Privacy Policy of WALA Heilmittel GmbH

Data Protection

We, WALA Heilmittel GmbH, are responsible for this online offer and as a teleservice provider we are obligated to inform you at the beginning of your visit to our online offer about the manner, scope and purpose of collecting and using personal data in a precise, transparent, understandable and easily accessible form in a clear and simple language. The contents of the notice shall be accessible to you at any moment. We shall therefore inform you which personal data are collected or used. Personal data are all the data that pertain to an identified or identifiable natural person.

We value greatly the security of your data and compliance with data protection regulations. The collection, processing and use of personal data are subject to provisions of the currently applicable European and national laws.

In the following privacy policy, we would like to demonstrate how we handle your personal data and how you may contact us:

WALA Heilmittel GmbH
Dorfstraße 1
D - 73087 Bad Boll/Eckwälden

Register number: HRB 530784

Telephone: +49 (0)7164 930-0;
Fax: +49 (0)7164 930-297

E-mail: info@wala.de
Web: www.wala.world

Management authorised for representation: Dr. Johannes Stellmann (Chairman), Dr. Armin Dörr, Dr. Philip Lettmann, Prof. Dr. Florian Stintzing

 

Our Data Protection Officer
Our data protection officer may be reached for questions in the following manner:

Sven Lenz, Deutsche Datenschutzkanzlei – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50, 87435 Kempten, Germany
E-mail: datenschutz@wala.de

 

A. General

In order to ensure better comprehensibility, our privacy policy does not differentiate between genders. For the purposes of equal treatment, relevant terms apply to all sexes.

The meaning of the terms being used, such as “personal data” or “processing” may be found in Article 4 of the EU General Data Protection Regulation (GDPR).

Personal data of the user processed within the scope of this online offer include inventory data (e.g. name and address of customers and end users), contract data (e.g. utilised services, names of officers, payment information), usage data (e.g. visited websites of our online offer, interest in our products) and contact data (e.g. contact form entries).

“User” hereby comprises all categories of persons whose data are processed. These include, for example, our business partners, customers, end users, interested parties and other visitors of our online offer.

 

B. Specific

Privacy Policy
We warrant that we shall only collect, process, store and use your existing data in relation to the handling of your requests, posts or messages, as well as for internal purposes and for the provisions of services you requested and to provide content.

Bases of Data Processing
We process the user’s personal data only in accordance with the relevant data protection provisions. User data are processed only in the event of the following legally permissible instances:

  • to provide our contractual services (e.g. processing of orders) as well as online services
  • the processing is required by law
  • on the basis of your consent
  • based on our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation and security of our online offer within the meaning of Art. 6(1)(f) of the GDPR, particularly when measuring reach, profiling for advertising and marketing purposes, as well as the collection of access data and use of third-party services)

We would like to show you where the above legal bases are regulated in the GDPR:

Consent Art. 6(1)(a) and Art. 7 of the GDPR
Processing in order to provide our services and implement contractual measures Art. 6(1)(b) of the GDPR
Processing in order to fulfil our legal obligations Art. 6(1)(c) of the GDPR
Processing in order to protect our legitimate interests Art. 6(1)(f) of the GDPR

 

Transfer of Data to Third Parties

Transfer of data to third parties is carried out only in accordance with legal requirements. We forward user data to third parties only if this is required, for example, by contract or on the basis of legitimate interest in the cost-effective and efficient operation of our business activities.

If we employ subcontractors for the provision of our services, we shall take the required legal precautions as well as the corresponding technical and organisational measures to ensure the safety of personal data in accordance with the applicable legal regulations.

Data Transfer to Third Countries or International Organisations

Third countries are those countries in which the GDPR is not a directly applicable law. This basically covers all countries outside the EU or the European Economic Area.

Data are transferred to a third country or an international organisation. It must be noted that there are relevant/corresponding warranties available and that you may exercise enforceable rights and effective legal remedies.

A copy of the corresponding warranties may be found at the following links:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF

 

Storage Duration of Your Personal Data
We adhere to the principles of data minimisation and data reduction. This means that we shall store the data you provided to us only so long as it takes to fulfil the above purposes or as required by various statutory storage periods. If the relevant purpose is not applicable, or the corresponding term expires, your data shall be routinely blocked or erased according to legal regulations.

Establishing Contact
You may contact us by phone at the number: +49 7164 9300 or by fax at the number: +49 7164 930297. If you contact us via our contact form or by e-mail, e.g. datenschutz@wala.de, you agree to electronic communications. When you establish contact with us, personal data shall be collected. In the corresponding contact form, you may find which types of data are collected when using a contract form. Your data shall be sent using SSL encryption. The information you provide shall only be stored for the purpose of processing requests, posts or messages and for possible follow-up questions.

We would like to specify the relevant legal bases:

Processing in order to provide our services and implement contractual measures Art. 6(1)(b) of the GDPR
Processing in order to protect our legitimate interests Art. 6(1)(f) of the GDPR

 

We use a software to maintain customer data (CRM system) or a comparable software on the basis of our legitimate interests (efficient and fast processing of user requests). The system is operated by us in-house. Therefore, data are not transferred to third parties.

We would like to point out that any e-mails you send, including those you send to WALA, may be unknowingly read or modified without authorisation along the transmission path. We also emphasise that we use spam filter software. The spam filter may reject e-mails if some characteristics are mistakenly interpreted as spam.

 

Recently viewed items 

Our online shop includes a feature that displays the most recently viewed products. For this purpose, a cookie is stored on the visitor's end device. This cookie is deleted after 5 days. The legal basis for this is Art. 6(1)(f) GDPR in conjunction with Section 25 TDDDG (Telecommunications Digital Services Data Protection Act), as the cookie is necessary for the operation of the website.

 

What rights do you have?
a) Right of Access
You have the right to obtain free access to your stored data. Upon request, we shall inform you in writing, pursuant to the applicable law, on which personal data about you we have stored. This also includes the origin and the recipient of your data as well as the purpose of data processing.

b) Right to Rectification
You have the right to have inaccurate data concerning you, which is stored by us, rectified. You may also request the restriction of processing, e.g. when contesting the accuracy of your personal data.

c) Right of Blocking
Furthermore, you may have your data blocked. In order to consider the blocking of your data at any moment, the data must be kept in a locked file for control purposes.

d) Right to Erasure
You may also request the erasure of your personal data, provided there are no statutory re-tention periods. If such an obligation is applicable, we shall block your data upon request. If the required legal prerequisites are met, we shall erase your personal data even without your corresponding request.

e) Right to Data Portability
You have the right to receive the personal data concerning you, which you provided to us, in a format that enables transfer to another authority.

f) Right to Lodge a Complaint with a Supervisory Authority
You have the option to lodge a complaint with a supervisory data protection authority:

UK ico, which is Information Commissioners Office. For all contact use their website https://www.ico.org.uk. 

g) Right to Object

You have the right at any time to object to the processing of your data, which is processed on the basis of the legitimate interest of the person responsible for data processing. To achieve this, you are only required to send an e-mail to datenschutz@wala.de. However, such an ob-jection does not affect the lawfulness of the data processing carried out up to that moment by us. This does not affect data processing in relation to any other legal bases, e.g. contract initi-ation (see above).

h) Right of withdrawal in the case of consent given
You have the right to revoke your consent to data processing at any time. However, such a revocation does not affect the legality of the processing operations that have taken place up to that point. Data processing with regard to all other legal bases remains unaffected by this.


Protection of Your Personal Data
We employ contractual, organisational and technical safety measures, with due regard to the state of the art, in order to ensure adherence to the provisions of data protection laws and for the protection of data that we process against accidental or intentional manipulation, loss, destruction and access by unauthorised persons.

These safety measures especially include the encrypted transfer of data between your browser and our server. For this purpose, we use 256-bit SSL encryption (AES 256). This includes your IP address.

Your personal data are thereby protected under the following items (excerpt):
a) Maintaining confidentiality of your personal data
In order to keep the confidentiality of your personal data stored with us, we have taken various measures to control access and entry.

b) Maintaining integrity of your personal data
In order to maintain the integrity of your personal data stored with us, we have taken various measures to control forwarding and input.

c) Maintaining availability of your personal data
In order to maintain the availability of your personal data stored with us, we have taken various measures to control orders and availability.

The safety measures being used are constantly improved in line with technological development. Despite these precautions and due to the insecure nature of the Internet, we cannot guarantee the safety of your data transfer to our online offer. Consequently, any data transfer you perform to our online offer is at your own risk.

Protection of Minors
Persons who are under the age of 18 may provide us with their personal data only if they have the express consent of a legal guardian. Such data shall be processed in accordance with this privacy policy.

Data protection when purchasing in the Dr. Hauschka Web Shop at www.drhauschka.co.uk
Responsible for the Dr. Hauschka Web-Shop UK:


WALA UK Limited
Company Number: 8175543
VAT no. GB 141 5352 41
Registered in England and Wales
Registered Office:
32 Beaumont Street, Oxford OX1 2NP
Tel: 0800 0556604
Fax: 0800 0556605


Data Processing when Opening a Customer Account and for Contract Performance
According to Art. 6 para. 1 item (b) of the GDPR, personal data shall be collected and pro-cessed if you provide them to us for the performance of a contract or the opening of a customer account. The respective entry forms may be inspected to determine which data are being collected. The deletion of your customer account is possible at any moment and may be carried out by sending a notification to the above-mentioned address of the responsible person. We store and use the data you provided for contract performance. After full performance of the contract or the deletion of your customer account, your data shall be blocked with regard to tax and commercial statutory retention periods and erased after the expiration of these periods, unless you have expressly consented to further use of your data or if we reserve the right to a legally permitted further use of data of which you shall be duly informed below.

Forwarding of Personal Data for Contract Performance
As part of contract performance, the personal data collected by us shall be forwarded to the transport company commissioned with the delivery, insofar this is necessary for the delivery of goods. To effect payments, we forward payment data to the commissioned credit institution.

Payment Methods
Credit card and Debit card
A simple and fast processing of your order is guaranteed when paying with a credit card. All you have to do is enter your credit card number and the 3–4-digit control number on the back of the credit card and the date on which the credit card expires. If your credit card is protected by the MasterCard 3D-Secure or Verified by Visa systems, you will be redirected to a secure website of your credit card issuing bank where you will have to enter the protection code. As soon as the credit card is accepted, the payment shall be considered as effected. The shipping of your items will be activated as soon as the credit card is accepted.

Data Processing during Rating of Dr. Hauschka Products in the Web Shop

You can rate our Dr. Hauschka products. For this purpose, you shall enter in the contact form your name, e-mail address and IP address, a summary of your topic and your rating in the form of stars (1-5) and your opinion, if necessary.
All participants are required to give their surname, name and e-mail and IP address, so that serious forum posts may be posted on the forum. Your e-mail address will not be disclosed. By pressing the “Informed consent” button, the participant provides their consent for the collection and processing of data, which may be health data. The participant makes these willingly available to WALA for release. WALA Heilmittel GmbH collects, processes and uses your personal data expressly to operate the rating forum and stores them to document the forum posts. Ratings and posts are also occasionally published on this online offer, e.g. for product advertising. Personal data shall not be made available to third persons.
Your rights as a participant in the ratings forum: You may request information regarding which data are stored about you. You may request the rectification, erasure and blocking of your personal data, provided this is legally permissible and possible under an existing contractual relationship. You may object to prevent (further) publication of your own posts. You may also withdraw your consent for the storage of your data at any moment. In these cases, you may send your objection to the following address: datenschutz@wala.de

Data protection when linking the results of the online skin test to your customer account

The online skin test on our website gives you the opportunity to determine your skin condition based on a few questions. Once you've completed the skin test, we’ll tell you your skin condition and recommend suitable Dr. Hauschka Skin Care solutions. None of your personal data is stored or evaluated.

Type and purpose of data processing:
We offer you the option to link your online skin test result with the personal data in your customer account by providing two different forms of consent:
1. Consent to link the result of your online skin test with your user profile
Consent to further process your data by linking the skin test result data to your user profile data if you click the checkbox after completing the skin test. The result of the online skin test will be stored in your user profile after you give your consent and you will be able to view it at any time. WALA Heilmittel GmbH also uses your data for marketing and statistical purposes, e.g. to show you personalised product recommendations.
2. Consent to collect data on products you purchase based on product recommendations given to you after taking the online skin test

If you give your consent on the shopping basket page by clicking on the checkbox, WALA will record which products you have purchased based on your online skin test and the products associated with it. This data is statistically evaluated by WALA Heilmittel GmbH.

Legal basis for processing data:
By clicking the checkbox, you consent to the applicable data being processed. We use this data on the basis of your consent in accordance with. art. 6 par. 1 a) of the GDPR.

Data transfer to third parties and third countries:
Your data is not transferred to third parties or third countries.

Duration of data retention:
Processing of this data may take place until you revoke your consent or delete your customer account.

Data Protection when Transferring Health Data

Responsibility for data collection in relation to reports on drug side effects, serious adverse effects of cosmetic products, and processing of other health data:
The responsible party is


WALA UK Limited
Company Number: 8175543
VAT no. GB 141 5352 41
Registered in England and Wales
Registered Office:
32 Beaumont Street, Oxford OX1 2NP
Tel: 0800 0556604
Fax: 0800 0556605

Personal data are collected for the following purpose:
If personal data are entered in a contact form in this online offer, e.g. the “Drug Safety and Side Effects” contact form, they shall mostly include surname, name, age, gender, address, e-mail address, phone number, country and the corresponding drug, if necessary. The patient or consumer shall likewise provide notification on any adverse effects of a drug or cosmetic product. These data are necessary so that WALA, as the manufacturer of WALA drugs and Dr. Hauschka cosmetic products, may fulfil legal obligations, e.g. under Art. 63c of the Act on Drugs or Art. 23 of the Regulation (EC) no. 1223/2009 on Cosmetic Products, communicate notices to competent authorities, and store data for official enquiries.

By pressing the “Informed consent” button, the data subject provides their consent for the collection and processing of their health data, which they willingly entered in the contact form.

If corresponding notices are forwarded to WALA UK using the e-mail address of the responsible party, e.g. info@wala.co.uk, data shall be processed for the above-mentioned purpose, provided the express consent of the data subject was obtained beforehand for the storage and forwarding to the corresponding authority.

If any other notices regarding health data are received by the responsible party via e-mail, the data shall be processed only to the extent necessary to best fulfil the request of the data subject, e.g. to answer a product-related question. Prior to the storage and forwarding of data, the express consent of the subject shall be requested.

If WALA UK receives notices on adverse effects or other health data via telephone, WALA shall obtain express consent for the processing and forwarding of data in the course of the conver-sation and shall document it, or they shall obtain it via the corresponding e-mail from the data subject.

This happens to your personal data
WALA UK collects, processes and uses your personal data expressly to fulfil the previously specified purposes and stores them on internal servers. Forwarding to third parties is only done to fulfil the previously specified purposes to the relevant authorities and only with express consent, unless the forwarding is anonymous. Third parties may access data provided they are in an agency relationship for data processing (commissioned processing) with WALA, which is necessary for the maintenance and support of IT systems of the responsible parties. Information on the processing of data transferred to the relevant authorities may also be found here: https://verbraucher-uaw.pei.de/fmi/webd/verbraucher_uaw.

Your rights as the subject whose data are processed:
You may request information regarding which data are stored about you. You may request the rectification, erasure and blocking of your personal data, provided this is legally permissible. You may also withdraw your consent for the storage or transfer of your data at any moment. In these cases, you may send your objection to the following address: info@wala.co.uk

Cookies 

We use cookies. Cookies are small text files that are stored locally in the cache of your Inter-net browser. Cookies enable the recognition of the Internet browser. The files are used to assist the browser in navigating the online offer and to enable the full use of all functions.

Our online offer uses: Browser cookies

User Control of the Cookies
Browser cookies: You can set any browser to accept cookies only on request. A setting is also possible that allows the acceptance of cookies only on sites that are being currently visited. All browsers offer features that allow selective deletion of cookies. The acceptance of cookies may also be switched off in general, but the level of user-friendliness of this online offer may then be restricted.

Use of First Party Cookies (Google Analytics Cookie)
Google Analytics cookies record the following:

  • Unique user - Google Analytics cookies gather and group your data. All activities during a visit are summarized. The placement of Google Analytics cookies enables the distinction between users and unique users.
  • Activities of users - Google Analytics cookies also store data on the start and end time of a visit in the online offer and the number of pages you viewed. When the browser is closed or during longer inactivity of the user (usually 30 minutes), the user session is ended, and the cookie records the visit as finished. Furthermore, the date and time of the first visit are recorded. The total number of visits per unique user is also recorded. External link: http://www.google.com/analytics/terms/de.html

You may prevent Google’s collection and processing of data generated by the cookie and related to the use of the online offer (including your IP address) by downloading and installing a browser plug-in using the following link:
External link: http://tools.google.com/dlpage/gaoptout?hl=de.

More information is available under “Google Analytics / Universal Analytics web analytics service”.

Use of Third Party Cookies
In our online offer third party providers use [additional] cookies (third party cookies) during the import of editorial texts or advertisements. Third party providers are also subject to strict legal data protection requirements regarding the availability of personal data.

Lifespan of the Cookies Used
Cookies are managed by the web server of our online offer. This online offer uses:
Transient cookies / session cookies (single use)
Lifespan: Until the closing of this online offer

Persistent cookie (continuous browser recognition)
Lifespan: 2 years

Deactivation or Removal of Cookies (Opt-out)
Each web browser has options to restrict and delete cookies. For more information, please visit the following websites:

 

Cookie information for registration via DocCheck in our expert group portal
DocCheck uses "cookies" – text files that are stored in the user's browser – to facilitate the use of its services. The information generated by these cookies is only transmitted to DocCheck servers and is not shared with the website operator or other third parties. There is no data transfer to countries outside the EU.

Cookie 1
Doccheck_user_id
Enables single sign-on for all DocCheck logins.
Lifespan = 1 session

Cookie 2
Doccheck_scu_data
Serves to provide appropriate content based on pseudonymised identification data (e.g. job, country, language).
Lifespan = 1 year

Log data
As part of the use of DocCheck password protection, DocCheck collects the so-called log data (IP address, access date, access time, referrer URL, information on hardware and software used such as browser features, device information such as resolution) of the user from the website of the information provider, which integrates the login into the website via "embed" or iFrame.
These data are not used to draw conclusions about the person, but serve to ensure the correct display of the page or iFrame content and/or the security of the DocCheck services.

Google Analytics / Universal Analytics Web Analytics Service
We use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and enable the analysis of the use of the online offer. The information generated by the cookie about the use of this online offer is usually transferred to a Google server in the USA and stored there. Thus, data are transferred to a third country. It must be noted that there are relevant/corresponding warranties available and that you may exercise enforceable rights and effective legal remedies.

A copy of the corresponding warranties may be found at the following links:

By anonymising the IP address in our online offer, Google shortens your IP address before-hand in the member states of the European Union or in other signatories of the Agreement on the European Economic Area.

Only in exceptional cases shall the full IP address be transmitted to a Google server in the USA and shortened there. At our request, Google shall use this information to evaluate the use of the online offer, to compile reports on the activities of the online offer and to provide us with other services related to the use of the online offer and the Internet. The IP address transmitted by your browser as part of the Google Analytics service shall not be linked to other Google data. You may prevent the storage of cookies using the appropriate setting in your browser software. However, we would like to stress that in such circumstances it shall not be possible to fully use all the functionalities of this online offer, as the case may be.

We would like to emphasise that Google Analytics is used in this online offer with the exten-sion “_anonymizeIp()” and IP addresses are thus processed further only in shortened form to prevent direct relation to a specific person.

We also use Google Analytics reports to collect demographic characteristics and interests.

Data sent by us and related to the cookies, user identification (e.g. user ID) or advertising IDs are automatically erased after 24 months. The erasure of data whose retention period has expired is done automatically once a month. You may find more information on the terms of use and data protection at https://www.google.com/analytics/terms/de.html or at https://policies.google.com/?hl=de

Furthermore, you may prevent Google’s collection and processing of data generated by the cookie and related to the use of the online offer (including your IP address) by downloading and installing a browser plug-in using the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plug-in or within the browser on mobile devices, you may use the following link to set an opt-out cookie that prevents future collection of data with the Google Analytics service in this online offer (this opt-out cookie functions only in this browser and only for this domain, and it is necessary to again click on the link if you delete the cookies in that browser):

Google Analytics deactivation

Use of Google reCaptcha
On this website we also use the reCAPTCHA function of Google LLC, 1600 Amphitheatre Park-way, Mountain View, CA 94043, USA (“Google”). This function serves primarily to differentiate whether the entry was made by a natural person or was there abuse due to machine and automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 item (f) of the GDPR based on our legitimate interest in determining individual intent of actions and preventing abuse and spam.
With their registered office in the USA, Google LLC is certified for the EU-US Privacy Shield data protection agreement that ensures compliance with the data protection level applicable in the EU. For further information on Google reCAPTCHA and the Google’s Privacy Policy please refer to: https://www.google.com/intl/de/policies/privacy/

Use of Facebook pixels

Within our online offer, so-called "Facebook pixels" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), are used. Using the Facebook pixel, Facebook is able to determine the visitors of our offer as a target group for the display of ads, so-called "Facebook ads". Accord-ingly, we use the Facebook pixel to present our Facebook ads only to Facebook users who have shown an interest in our website. This means that with the help of the Facebook pixel we want to ensure that our Facebook ads correspond to the potential interests of the users and do not appear annoying. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by showing us if users were directed to our website after clicking on a Facebook ad.

The Facebook pixel is integrated directly by Facebook when our web pages are accessed and can store a so-called cookie, i.e. a small file, on your electronic device. If you then log in to Facebook or visit Facebook when logged in, the visit to our offer is noted in your profile. The data collected about you is anonymous to us and does not give us any information about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. Facebook processes the data in accordance with Facebook's data policy. For more information about how the remarketing pixel works and how Facebook ads are displayed, see Facebook's Data Policy: https://www.facebook.com/policy.php.

Disable FACEBOOK PIXEL

You may opt out of Facebook pixel collection and use of your information to display Facebook ads. To do this, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or explain the objection about the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all electronic devices, such as desktop computers or mobile devices.

Facebook-Fanpage
Information on data protection when visiting our Dr. Hauschka Facebook fan page can be found here.

Use of Facebook plug-ins
We use plug-ins of the facebook.com social network website, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). If you access our online offer via one of these plug-ins, a connection to the Facebook server is established. The content of the plug-in is then transmitted directly to your browser and displayed on the webpage. This tells the Facebook server that you have visited our online offer. If you are logged in as a Facebook member, Facebook assigns this information to your personal Facebook account.
When you use plug-in functions (e.g. clicking the “like” button or leaving a comment), this information is also assigned to your Facebook account, which can only be prevented by logging out before using a plug-in.
For more information on how Facebook collects and uses data, as well as on data rights and ways to protect your privacy, please refer to Facebook’s privacy policy.

Use of Instagram plug-ins
We use plug-ins of the Instagram social network website, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). These plug-ins are marked with an Instagram logo, e.g. in the form of an “Instagram camera”. An overview of the Instagram plug-ins and their appearance can be found at: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
When you access our online offer, which contains one of these plug-ins, your browser establishes a direct connection to Instagram's servers. Instagram sends the content of the plug-in directly to your browser and integrates it into the page. This informs Instagram that your browser has visited our corresponding webpage, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is sent directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can immediately assign your visit to our online offer to your Instagram account. If you interact with the plug-ins, e.g. by pressing the “Instagram Camera” button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts.
For information on the purpose and extent of Instagram’s data collection and how this data is further processed and used, as well as your data privacy rights and options for protecting your privacy, refer to Instagram’s data protection information: https://help.instagram.com/155833707900388/.
If you do not want Instagram to associate the data collected via our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also prevent the Instagram plug-ins from loading entirely by using add-ons for your browser, e.g. the “NoScript” script blocker (http://noscript.net/).

Instagram-Fanpage
Information on data protection when visiting our Dr. Hauschka Instagram fan page can be found here.

Use of YouTube
Our online offer uses services provided by YouTube for the viewing and playback of videos. The operator of this service is YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA. More information can be found in YouTube’s privacy policy.
According to the operator, these services operate in extended data protection mode, which means storage of user information is not initiated until the video(s) are played.
When embedded Youtube videos are played, YouTube uses cookies to collect information about user behaviour. According to Youtube, these serve, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive practices. Irrespective of whether the embedded videos are played or not, a connection to the Google network “DoubleClick” is established each time a user accesses our online offer. This can trigger further data processing that is outside our influence.

You can find more details about the use of cookies on YouTube in YouTube’s data privacy policy, available at: http://www.youtube.com/t/privacy_at_youtube

For more information on embedding videos in compliance with data protection regulations, visit:
https://www.blogmojo.de/youtube-videos-datenschutzkonform-einbetten/

Newsletter

If you sign up for our e-mail newsletter, WALA UK shall collect personal data. Responsible Party is
WALA UK Limited
Company Number: 8175543
VAT no. GB 141 5352 41
Registered in England and Wales
Registered Office:
32 Beaumont Street, Oxford OX1 2NP
Tel: 0800 0556604
Fax: 0800 0556605
Such data are used for our promotional purposes in the form of your e-mail newsletter, provided that you give your express consent in the following manner:

“Yes, I would like to subscribe to the newsletter! I have read the Privacy Policy. “

You may cancel the newsletter at any moment using the corresponding link in the newsletter or by sending the appropriate notice to us at the e-mail info@wala.co.uk. Upon cancellation, your e-mail address shall be promptly erased from our newsletter recipient list and placed in a locked file in order to ensure the newsletter is sent no more.

Newsletter tracking: If you have previously given your express consent, newsletter tracking (a.k.a. web beacons or tracking pixels) shall be used. Upon the delivery of the newsletter, an external server may then collect certain data on the recipient, e.g. the time of retrieval, IP address or information on the used e-mail programme (client). The name of the image file is customised for each mail recipient by attaching a unique ID. The mail sender remembers which ID belongs to which e-mail address and is thus able to determine during image retrieval which newsletter recipient just opened an e-mail.

As part of newsletter tracking, user behaviour data are collected under a pseudonym. This comprises the following pseudonymised data: recipient, recipient minus bounces, recipient in queue, recipient is skipped over, unique cancellation rate, unique cancellations, bounce rate, bounces (namely hard and soft bounces), unique open rate, unique open, open rate, openings, unique click rate, unique clicks, click rate, clicks, effective unique click rate, clicks for the segmentation of target groups.

We cooperate with an external service provider, https://mailchimp.com/, in order to deliver the newsletter. Your personal data shall be forwarded to Mailchimp for the purpose of sending the newsletter and they shall process them solely according to our instructions.

WALA World Info Mail

You have the opportunity to register for the free WALA World Subscription at www.wala.world. Responsible Party is WALA Heilmittel GmbH. The WALA-World-subscription is sent out at irregular intervals and serves to provide information about new articles on the website https://www.wala.world.

If you register for our WALA-World-subscription, personal data is collected. This data is used by us for our own advertising purposes in the form of your WALA-World-subscription, provided that you give express consent in the following manner:

"Yes, I would like to subscribe to the WALA-World-subscription! I have read the Privacy Policy".

You may cancel the WALA-World-subscription at any time by clicking on the corresponding link in the WALA-World-subscription E-mail or by sending us a message to this effect by e-mail to abo-abbestellen@wala.de. Upon cancellation, your e-mail address shall be promptly erased from our WALA-World-subscription distribution list and included in a blocking file to ensure revocation.

The WALA-World-subscription will be delivered by us, WALA Heilmittel GmbH. Your data will be transmitted to our order processor submedia fresh media solutions no tins GmbH, Augustenstraße 44, 70178 Stuttgart, Germany, in order to process the WALA-World-subscription registration on the WALA World website. Your data will be processed exclusively in accordance with our instructions.

Use of Google Maps
We use Google Maps for displaying maps and for creating travel routes. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this online offer, you consent to the collection, processing and use of the automatically collected data and the data you entered (including the IP address) by Google or any of their representatives or third-party providers. The terms of use for Google Maps may be found at the following link:
https://www.google.de/intl/de/policies/terms/regional.html

More details on transparency and choice options as well as data protection provisions may be found in the Privacy Centre of google.de: https://www.google.de/intl/de/policies/privacy/?fg=1

Changes to our Data Protection Provisions

We reserve the right to occasionally adjust our privacy policy, so it can comply with the applicable legal requirements or to implement changes to our services in the privacy policy. For example, this may include the introduction of new services. Therefore, the new privacy policy shall apply to your return visit.

Trademarks
Each logo or trademark specified herein is the property of the respective company. Brands and names are provided for informational purposes only.

C. Russia-specific Provisions

The following applies to users who are residents of the Russian Federation:

The above services of our online offer are not intended for citizens of the Russian Federation who are residing in Russia.

If you are a Russian citizen residing in Russia, we hereby expressly inform you that any personal data you provide via this online offer shall be exclusively at your own risk and on your own responsibility. You further agree not to hold us responsible for any failure to comply with the laws of the Russian Federation.  

We, WALA UK Ltd, use the online advertising program "Google Ads" on our website and, within the framework of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

 

Use of Google Ads conversion tracking

We, WALA UK Ltd, use the online advertising program "Google Ads" on our website and, within the framework of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

We want to draw attention to our attractive offers with the help of advertising media (so-called Google Adwords) on external websites.

In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. By this, we pursue the goal of showing you individualized advertising, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred.

Cookies are small text files that are stored on your end device and usually lose their validity after 30 days. They are not used for personal identification.

The cookie for conversion tracking is set when you click on an ad placed by Google Ads. If you visit certain pages of this website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page.

In doing so, we receive a different cookie than the other Google Ads customers. Cookies can therefore not be tracked beyond our website. The information obtained using the conversion cookie is used to create conversion statistics for us. We thus receive information about the total number of users who clicked on our ads and were redirected to a page tagged with a conversion tracking tag. However, we do not receive information that personally identifies users.

We use Google Ads on the basis of your consent pursuant to Art. 6 para. 1 lit. a) DSGVO.

The use of Google Ads may also result in the transmission of personal data to the servers of Google LLC. in the USA. You can obtain more information about Google's privacy policy at the following Internet address: https://www.google.de/policies/privacy/.

You can permanently object to the setting of cookies by Google Ads conversion tracking by downloading and installing the Google browser plug-in available at the following link: https://www.google.com/settings/ads/plugin?hl=de.

Please note that certain functions of this website may not be available or may be restricted if you have deactivated the use of cookies.

Insofar as legally required, we have obtained your consent pursuant to Art. 6 (1) a) DSGVO for the processing of your data as outlined above. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website or alternatively follow the option described above to make an objection.

 

Google Ads Remarketing 

Our website also uses the functions of Google Ads Remarketing. This allows us to advertise this website in Google search results, as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

For this purpose, Google sets a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. The processing is based on your consent in accordance with Art. 6 para. 1 lit. f) DSGVO.

If you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize ads you view on the web, and if you are logged into Google while visiting pages on our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with GoogleAnalytics data to form target groups.

In the context of the use of Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC. in the USA.

You can view further information and the privacy policy regarding advertising and Google here: https://www.google.com/policies/technologies/ads/.

For the transfer of your personal data to Google in the USA, your consent is obtained in accordance with Art. 6 para. 1 lit. a) DSGVO. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the "Cookie Consent Tool" provided on the website.

Use of etracker

On our website, we use the technologies of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg (www.etracker.com), to collect and store the data of visitors to our website for analysis purposes and to create and evaluate pseudonymized usage profiles.

We use both cookieless tracking and tracking with cookies. Cookies are small text files that are stored locally in the cache of the site visitor's Internet browser. Among other things, the cookies enable the recognition of the Internet browser.

For tracking under the use of cookies for reading out information on your terminal device, we obtain your consent pursuant to Art. 6 para. 1 lit. a) DSGVO in conjunction with. § 25 para. 1 TTDSG. You have the right to revoke this consent at any time without giving reasons. To do so, simply use our cookies consent tool, which you can find in the footer area of our website under the "Cookie Settings" button.

However, we also use tracking without setting cookies on your terminal device. In this case, the data is collected and stored that is transmitted from your browser to our server during a page view (pseudonymous data). The pseudonymous information makes it possible to link individual page views to a coherent visitor session. In this way, all website interactions and conversions are technically recorded even without cookie activation. Only the recognition of a visitor is limited to 24 hours. The following data is collected without cookies:

  • Page views
  • End device type, operating system and browser
  • Geo-information up to city level
  • Referrer websites
  • Scroll events
  • Exiting the website (automatically & to the second)
  • Click events such as search terms entered, files downloaded, videos viewed, external link calls (automatically and via CSS selector)
  • Conversions such as signups, orders, etc.
  • conversion upload to Google Ads
  • the shortened IP address;
  • information on the end device, operating system and browser used;
  • the URL called up with associated page title and optional information about the page content;
  • the subsequent pages that were called up from the called-up web page within a single web page;
  • the time spent on the web page;
  • downloaded files, viewed videos, ordered items.

The legal basis for the data collection by means of the cookie-free tracking is Art. 6 para. 1 lit f) GDPR (legitimate interest). You have the option to object to the tracking without cookies at any time if you do not agree. You can contact us for this purpose by email at info@wala.co.uk

We have concluded an order processing contract with eTracker in accordance with Art. 28 DSGVO. Your data will be evaluated and used exclusively within the framework of this contractual relationship. Data will not be passed on to third parties. Since eTracker is a German company that also operates its servers in Germany, there is also no data transfer to an unsafe third country.

You can obtain further information about etracker's data protection policy at the following Internet address: https://www.etracker.com/de/datenschutz.html.

 

 

A. General

In order to ensure better comprehensibility, our privacy policy does not differentiate between genders. For the purposes of equal treatment, relevant terms apply to both sexes.

The meaning of the terms being used, such as “personal data” or “processing” may be found in Article 4 of the EU General Data Protection Regulation (GDPR).

Personal data of the user processed within the scope of this online offer include inventory data (e.g. name and address of customers and end users), contract data (e.g. utilised services, names of officers, payment information), usage data (e.g. visited websites of our online offer, interest in our products) and contact data (e.g. contact form entries).

“User” hereby comprises all categories of persons whose data are processed. These include, for example, our business partners, customers, end users, interested parties and other visitors of our online offer.

 

B. Specific

Privacy Policy

We warrant that we shall only collect, process, store and use your existing data in relation to the handling of your requests, posts or messages, as well as for internal purposes and for the provisions of services you requested and to provide content.

 

Bases of Data Processing

We process the user’s personal data only in accordance with the relevant data protection provisions. User data are processed only in the event of the following legally permissible instances:

  • to provide our contractual services (e.g. processing of orders) as well as online services
  • the processing is required by law
  • on the basis of your consent
  • based on our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation and security of our online offer within the meaning of Art. 6(1)(f) of the GDPR, particularly when measuring reach, profiling for advertising and marketing purposes, as well as the collection of access data and use of third-party services)

We would like to show you where the above legal bases are regulated in the GDPR: 

Consent

Art. 6(1)(a) and Art. 7 of the GDPR

Processing in order to provide our services and implement contractual measures Art. 6(1)(b) of the GDPR
Processing in order to fulfil our legal obligations Art. 6(1)(c) of the GDPR
Processing in order to protect our legitimate interests Art. 6(1)(f) of the GDPR
 
Transfer of Data to Third Parties

Transfer of data to third parties is carried out only in accordance with legal requirements. We forward user data to third parties only if this is required, for example, by contract or on the basis of legitimate interest in the cost-effective and efficient operation of our business activities.

If we employ subcontractors for the provision of our services, we shall take the required legal precautions as well as the corresponding technical and organisational measures to ensure the safety of personal data in accordance with the applicable legal regulations.

 

Data Transfer to Third Countries or International Organisations

Third countries are those countries in which the GDPR is not a directly applicable law. This basically covers all countries outside the EU or the European Economic Area.

Data are transferred to a third country or an international organisation. It must be noted that there are relevant/corresponding warranties available and that you may exercise enforceable rights and effective legal remedies.

A copy of the corresponding warranties may be found at the following links:

 

Storage Duration of Your Personal Data

We adhere to the principles of data minimisation and data reduction. This means that we shall store the data you provided to us only so long as it takes to fulfil the above purposes or as required by various statutory storage periods. If the relevant purpose is not applicable, or the corresponding term expires, your data shall be routinely blocked or erased according to legal regulations.

 

Establishing Contact

You may contact us by phone at the number: +49 7164 9300 or by fax at the number: +49 7164 930297. If you contact us via our contact form or by e-mail, e.g. Datenschutz@wala.de, you agree to electronic communications. When you establish contact with us, personal data shall be collected. In the corresponding contact form, you may find which types of data are collected when using a contract form. Your data shall be sent using SSL encryption. The information you provide shall only be stored for the purpose of processing requests, posts or messages and for possible follow-up questions.

We would like to specify the relevant legal bases:

Processing in order to provide our services and implement contractual measures Art. 6(1)(b) of the GDPR
Processing in order to protect our legitimate interests Art. 6(1)(f) of the GDPR

 

We use a software to maintain customer data (CRM system) or a comparable software on the basis of our legitimate interests (efficient and fast processing of user requests). The system is operated by us in-house. Therefore, data are not transferred to third parties.

We would like to point out that any e-mails you send, including those you send to WALA, may be unknowingly read or modified without authorisation along the transmission path. We also emphasise that we use spam filter software. The spam filter may reject e-mails if some characteristics are mistakenly interpreted as spam.

 

What rights do you have?

a) Right of Access
You have the right to obtain free access to your stored data. Upon request, we shall inform you in writing, pursuant to the applicable law, on which personal data about you we have stored. This also includes the origin and the recipient of your data as well as the purpose of data processing.

b) Right to Rectification
You have the right to have inaccurate data concerning you, which is stored by us, rectified. You may also request the restriction of processing, e.g. when contesting the accuracy of your personal data.

c) Right of Blocking
Furthermore, you may have your data blocked. In order to consider the blocking of your data at any moment, the data must be kept in a locked file for control purposes.

d) Right to Erasure
You may also request the erasure of your personal data, provided there are no statutory retention periods. If such an obligation is applicable, we shall block your data upon request. If the required legal prerequisites are met, we shall erase your personal data even without your corresponding request.

e) Right to Data Portability
You have the right to receive the personal data concerning you, which you provided to us, in a format that enables transfer to another authority.

f) Right to Lodge a Complaint with a Supervisory Authority
You have the option to lodge a complaint with a supervisory data protection authority.


The state data protection and freedom of information officer of Baden-Wuerttemberg
Mailing address: Postfach 10 29 32, D-70025 Stuttgart
Home address: Königstraße 10a, D-70173 Stuttgart
Telephone: +49 711 615541–0
Fax: +49 711 615541–15
E-mail: poststelle@lfdi.bwl.de
Web: https://www.baden-wuerttemberg.datenschutz.de

You may access the complaint form via the following link:
https://www.baden-wuerttemberg.datenschutz.de/online-beschwerde

 

g) Right to Object

At any moment, you have the option to cancel the use of your data for internal purposes with future effect. To achieve this, you are only required to send an e-mail to datenschutz@wala.de. However, such a cancellation does not affect the lawfulness of the processing carried out up to that moment by us. This does not affect data processing in relation to any other legal bases, e.g. contract initiation (see above).

General

In order to ensure better comprehensibility, our privacy policy does not differentiate between genders. For the purposes of equal treatment, relevant terms apply to all sexes.

 

The meaning of the terms being used, such as “personal data” or “processing” may be found in Article 4 of the EU General Data Protection Regulation (GDPR).

 

Personal data of the user processed within the scope of this online offer include inventory data (e.g. name and address of customers and end users), contract data (e.g. utilised services, names of officers, payment information), usage data (e.g. visited websites of our online offer, interest in our products) and contact data (e.g. contact form entries).

 

“User” hereby comprises all categories of persons whose data are processed. These include, for example, our business partners, customers, end users, interested parties and other visitors of our online offer.

Specific

A. General

In order to ensure better comprehensibility, our privacy policy does not differentiate between genders. For the purposes of equal treatment, relevant terms apply to all sexes.

 

The meaning of the terms being used, such as “personal data” or “processing” may be found in Article 4 of the EU General Data Protection Regulation (GDPR).

 

Personal data of the user processed within the scope of this online offer include inventory data (e.g. name and address of customers and end users), contract data (e.g. utilised services, names of officers, payment information), usage data (e.g. visited websites of our online offer, interest in our products) and contact data (e.g. contact form entries).

 

“User” hereby comprises all categories of persons whose data are processed. These include, for example, our business partners, customers, end users, interested parties and other visitors of our online offer.

 

 

 

B. Specific

Privacy Policy

We warrant that we shall only collect, process, store and use your existing data in relation to the handling of your requests, posts or messages, as well as for internal purposes and for the provisions of services you requested and to provide content.

 

 

 

Bases of Data Processing

We process the user’s personal data only in accordance with the relevant data protection provisions. User data are processed only in the event of the following legally permissible instances:

 

to provide our contractual services (e.g. processing of orders) as well as online services

the processing is required by law

on the basis of your consent

based on our legitimate interests (i.e. interest in the analysis, optimisation and cost-effective operation and security of our online offer within the meaning of Art. 6(1)(f) of the GDPR, particularly when measuring reach, profiling for advertising and marketing purposes, as well as the collection of access data and use of third-party services)

We would like to show you where the above legal bases are regulated in the GDPR: 

 

Consent

Art. 6(1)(a) and Art. 7 of the GDPR

 

Processing in order to provide our services and implement contractual measures Art. 6(1)(b) of the GDPR

Processing in order to fulfil our legal obligations Art. 6(1)(c) of the GDPR

Processing in order to protect our legitimate interests Art. 6(1)(f) of the GDPR

 

Transfer of Data to Third Parties

Transfer of data to third parties is carried out only in accordance with legal requirements. We forward user data to third parties only if this is required, for example, by contract or on the basis of legitimate interest in the cost-effective and efficient operation of our business activities.

 

If we employ subcontractors for the provision of our services, we shall take the required legal precautions as well as the corresponding technical and organisational measures to ensure the safety of personal data in accordance with the applicable legal regulations.

 

 

 

Data Transfer to Third Countries or International Organisations

Third countries are those countries in which the GDPR is not a directly applicable law. This basically covers all countries outside the EU or the European Economic Area.

 

Data are transferred to a third country or an international organisation. It must be noted that there are relevant/corresponding warranties available and that you may exercise enforceable rights and effective legal remedies.

 

 

 

Storage Duration of Your Personal Data

We adhere to the principles of data minimisation and data reduction. This means that we shall store the data you provided to us only so long as it takes to fulfil the above purposes or as required by various statutory storage periods. If the relevant purpose is not applicable, or the corresponding term expires, your data shall be routinely blocked or erased according to legal regulations.

 

 

 

Establishing Contact

You may contact us by phone at the number: +49 7164 9300 or by fax at the number: +49 7164 930297. If you contact us via our contact form or by e-mail, e.g. Datenschutz@wala.de, you agree to electronic communications. When you establish contact with us, personal data shall be collected. In the corresponding contact form, you may find which types of data are collected when using a contract form. Your data shall be sent using SSL encryption. The information you provide shall only be stored for the purpose of processing requests, posts or messages and for possible follow-up questions.

 

We would like to specify the relevant legal bases:

 

Processing in order to provide our services and implement contractual measures Art. 6(1)(b) of the GDPR

Processing in order to protect our legitimate interests Art. 6(1)(f) of the GDPR

 

 

We use a software to maintain customer data (CRM system) or a comparable software on the basis of our legitimate interests (efficient and fast processing of user requests). The system is operated by us in-house. Therefore, data are not transferred to third parties.

 

We would like to point out that any e-mails you send, including those you send to WALA, may be unknowingly read or modified without authorisation along the transmission path. We also emphasise that we use spam filter software. The spam filter may reject e-mails if some characteristics are mistakenly interpreted as spam.

 

 

 

What rights do you have?

a) Right of Access

You have the right to obtain free access to your stored data. Upon request, we shall inform you in writing, pursuant to the applicable law, on which personal data about you we have stored. This also includes the origin and the recipient of your data as well as the purpose of data processing.

 

b) Right to Rectification

You have the right to have inaccurate data concerning you, which is stored by us, rectified. You may also request the restriction of processing, e.g. when contesting the accuracy of your personal data.

 

c) Right of Blocking

Furthermore, you may have your data blocked. In order to consider the blocking of your data at any moment, the data must be kept in a locked file for control purposes.

 

d) Right to Erasure

You may also request the erasure of your personal data, provided there are no statutory retention periods. If such an obligation is applicable, we shall block your data upon request. If the required legal prerequisites are met, we shall erase your personal data even without your corresponding request.

 

e) Right to Data Portability

You have the right to receive the personal data concerning you, which you provided to us, in a format that enables transfer to another authority.

 

f) Right to Lodge a Complaint with a Supervisory Authority

You have the option to lodge a complaint with a supervisory data protection authority.

 

 

The state data protection and freedom of information officer of Baden-Wuerttemberg

Mailing address: Postfach 10 29 32, D-70025 Stuttgart

Home address: Königstraße 10a, D-70173 Stuttgart

Telephone: +49 711 615541–0

Fax: +49 711 615541–15

E-mail: poststelle@lfdi.bwl.de

Web: https://www.baden-wuerttemberg.datenschutz.de

 

You may access the complaint form via the following link:

https://www.baden-wuerttemberg.datenschutz.de/beschwerde/

 

 

 

g) Right to Object

You have the right at any time to object to the processing of your data, which is processed on the basis of the legitimate interest of the person responsible for data processing. To achieve this, you are only required to send an e-mail to datenschutz@wala.de. However, such an objection does not affect the lawfulness of the data processing carried out up to that moment by us. This does not affect data processing in relation to any other legal bases, e.g. contract initiation (see above).

 

 

 

h) Right of withdrawal in the case of consent given

 

You have the right to revoke your consent to data processing at any time. However, such a revoca-tion does not affect the legality of the processing operations that have taken place up to that point. Data processing with regard to all other legal bases remains unaffected by this.

 

 

Protection of Your Personal Data

We employ contractual, organisational and technical safety measures, with due regard to the state of the art, in order to ensure adherence to the provisions of data protection laws and for the protection of data that we process against accidental or intentional manipulation, loss, destruction and access by unauthorised persons.

 

These safety measures especially include the encrypted transfer of data between your browser and our server. For this purpose, we use 256-bit SSL encryption (AES 256). This includes your IP address.

 

 

 

Your personal data are thereby protected under the following items (excerpt):

a) Maintaining confidentiality of your personal data

In order to keep the confidentiality of your personal data stored with us, we have taken various measures to control access and entry.

 

b) Maintaining integrity of your personal data

In order to maintain the integrity of your personal data stored with us, we have taken various measures to control forwarding and input.

 

c) Maintaining availability of your personal data

In order to maintain the availability of your personal data stored with us, we have taken various measures to control orders and availability.

 

The safety measures being used are constantly improved in line with technological development. Despite these precautions and due to the insecure nature of the Internet, we cannot guarantee the safety of your data transfer to our online offer. Consequently, any data transfer you perform to our online offer is at your own risk.

Data Processing when Opening a Customer Account and for Contract Performance

According to Art. 6 para. 1 item (b) of the GDPR, personal data shall be collected and processed if you provide them to us for the performance of a contract or the opening of a customer account. The respective entry forms may be inspected to determine which data are being collected. The deletion of your customer account is possible at any moment and may be carried out by sending a notification to the above-mentioned address of the responsible person. We store and use the data you provided for contract performance. After full performance of the contract or the deletion of your customer account, your data shall be blocked with regard to tax and commercial statutory retention periods and erased after the expiration of these periods, unless you have expressly consented to further use of your data or if we reserve the right to a legally permitted further use of data of which you shall be duly informed below.

 

Forwarding of Personal Data for Contract Performance

 

As part of contract performance, the personal data collected by us shall be forwarded to the transport company commissioned with the delivery, insofar this is necessary for the delivery of goods. To effect payments, we forward payment data to the commissioned credit institution.

 

If you have given us your express consent for this in the ordering process, we will give your e-mail address to our transport service provider in accordance with Art. 6 para. 1 item (a) of the GDPR before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. In case of delivery of the goods by DHL to Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, in case of delivery by GLS to General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1-7, 36286 Neuenstein.Otherwise, we will only pass on the name of the recipient and the delivery address to our transport service provider for the purpose of delivery in accordance with Art. 6 para. 1 item (b) of the GDPR. The disclosure is made only to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with the transport service provider or delivery notification is not possible. The consent can be revoked at any time with effect for the future to the person responsible named above or to the transport service provider.

 

Payment Methods

 

When paying via PayPal, by credit card via PayPal, by debit note via PayPal or, if offered, "Kauf auf Rechnung" (purchase on account) via PayPal, we shall forward the payment data, in order to effect payments, to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). PayPal reserves the right to conduct a credit report with regard to the payment methods including credit card via PayPal, debit note via PayPal or, if offered, "Kauf auf Rechnung" (purchase on account) via PayPal. The result of the credit check with respect to the probability of default on payment is used by PayPal to decide on the provision of the respective payment method. The credit report may include probability values (so-called score value). If score values are included in the results of the credit report, they are based on a scientifically recognized mathematical and statistical procedure. The calculation of score values includes, among other things, mailing address data. For further legal data protection information, which may also include the credit agencies used, please refer to the privacy policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

 

If you decide to use the payment service provider Stripe for credit card payment, SOFORT Überweisung or giropay/paydirekt, the payment shall be effected by the payment service provider Stripe Payments Europe, 1 Grand Canal Street Lower, IRL Dublin, to whom we shall forward the information communicated during the ordering process along with the information about your order. Your data is forwarded exclusively for the purpose of effecting payments via the payment service provider Stripe.

 

Sofortüberweisung

When paying using SOFORT, we immediately receive the transfer credit note. For this purpose, you shall provide SOFORT GmbH (Sofort GmbH, Theresienhöhe 12, D-80339 München) with the bank account number, bank code, PIN and TAN via the secure payment form which we cannot access. SOFORT GmbH provides automated and real-time transfer to your online bank account. The due purchase amount shall be transferred immediately and directly to our bank account. If you choose the Sofortüberweisung payment method, a pre-filled form shall open at the end of the ordering process containing our bank details. The due transfer amount as well as the purpose of use shall also be entered. In the form you must specify the country in which the online banking account is located and the bank code. In order to execute the Sofortüberweisung transfer, you must enter the account number and PIN to log in to the online banking account and provide confirmation by entering the TAN. The transaction shall be confirmed immediately. In general, every user may choose Sofortüberweisung as their payment method, if they have an active online banking account with a PIN/TAN procedure. Take note that certain banks do not have the Sofortüberweisung option available. For further information, please refer to the provider's website: https://www.klarna.com/sofort

 

Credit card

A simple and fast processing of your order is guaranteed when paying with a credit card. All you have to do is enter your credit card number and the 3–4-digit control number on the back of the credit card and the date on which the credit card expires. If your credit card is protected by the MasterCard 3D-Secure or Verified by Visa systems, you will be redirected to a secure website of your credit card issuing bank where you will have to enter the protection code. As soon as the credit card is accepted, the payment shall be considered as effected. The shipping of your items will be activated as soon as the credit card is accepted.

 

Giropay/Paydirekt

Based on online banking with PIN and TAN numbers, it enables you simple, fast and secure payment using online money transfer. To use Giropay, you only need an online banking giro account at a participating bank or savings bank. Giropay allows you to conduct your online money transfers in the secure online banking environment of your credit institution. This guarantees that sensitive data (PIN/TAN) shall only be exchanged between you and the bank. No third person shall have insight in the personal account and turnover information.

Giropay operates in the following manner: If you decide to pay using Giropay, you will be safely directed to the online banking system of your bank or savings bank after entering your bank code. There you will log in as usual with your access data. Having successfully logged in, a pre-filled money transfer order shall automatically be displayed, already containing all the details of the purchase: invoice amount, reason for payment and bank code of the dealer. You authorize the money transfer by entering TAN. Directly after a successful money transfer, we shall receive a payment guarantee from your bank and be able to send the goods immediately, depending on availability.

 

Klarna (Purchase on invoice)

We offer the possibility for our customers to select the payment service provider Klarna for payment. In this case, the payment is processed via Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). The personal data (first name and surname, street, house number, postcode, town, gender, e-mail address, telephone number and IP address) of our customers, as well as data relating to the order (e.g. invoice amount, article, delivery type) are passed on to Klarna for the purpose of checking identity and creditworthiness, insofar as consent has been expressly given in accordance with Art. 6 Para. 1 lit. a) GDPR during the ordering process. The credit agencies to which personal data may be forwarded as part of the credit check can be viewed here:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.

The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship.

The consent can be revoked at any time by sending a message to WALA Heilmittel GmbH or to Klarna. However, Klarna may still be entitled to process the personal data if this is necessary for the contractual processing of payments.

Further information on the processing of data by Klarna can be found at the following link: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

Data Processing during Rating of Dr. Hauschka Products in the Web Shop

You can rate our Dr. Hauschka products. For this purpose, you shall enter in the contact form your name, e-mail address and IP address, a summary of your topic and your rating in the form of stars (1-5) and your opinion, if necessary. 

 

 

All participants are required to give their surname, name and e-mail and IP address, so that serious forum posts may be posted on the forum. Your e-mail address will not be disclosed. By pressing the “Informed consent” button, the participant provides their consent for the collection and processing of data, which may be health data. The participant makes these willingly available to WALA for release. WALA Heilmittel GmbH collects, processes and uses your personal data expressly to operate the rating forum and stores them to document the forum posts. Ratings and posts are also occasionally published on this online offer, e.g. for product advertising. Personal data shall not be made available to third persons. 

 

 

Your rights as a participant in the ratings forum: You may request information regarding which data are stored about you. You may request the rectification, erasure and blocking of your personal data, provided this is legally permissible and possible under an existing contractual relationship. You may object to prevent (further) publication of your own posts. You may also withdraw your consent for the storage of your data at any moment. In these cases, you may send your objection to the following address: datenschutz@wala.de