1. The name and contact details of the controller and the company data protection officer
This data protection information applies to the data processing by:
the controller: LaVita GmbH (hereinafter LaVita) Ziegelfeldstraße 10, 84036 Kumhausen, Germany
Email: firstname.lastname@example.org Telephone: +49 871/972 1718 Fax: +49 871/972 1717
The company data protection officer of LaVita can be reached at the above address (to the attention of: Data Protection Department) or can be reached at email@example.com.
2. The collection and storage of personal data and the nature and purpose of their use
a) When visiting the website
When you call up our website www.lavita.de, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a “log file”. The following information is recorded without your intervention and stored until automatic deletion after 90 days:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which the access takes place (referrer URL)
- The browser used and, if applicable, the operating system of your computer and the name of your access provider.
We process the data mentioned above for the following purposes:
- To ensure a smooth connection of the website
- To guarantee the user-friendly use of our website
- To evaluate system security and stability
- For other administrative purposes
b) When ordering in the online shop as a guest
If you wish to order products as a guest on our website, we collect the following information:
- Salutation, first name/surname
- A valid email address
- Payment data depending on the payment method you choose (e.g. bank details or PayPal account details).
Data is collected
- in order to be able to identify you as our contractual partner
- to check the data entered for plausibility
- for the payment processing of your order
- for the settlement of any warranty claims that may exist and the assertion of any claims against you
The data processing is carried out at your request and is necessary for the fulfilment of the contract and pre-contractual measures in accordance with Article 6 para. 1 sentence 1 lit. b GDPR for the aforementioned purposes.
In order to ensure a smooth and easy processing of your order and for a quicker clarification of possible queries, you can also provide additional data:
- your telephone number
- an alternative delivery address
The provision of this data is voluntary.
The personal data collected by us for the order will be stored until the expiry of the statutory warranty period and automatically deleted thereafter unless we are obliged to store the data for a longer period of time in accordance with Article 6 para. 1 sentence 1 lit. c GDPR because of tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have consented to storage beyond this period in accordance with Article 6 para. 1 sentence. 1 lit. a GDPR.
c) When creating a user account
You have the possibility to set up a password-protected user account in which we store your personal data. This serves the purpose of providing you with the greatest possible convenience in processing your orders by making the purchase process easier, faster, and more personal.
If you want to set up a password-protected user account with us, we need the following information from you:
- Salutation, first name/surname
- A valid email address
In addition, you must enter a password of your own choice to create a user account. Together with your email address, this enables access to your user account. In your user account you can view and change the data stored about you at any time. You can also login via your Google account. You can find out more about this under point 8 “Social Logins”.
We store your personal data in a user account only if you have voluntarily given us your consent to do so in accordance with Article 6 para. 1 sentence 1 lit. a GDPR.
It is not necessary to create a user account to use our site or place orders. We offer you the possibility to place your order as a guest (see point 2. b). In this case, however, you must re-enter your data with each order.
After deletion of your user account, your data will be automatically deleted for further use unless we are obliged to store the data for a longer period of time in accordance with article 6 paragraph 1 sentence 1 lit. c DSGVO because of tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have consented to further storage in accordance with article 6 paragraph 1 sentence 1 lit. a GDPR.
d) When registering for our newsletter
If you have expressly consented in accordance with Article 6 para. 1 sentence 1 letter a GDPR, we will use your email address to send you our blog newsletter on a regular basis. To receive the newsletter, you must simply enter an email address in the newsletter form on the blog home page.
We may also use your email address to send you information about similar products of our company provided you are our existing customer and have not objected to the use of your email address.
In both cases, you can unsubscribe at any time (e.g. via a link at the end of each newsletter). You can send your unsubscribe request by email to firstname.lastname@example.org at any time.
If we send you email newsletters, these newsletters contain elements that react to the reading or confirmation of links within the newsletter and are linked to an individual technical identification. We use this information for the statistical evaluation of all feedback obtained from the use of the newsletter in order to improve the newsletter service for you. We use the services of Exponea for newsletter campaign automation (cf 5. a) VII.).
e) When using our contact form
If you have any questions of any kind, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a valid email address so that we know who the enquiry comes from and can answer it. Further information can be provided voluntarily.
The data processing for the purpose of contacting us is carried out in accordance with Article 6 para. 1 sentence. 1 lit. a GDPR on the basis of your voluntarily given consent.
The personal data collected by us for the use of the contact form will be automatically deleted after the completion of your request.
f) For applications using the online form
You can send us an unsolicited application using the online application form. In the context of the application procedure, the following personal data will be collected and stored:
- First name and surname
- Email address
- Job title
- Start date
- Salary expectations
- Various attachments (e.g. letter of application, photo, certificates)
You also have the option of voluntarily providing us with your telephone number and a text for further information.
The data processing is carried out at your request and only to the extent that it is necessary to answer your application and establish the employment relationship in accordance with Article 88 para. 1 GDPR in conjunction with Section 26 para. 1 BDSG or if it is necessary to protect our legitimate interests according to Article 6 para. 1 sentence 1 lit. f GDPR.
The data are processed for the purpose of applying for employment. Personal data is regularly deleted 6 months after the end of the application procedure unless you have consented to longer storage in accordance with Article 6 para. 1 sentence. 1 lit. a GDPR.
3. Disclosure of data
Your personal data will not be transferred to third parties for purposes other than those listed below.
a) For contract implementation
To the extent permitted by law, and in accordance with Article 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you, your personal data will be disclosed to third parties. This includes, in particular, the transfer to shipping companies for the purpose of delivering the goods ordered by you and the transfer of payment data to payment service providers or credit institutions in order to carry out a payment transaction. The data passed on may be used by the third party exclusively for the purposes mentioned.
b) For accounting purposes
On the basis of our legitimate interests in accordance with Article 6 para. 1 sentence 1 lit. f GDPR, we may also transfer your data to our partners. The transmission of your data to our partners is necessary for general accounting purposes. This economic interest is to be regarded as a legitimate interest within the meaning of Article 6 para. 1 sentence 1 lit. f GDPR.
c) For other purposes
In addition, we pass on your personal data to third parties only if:
- You have given your express consent in accordance with Article 6 para. 1 sentence 1 letter a GDPR
- The disclosure pursuant to Article 6 para. 1 sentence 1 letter f GDPR is necessary for the assertion, exercise, or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data
- There is a legal obligation for disclosure under Article 6 para. 1 sentence 1 lit. c GDPR
Information in connection with the specifically used terminal device is stored in the cookie. However, this does not mean that we obtain immediate knowledge of your identity.
We also use temporary cookies, which are stored on your end device for a certain fixed period of time in order to optimise user-friendliness. If you visit our site again to use our services, we will automatically recognise that you have already visited and what entries and settings you have made so that you do not have to enter them again.
The data processed by cookies is required for the purposes mentioned above in order to safeguard our legitimate interests and those of third parties in accordance with Article 6 para. 1 sentence 1 lit. f GDPR.
Most browsers automatically accept cookies. You can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you will not be able to use all the functions of our website.
Here you can manage your cookie settings at any time:
5. Analysis tools
a) Tracking tools
The tracking measures listed below and used by us are carried out on the basis of Article 6 para. 1 sentence 1 lit. f GDPR. With the tracking measures we use, we want to ensure that our website is designed to meet the needs of our customers and is continuously optimised. We also use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimising our offer for you. These interests are to be considered legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
I.) Google Analytics
For the purpose of designing our pages to meet your needs and continuously optimising them, we use Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, US; hereinafter “Google”). In this context, pseudonymised user profiles are created, and cookies (see under point 4) are used. The information generated by the cookie about your use of this website such as
- Browser type/version
- Operating system used
- Referrer URL (the previously visited page)
- Host name of the accessing computer (IP address)
- Time of the server request
is transferred to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities, and to provide further services connected with the use of the website and the Internet for the purposes of market research and the design of these Internet pages in line with requirements. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are made anonymous so that an assignment is not possible (IP masking).
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent your data from being collected in the future when you visit this website. The opt-out cookie is valid only in this browser and only for our website and is placed on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help.
II.) Google Adwords Conversion Tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you, we also use Google Conversion Tracking. Google Adwords will set a cookie (see point 4) on your computer if you have reached our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords client’s website and the cookie has not expired, Google and the client will be able to tell that the user clicked on the ad and was redirected to that page.
Every Adwords client receives a different cookie. Cookies can therefore not be tracked through the websites of Adwords clients. The information collected using the conversion cookie is used to generate conversion statistics for Adwords clients who have opted for conversion tracking. Adwords clients are informed of the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive information that can be used to identify users personally.
III.) Google Tag Manager
Google Tag Manager is a solution with which we can manage “website tags” via an interface (and thus integrate Google Analytics and other Google marketing services into our online offer). The Tag Manager itself (which implements the tags) does not process any personal data of the users. With regard to the processing of users’ personal data, we refer to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
IV.) Google Optimize
Our website uses the web analysis and optimization service “Google Optimize”, which is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US (hereinafter “Google Optimize”). We use the Google Optimize service to enhance the attractiveness, content, and functionality of our website by making new features and content available to a percentage of our users and by statistically evaluating changes in usage. Google Optimize is a sub-service of Google Analytics (see section on Google Analytics).
V.) Google ReCaptcha
We use the reCAPTCHA service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US (hereinafter referred to as “reCAPTCHA”) to protect your blog requests: “Google”). The purpose of the reCAPTCHA query is to identify whether a request is made by a human being or abusively by automated, machine processing.
The query includes the sending of the IP address, the reCAPTCHA entry, and possibly other data required by Google for the reCAPTCHA service to Google. These are transferred to a Google server in the US and stored there.
However, your IP address will be previously anonymised by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area so that it is not possible to assign it. Only in exceptional cases is the full IP address transmitted to a Google server in the US and truncated there.
The processing is carried out on the basis of Article 6 para. 1 sentence 1 lit. f GDPR. In particular, we have a legitimate interest in protecting ourselves from abusive automated spying and from unsolicited email advertising (SPAM).
VI.) Bing Ads
We use Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service provided by Microsoft Corporation (“Microsoft”). This allows us to track the activities of users on our site when they have come to our site through ads from Bing Ads.
If you enter our website via a Bing Ads display, a cookie (see clause 4) is set on your computer. A Bing UET tag is integrated on our website. This is a code that is used in conjunction with the cookie to store some non-personal data about the use of the website. This includes the time spent on the website, which areas of the website have been accessed, and which display has been used to access the website. Information about your identity is not collected.
This information is transferred to Microsoft servers in the US and stored there for a maximum of 180 days.
For more information about Bing’s analysis services, please visit the Bing website (https://help.bingads.microsoft.com/#apex/3/de/53056/2).
For interest-based marketing purposes, retargeting, optimising our web offer, analysing your surfing behaviour, and marketing campaign automation, this website uses the services of Exponea DE GmbH, Kemperplatz 1, Mitte D, 10785 Berlin.
Exponea uses the following cookies to collect information about the use of our website: https://docs.exponea.com/docs/cookies-storage.
The data collected by the cookies contain the following information: IP address, login data, time zone setting, operating system and platform, information about visits including URL, search terms, information about what you searched or viewed on our site, site response time, download errors, length of visits to certain pages, information about site interaction (e.g., scrolling, clicks, and mouse-overs), the methods used to leave the site, user activities, and web browsing.
Other data (your name, first name, gender, email address) are processed by Exponea only if you have registered for our email newsletter. In this case, we use the data collected to create a user profile in order to provide you with a newsletter tailored to your interests.
The legal basis for data processing by Exponea is Article 6 para. 1 letter f GDPR.
We make it possible for you to control your participation in the data collection yourself. Click here for complete rejection of data collection by Exponea: https://www.lavita.de/opt-out-exponea/
Further information about the services of Exponea can be found at https://exponea.com/de/capabilities/.
Further information on data protection at Exponea can be found at https://exponea.com/de/privacy-policy/.
In the context of our legitimate interest in a technically perfect online offer and its economically efficient design and optimisation in accordance with Article 6 para. 1 lit. f GDPR, we use the analysis software Smartlook s.r.o., Šumavská 524/31, Veveří, 602 00 Brno, Czech Republic.
This software records movements on our website in “heat maps”. The recording is done anonymously. It records where clicks occur and how far visitors scroll down our individual pages. This enables us to make our website more customer-friendly and eliminates malfunctions. The protection of your personal data is ensured by Smartlook. No data can be assigned to specific users. Only mouse movements, click events and their position on the website, and the length of the scroll movement are measured. The screen size of the device, the device type, information about the browser, the country from which the site was accessed, and the preferred language are also recorded. If personal data from you or third parties are displayed on a website, Smartlook will automatically hide them or replace them with cryptic characters. The user profiles created by Smartlook are deleted after 30 days.
You can deactivate Smartlook detection by clicking on the following link: https://www.smartlook.com/de/opt-out
b) Targeting tools
The targeting measures listed below and used by us are carried out on the basis of Article 6 para. 1 sentence 1 lit. f GDPR. Through the targeting measures we use, we want to ensure that you receive only advertising that is oriented to your actual or supposed interests on your end devices. These interests are to be considered legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding targeting tools.
I.) Google Adwords Remarketing
However, we would like to point out that you may not be able to use all functions of this website to their full extent. By using this website, you agree to the processing of the data collected about you by Google in the manner described above and for the aforementioned purpose. You can find more information about Google’s regulations here.
II.) Double click
The cookie is automatically deleted after 30 days.
The display is made on a pseudonymous basis. Personal data will not be stored. The cookie uses information on the device source, browser type, and your IP address (these have been completely anonymised by removing the last octet) to select suitable content.
IV.) Facebook Retargeting/Remarketing
Remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, US (“Facebook”) are integrated on our pages. When you visit our pages, the remarketing tags establish a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. This allows Facebook to associate your visit to our sites with your user account. We can use the information thus obtained to display Facebook Ads.
We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook.
V.) Facebook Custom Audiences
We also use Facebook Website Custom Audiences. This is a marketing service of Facebook. This enables us to display individually tailored and interest-based advertising on Facebook for certain groups of pseudonymised visitors to our website who also use Facebook.
A Facebook Custom Audience pixel is integrated on our website. This is a Java Script code used to store non-personal data about the use of the website. This includes your IP address, the browser you use, and the source and destination pages. This information is transferred to Facebook servers in the US. There it is automatically checked whether you have saved a Facebook cookie. The Facebook cookie is used to automatically determine whether you belong to the target group relevant to us. If you belong to the target group, you will be shown corresponding ads from us on Facebook. During this process, neither we nor Facebook will identify you personally by comparing the data.
This link allows you to object to the use of the Custom Audiences service.
6. Social media plug-ins
We use social plug-ins from the social networks Facebook, Twitter, and Instagram on our website on the basis of Article 6 para. 1 sentence 1 lit. f GDPR in order to make our company better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection-compliant operation must be guaranteed by the respective provider. The integration of these plug-ins by us takes place by means of the “two-click method” in order to protect visitors to our website in the best possible way.
Social media plug-ins from Facebook are used on our platform in order to make their use more personal. For this, we use the “LIKE” or “SHARE” button. This is an offer from Facebook.
If you call up a page of our website that contains such a plug-in, your browser establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted directly to your browser by Facebook and integrated into the website.
Through the integration of the plug-ins, Facebook receives the information that your browser has retrieved the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the US and stored there.
If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plug-ins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Facebook may use this information for the purposes of advertising, market research, and the design of Facebook pages to meet the needs of the market. For this purpose, Facebook creates usage, interest and relationship profiles (e.g. to evaluate your use of our website with regard to the advertisements displayed on Facebook) in order to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
If you do not want Facebook to associate the data collected through our website with your Facebook account, you must log out of Facebook before visiting our website.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook’s data protection information.
On our website, you will find plug-ins of the short news network of Twitter Inc. (Twitter). You can recognise the Twitter plug-ins (Tweet button) by the Twitter logo on our site. An overview of Tweet buttons can be found here.
When you call up a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter thereby receives the information that you have visited our site with your IP address. If you click the Twitter “Tweet button” while you are logged in to your Twitter account, you can link the contents of our pages on your Twitter profile. This allows Twitter to associate your visit to our sites with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.
If you do not want Twitter to be able to track visits to our site, please log out of your Twitter account.
Our site also uses social plug-ins (“Plug-ins”) from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, US (“Instagram”).
The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”.
If you call up a page of our website that contains such a plug-in, your browser establishes a direct connection to the Instagram servers. The content of the plug-in is transmitted directly from Instagram to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has retrieved the corresponding page of our website, even if you do not have an Instagram profile or are not logged in to Instagram.
This information (including your IP address) is transmitted directly from your browser to an Instagram server in the US and stored there. If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. When you interact with the plug-ins, for example by clicking the “Instagram” button, this information is also sent directly to an Instagram server and stored there.
The information is also published to your Instagram account and displayed to your contacts.
If you do not want Instagram to associate the data collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website.
7. Trusted Shops
On our website and for orders in our on-line shop, we use the buyer protection system of Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, (“Trusted Shops”) in order to enable customers to safely purchase our products in the online shop.
Within the scope of your orders in our online shop, you have the possibility to use the buyer protection of Trusted Shops and give a rating in the rating system of Trusted Shops. This is done voluntarily.
If you have given us your consent in accordance with Article 6 para. 1 sentence 1 lit. a GDPR during or after your order by activating a corresponding check-box or clicking a button provided for this purpose (“Rate later”), we will pass on your email address to Trusted Shops for the processing of your orders in our online shop.
This consent can be revoked at any time by sending a message to the contact option described below or directly to Trusted Shops.
8. Rights of data subjects
You have the right:
- to request information about your personal data processed by us in accordance with Article 15 GDPR In particular, you may request information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the duration of the retention envisaged, the existence of a right of rectification, erasure, limitation or opposition, the existence of a right of appeal, and the origin of your data (if these were not collected by us) as well as the existence of automated decision-making process, including profiling and, where appropriate, meaningful information on its details
- to immediately request the correction of incorrect or incomplete personal data stored by us in accordance with Article 16 GDPR
- In accordance with Article 17 GDPR, you have the right to request the deletion of your personal data stored by us unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims
- In accordance with Article 18 GDPR, you have the right to request the limitation of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it, and we no longer needs the data but you need it to assert, exercise, or defend legal claims, or you have lodged an objection to the processing in accordance with Article 21 GDPR
- to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request transmission to another responsible person in accordance with Article 20 GDPR
- to revoke your consent to us any time in accordance with Article 7 paragraph 3 GDPR As a consequence, we may no longer continue the data processing that was based on this consent for the future.
- to complain to a supervisory authority In accordance with Art 77 GDPR As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.
9. Right of objection
If your personal data are processed on the basis of legitimate interests in accordance with Article 6 para. 1 sentence 1 letter f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a special situation.
If you would like to make use of your right of revocation or objection, an email to email@example.com is sufficient.
10. Data security
During the ordering process, we use the common SSL (Secure Socket Layer) procedure in connection with the highest encryption level supported by your browser. This is usually a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in line with technological development.
and printed out.