Privacy Policy

1. INTRODUCTION

In the following, we would like to inform you about data protection on our website and about the type, scope and purpose of the personal data we collect, use and process. Data protection is a high priority for us.

Personal data are all data with which you could be personally identified, e.g. name, IP address, telephone number, etc. Some of this data are processed automatically when you visit the website (e.g. IP address, browser type, operating system, etc.), or if you give us your consent to process it, or if you provide us with your data voluntarily, e.g. by entering your data in a form on our website.

We would also like to inform you about your rights under the GDPR.

You have the right to receive information free of charge at any time about the origin, recipient and purpose of your personal data processed by us, as well as the right to correct or delete this data.

You also have the right to request the restriction of the processing of your personal data under certain circumstances. If you have given us your consent to process your data, you can withdraw this consent at any time with effect for the future. You also have the right to lodge a complaint with the competent data protection supervisory authority.

2. RESPONSIBLE

The person responsible for data protection/processing is:

Dr. Ryan Santiago Stiel

Ludwigstrasse 5

97688 Bad Kissingen

Germany

E-Mail: info@stiel-nature.com

3. INFORMATION FOR VISITORS OF THE WEBSITE

ACCESSING THE WEBSITE – PROCESSING OF PERSONAL DATA AND TYPE AND PURPOSE OF USE

When you access our website, you transmit data to our web server via your Internet browser (for technical reasons). The following data are processed in the server log files during an ongoing connection for communication between your internet browser and our web server:

• the page from which the file was requested - referrer URL
• the name of the file
• the date and time of the request
• a description of the type of web browser used / browser version and operating system
• IP address of the requesting computer
• Access status (file transferred, file not found, etc.)
• Amount of data transferred

This data are stored temporarily for technical reasons (accessing the website). It is not possible for us to draw conclusions about individual persons from this data. The IP address is deleted or anonymized after 7 days at the latest.

The data are evaluated exclusively for internal purposes and does not allow us to draw any conclusions about your person. A comparison with other databases does not take place.

The aforementioned data are processed for the following purposes:

• Ensuring a proper and smooth connection to the website,
• Ensuring convenient use of the website,
• Evaluation of system security and stability

The legal basis for data processing is Art. 6 I S 1 lit. f GDPR. The legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. You can visit the website without providing any personal data.

4. COOKIES / COSENT TOOL

We use cookies on our website. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. Cookies do not contain any personal data and therefore cannot be directly assigned to a user.

The use of cookies serves to make the use of our website more pleasant for you. For example, we use technically necessary session cookies to recognize that you have already visited individual pages of our website or to set the language. These cookies are automatically deleted after you close your browser or after one day. The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 I S 1 lit. f GDPR.

Cookies or other technologies may also be used by third-party services with your consent. The legal basis is then Art. 6 I S 1 lit. a GDPR - your consent. These cookies are automatically deleted after a defined period of time. A detailed overview of the cookies or other technologies and service providers we use, their purposes and storage duration, the legal basis for cookie use and further information can be found in our Consent Manager.

You can use the Consent Manager to accept or reject individual or all cookies separately when you visit our website for the first time and at any time thereafter by placing a tick / a cross next to the respective cookie or removing it and saving the settings. These settings are saved on your computer or mobile device in local storage. They must therefore be made and saved again if the device's local storage is deleted or another device or browser is used. Please note that you may have to manually delete cookies that have already been set if you withdraw your consent.

Most browsers accept cookies automatically. However, you can also configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. Each browser manages the cookie settings differently. How you can deactivate cookies or change settings is described in the help menus of your browser.

5. INQUIRIES

If you contact us by e-mail, we will store and process your request, including all personal data resulting from it (e.g. name, request) for the purpose of processing your request. The data will not be passed on without your consent. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.

This data is processed on the basis of Art. 6 I S 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 I S 1 lit. a GDPR) and / or on our legitimate interest (Art. 6 I S 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

The data sent to us via contact requests (e-mails) will be stored by us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

6. NEWSLETTER 

We only send our newsletter with advertising information (hereinafter “newsletter”) with the express consent of the recipient in accordance with Art. 6 I S. 1 lit. a GDPR. Registration for our newsletter takes place in a so-called double opt-in procedure, i.e. after registering for our newsletter, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no third party can register with your e-mail address. There is no legal or contractual obligation to provide your data, but it is not possible to send a newsletter without providing your data.

Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

To subscribe to our newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to provide your first name, surname and address. This information is voluntary and is only used to personalize the newsletter. You can also use a pseudonym.

We will store your e-mail address until you unsubscribe from our newsletter. You can unsubscribe from the newsletter at any time in the future either by clicking on the link at the end of each newsletter or by clicking on the “Unsubscribe from newsletter” link on our website and following the steps described.

Consent to the sending of e-mail addresses is based on Art. 6 I S 1 lit. a GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users for information about our products.

We would like to point out that you can revoke your consent to the future processing of your personal data at any time. Further information on your right of revocation can be found under “Rights of data subjects”.

7. E-MAIL ADVERTISING

E-MAIL ADVERTISING AND YOUR RIGHT TO OBJECT 

If we have received your e-mail address in connection with the sale of a product or service and you have not objected, we reserve the right to regularly send you our offers for products similar to those you have already purchased by e-mail on the basis of Section 7 III UWG. The legal basis arises from our legitimate interest in a promotional approach to our customers and the processing of the data is permitted under Art. 6 I S1 lit. f GDPR in the context of a balancing of interests.

You can object to the use of your e-mail address at any time by sending us a message or via the corresponding link in the advertising e-mail. After the legal basis for data processing for advertising e-mails no longer applies, your e-mail address will be deleted, unless statutory retention obligations (e.g. from tax or commercial law retention obligations) prevent this.

We would also like to point out that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Art. 21 GDPR at any time. In particular, you may object to processing for direct marketing purposes.

8. POSTAL ADVERTISING

POSTAL ADVERTISING AND YOUR RIGHT TO OBJECT

We reserve the right to use your first and last name and your postal address, which you have provided to us in the context of orders, for our own advertising purposes, e.g. to send you interesting offers and information about our products by post. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in a promotional approach to our customers in accordance with Art. 6 I S 1 lit. f GDPR.

You can object to the storage and use of your data for these purposes at any time by sending us a message. The objection can be made in particular against processing for direct marketing purposes. After the legal basis for data processing for postal advertising ceases to apply, your address data will be deleted, unless there are legal obligations to retain it.

9. WEGLOT

WEGLOT.COM – TRANSLATION

We use the services of Weglot SAS, 7 Cité Paradis, 75010 Paris, France (hereinafter referred to as Weglot) on our website. Weglot is a website translation solution that allows multilingual websites to be translated, displayed and managed without code.

Weglot is loaded when the website is called up so that you can set the language via the icon in our website header. This establishes a direct connection between your browser and the Weglot server when you visit this website and Weglot receives the information that you have visited this website with your IP address. When you visit our website, the IP address is therefore processed by Weglot.

The legal basis for the processing is Art. 6 I S i lit f GDPR, the possibility to display our website in different languages.

Further information and Weglot's privacy policy can be found at https://www.weglot.com/de/security

10. SOCIAL NETWORKS

10.1 ONLINE PRESENCE IN SOCIAL NETWORKS

We have online presences in social networks for advertising purposes on Instagram, LinkedIn and YouTube.

In addition to the website operator, the following companies are responsible for the company presences within the meaning of the GDPR and other data protection regulations

• Instagram - (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland)
• LinkedIn - (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
• YouTube - (Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland)

We would like to point out that you use the social services and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating).

If you visit our online presences in social media, personal data will be collected and processed by the respective provider for advertising and market research purposes. As a rule, user profiles are also created. This is particularly the case if you are a member of the respective platform and are logged in to it. The user profiles can be used by the providers to show you interest-based advertising. To prevent social media operators from collecting information about you during your visit to our websites, you should log out of the respective social media before visiting our websites and delete any existing social media cookies from your browser.

10.2 SOCIAL NETWORK LINKS

No social plugins from Instagram or other social networks are integrated on these websites.

Data protection notice - Online presence on Facebook/Instagram (META)

Facebook Ireland (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland - hereinafter referred to as “Facebook”) and the page administrator (we or Site Administrator) are jointly responsible for the processing of personal data for the purposes described in the Terms of Use for Covered Products on the page administrator's Facebook account that are collected in connection with a visit or interaction with a page (including its content).

Covered Products are all Facebook Products, Facebook Pages and Page Insights. Facebook products include Facebook itself (including the Facebook mobile app and the browser in the app), Messenger, Instagram (including apps such as Direct and Boomerang), Portal-branded devices, Bonfire, Facebook Mentions, Facebook Shops, Spark AR Studio, Audience Network, NPE Team apps and any other features, apps, technologies, software products, products or services offered by Facebook, Inc. or Facebook Ireland Limited. In addition, Facebook Business Tools are also Facebook products.

The scope of joint processing and the Controller Addendum covers the collection of the personal data specified in the Terms of Use for Covered Products and its transmission to Facebook. The subsequent processing of data by Facebook is not part of joint processing. Similarly, it is not part of the joint processing if personal data is processed exclusively by us - in this case, we are the sole controller of the data processing.

The information required under Article 13 (1) (a) and (b) GDPR can be found in Facebook's data policy at https://www.facebook.com/about/privacy. Further information on joint processing can be found in the respective terms of use of the products.

For the use of certain Facebook products (so-called “Facebook Business Tools”) and the associated data processing, the additional agreement between us and Facebook as joint controllers pursuant to Art. 26 GDPR applies, which you can view at https://www.facebook.com/legal/controller_addendum.

The Site Administrator and Facebook have entered into this Joint Controller Addendum to define the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint processing (as set out in the Terms of Use for Covered Products).

Furthermore, we have agreed that between the parties, Facebook is responsible for enabling the rights of data subjects under Articles 15-20 of the GDPR with respect to the personal data stored by Facebook after joint processing.

A possible data transfer of personal data to the USA is based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Based on adequacy decisions, personal data can flow unhindered and securely from the European Economic Area to the third country in question without the need for further conditions or authorizations. This means that data can be transferred to the third country in the same way as within the EU. Meta Platforms Inc. is Data Privacy Framework certified.

Data processing conditions at Facebook

We expressly draw your attention to the fact that the use of certain Facebook products may involve the transfer of personal information to Facebook. Depending on the circumstances, Facebook Ireland Limited may also transfer EU data to Facebook Inc. in the USA for storage and further processing. By using Facebook products, the user agrees to Facebook's data processing conditions. These can be found at https://www.facebook.com/legal/terms/dataprocessing/update.

The Facebook EU Data Transfer Addendum can be found at https://www.facebook.com/legal/EU_data_transfer_addendum

Facebook's data policy can be found at https://www.facebook.com/about/privacy/ - Instagram's data policy can be found at https://privacycenter.instagram.com/policy/

Information on cookies and other storage technologies on Facebook can be found at https://www.facebook.com/policies/cookies/

You can view Facebook's data security conditions at https://www.facebook.com/legal/terms/data_security_terms

You can find Facebook's terms of use for commercial use at https://www.facebook.com/legal/commercial_terms/update

You can contact Facebook's data protection officer at https://www.facebook.com/help/contact/540977946302970

Further information on Page Insights data

Facebook continues to provide us with so-called Page Insights for the Facebook page. Insights data is summarized data that provides us with information on how users interact with the Facebook page. The legal basis for data processing is Art. 6 I S. 1 lit. f GDPR, the protection of our legitimate interests in an optimized presentation of the website and effective communication with users.

Data processing is carried out on the basis of an agreement between the joint controllers in accordance with Art. 26 GDPR, which you can view at https://www.facebook.com/legal/terms/page_controller_addendum.

Further information on Page Insights data on Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data and at https://de-de.facebook.com/help/instagram/155833707900388

Data processing when contacting us via Facebook products

We collect personal data when you contact us, e.g. via the contact form or Messenger. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 I S 1 lit. f GDPR. Your data will be deleted after final processing of your request, provided that there are no legal retention obligations to the contrary.

Your rights

Facebook and we have agreed that Facebook is primarily responsible for providing you with information about the joint processing and enabling you to exercise your rights under the GDPR. Under the GDPR, you have the right to access, rectification, portability and erasure of your data, as well as the right to object to and restrict the processing of your data. You can find out more about these rights in your Facebook settings. For more information on your rights, see also “Data subject rights” in this privacy policy.

Facebook and we have agreed that the Irish Data Protection Commission is the lead authority for the supervision of processing under joint responsibility. You have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with your local supervisory authority.

Right to object to advertising

You can object to the processing of your data for advertising purposes on Facebook at any time by changing your settings for advertisements in your Facebook user account at https://www.facebook.com/settings?tab=ads.

Legal basis for the operation of the Facebook page / Instagram and processing of personal data when accessed

We operate the Facebook page / Instagram page for advertising purposes for our goods and services. The processing of personal data takes place on the basis of Art 6 I S 1 lit f GDPR.

11. VIMEO

We integrate videos from Vimeo (Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA) on our website. When you access web pages of our website that contain such a plugin, a connection to the Vimeo servers is established and the video is displayed. This tells Vimeo which websites you have visited. If you are logged in to Vimeo as a member, Vimeo assigns this information to your personal user account. When you use the plugin, e.g. by clicking on the start button of a video, this information is also assigned to your user account. To prevent this, you must log out of Vimeo while “surfing” on our website.

Vimeo can also set cookies with your consent (Art 6 I S 1 lit a GDPR) to improve its own service, to communicate with you and to set its own targeted advertising measures. You can find out more about the use of cookies at Vimeo at https://vimeo.com/cookie_policy, information on data protection at Vimeo can be found at https://vimeo.com/privacy.

A possible data transfer of your IP address to the USA to retrieve the video is based on your consent on the one hand and on the adequacy decision of the EU Commission on the other (EU-U.S. Data Privacy Framework). Based on EU adequacy decisions, personal data can flow freely and securely from the European Economic Area to the third country in question without any further conditions or authorizations being required. This means that data can be transferred to the third country in the same way as within the EU. Vimeo.com Inc. is Data Privacy Framework certified.

12. GOOGLE APIs

Application programming interfaces (Google APIs) developed by Google, which enable communication with Google services and their integration into other services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be loaded on our website in order to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google. The legal basis for data processing is Art. 6 I S1 lit. f GDPR. The legitimate interest lies in the error-free functioning of our website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in Google's privacy policy at https://www.google.com/intl/de/policies/privacy/.

You can prevent the collection and processing of your data by Google APIs by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this at www.ghostery.com, for example).

A possible data transfer of your IP address to the USA is based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Google Inc is Data Privacy Framework certified.

13. AMAZON CLOUDFRONT

13.1 AMAZON CLOUDFRONT – CLOUDFLARE – CONTENT DELIVERY NETWORKS (CDN)

Our websites may use technologies from CDN servers (content delivery network). CDNs have the effect of shortening the loading times of Java script libraries and fonts, as these files are transferred from fast or underutilized servers. The proxy servers store the files locally and thus improve the access speed when downloading. Content such as web videos or other large media can thus be provided quickly and securely.

We use the CDN-services of Cloudflare (Clouflare Inc., 101 Townsend St, San Francisco, CA 94107, USA) and Amazon CloudFront (service provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg - AWS).

For the use of CDN, it is technically necessary to process your IP address so that the page content of the website can be sent to your browser.

The data processing is based on the protection of our legitimate interests in the optimization and economic operation of our website (Art. 6 I S 1 lit f GDPR). Cloudflare and AWS are recipients acting as processors for us. This corresponds to our legitimate interest within the meaning of Art. 6 I S 1 lit. f GDPR not to operate a content delivery network ourselves.

A data transfer of your IP address to the USA is based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Based on EU adequacy decisions, personal data can flow unhindered and securely from the European Economic Area to the third country in question without any further conditions or authorizations being required. This means that data can be transferred to the third country in the same way as within the EU.

Cloudflare Inc. and Amazon.com Inc. are Data Privacy Framework certified.

You can find the privacy policy of Amazon AWS at https://aws.amazon.com/de/compliance/gdpr-center/

You can find Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/

The JavaScript programming language is used to integrate the content. You can object to data processing by deactivating the execution of JavaScript in your browser or installing a JavaScript blocker. Please note that this may result in functional restrictions on the website.

13.2 FASTLY CDN

We also use the Fastly Content Delivery Network (CDN) to deliver content. The Fastly CDN is operated by Fastly Inc, General Counsel 475 Brannan St, Suite 300 San Francisco, CA 94107. The Fastly CDN makes the content of our website available on various servers distributed around the world. This shortens the loading time of the website, increases reliability and provides greater protection against data loss. When using OpenStreetMap, personal data (IP address) is transmitted to the Fastly servers.

The use of Fastly Web Services and the CDN Fastly is in the interest of higher reliability, increased protection against data loss and better loading speed of the website. This constitutes a legitimate interest within the meaning of Art. 6 I S 1 lit f GDPR. You can find fastly's current privacy policy at https://www.fastly.com/de/privacy/ and https://www.fastly.com/de/data-processing

A possible data transfer of your IP address is based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Fastly Inc. is Data Privacy Framework certified.

14. DATA SECURITY

14.1 DATA SECURITY – SSL ENCRYPTION

We use the SSL (Secure Socket Layer) method on our website for encryption and to protect the transmission of confidential content. If SSL encryption is activated, the data you transmit to us cannot be read by third parties. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser - the address bar of your browser displays “https://” if SSL encryption is activated.

14.2 PROCESSING / DISCLOSURE OF DATA

Your personal data will not be transferred to third parties for purposes other than those listed above or below.

We only pass on your personal data to third parties if:

• you have given your express consent to this in accordance with Art. 6 I S 1 lit. a GDPR,
• this is permitted by law and is necessary for the fulfillment of contractual relationships or for the implementation of pre-contractual measures with you in accordance with Art. 6 I S 1 lit. b GDPR
• in the event that there is a legal obligation for us to pass on data in accordance with Art. 6 I S 1 lit. c GDPR,
• processing is necessary for the purposes of the legitimate interests pursued by us or by a third party pursuant to Article 6 I S 1 lit f GDPR, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

15. RIGHT OF DATA SUBJECTS

You have the right:

• in accordance with Art. 15 GDPR, to request information about your personal data processed by us;
• in accordance with Art. 16 GDPR, to request the rectification of inaccurate or completion of your personal data stored by us without undue delay
• in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims
• to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
• in accordance with Art. 7 III GDPR, to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
• in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you is in breach of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.

Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)

If we process your personal data in accordance with Art. 6 I S 1 lit. f GDPR in order to safeguard our legitimate interests, which predominate in the context of a balancing of interests, you have the right to object to the processing of your personal data with effect for the future in accordance with Art. 21 GDPR. If the processing is carried out for direct marketing purposes, you can exercise this right at any time. This also applies to profiling insofar as it is associated with such direct marketing. If the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation.

If you wish to exercise your right to object, simply send us an e-mail.

After exercising your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

If you object to the processing of your personal data for direct marketing purposes, the personal data will no longer be processed for these purposes.

No automated decision-making or profiling takes place on our websites.

16. CHANGES TO THIS PRIVACY POLICY

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration in compliance with the applicable data protection regulations. You can access and print out the current data protection declaration at any time on our website under data protection.

September 2024, Markus von Hohenau, Attorney of law (e-anwalt.de)