Disclaimer & Privacy

Data Protection

What data do we collect?

When you visit our website or shop, we collect

• Your browser type (Firefox, Safari, Chrome, Bing etc.), 
• The pages of our website and/or shop that you visit, 
• Your operating system (Windows, OS, Android etc.),
• Your anonymised IP address.

This data is stored and used without any relation to you as a person.

When you register with our online shop, we save your personal data such as your title, full name, contact details (telephone, email address), billing and delivery addresses and order details.

To ensure the safety of your personal data, e.g. when you log into your account and during the ordering process, we use SSL encryption. While your data is being transferred to our web servers, your data will be made unrecognisable to third parties, who will not be able to restore it.

We do not save any payment data regarding credit cards, PayPal accounts or other payment services or systems. If you provide us with a written SEPA direct debit authorisation, then we will save the account provided by you in writing.

Data collection in our online shop takes place using cookies and direct entry by you.

What happens to my data?

Your personal data will only be used for certain purposes, such as

- To process your orders or provide services,
- To ensure security in ordering and payment processes (credibility checks when making purchases on account, fraud prevention),
- To advertise (using newsletters, retargeting) our products, 
- To fulfil statutory requirements,

Data is only processed in regard to individual cases.

Privacy Policy

Controller

The controllers in the sense of data protection law, in particular the EU’s General Data Protection Regulation (GDPR), are:

Robert Czichos and Michael Brink
Bionatic GmbH & Co. KG
Löwenhof 9
D - 28217 Bremen

Your Data Subject Rights

You can use the contact details provided to exercise the following rights:

• Get information about your data saved by us and its processing,
• Correct incorrect personal data,
• Delete data about you stored by us,
• Limit data processing insofar as we cannot delete your data due to legal obligations,
• Object to our processing of your data and
• Data transferability insofar as you approved the data processing or entered into a contract with us.

If you have granted us any consent, you can revoke this at any time with effect for the future.

You can complain to the responsible supervisory authority at any time. Your responsible supervisory authority depends on which state you live or work in or where your rights were allegedly violated. You can find a list of supervisory authorities (for non-public fields) with addresses here: Data protection agent addresses.

Purpose of Data Processing by the Controller and Third Parties

We process your personal data only for the purposes stated in this privacy policy. Your personal data is not transferred to third parties for any other purposes than those outlined. We only pass your personal data onto third parties if:

• You have granted your express permission,
• The processing is necessary to complete a contract with you,
• The processing is necessary to fulfil a legal obligation,

The processing is necessary to uphold legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in your data not being passed on.

Collection of General Information upon Visiting our Website

When you access our website, general information will automatically be collected using a cookie. This information (server log files) includes the type of web browser, the operating system used, the domain name of your internet service provider and similar. This is only information that cannot be used to trace back to you.

This information is technically necessary to correctly provide you with the content requested by you and is needed to use the internet. It will be processed especially for the following purposes:

• Ensuring a proper connection with the website,
• Ensuring the smooth use of our website,
• Evaluating system security and stability as well as
• Further administrative purposes.

The processing of your personal data is based on our legitimate interest in data processing for the stated purposes. We do not use your data to trace back to you. Data recipients only include the controllers and any subcontractors.

Anonymous information of this type may be statistically evaluated by us in order to optimise our internet presence and the technology behind it.

Registering on Our Website

When registering, some personal data is collected, such as name, address, contact and communication data such as telephone number and email address. Registered users have the opportunity to change or delete data entered upon registration at any time. Of course, we will inform you of what data we have stored about you at any time. We are happy to correct/delete data at your request insofar as there are no conflicting legal obligations. To contact us in this regard, please use the contact details provided at the end of this privacy policy.

SSL Encryption

In order to protect the security of your data during transfers, we use an encryption process (e.g. SSL) that complies with the current state of the art.

Comment Function

When users leave comments on our website, these are saved along with data regarding the time of their creation and the user name chosen by the website visitor. This is for our safety, as we may be prosecuted for unlawful content on our website, even if this is created by users.

Cookies

Just like many other websites, we use cookies. Cookies are small text files that are transferred from a web server to your hard drive. We automatically receive certain data, such as IP address, browser, operating system and internet connection.

Cookies cannot be used to start programmes or transfer viruses to a computer. Using the information contained in the cookies, we can make it easier for you to navigate our website and ensure that it is displayed properly.

The data collected by us will not be passed onto third parties or linked to personal data without your consent.

Of course, you can view our website without cookies in principle. Internet browsers are regularly set up to accept cookies. In general, you can deactivate the use of cookies at any time using your browser settings. Please use the help function in your internet browser to find out how to change these settings. Please note that individual functions of our website may not work if cookies are deactivated.

Newsletter

Based on your express consent, we will regularly send you our newsletter and/or similar information via email to the email address provided by you.

In order to receive the newsletter, it is sufficient to provide your email address. The information you provide when signing up to our newsletter will only be used for this purpose. Subscribers may also be informed via email of circumstances relevant for the service or registration (such as changes to newsletter subscription or technical matters).

We need a valid email address for a valid registration. To check that registration was actually requested by the owner of the email address, we use a “double opt-in” process. To this end, we log the ordering of the newsletter, the sending of a confirmation email and the receipt of the requested response. Further data is not collected. Data is only used to send the newsletter and is not passed onto third parties.

You can revoke your consent to save your personal data and use it to send the newsletter at any time. You will find a link in each newsletter. You can also unsubscribe on this website at any time or contact us to express your preference using the contact details at the end of this privacy policy.

Contact Form

When you contact us via email or a contact form on any of these matters, you are granting your consent for us to contact you. It is necessary to provide a valid email address. This serves to allocate your request and provide a suitable response. The submission of further data is optional. The information entered by you will be saved for the purposes of processing your request as well as possible follow-up questions. Once the matter has been dealt with, personal data will be deleted.

Use of Google Analytics

Our website uses Google Analytics, a web analysis service by Google Inc. (hereafter: Google). Google Analytics uses cookies, text files that are saved to your computer and that facilitate the analysis of website use. The information about your use of this website created by the cookie is generally transferred to a Google server in the USA and stored there. As IP anonymisation is activated on this website, your IP address will be shortened by Google before leaving the European Union or European Economic Area. In exceptional cases, the full IP address will be transferred to a Google server in the USA and shortened there. On behalf of the website operator, Google will use this information to evaluate your use of the website, to create reports about website activities and provide other services for the website operator related to use of the website and the internet. The IP address transferred from your browser to Google will not be combined with any other Google data.

You can prevent the storage of cookies by altering your browser software settings; we must make you aware, however, that you may not be able to use all website functions if you do so. You can also prevent Google from collecting the data created by the cookies about your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available using the following link: browser add-on to deactivate Google Analytics.

Alternatively, or in addition to the browser add-on, you can prevent Google Analytics from tracking on our website by clicking on the following link. This will install an opt-out cookie on your device. This will prevent Google Analytics from collecting information for this website and this browser in future, for as long as the cookie remains installed on your browser.

Use of Google Optimize

Our website also uses Google Optimize. Google Optimize analyses the use of various versions of our website in order to improve the user-friendliness of our website. Google Optimize is a sub-service of Google Analytics. See ‘Use of Google Analytics’.

Use of Script Libraries (Google Webfonts)

In order to properly graphically display our content across browsers, we use script libraries and font libraries such as Google Webfonts on this website. Google Webfonts are transferred in order to avoid multiple loading in your browser cache. If your browser does not support Google Webfonts or limits access, content will be shown in standard fonts.

Accessing script libraries or font libraries automatically creates a connection to the library’s operator. It is theoretically possible for the operators of these libraries to collect data - although it is currently unclear whether this occurs or for what purpose.

You can find Google’s privacy policy as a library operator here.

Use of Adobe Typekit

We use Adobe Typekit for the visual design of our website. Typekit is a service provided by Adobe Systems Software Ireland Ltd. that grants us access to a font library. To integrate the fonts used by us, your browser must create a connection to an Adobe server in the USA and download the fonts required for our website. Adobe is informed that your IP address accessed our website. You can find out more about Adobe Typekit in Adobe’s privacy policy.

Use of Google Maps

This website uses Google Maps API in order to visually display geographical information. When using Google Maps, Google will also collect, process and use information about the use of their map function by visitors. You can find out more about how Google processes data in Google’s privacy policy. Here, you can also change your personal data protection settings in the privacy centre.
Detailed instructions on managing your data regarding Google products.

Use of IntelliAd

This website uses the web analysis service and bid management service provided by intelliAd Media GmbH, Sendlinger Str. 7, 80331 Munich. In order to design and optimise this website to suit your needs, anonymous user data is processed, pooled and saved as well as used to create user profiles. When using intelliAd tracking, local cookie storage takes place. You have the right to object to the processing of your user data. You can use the intelliAd opt-outfunction.

Embedded YouTube Videos

We embed YouTube videos onto some of our website pages. The plug-ins are operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, a connection will be created to YouTube’s servers. YouTube will hereby be informed of which pages you have visited. If you are logged into your YouTube account, YouTube can allocate your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account in advance.

If a YouTube video is started, the provider uses cookies to collect information about user behaviour.

If you have deactivated the storage of cookies for the Google Ad programme, you will not have to deal with any such cookies when viewing YouTube videos. However, YouTube also uses other cookies to collect non-personal user data. If you would like to prevent this, you will have to block the saving of cookies in your browser.

You can find more information about data protection at YouTube in the provider’s privacy policy.

Google AdWords

Our website uses Google conversion tracking. If you click on a Google ad on our website, Google Adwords will place a cookie on your computer. The conversion tracking cookie is used when a user clicks on a Google ad. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie is still valid, we and Google can identify that the user has clicked on the ad and been forwarded to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the conversion cookies serves to create conversion statistics for AdWords customers that have opted for conversion tracking. The customers find out the total number of users that have clicked on their ads and been forwarded to the intended page with a conversion tracking tag. They do not receive any information that can be used to personally identify users.

If you do not want to take part in the tracking, you can reject all necessary cookies - by adjusting your browser settings to either generally deactivate cookies or to block cookies from the domain ‘googleleadservices.com’.

Please note that you cannot delete the opt-out cookies for as long as you do not want to be included in the measurement data. If you delete all cookies in your browser, you have to re-install the opt-out cookie.

Use of Facebook, Google+, Twitter and Instagram Plug-Ins

Insofar as we use social plugins (‘plug-ins’) for the social networks Facebook and Google+ and the micro-blogging services Twitter and Instagram on our website, the following applies: These services are provided by Facebook Inc., Google Inc., Twitter Inc. and Instagram LLC (‘providers’).

• Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). You can find an overview of Facebook plug-ins and how they look here: Facebook for developers
• Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). You can find an overview of Google plug-ins and how they look here: Google developers
• Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103. You can find an overview of Twitter buttons and how they look here: Twitter buttons
• Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (‘Instagram’).You can find an overview of Instagram badges and how they look here: Instagram badges

When you visit a page on our website that contains any such plug-in, your browser creates a direct connection to the servers of Facebook, Google, Twitter or Instagram. The content of the plug-in will be transferred directly to your browser from the relevant provider and connected to the page. By connecting to the plug-in, the provider is informed that your browser has accessed the relevant page of our website even if you do not have a profile or are currently logged out of your profile. This information (including your IP address) will be transferred from your browser directly to a server of the relevant provider in the USA and stored there. If you logged into one of the services, the provider can allocate your visit to our website to your profile on Facebook, Google+, Twitter and/or Instagram. When you interact with the plug-ins, such as by clicking ‘Like’, ‘+1’, ‘Tweet’ or the ‘Instagram’ button, the relevant information will be transferred directly to the provider’s server and stored there. The information will be published on the social network, on your Twitter/Instagram account and shown to your contacts there.
To find out more about the purpose and scope of data collection and further processing and use of the data by the provider as well as your rights and options to protect your privacy, please refer to the provider’s privacy policy.

• Facebook privacy policy
• Google privacy policy
• Twitter privacy policy
• Instagram privacy policy

If you do not want Google, Facebook, Twitter or Instagram to allocate data collected via our website to your profile on the relevant service, you must log out of the relevant service before visiting our website. You can prevent the plug-ins from loading with add-ons (script blockers) for your browser. Please search for the relevant add-ons in your browser’s add-on/settings help section.

Retargeting/Remarketing

This website uses retargeting services from the following providers:

• Google Adwords Remarketing, a retargeting service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google Adwords privacy policy
• Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA; Facebook privacy policy

Retargeting technology allows visitors to our website to be targeted with personalised, interest-based advertising when they have already expressed interest in or shop and our products. The advertisement is displayed based on a cookie-based analysis of previous user behaviour, whereby no personal data is saved. When retargeting technology is used, a cookie is saved to your computer or mobile end device in order to collect anonymised data about your interests and so the advertising will be individually customised to suit the saved information. These cookies are small text files that are saved to your computer or mobile end device. This means that you will be shown advertising that will probably comply with your interests in products and information.

You can permanently object to the use of cookies by Google by downloading and installing the browser plug-in available via the following link.

If you do not wish to take part in Facebook Custom Audiences, you can deactivate Custom Audiences.

Alternatively, you can deactivate the use of cookies for interest-related advertising by advertising network initiatives by using the following link: http://www.networkadvertising.org/managing/opt_out.asp.

Embedding the Trusted Shops Trustbadge

In order to display our Trusted Shops seal and any reviews, as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops Trustbadge is embedded on this website.

This serves to uphold our overriding legitimate interest in optimal marketing by facilitating a secure purchase in accordance with article 6 paragraph 1 s 1 lit f of the GDPR. The Trustbadge and the services purchased through it are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided as part of contractual processing by a CDN provider (content delivery network). Trusted Shops GmbH also uses a service provider from the USA. A suitable level of data protection is ensured. You can find out more about Trusted Shops GmbH’s privacy policy here: https://www.trustedshops.de/impressum/#datenschutz

When accessing the Trustbadge, the web server automatically saves a server log file that contains your IP address, the date and time of your visit, the amount of data transferred and the requesting provider (access data), and documents the access. Individual access data is saved for the analysis of security anomalies in a security database. The log files are automatically deleted 90 days after creation at the latest.

Further personal data is transferred to Trusted Shops GmbH if you have opted to use Trusted Shops products after placing an order or have already registered for such use. The contractual agreement made between you and Trusted Shops applies. To this end, personal data is automatically collected from the order data. Whether you have already registered for product use as a buyer shall be established using a neutral parameter, an email address hashed using a one-off cryptographic function. The email address will be converted into a hashed value that cannot be decrypted by Trusted Shops. Once a match has been established, the parameter shall be automatically deleted.

This is required for the fulfilment of our and Trusted Shops’ legitimate interests in the provision of buyer protection and transactional evaluation services related to a specific order in accordance with article 6 paragraph 1 s 1 lit f of the GDPR. Further details, including regarding objection, can be found in Trusted Shops’ privacy policy as linked above and via the Trustbadge.

Changes to Our Privacy Policy

We reserve the right to adjust our privacy policy so that it always complies with the latest legal requirements as well as changes to our services, e.g. if we introduce new services. The new privacy policy will apply to your new visit.

Questions about Our Privacy Policy

If you have any questions about data protection, please email or call us on:

Bionatic GmbH & Co. KG
Löwenhof 9 
28217 Bremen
it(at)bionatic.de
0049 (0)421 24687870

All the best,
Your Greenbox Bionatic team