Privacy Policy

Welcome to our website and thank you very much for your interest in our company. Protection of your personal data is of highest priority in our company. We process your data in accordance with applicable personal data protection legislation, in particular the GDPR and the German Federal Data Protection Act (BDSG) which provide comprehensive information about the processing of your personal data executed by PhytoLab GmbH & Co. KG and your rights as a data subject.

Personal data is any information enabling to identify a natural person. This includes, in particular name, date of birth, address, telephone number, email address and IP address. Anonymous data is present if no personal reference to the individual/user can be made.

Responsible body and data protection officer

Address	PhytoLab GmbH & Co. KG Dutendorfer Str. 5-7 91487 Vestenbergsgreuth
Contact information	Tel: +49 9163 88-216 Fax: +49 9163 88-349 E-Mail: welcome@phytolab.de
Contact data protection officer	privacy@phytolab.de

Your rights as a data subject

We would first like to notify you on your rights as a data subject. These rights are set out in Articles 15 - 22 GDPR and consist of:

• The right of access (Art. 15 GDPR)
• The right to rectification (Art. 16 GDPR)
• The right to data portability (Art. 20 GDPR)
• The right to object to data processing (Art. 21 GDPR)
• The right to erasure / right to be forgotten (Art. 17 GDPR)
• The right to restriction of data processing (Art. 18 GDPR)

To exercise these rights, please contact: privacy@phytolab.de. The same applies if you have any questions on data processing in our company or to withdraw your consent. You also have a right of appeal to a data protection supervisory authority.

Please note the following with respect to your right to object:

When we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing.

If you object to the processing for direct marketing, we will no longer process your personal data for such purposes. The objection is free of charge and can be made informally, preferably but not exclusively to: privacy@phytolab.de

Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons from your specific situation; this also applies to profiling based on these provisions.

We will then stop to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that prevail over your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

Purposes and legal bases of data processing

The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection sources of law. Legal bases for data processing arise in particular from Art. 6 GDPR.

We use your data to initiate business, to fulfil contractual and legal obligations, for the contractual relationship, to offer products and services and to consolidate customer relationships, which may include marketing and direct marketing.

Your consent may also constitute legal basis for data processing. In this regard, we will inform you of the purposes of data processing and the right to withdraw your consent.

Data transfers / Disclosure to third parties

We will transmit your data to third parties solely within the scope of statutory provisions present or based on consent. In any further case, information will not be transferred to third parties unless we are obliged to by mandatory legal regulations.

Data recipients

In our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.

Transfers to third countries

A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if required by law or if you have provided your consent. We currently do not transfer your personal data to service providers or group companies outside the European Economic Area.

Period of data storage

We are storing your data for as long as such is required for the relevant processing purposes. Please note that numerous retention periods require data to be stored for a specified period of time. This relates in particular to retention obligations for commercial or fiscal purposes. The data will be routinely deleted after use unless a further retention is mandatory.

Should you create a personal user account in our web-shop, we will automatically delete it, if the account has been inactive for a period of three years beforehand.

We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is 3 years.

Secure transfer of data

We implement the appropriate technical and organisational security measures to ensure the optimal protection of the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The data exchange to and from our website is encrypted. We provide HTTPS as a transfer protocol for our website, and always use the latest encryption protocol.

Obligation to provide data

A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our website. Please note that it will not be possible to process your request or execute the underlying contractual obligation without this information.

Data categories, sources and origin

The data we process is defined by the relevant context:

When you visit our website we may process:

• Name of the Internet service provider
• Referrer-URL
• Web browser and operating system used
• The IP address allocated by your Internet service provider
• Files accessed, volume of data transferred, downloads/file export
• Information on websites accessed on our site, including date and time
• Information on your login-status

When you create a user account or place an order we may process:

• Name, Surname (eventually: title)
• Delivery address, Invoice address
• E-mail address, Telephone number, Fax number
• Billing address (Entity, Postal address, VAT-Identification-number)
• Guest-order-status
• Access data (Username / password)

Automated decisions

We do not use completely automated processing to make decisions.

Web shop (Article 6 (1) lit b GDPR)

We process the data provided by you within the scope of the order form solely to execute and fulfil the underlying contractual relationship, unless you agree to a further use. The principle of data minimization is observed here.

Registration / Customer account (Article 6 (1) lit a, b GDPR)

Users can provide personal data to enable them to register on our website. This enables you to view your order history and save your data for your next order. You may also order as a guest without creating a user account.

Online offers to children

Persons under the age of 16 years may not submit personal data to us or give a declaration of consent without the authorisation of their legal representative.

Marketing purposes (Article 6 (1) lit f GDPR)

PhytoLab GmbH & Co. KG is interested to nurture the customer relationship with you and to send you information and offers about our products and services. You may object to the use of your personal data for the purpose of direct marketing at any time. You can withdraw your consent at any time free of charge and informally via any communication channel.