Privacy Notice
Our website privacy information is structured as follows:
Person responsible
Processing of personal data
Your rights
The simultaneous use of masculine and feminine forms of speech has been dispensed with for reasons of better readability. All personal terms nevertheless apply to all genders.
Responsible
Sanatur GmbH
Im Haselbusch 16
78224 Singen (Hohentwiel)
Telephone: +49 77 31 87 83 0
Fax: +49 77 31 87 83 81
E-mail: info@sanatur.de
Processing of personal data
Read here how personal data is collected and for what purposes it is processed with what legal basis, to whom the data is passed on for what purpose and under what conditions it is deleted again.
Technical and functional provision of the website
We process personal data in order to be able to provide our website as far as possible without technical or functional restrictions and in accordance with legal requirements.
Logs
When you access our website, we store certain access data, e.g. browser type and version, operating system used, the website previously visited, access date and time of the server request and the client's file request (file name and URL). We use this data anonymously for statistical evaluations without assigning it to the respective user.
The purpose of this data processing is the retrievability and correct display of the website on your end device as well as the optimisation of our website. In this respect, there is a legitimate interest on our part. The processing is based on Art. 6 para. 1 p. 1 lit. f DSGVO and § 15 TMG.
Required cookies
We use cookies, i.e. small text files that are stored on your computer so that you can move around the website without restrictions and use all functions. Without these cookies, we cannot provide services requested by you. The legal basis for data processing through required cookies is Art. 6 para. 1 p. 1 lit. b DSGVO.
Most browsers accept cookies automatically.If you do not want this, you can deactivate the storage of cookies on your hard drive in your browser settings. In addition, you can delete cookies stored in your browser settings at any time. However, in this case you may not be able to use all the functions of our website to their full extent.
Contact
We collect personal data when you provide it to us. This can be, for example, data that you enter in a contact form or send to us in the course of contacting us. Insofar as certain input fields are marked as "mandatory data", we use these fields to collect the data required to carry out the requested action. Of course, you can provide us with further data if you wish.
The processing of this data is based on Art. 6 para. 1 p. 1 lit. b DSGVO, insofar as this is necessary for the implementation of a measure requested by you - in particular for the processing of orders as well as for answering specific enquiries. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 para. 1 p. 1 lit. f DSGVO).
Ordering with and without a customer account
For more convenient shopping in our online shop, you can register for a password-protected, free customer account on our website. In this account you can view your completed and open orders and manage your personal data.
In the course of registration, the following mandatory information is collected: title, first and last name, date of birth, address, country and e-mail address. In addition, you can upload proof of your activity as a non-medical practitioner, doctor, therapist or trader in order to receive more favourable ordering conditions. You can change the data at any time. With the fields marked as "mandatory data", we collect the data that is required for the purpose of implementing the user relationship established by the registration - in particular for processing your orders (Art. 6 para. 1 p. 1 lit. b DSGVO). Of course, you can provide us with further data if you wish. You can delete your personal user account at any time.
You can also place an order without registering a customer account. In order to carry out the order, salutation, first and last name, date of birth, address, country and e-mail address are collected as mandatory data. This data is processed in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO to process your order.
Advertising measures; in particular e-mail newsletters
We may use your data for advertising purposes. This applies in particular to e-mail newsletters, for example with information about our products and services. We have a legitimate interest in processing your data for direct advertising purposes within the meaning of Art. 6 (1) p. 1 lit. f DSGVO.
You can unsubscribe from an e-mail newsletter at any time with future effect by either pressing the link provided for this purpose in every e-mail newsletter or by contacting us via the contact details provided. In addition, you can generally object to the processing of your personal data for advertising purposes with effect for the future in writing, by fax, by e-mail or by telephone, without incurring any costs other than the transmission costs according to the basic rates. The lawfulness of the data processing operations already carried out remains unaffected by this.
Google reCAPTCHA
If you have consented, this website uses the Google reCAPTCHA service, which is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google").
Using cookies, i.e. small text files that are stored on your computer, this service evaluates your surfing behaviour on our website and in particular your click behaviour and mouse movements.
The purpose of reCAPTCHA is to check whether data entry on our website is carried out by a human being or abusively by an automated programme. reCAPTCHA thus serves to ensure data security when transmitting data collected via contact or other forms and thus to protect against spam.
The legal basis for data processing by Google reCAPTCHA is your consent, Art. 6 para. 1 p. 1 lit. a DSGVO.
It cannot be ruled out that information collected by Google services may also be transmitted to and stored on a Google server in a third country, in particular a server of Google's parent company, Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California, USA. A transfer of personal data to the USA is associated with special risks for data subjects. The integration of and data processing by Google services therefore only takes place with your express consent. For more information on third country transfers, please refer to section 7.
If you are logged into your Google account, Google may add processed information to your account depending on your account settings and treat it as personal data, cf. in particular https://www.google.de/policies/privacy/partners/. We do not become aware of the data collected in this way and how it is used.
You have the option of deactivating Google reCAPTCHA and thus preventing the transfer of data to Google by deactivating JavaScript in your browser. However, we would like to point out that in this case you may not be able to use all services on our website.
Further information on data processing by Google and the Google reCAPTCHA service can be found at:
https://policies.google.com/privacy ("Google privacy policy")
https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps")
http://www.google.com/policies/technologies/ad ("Data use for advertising purposes")
https://www.google.com/recaptcha/intro/android.html
https://developers.google.com/recaptcha/
Disclosure of data to third parties
Your personal data will only be passed on to third parties if this is necessary for the purpose of processing the contract (Art. 6 para. 1 p. 1 lit. b DSGVO), if you have expressly consented to the transfer (Art. 6 para. 1 p. 1 lit. a DSGVO) or if data protection law permits such a transfer. However, only the data required in each case will be passed on.
In particular, your address data will be passed on to transport and logistics companies insofar as this is necessary for the purpose of processing the contract (Art. 6 para. 1 p. 1 lit. b DSGVO). Furthermore, if you have chosen the payment method "direct debit" and this is necessary for the processing of payments, we will pass on your data required for this purpose to the payment service provider selected by you (Art. 6 para. 1 p. 1 lit. b DSGVO).
Customers who have a customer account with PayPal can process the payment via the "PayPal" or "Express Buy with PayPal Button". PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. By clicking this button, you will be redirected to the PayPal website. In doing so, data is transferred to PayPal; in particular, PayPal receives the information that you have previously visited our website with your IP address. We have no influence on the data processing that takes place at PayPal. Rather, this is governed by the agreements between you and PayPal. Further information on data processing by PayPal can be found at:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Third country transfer
On our website, services of companies based in the USA or relations to the USA are integrated. If you consent to data processing by one of these service providers, it cannot be ruled out that US authorities will have unrestricted access to the data processed about you. There is no legal recourse against this. Specifically, these are the service providers:
Service: Google reCAPTCHA
Provider: Google Ireland Limited, Dublin/Ireland
Parent company: Google LLC, Mountain View/USA
It cannot be ruled out that the companies or the respective parent companies and/or US authorities may access personal data processed for the provision of the services.
The legal basis for this transfer of personal data to the USA was the certification of the companies or the parent companies of the companies in accordance with the EU-US Privacy Shield, which was, however, declared invalid by the European Court of Justice in July 2020. A transfer on the basis of the so-called standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO is not possible because the high standards of the ECJ and the data protection supervisory authorities regarding additional agreements with the companies in the USA cannot (yet) be met. Negotiations are being conducted between the USA and the EU on a successor agreement to the Privacy Shield. However, it is not foreseeable when these will be completed.
We therefore only use the above-mentioned services with your prior express consent and expressly point out the following regarding the risks of transferring data to one of the above-mentioned service providers:
Due to the powers of the US intelligence services and the legal situation in the US, the state surveillance measures of the US are disproportionate and, from the EU's perspective, there is no adequate state level of data protection for personal data. In particular, Sec. 702 of the US Foreign Intelligence Surveillance Act (FISA) provides no limits on the surveillance activities of the intelligence agencies and no safeguards for non-US citizens. Moreover, Presidential Policy Directive 28 (PPD-28) does not provide data subjects with effective remedies against measures taken by US authorities and does not provide for barriers to ensure proportionate measures. In addition, US authorities can demand that a US company hand over all stored data on the basis of the US Cloud Act, even if this data is located on servers within the EU.
We therefore only use the above-mentioned services with your prior express consent and expressly point out the following regarding the risks of transferring data to one of the above-mentioned service providers:
Data deletion
The personal data processed by us will be stored by us for as long as is necessary for the respective purpose - in particular the processing of your request or your order - in compliance with the statutory retention periods (e.g. in accordance with the German Commercial Code and the German Fiscal Code, ten years for tax-relevant documents and six years for other business letters) (Art. 6 (1) sentence 1 lit. c DSGVO). Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO or the purpose of the data processing has not yet ceased.
Your rights
Right of objection
You may object to the use of personal data for direct marketing purposes at any time; you may also object to the use of personal data on the basis of Art. 6 (1) (e) or (f) DSGVO for reasons arising from your particular situation at any time with effect for the future, without incurring any costs other than the transmission costs according to the basic rates.
You can do this in the following ways:
by post by sending an informal message to Sanatur GmbH, Im Haselbusch 16, 78224 Singen (Hohentwiel).
by sending a message via the contact form
by sending an e-mail to info@sanatur.de
by telephone on +49 77 31 87 83 0
Right to information, correction, deletion or restriction and transferability
Under the conditions of Art. 15 to 20 DSGVO, you have the right to receive information free of charge about the data we have stored about you, to have incorrect data corrected and to request the deletion or restriction of processing as well as the portability of your personal data. In some cases, however, we are not allowed to delete user data completely due to legal retention obligations.
Right of complaint
You have the right to complain to a supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Königstraße 10a, 70173 Stuttgart.
Person responsible
Processing of personal data
Your rights
The simultaneous use of masculine and feminine forms of speech has been dispensed with for reasons of better readability. All personal terms nevertheless apply to all genders.
Responsible
Sanatur GmbH
Im Haselbusch 16
78224 Singen (Hohentwiel)
Telephone: +49 77 31 87 83 0
Fax: +49 77 31 87 83 81
E-mail: info@sanatur.de
Processing of personal data
Read here how personal data is collected and for what purposes it is processed with what legal basis, to whom the data is passed on for what purpose and under what conditions it is deleted again.
Technical and functional provision of the website
We process personal data in order to be able to provide our website as far as possible without technical or functional restrictions and in accordance with legal requirements.
Logs
When you access our website, we store certain access data, e.g. browser type and version, operating system used, the website previously visited, access date and time of the server request and the client's file request (file name and URL). We use this data anonymously for statistical evaluations without assigning it to the respective user.
The purpose of this data processing is the retrievability and correct display of the website on your end device as well as the optimisation of our website. In this respect, there is a legitimate interest on our part. The processing is based on Art. 6 para. 1 p. 1 lit. f DSGVO and § 15 TMG.
Required cookies
We use cookies, i.e. small text files that are stored on your computer so that you can move around the website without restrictions and use all functions. Without these cookies, we cannot provide services requested by you. The legal basis for data processing through required cookies is Art. 6 para. 1 p. 1 lit. b DSGVO.
Most browsers accept cookies automatically.If you do not want this, you can deactivate the storage of cookies on your hard drive in your browser settings. In addition, you can delete cookies stored in your browser settings at any time. However, in this case you may not be able to use all the functions of our website to their full extent.
Contact
We collect personal data when you provide it to us. This can be, for example, data that you enter in a contact form or send to us in the course of contacting us. Insofar as certain input fields are marked as "mandatory data", we use these fields to collect the data required to carry out the requested action. Of course, you can provide us with further data if you wish.
The processing of this data is based on Art. 6 para. 1 p. 1 lit. b DSGVO, insofar as this is necessary for the implementation of a measure requested by you - in particular for the processing of orders as well as for answering specific enquiries. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 para. 1 p. 1 lit. f DSGVO).
Ordering with and without a customer account
For more convenient shopping in our online shop, you can register for a password-protected, free customer account on our website. In this account you can view your completed and open orders and manage your personal data.
In the course of registration, the following mandatory information is collected: title, first and last name, date of birth, address, country and e-mail address. In addition, you can upload proof of your activity as a non-medical practitioner, doctor, therapist or trader in order to receive more favourable ordering conditions. You can change the data at any time. With the fields marked as "mandatory data", we collect the data that is required for the purpose of implementing the user relationship established by the registration - in particular for processing your orders (Art. 6 para. 1 p. 1 lit. b DSGVO). Of course, you can provide us with further data if you wish. You can delete your personal user account at any time.
You can also place an order without registering a customer account. In order to carry out the order, salutation, first and last name, date of birth, address, country and e-mail address are collected as mandatory data. This data is processed in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO to process your order.
Advertising measures; in particular e-mail newsletters
We may use your data for advertising purposes. This applies in particular to e-mail newsletters, for example with information about our products and services. We have a legitimate interest in processing your data for direct advertising purposes within the meaning of Art. 6 (1) p. 1 lit. f DSGVO.
You can unsubscribe from an e-mail newsletter at any time with future effect by either pressing the link provided for this purpose in every e-mail newsletter or by contacting us via the contact details provided. In addition, you can generally object to the processing of your personal data for advertising purposes with effect for the future in writing, by fax, by e-mail or by telephone, without incurring any costs other than the transmission costs according to the basic rates. The lawfulness of the data processing operations already carried out remains unaffected by this.
Google reCAPTCHA
If you have consented, this website uses the Google reCAPTCHA service, which is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google").
Using cookies, i.e. small text files that are stored on your computer, this service evaluates your surfing behaviour on our website and in particular your click behaviour and mouse movements.
The purpose of reCAPTCHA is to check whether data entry on our website is carried out by a human being or abusively by an automated programme. reCAPTCHA thus serves to ensure data security when transmitting data collected via contact or other forms and thus to protect against spam.
The legal basis for data processing by Google reCAPTCHA is your consent, Art. 6 para. 1 p. 1 lit. a DSGVO.
It cannot be ruled out that information collected by Google services may also be transmitted to and stored on a Google server in a third country, in particular a server of Google's parent company, Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California, USA. A transfer of personal data to the USA is associated with special risks for data subjects. The integration of and data processing by Google services therefore only takes place with your express consent. For more information on third country transfers, please refer to section 7.
If you are logged into your Google account, Google may add processed information to your account depending on your account settings and treat it as personal data, cf. in particular https://www.google.de/policies/privacy/partners/. We do not become aware of the data collected in this way and how it is used.
You have the option of deactivating Google reCAPTCHA and thus preventing the transfer of data to Google by deactivating JavaScript in your browser. However, we would like to point out that in this case you may not be able to use all services on our website.
Further information on data processing by Google and the Google reCAPTCHA service can be found at:
https://policies.google.com/privacy ("Google privacy policy")
https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps")
http://www.google.com/policies/technologies/ad ("Data use for advertising purposes")
https://www.google.com/recaptcha/intro/android.html
https://developers.google.com/recaptcha/
Disclosure of data to third parties
Your personal data will only be passed on to third parties if this is necessary for the purpose of processing the contract (Art. 6 para. 1 p. 1 lit. b DSGVO), if you have expressly consented to the transfer (Art. 6 para. 1 p. 1 lit. a DSGVO) or if data protection law permits such a transfer. However, only the data required in each case will be passed on.
In particular, your address data will be passed on to transport and logistics companies insofar as this is necessary for the purpose of processing the contract (Art. 6 para. 1 p. 1 lit. b DSGVO). Furthermore, if you have chosen the payment method "direct debit" and this is necessary for the processing of payments, we will pass on your data required for this purpose to the payment service provider selected by you (Art. 6 para. 1 p. 1 lit. b DSGVO).
Customers who have a customer account with PayPal can process the payment via the "PayPal" or "Express Buy with PayPal Button". PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. By clicking this button, you will be redirected to the PayPal website. In doing so, data is transferred to PayPal; in particular, PayPal receives the information that you have previously visited our website with your IP address. We have no influence on the data processing that takes place at PayPal. Rather, this is governed by the agreements between you and PayPal. Further information on data processing by PayPal can be found at:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Third country transfer
On our website, services of companies based in the USA or relations to the USA are integrated. If you consent to data processing by one of these service providers, it cannot be ruled out that US authorities will have unrestricted access to the data processed about you. There is no legal recourse against this. Specifically, these are the service providers:
Service: Google reCAPTCHA
Provider: Google Ireland Limited, Dublin/Ireland
Parent company: Google LLC, Mountain View/USA
It cannot be ruled out that the companies or the respective parent companies and/or US authorities may access personal data processed for the provision of the services.
The legal basis for this transfer of personal data to the USA was the certification of the companies or the parent companies of the companies in accordance with the EU-US Privacy Shield, which was, however, declared invalid by the European Court of Justice in July 2020. A transfer on the basis of the so-called standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO is not possible because the high standards of the ECJ and the data protection supervisory authorities regarding additional agreements with the companies in the USA cannot (yet) be met. Negotiations are being conducted between the USA and the EU on a successor agreement to the Privacy Shield. However, it is not foreseeable when these will be completed.
We therefore only use the above-mentioned services with your prior express consent and expressly point out the following regarding the risks of transferring data to one of the above-mentioned service providers:
Due to the powers of the US intelligence services and the legal situation in the US, the state surveillance measures of the US are disproportionate and, from the EU's perspective, there is no adequate state level of data protection for personal data. In particular, Sec. 702 of the US Foreign Intelligence Surveillance Act (FISA) provides no limits on the surveillance activities of the intelligence agencies and no safeguards for non-US citizens. Moreover, Presidential Policy Directive 28 (PPD-28) does not provide data subjects with effective remedies against measures taken by US authorities and does not provide for barriers to ensure proportionate measures. In addition, US authorities can demand that a US company hand over all stored data on the basis of the US Cloud Act, even if this data is located on servers within the EU.
We therefore only use the above-mentioned services with your prior express consent and expressly point out the following regarding the risks of transferring data to one of the above-mentioned service providers:
Data deletion
The personal data processed by us will be stored by us for as long as is necessary for the respective purpose - in particular the processing of your request or your order - in compliance with the statutory retention periods (e.g. in accordance with the German Commercial Code and the German Fiscal Code, ten years for tax-relevant documents and six years for other business letters) (Art. 6 (1) sentence 1 lit. c DSGVO). Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO or the purpose of the data processing has not yet ceased.
Your rights
Right of objection
You may object to the use of personal data for direct marketing purposes at any time; you may also object to the use of personal data on the basis of Art. 6 (1) (e) or (f) DSGVO for reasons arising from your particular situation at any time with effect for the future, without incurring any costs other than the transmission costs according to the basic rates.
You can do this in the following ways:
by post by sending an informal message to Sanatur GmbH, Im Haselbusch 16, 78224 Singen (Hohentwiel).
by sending a message via the contact form
by sending an e-mail to info@sanatur.de
by telephone on +49 77 31 87 83 0
Right to information, correction, deletion or restriction and transferability
Under the conditions of Art. 15 to 20 DSGVO, you have the right to receive information free of charge about the data we have stored about you, to have incorrect data corrected and to request the deletion or restriction of processing as well as the portability of your personal data. In some cases, however, we are not allowed to delete user data completely due to legal retention obligations.
Right of complaint
You have the right to complain to a supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Königstraße 10a, 70173 Stuttgart.