Privacy Policy

Welcome to “Die Kräuterdrogerie”!

We attach great importance to the protection of your data. To ensure you are fully informed about the use of personal data, we ask you to read the following privacy policy. Since changes in the law or changes to our internal company processes may require us to adapt this privacy policy, we ask you to read it regularly. The privacy policy can be accessed, saved, and printed at any time on our website.

§ 1 Responsible party and scope

The controller within the meaning of the EU General Data Protection Regulation (hereinafter referred to as GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Zsuzsánna Tamás-Szóra
Die Kräuterdrogerie e.U.
A-1080 Vienna, Kochgasse 34
Phone: 0043 1 405 45 22
Email: datenschutz@kraeuterdrogerie.at
Website: www.kräuterdrogerie.at

This privacy policy applies to the website of the company “Die Kräuterdrogerie”, which is accessible under the domain www.kräuterdrogerie.at and the various subdomains (hereinafter referred to as the website).

§ 2 Principles of data processing

Personal data is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behavior. Information that we cannot link to you (or can only link to you with disproportionate effort), e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. collecting, retrieving, using, storing or transmitting) always requires a legal basis or your consent. Processed personal data is deleted as soon as the purpose of the processing has been achieved and there are no longer any legally prescribed retention periods. If we process your personal data to provide certain services, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.

§ 3 Processing operations

1) Provision and use of the website

Below, we would like to inform you about how we handle personal data when you use this website. Personal data that you transmit electronically on this website will be stored securely by us and will not be shared with third parties.

a) Type and scope of data processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file.

When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

-) IP address and the requesting provider
-) Date and time of the request
-) Time zone difference to Greenwich Mean Time (GMT)
-) Content of the request (specific page)
-) Operating system and its interface
-) Access status / HTTP status code
-) Amount of data transferred
-) Website from which the request comes
-) Browser, language and version of the browser software
-) User's operating system

b) Legal basis

Art. 6 (1) (f) GDPR serves as the legal basis for this data processing. The processing of this data is necessary for the provision of a website and thus serves to safeguard a legitimate interest of our company.

c) Storage period

As soon as the aforementioned data is no longer required to display the website, it will be deleted. The collection of data to provide the website and the storage of data in log files is mandatory for the operation of the website. Consequently, the user has no right to object. Further storage may occur in individual cases if required by law—particularly in the case of unauthorized access or attempted access to servers in order to derive personal data.

2) Newsletter

a) Type and scope of data processing

On our website, you have the option to subscribe to a free newsletter. In order to send you the newsletter regularly, we require the following information from you:

-) E-mail address
-) Name (can also be fictitious)

Our newsletter is sent via “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to MailChimp's own information, MailChimp may use this data to optimize or improve its own services, e.g., to technically optimize the delivery and presentation of the newsletter or for commercial purposes, to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to contact them directly or to pass it on to third parties.

MailChimp is certified under the EU-US Privacy Shield Framework and is therefore committed to complying with EU data protection regulations. We have entered into a "Data Processing Agreement" with MailChimp. This is a contract in which MailChimp undertakes to protect our users' data, to process it on our behalf in accordance with their data protection regulations, and, in particular, not to pass it on to third parties. You can view MailChimp's data protection policy here: https://mailchimp.com/legal/privacy/. b) Legal basis

The processing of your email address for sending the newsletter is based on Art. 6 (1) (a) GDPR on the declaration of consent you voluntarily provide below:

Declaration of consent

By entering my data and clicking the "Subscribe" button, I consent to the processing of my email address for regular newsletter distribution. I can unsubscribe from the newsletter service at any time by clicking the corresponding link at the end of the newsletter. I have read and accept the current privacy policy. I can revoke my consent to the collection of personal data collected during the registration process at any time by contacting office@kraeuterdrogerie.at .

You can revoke your consent to the use of your personal data at any time with future effect by sending an email to the email address stated above in Section 1.

d) Storage period

Your email address will be stored for as long as you are subscribed to the newsletter. Once you unsubscribe from the newsletter, your email address will be deleted. Longer storage may occur in individual cases if required by law.

3) Contact options on our website

The following contact options are available on our website:

-) Contact by email at office@kraeuterdrogerie.at , datenschutz@kraeuterdrogerie.at
-) Contact by phone at +43 1 405 45 22
-) Contact via contact form
-) Contact via registration form for events

a) Type and scope of data processing

Any website visitor can send their inquiries to these email addresses. The relevant department will process the request. Our data collection is limited to the email address of the email account you used to contact us, as well as any personal data you provide when contacting us.

b) Legal basis

The admissibility of the data collection is based on Art. 6 (1) (f) GDPR, as there is a parallel interest in establishing contact and communication between you and our company as well as a legitimate corporate interest in processing the above-mentioned data in order to be able to process your request.

c) Storage period

The length of time the above-mentioned data is stored depends on the reason for your contact. Your data will be deleted regularly if the intended purpose of the communication no longer applies and storage is no longer necessary.

§ 4 Transfer of data

We will only share your personal information with third parties if:

• You have given your express consent in accordance with Art. 6 (1) (a) GDPR
• this is legally permissible and is necessary to fulfil a contractual relationship with you according to Art. 6 (1) (b) GDPR
• according to Art. 6 (1) (c) GDPR there is a legal obligation to pass on the data
• the transfer is necessary in accordance with Art. 6 (1) (f) GDPR to safeguard legitimate company interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.

1) Transfer of data for processing on our behalf

We sometimes use specialized service providers to process your data. Our service providers are carefully selected and regularly monitored. They process personal data only on our behalf and strictly in accordance with our instructions, based on appropriate data processing agreements.

2) Processing of data outside the EU / EEA

Some of your data will also be processed in countries outside the European Union ("EU") or the European Economic Area ("EEA"), where the level of data protection may generally be lower than in Europe. In these cases, we ensure that an adequate level of data protection for your data is guaranteed, for example, through contractual agreements with our contractual partners, or we ask for your express consent.

§ 5 Use of cookies

a) Type and scope of data processing

We use cookies on our website. Cookies are small files that are sent to the browser of your device when you visit our website and stored there. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, however, enable us to carry out various analyses. For example, cookies are able to recognize the browser you use when you visit our website again and to transmit various information to us. With the help of cookies, we can, among other things, make our internet offering more user-friendly and effective for you by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not cause any damage to your device. They cannot run programs and do not contain viruses. Our website uses various types of cookies, the type and function of which are explained in more detail below.

Persistent cookies

Persistent cookies are used on our website.

Persistent cookies are cookies that are stored in your browser for an extended period of time and transmit information to us. The storage period varies depending on the cookie. You can delete persistent cookies yourself via your browser settings.

Required cookies

These cookies are required for technical reasons so that you can visit our website and use the features we offer. This applies, for example, to the following applications: ordering process, etc. These cookies also contribute to the safe and proper use of the website.

Analysis cookies

These cookies enable us to analyze website usage and improve the performance and functionality of our website. For example, they collect information about how our website is used by visitors, which pages are accessed most frequently, or whether error messages appear on certain pages.

b) Legal basis

Due to the purposes described (see Section 5.a.), the legal basis for processing personal data using cookies is Art. 6 (1) (f) GDPR. If you have given us your consent to use cookies based on a notice we provided on the website ("cookie banner"), the legality of the use is also governed by Art. 6 (1) (a) GDPR.

c) Storage period

As soon as the data transmitted to us via cookies is no longer required to achieve the purposes described above, this information will be deleted. Further storage may occur in individual cases if required by law.

d) Configuration of browser settings

Most browsers are pre-set to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are deactivated through your browser settings on our website. You can also delete cookies already stored in your browser via your browser settings. It is also possible to set your browser so that it notifies you before cookies are stored. Since individual browsers can function differently, we ask you to use the respective help menu of your browser for configuration options.

If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plug-ins.

§ 7 Tracking and analysis tools

We use tracking and analysis tools to ensure continuous optimization and needs-based design of our website. With the help of tracking measures, it is also possible for us to statistically record the use of our website by visitors and to further develop our online offering for you with the help of the knowledge gained. Due to these interests, the use of the tracking and analysis tools described below is justified in accordance with Art. 6 (1) (f) GDPR. If you have given us your consent to the use of cookies on the basis of a notice provided by us on the website (“cookie banner”), the legality of the use is also governed by Art. 6 (1) (a) GDPR. The following description of the tracking and analysis tools also shows the respective processing purposes and the data processed. You can change your selection of tracking and analysis tools in the cookie settings at any time and thus activate and deactivate them.

2) Squarespace Analytics

Our website uses Squarespace Analytics, a web analytics service provided by Squarespace, Inc. (“Squarespace”), headquartered in the USA.

Squarespace Analytics uses cookies, i.e. text files that are stored on your device with the help of the browser and that enable an analysis of your use of our website. The information generated by the cookies about your use of this website (including your IP address) is transmitted to a Squarespace server in the USA and stored there. Squarespace uses this information to evaluate your use of the website, to compile reports on website activity for us as the website operator and to provide other services related to website activity and internet usage. Squarespace may also transfer this information to third parties if required to do so by law or if third parties process this data on Squarespace's behalf. Squarespace will under no circumstances associate your IP address with other data. You can prevent the installation of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to fully use all functions of our website.

Squarespace is certified under the EU-US Privacy Shield Framework and is therefore committed to complying with EU data protection regulations. Further information on Squarespace's privacy policy can be found at https://www.squarespace.com/privacy/. The data processing agreement can be viewed here: https://www.squarespace.com/dpa/.

Our purpose for web analytics within the meaning of the GDPR (legitimate interest) is to improve our offering and our website. Because the privacy of our users is important to us, IP addresses are not evaluated or displayed in our website's access statistics.

2) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountainview, CA 94043, USA ("Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by these cookies, such as the time, location, and frequency of your use of this website, is generally transferred to a Google server in the USA and stored there. When using Google Analytics, it cannot be ruled out that the cookies set by Google Analytics may collect other personal data in addition to your IP address. We would like to point out that Google may transfer this information to third parties where required to do so by law, or where third parties process the data on Google's behalf.

Google will use the information generated by cookies on behalf of the website operator to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services related to website activity and internet usage. According to Google Analytics, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can generally prevent cookies from being saved by selecting the appropriate settings in your browser. However, please note that if you do this, you may not be able to use the full functionality of this website.

It cannot be ruled out that the cookies set by Google Analytics may collect other personal data in addition to the IP address. To prevent information about your use of the website from being collected and transferred to Google Analytics, you can, in addition to the option of deactivating tracking cookies mentioned above, download and install a plug-in for your browser using the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This plugin prevents information about your visit to the website from being transmitted to Google Analytics. This plugin does not prevent other types of analysis.

To ensure the best possible protection of your personal data, Google Analytics has been extended on this website with the code "anonymizeIp." This code deletes the last 8 bits of the IP address, thus anonymizing your IP address. Your IP address is generally shortened by Google before transmission within member states of the European Union or other contracting states to the Agreement on the European Economic Area, thus making it anonymous. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

3) Google Maps

This website uses Google Maps to display map information. The content of the plugin is transmitted directly from Google to your browser, which then integrates it into the website. The provider therefore has no influence on the extent of the data Google collects using this plugin and therefore informs users according to its current level of knowledge:

When you use Google Maps, Google also collects, processes, and uses data about the use of Maps functions by website visitors. For more information about data processing by Google, please see Google's privacy policy at https://www.google.at/intl/de/policies/privacy/

There, you can also change your settings in the privacy center so that you can manage and protect your data. If you do not want this data to be associated with your Google Account, please log out of Google before visiting our website.

4) Instagram

Our website incorporates functions from the Instagram service. The content of the plugin is transmitted directly from Instagram to your browser, which then integrates it into the website. The provider therefore has no influence on the extent of the data Instagram collects using this plugin and therefore informs users according to its current level of knowledge:

Instagram may be informed that you have visited our website using your IP address. This allows Instagram to associate your visit to our website with your user account. Please note that, as the provider of the website, we have no knowledge of the content of the transmitted data or how Instagram uses it. Further information can be found in Instagram's privacy policy at https://www.instagram.com/about/legal/privacy/

5) Facebook Plugins

This website uses Facebook features. The content of the plugin is transmitted directly from Facebook to your browser, which then integrates it into the website. The provider therefore has no influence on the extent of the data Facebook collects using this plugin and therefore informs users according to its current level of knowledge:

By integrating the plug-ins, Facebook receives the information that a user has accessed the corresponding website. If the user is logged in to Facebook, Facebook can associate the visit with their Facebook account. When users interact with the plug-ins, for example, by clicking the Like button or leaving a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. Even if a user is not a Facebook member, it is still possible that Facebook will obtain and store their IP address. If you do not want this data to be associated with your Facebook account, please log out of Facebook before visiting our page. The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as the related rights and setting options for protecting the privacy of users, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

§ 7 Hyperlinks

Our website contains links to third-party websites. When you activate these hyperlinks, you will be redirected from our website directly to the other provider's website. You will recognize this, among other things, by the change in the URL. We cannot accept any responsibility for the confidential treatment of your data on these third-party websites, as we have no influence on these companies' compliance with data protection regulations. Please inform yourself about how these companies handle your personal data directly on these websites.

§ 8 Rights of data subjects

The GDPR gives you, as a data subject, the following rights:

1) Right to information

Pursuant to Art. 15 GDPR, you may request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data (if not collected from us), any transfer to third countries or international organizations, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information on its details.

2) Right to rectification

According to Art. 16 GDPR, you can immediately request the correction of incorrect or the completion of your personal data stored by us.

3) Right to erasure

According to Art. 17 GDPR, you can request the deletion of your personal data stored by us, provided that the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.

4) Right to restriction

Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, we no longer need the data, and you oppose its deletion because you require it to assert, exercise, or defend legal claims. You are also entitled to this right under Art. 18 GDPR if you have objected to the processing pursuant to Art. 21 GDPR.

5) Right to issue

According to Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, common and machine-readable format or you can request that it be transmitted to another controller.

6) Right of withdrawal

According to Art. 7 (3) GDPR, you may revoke your consent at any time. This means that we may no longer continue the data processing based on this consent in the future.

7) Right to complain

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence, your place of work, or our company headquarters.

§ 9 Right of objection

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation or if the objection is directed against direct marketing. In the case of direct marketing, you have a general right of objection, which we will implement without specifying a particular situation. If you wish to exercise your rights, please address your request in writing to the contact person listed under Section 1.

§ 10 Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. To prevent manipulation, loss, or misuse of your stored data, we take extensive technical and organizational security precautions that are regularly reviewed and adapted to technological advances. This includes, among other things, the use of recognized encryption methods (SSL or TLS).

However, we would like to point out that due to the structure of the Internet, it is possible that the data protection regulations and the aforementioned security measures may not be observed by other persons or institutions outside our area of ​​responsibility. In particular, data disclosed unencrypted – e.g., if sent via email – may be read by third parties. We have no technical control over this. It is the user's responsibility to protect the data they provide against misuse through encryption or other means.

§ 11 Adaptation of the data protection declaration

We reserve the right to update this Privacy Policy from time to time. Updates to this Privacy Policy will be posted on our website. Changes will be effective upon posting on our website. We therefore encourage you to visit this page periodically to review any updates.