processing of your data at any time using this opt-out link: Opt Out

EMETRIQ (EMETRIQ GMBH)

Emetriq is a remarketing and behavioural targeting service provided by emetriq GmbH. Emetriq uses tracking technologies to record user behaviour. This data is then used to personalise the user's environment and offer target group-specific advertising. Emetriq may also combine the collected data with other networks, including advertising networks, and enable these third parties to track and target the user. Unless otherwise specified in this document, the Owner has no direct relationship with the third parties that emetriq may involve. Personal Data collected are: Cookies and Usage Data. The place of processing is Germany.


You can access emetriq GmbH's privacy policy via the following link Privacy Policy. You can object to the processing of your data at any time using this opt-out link: Opt Out

FACEBOOK AUDIENCE NETWORK (FACEBOOK, INC.)

Facebook Audience Network is an advertising service of Facebook, Inc. Further information on the use of data by Facebook can be found in Facebook's data policy.


This website uses identifiers for mobile devices (including Android Advertising ID or Advertising Identifier for iOS) and cookie-like technologies to run the Facebook Audience Network service. One of the display options for Audience Network adverts is via the user's advertising preferences. The user can set this in the Facebook ad settings.


Users can opt out of certain Audience Network audiences through the appropriate device settings, such as the device's advertising settings on mobile phones or by following the instructions in other sections of this Privacy Policy regarding Audience Network, if applicable.


Personal data collected are: Cookies, Unique Device Identifier for Advertising (Google Advertising ID or IDFA, for example) and Usage Data. The place of processing is the USA


You can access the privacy policy of Facebook Inc. via the following link Privacy PolicyYou can object to the processing of your data at any time using this opt-out link: Opt Out

PRIZE GAMES

The purpose of the data processing is, on the one hand, the realisation/processing of the competition. The personal data provided by the data subject will be used for this purpose. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

Participation in the competition is voluntary. A prerequisite for participation is the granting of advertising consent by the participant, which can be revoked at any time, as the competition is financed through the placement of advertising. Otherwise, participation in the competition is not subject to any further conditions or costs. The legal basis for data processing in this context is Art. 6 para. 1 lit. a GDPR.

Advertising consent is only given to hessnatur. The data will not be passed on to third parties.


hessnatur uses the advertising consent to inform the data subject by email about new products and current events.


The personal data will be deleted if consent is withdrawn, at the earliest 3 months after the competition has been completed. This does not apply to the winners' data, which will be deleted after the statutory periods have expired.


The data subject has the right to withdraw their advertising consent at any time without giving reasons. Withdrawal of consent does not result in any disadvantages.


Freie Digitale


We work together with Freie Digitale Gesellschaft für interaktive Medien, Jahnstr. 45, 80469 Munich for the realisation of competitions. As part of your participation in the competition, data such as your name, address, age and e-mail address will be collected and transmitted.


The data will be stored on the servers of Freie Digitale GmbH exclusively for the purpose of organising the competition and only until the winners have been evaluated. The data will then be deleted. In addition, you can expressly agree to receive a further newsletter from hessnatur.


Participation in the competition is voluntary and is not linked to an order or consent to advertising. You have the option to revoke your consent at Freie Digitale. All you need to do is send an e-mail to datenschutz@hess-natur.de or by post to Hess Natur-Textilien GmbH & Co KG, Marie-Curie-Str. 7, 35510 Butzbach, Germany.

VOUCHERS

Sovendus


Voucher offers from Sovendus GmbH: To select a voucher offer that is currently of interest to you, we transmit the hash value of your email address and your IP address to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe (Sovendus) in pseudonymised and encrypted form (Art. 6 (1) f GDPR). The pseudonymised hash value of the email address is used to take into account any objection to advertising by Sovendus (Art. 21 para. 3, Art. 6 para. 1 c GDPR). The IP address is used by Sovendus exclusively for data security purposes and is generally anonymised after seven days (Art. 6 (1) f GDPR). We also transmit pseudonymised order number, order value with currency, session ID, coupon code and timestamp to Sovendus for billing purposes (Art. 6 para. 1 f GDPR). If you are interested in a voucher offer from Sovendus, there is no advertising objection to your e-mail address and you click on the voucher banner displayed only in this case, we will send your title, name, postcode, country and your e-mail address to Sovendus in encrypted form to prepare the voucher (Art. 6 para. 1 b, f GDPR). For further information on the processing of your data by Sovendus, please refer to the online data protection information at https://www.sovendus.de/datenschutz

CONTENT DELIVERY NETWORKS

SIRV


We use a so-called "Content Delivery Network" (CDN), offered by Sirv.com, 3 The Gallery, 54 Marston Street, Oxford, OX4 1LF, United Kingdom.


A CDN is a service with the help of which the content of our online offer, in particular large media files such as graphics or scripts, are delivered faster with the help of regionally distributed servers connected via the Internet. When our website is called up, images of articles, pages and sliders from SIRV are loaded to the individual contents. No personal data is transferred in this process.


Adobe Scene 7


We use Adobe Scene 7 from Adobe Systems Software Ireland Ltd, 4-6 Riverwalk Citywest Business Campus, Dublin 24, Republic of Ireland on our website. This is a content delivery tool with which "rich media content" can be embedded. This is primarily videos, images or other content that makes interaction with our website more likely. For example, we use it to embed care instructions on product detail pages. Connection information, in particular your IP address, is processed in the process. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in improving the user experience.


Google Cloud


We also use the content delivery network Google Cloud CDN. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.


Google offers a globally distributed content delivery network. The information transfer between your browser and our website is technically routed via the Google network. This enables us to increase the global accessibility and performance of our website.


The use of Google Cloud CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).


Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://cloud.google.com/terms/eu-model-contract-clause


Further information about the provider can be found here:

https://cloud.google.com/cdn/docs/overview?hl=de.

DATA SECURITY

All data transmitted by you personally, including your payment data, is transmitted using the generally used and secure SSL (Secure Socket Layer) standard. SSL is a secure and proven standard that is also used for online banking, for example. You can recognise a secure SSL connection by the s appended to the http (i.e. https://...) in the address bar of your browser or by the lock symbol at the bottom of your browser. Your personal data is stored by us on specially protected servers. Access to these is only possible for a few specially authorised and trained employees who are involved in the technical, commercial or editorial support of the servers and the execution of the contracts.


Trusted Shops


Trusted Shops offers us as an online shop operator the opportunity to adapt our online functionalities to a high consumer standard. Trusted Shops regularly checks all order functions for consumer-friendly behaviour.


In addition, you have the option of taking out Trusted Shops buyer protection at the end of the order process. This service is offered by Trusted Shops and is not provided on behalf of hessnatur. If you make use of Trusted Shops buyer protection, your e-mail address will be transmitted to Trusted Shops if you have clicked on this on the order confirmation page. The Trusted Shops Trustbadge is integrated on this website to display the Trusted Shops seal of approval and any collected reviews as well as to offer Trusted Shops products to buyers after an order.


This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. This access data is not analysed and is automatically overwritten no later than seven days after the end of your visit to the site.

Further personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement concluded between you and Trusted Shops applies.

PAYBACK

We are a partner company of PAYBACK. The bonus programme is operated by PAYBACK Rabattverein e.V. as the administrator of the PAYBACK points and PAYBACK GmbH as the operating company, both based at Theresienhöhe 12, 80339 Munich, Germany (together "PAYBACK"). If you enter your PAYBACK customer number, we will transmit the data required for the bonus programme (in particular PAYBACK card number, order date, shopping basket details with item data, new/existing customer feature) to PAYBACK (or its processors).


The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a and lit. b GDPR.


Further information on data protection, for example on your registration data, the data collected when collecting points or the data collected when redeeming points, can be found in PAYBACK's privacy policy at www.payback.de/info/datenschutz.


Use of TradeDoubler


We are participants in the partner programmes of TradeDoubler GmbH, Herzog-Wilhelm-Straße 26, 80331 Munich. This is a service for integrating adverts. TradeDoubler places a cookie on the site visitor's computer to correctly record sales and/or leads.


TradeDoubler cookies do not store any personal data, but only the ID of the intermediary partner and the serial number of the advertising medium (banner, text link, etc.) clicked on by the site visitor.


The cookie is only set if you access our website via a link from Payback, e.g. at https://www.payback.de/shop/hessnatur, and is valid for 30 days.

When a transaction is completed, the partner ID is used to allocate the commission to be paid to the referring partner. The legal basis for the integration of TradeDoubler is therefore our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in the technical implementation of the allocation of commissions.

Further information on TradeDoubler can be found at: https://www.tradedoubler.com/de/privacy-policy/.

DATA PROTECTION INFORMATION FOR APPLICANTS

On the Hess Natur website, we display job vacancies for which interested parties can apply using our online form. Unsolicited applications can also be sent to us using the online form.


Responsible body

The controller responsible for the processing of personal data can be contacted at

Hess Natur-Textilien GmbH & Co KG, Marie-Curie-Str. 7, 35510 Butzbach, Germany, e-mail: bewerbung@hess-natur.de


The data protection officer can be contacted at Hess Natur-Textilien GmbH & Co KG, Data Protection Department, Marie-Curie-Str. 7, 35510 Butzbach, Germany, e-mail: datenschutz@hess-natur.de


Personal data in the application process at Hess Natur


In the event of an incoming application, we process the personal data received from the applicant exclusively for the purpose of processing the application to potentially fill the vacant position. These are according to the online form:

  • Salutation

  • Name

  • First name

  • Street, no.

  • POSTCODE

  • Place

  • Telephone

  • e-mail

  • Salary expectations

  • Earliest possible entry/remark


In addition, we process the personal data submitted by the applicant resulting from the file attachments submitted by the applicant.


Purposes of data processing, legal bases and legitimate interests pursued by Hess Natur-Textilien GmbH & Co KG


The primary legal basis for this is Art. 88 GDPR in conjunction with Section 26 (1) BDSG.


Within our company, access to your personal data is only granted to those persons who are responsible for handling the application process and who are the decision-makers regarding the outcome of the application.


We delete your personal data as soon as it is no longer required for the above-mentioned purposes. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted no later than six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

You can also request the erasure of your data at any time by sending an email to: bewerbung@hess-natur.de. Please note that in this case you also withdraw from all ongoing application procedures.


Your personal data will be passed on to our service provider Sage GmbH as part of the application process. For further information, please see the following link:

https://www.sage.com/de-de/-/media/files/sagedotcom/germany/documents/pdf/rechtliches/av_dsvgo_sage_gmbh_muster.p df


Storage for future jobs


In the event that you have consented to your personal data being stored further, we will transfer your data to our applicant pool. There the data will be deleted after two years.

DATA PROTECTION INFORMATION FOR THE COLLECTION OF PERSONAL DATA IN THE CONTEXT OF A SURVEY

Name and contact details of the person responsible


Hess Natur-Textilien GmbH & Co KG

Marie-Curie-Straße 7

35510 Butzbach

Phone: 06033 / 991-0

E-mail: datenschutz@hess-natur.de


Name and contact details of the data protection officer


If you have any questions about the processing of your personal data, please contact the data protection officer at AGOR AG, Niddastrasse 74, 60329 Frankfurt am Main, info@agor-ag.com.


What categories of data do we use and where do they come from?

  • Answers to the questions in the survey

  • Name (pseudonymised; see below)

  • E-mail address (pseudonymised; see below)

  • Customer number (pseudonymised; see below)


Please note that we merge the answers from the customer survey with your name, e-mail address and customer number in the first step to form a cluster. This merging is strictly access-restricted; no active data processing takes place. In the next step, the name and email address are deleted and the customer number is pseudonymised so that it cannot be traced back. The answers to the survey are therefore never stored in a personalised form for the customer themselves.


Legal basis and purpose of data processing


We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG-neu) and all other relevant laws.


The primary purpose of data collection and processing is to conduct the survey and is based on your consent. The results of the survey are not linked to personal data, but rather processed in pseudonymised form. The primary legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Section 27 para. 1 BDSG-new. If necessary, we also process your data on the basis of Art. 6 para. 1 lit. f GDPR in order to protect our legitimate interests or those of third parties.


With this processing, we pursue the goal of getting to know our customers better and categorising them into generic clusters/customer groups. Processing for other, additional purposes does not take place.


Data access


Within our company, only those persons and departments that are responsible for processing the survey and are decision-makers will receive your personal data. Only one person in the company has access to the personal responses from the survey (step 1 of the process outlined under point 3), who is specifically obliged to observe data protection and the confidentiality of personal data.


Data transfer

The data will not be passed on to third parties.


Rights of data subjects


You can request information about the personal data stored about you at the above address. In addition, under certain conditions, you can request the correction or deletion of your data. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, commonly used and machine-readable format.


To exercise these rights, data subjects can contact the above-mentioned persons responsible in the company, the data protection officer or the supervisory authority.


Storage of your data


The personal data listed above under point 3 will be deleted immediately after the respective merge. The remaining data will only be stored in pseudonymised form and only if the data is essential for the survey.


Profiling


No automated decision-making (including profiling) takes place.