Integritetspolicy

Babor är måna om våra kunders personliga integritet. Ta gärna några minuter av din tid och läs igenom denna text som förklarar vilka personuppgifter vi sparar, hur vi använder dem och vilka rättigheter du har. Hut.com Limited äger de personuppgifter som samlas in via eller i samarbete med babor.se och alla associerade webbsidor (“sajten”).

Integritetspolicy

Data Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

PLEASE READ THESE INSTRUCTIONS CAREFULLY

Last updated 11th of May 2021

Dr. Babor GmbH & Co. KG (hereinafter also referred to as "BABOR" or "We") appreciates your visit to our web store and your interest in our company and our products. The protection of your personal data and the confidential treatment thereof is an important concern for us. Internal guidelines and processes in our company are designed to ensure a consistently high level of data protection with regard to our customers.With this in mind, we would like to inform you below about the categories of personal data we collect about you when you visit and use our Webshop,how we use this data and, under certain circumstances pass it on to third parties.

Please read this policy carefully to understand the applications and processes BABOR uses with respect to your information and how we treat it. The privacy notices are adapted from time to time. We therefore recommend that you view it regularly.

CONTROLLER FOR DATA PROCESSING ON THE WEB PAGES

"Controller" for the processing of your data in connection with the visit of our Webshop as well as the use of information services related to our products is:

Dr. BABOR GmbH & Co KG
Neuenhofstraße 180
52078 Aachen
Phone: + 49 (0) 241 / 5296 - 0
Fax: + 49 (0) 241 / 5296 - 175
E-mail: service@babor.de 
Internet: www.babor.de

"Controller" for the processing of your data in connection with the purchase of one of our products as well as the payment processing is:

The Hut.com Limited

5th Floor, Voyager House, Manchester Airport, Manchester, M90 3DQ.

The representative of The Hut.com Limited in the EU according to Art. 27GDPR is:

The Hut.com Limited

5th Floor, Voyager House, Manchester Airport, Manchester, M90 3DQ.

CONTACT TO THE DATA PROTECTION OFFICER

If you have any questions about this data protection information or the processing of your personal data, you can contact our data protection officer:
E-mail: datenschutz@babor.de 

Details of the web host/location of the web pages:

Our BABOR Webshop is maintained and provided by:

The Hut.com Limited

5th Floor, Voyager House, Manchester Airport, Manchester, M90 3DQ(THG).

The web host receives the data as a Processor of BABOR on the basis of correspondingly concluded data protection agreements.

WHAT INFORMATION WE COLLECT & HOW WE USE IT

In general, we collect and use personal data of our Users and Customers only to the extent necessary to provide a functional website and our content and services. First, your data is collected when you provide it to us. This may be data that you provide to us when you contact us.

Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view).

STORAGE AND DELETION

Data processed by us will be deleted in accordance with the statutory provisions as soon as it is no longer required for the purposes for which it was collected or as soon as any consent granted is revoked unless we are obliged or entitled to retain the data beyond this period due to statutory obligations (e.g. retention periods under commercial or tax law) or in order to pursue legal claims or other legitimate interests. In this case, processing is limited to these purposes (as opposed to deletion) in the form that the data is blocked and not processed for other purposes. For more information on the deletion of personal data, please refer to the individual explanations in this data protection notice.

SECURITY

We secure our websites and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In particular, your data is transmitted in encrypted form. We use the SSL (Secure Socket Layer) encryption system. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock in your browser line. No Internet transmission is ever completely secure or error-free. E-mail sent to or from our websites may not be secure. Therefore, use special care when deciding what information to send to us via e-mail.

RIGHTS AS A DATA SUBJECT

If you are a resident of the European Union or otherwise a data subject covered by the European Union's General Data Protection Regulation (GDPR) or similar national laws, in addition to the processing activities described in this Privacy Notice, you have extended rights in relation to your personal data. On the one hand, you have a comprehensive right to information and, if necessary, you can request the correction and/or deletion and/or blocking of your personal data. On the other hand, you may request restriction of processing if the relevant conditions are met and have a right to object and a right to data portability. If you wish to assert any of your rights or would like to receive more detailed information, please contact us via e-mail.

Finally, you also have the right to lodge a complaint with the supervisory authority responsible for us (Art. 77GDPR).

specifically: Right of objection, Art. 21GDPR

You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons. If we process your data to protect legitimate interests (Art. 6 para. 1 lit. fGDPR), you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

DATA PROCESSING OUTSIDE THE EUROPEAN UNION/EUROPEAN ECONOMIC AREA

Please note that data you enter on our websites in the European Union may be processed outside the EU.

The ruling of the European Court of Justice C-311/18 ("Schrems II") has declared the EU-U.S. Privacy Shield Framework invalid.Many service providers, including Google for example, previously relied on this framework when processing data.According to this ruling, there is no level of protection in the U.S. for EU data subjects that corresponds to the level of protection required under the GDPR due to the intelligence activities of the U.S. authorities. The increased requirements for data transfers set out by the EU Court of Justice in the ruling affect not only the USA but also all other states outside the EU/EEA.

Since the Schrems II ruling, BABOR has reviewed - and where possible already adapted -contracts with service providers and partners with regard to the transfer of data to third countries, in particular by concluding so-called standard contractual clauses ("SCCs") in accordance with Art. 46 para. 2(d) of the GDPR, and where necessary is still in the process of exchanging information on necessary amendments with regard to the SCCs.

Against this background, please note that despite the greatest possible care on our part, it is possible that your data may be processed by service providers in third countries that do not offer an adequate level of data protection comparable to the European standard and that no corresponding guarantees exist to establish such a level. This applies in particular to the use of cookies and other third-party applications for marketing and analysis purposes.

If you wish to prevent the described risks, especially when using third-party applications/cookies, you can do so at any time via the settings of our cookie banner by operating the"Use only necessary cookies" button.

DATA PROCESSING DURING THE PROVISION OF THE WEB PAGES AND STORAGE IN LOG FILES

When you visit the websites, they automatically collect information about the computer or mobile device you are using, which may allow identification. The following data is collected and stored temporarily, also in so-called log files:

  • Date and time of access;

  • IP address of the user;

  • Host name (Internet Service Provider or ISP) of the accessing computer;

  • Website from which our website was accessed (referrer URL);

  • Visited page on our websites:

  • Message whether the retrieval was successful;

The temporary storage of data is necessary for the duration of your visit to enable the delivery of the Webshop content. For this purpose, the IP address of the user must necessarily remain stored for the duration of the session. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems (e.g. for attack detection). An evaluation of the data for marketing purposes does not take place in this context. The data collected for marketing purposes is discussed below.

Legal basis for data processing

The processing of the data is based on Art. 6 (1) lit. fGDPR to protect our legitimate interests as the responsible website operator to deliver our website content and to ensure the security of our systems.

Recipient of the data

The website is hosted by The Hut.com Limited.(see above details of the web host). The host receives the above data as a Processor.

Data processing outside the European Union/European Economic Area

Our websites are hosted in UKs.(Data transfer is based on EU standard contractual clauses.)

Storage and deletion

The weblog files are stored for limited time up to 14 days and are only accessible to the administrators of the websites.

CONTACT VIA THE WEB PAGES

Our web pages contain information and functions that allow you to contact us by e-mail or contact form. If you contact us by e-mail or other electronic means, the personal data you provide (e.g. name,e-mail and request)will be stored automatically. We will process this data in order to communicate with you regarding your request. If you use the contact form on our websites for your inquiry, you will be asked for your consent to the storage and use of your personal data beforehand. This personal data will not be passed on to third parties.

In addition to our contact form and the possibility to contact us by e-mail, you have the possibility to conduct a live chat with an employee during your visit to the Webshop, who will be happy to answer your questions about our products and their application. Thereby, such data of you will be processed that you enter in connection with the chat. If you are registered, your data can be linked to your user account. When using the chat, a so-called chat protocol is created and stored.

Legal basis for data processing

The legal basis for the processing of this personal data is based on Art. 6 para. 1 lit.b(questions in connection with an order)and lit.fGDPR. Our legitimate interest within the meaning of Art. 6 (1) lit. fGDPR is the implementation of communication with you and the provision of relevant information. For contacting us via a web form, the legal basis of the processing is Art. 6 para. 1 lit. a GDPR.

Recipient of the data

Within our company, only those persons and offices receive your personal data that require it to fulfill the a forementioned purposes.For the provision and advice via the chat function, we use the services of our contractual partner "THG/The Hut.com". This receives your data in this case as a Processor of BABOR.

Storage and deletion

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data that was transmitted to us in the above-mentioned manner, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified. In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.

If the user contacts us in one of the ways mentioned here, he can object to the processing of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case, unless there is a legal obligation to retain such data.

REGISTRATION AND CREATION OF A USER ACCOUNT

In order to register or create a user account, certain information is required from you. Mandatory fields are marked accordingly. Without providing these fields, the account cannot be created. The following information is required:first and last name and email address. In addition, a password is required to provide you with secure access once the account has been created. We use the email address and password to identify you each time you log in. The email address is also used to communicate with you in connection with your user account and, if necessary, to send you a new password.

Legal basis for data processing

If you provide registration and login information, we process your data to carry out pre-contractual measures. The legal basis for data processing in the context of registration is the necessity for the implementation of pre-contractual measures(Art. 6 para. 1 lit bGDPR).

Recipient of the data

Within our company, only those persons and offices receive your personal data that require it to fulfill the aforementioned purposes. In so far as you place orders as a registered user, the data will be processed by our contractual partner The Hut.com Limited as the Controller for the purchase and payment processing. See in detail the section "Ordering in the Webshop".

Storage and deletion

The registration and login data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case with the data collected during registration if we collect and store the data for the fulfillment of a contract or for the implementation of pre-contractual measures. Even after the conclusion of a contract, however, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations (e.g. tax retention obligations). Within the framework of a registered user account, however, you also have the option at any time to manage your data yourself, to change it and - insofar as it is no longer required - also to delete it.

ORDERING IN THE WEBSHOP

You can order products using the shopping cart function in the Webshop. To do this, you must register in advance, providing the information necessary for processing, or log in as an already registered user with your access data (see the section "Registration and creation of a user account").

As soon as you place an order, our contractual partner "The Hut.com Limited"
receives and uses your registration data to process the order as well as related payment, payment methods and transport. The purchase contract is also concluded with The Hut.com Limited.Our contractual partner receives the registration data for the execution of the contractual relationship (Art. 6 para. 1 lit.bGDPR). In the context of the order, payment, payment option and transport processing,The Hut.com Limited acts to this extent as its own Controller within the meaning of Art. 4 No. 7 GDPR and we point out that from this moment on we usually have no further influence on the processing of your personal data. Against this background, you are requested to take note of and accept the terms and conditions as well as data protection provisions of our contractual partner before submitting your order.

Information on the terms and conditions and data protection provisions of The Hut.com Limited can be viewed in advance and at any time at:

Privacy Policy - The Hut Group (THG)
(MARKETING-)COMMUNICATION/NEWSLETTER.

BABOR collects certain personal data on our websites in order to communicate with you via newsletters and other infomailings. We send newsletters by e-mail, usually to the e-mail address you provided during registration. In addition, you also have the option to sign up for the newsletter with your email without registration beforehand.

For the newsletter, we use a double opt-in process, in which you receive a confirmation e-mail and must click on the confirmation link in this e-mail to receive the information you requested. If you later no longer wish to receive our newsletter, you can revoke your consent at any time with effect for the future by clicking the unsubscribe link that you will find in each newsletter or by notifying us by e-mail. The information collected via the newsletter or the collection of information will be stopped immediately. Information associated with your customer account will remain until the account is deleted.

If you have placed an order in our Webshop, we may subsequently send you customer information by e-mail informing you of other products that match your order. You can object to such promotional contact at any time in accordance with Art. 21GDPR (see section above "Rights as a data subject"). You can send your objection informally by e-mail to us or also use the objection link in the customer information sent to you.

Legal basis for data processing

The legal basis for the processing of your data when registering for the newsletter is Art. 6 para. 1 lit. a GDPR, your consent. The sending of customer information is done in our legitimate interest to inform you about the ordered or similar products of BABOR in the context of a customer relationship. The legal basis for this is Art. 6 para. 1 lit. fGDPR.

Recipient of the data


Within our company, only those persons and offices receive your personal data that need them to fulfill the a fore mentioned purposes. For sending the newsletter, we use the services of our contractual partner "The Hut.com Limited". In this case, the service provider receives your data as our Processor.

Storage and deletion


We use your data as long as you do not revoke your consent or object to the processing, unless legal obligations or legitimate interest justify further retention.

COOKIES AND OTHER TRACKING TECHNOLOGIES

In order to improve the user experience when visiting our websites and to enable certain functions (including the display of suitable products and market research), we use cookies on various pages of our websites. Cookies are small data packages (text files) that are automatically stored on your terminal device.

Storage and deletion

Some of the cookies we use are deleted at the end of the browser session (so-called session cookies). Other cookies remain on your terminal device and enable us to recognize your browser the next time you visit our websites (persistent cookies). The cookie data processed by us will be deleted in accordance with the statutory provisions as soon as it is no longer required for the purpose for which it was collected or consent granted is revoked, unless we are obliged or entitled to retain the data beyond this period due to statutory obligations (e.g. retention periods under commercial or tax law) or in order to pursue legal claims or other legitimate interests. In this case, processing (as opposed to deletion) is limited to these purposes in the form that the data is blocked and not processed for other purposes. The duration of storage can be found in detail in our Cookie Policyas well as in the notes on third-party providers (see links below).

What data is processed?

Which data is processed in detail and for which purposes depends on which cookie is used. Detailed information about how the cookie works and what data is processed can be found in our description of the respective cookie andthird-party providers.

Legal basis for data processing

The use of strictly necessary cookies (i.e. those without which our website would not function properly) serves to protect our legitimate interests in a functional and optimized presentation of the websites, including their security and stability (Art. 6 para. 1 lit. fGDPR), which prevail in the context of a weighing up of interests.

In so far as we use cookies that are not strictly necessary for the operation of this website, we require your prior consent to the use of these cookies.

We obtain this consent via a cookie banner when you visit our site for the first time. Here you have the option to allow or object from using the listed cookies. You may not be able to use all the features of our website if you do not give your cookie consent. The display of the website may also suffer as a result.

You can view the cookies used on the Websites and reject any cookie category (except for strictly necessary cookies) by clicking the "Cookie Settings" button at the bottom of the manage.

Third party cookies

When using third-party IT services or tools, the cookies used are usually stored and processed by the respective third party, whereby these third parties may in turn make use of service providers who support them in the provision of their services and who may also receive the data collected by the cookie in this context. For detailed information on third-party cookies used by us, please refer to the information on the individual third-party providers and the cookie list below.

GOOGLE SERVICES

The websites use web services provided by Google.This information applies to all web services that we use on our websites and that are provided by Google.

If you are a resident of or otherwise subject to the jurisdiction of the European Union, the European Economic Area or Switzerland, these services are provided by Google Ireland Ltd. ("Google"), a company incorporated and organized under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.

Data processing outside the European Union/European Economic Area

Since Google operates servers around the world, it is possible that personal data from the EU will be transferred to Google, LLC, in the United States. Please also read the above detailed information on "Data processing outside the European Union".

For more information about the processing of personal data by Google, please refer to Google's privacy policy and its terms and conditions.

Legal basis for data processing

Data that we collect via cookies or similar in connection with the use of Google services, we process only with your express consent (Art. 6 para. 1 lit. a GDPR), which we obtain in advance via our cookie banner. Your consent is voluntary and you can revoke or restrict it at any time by changing your settings in the Cookie Settings in the footer of the website accordingly.

Google Analytics

Google Analytics, a Google product, collects information about how often users visit websites, which pages they visit, and which other websites they opened before visiting. Google uses the collected data to track and study the use of the websites, to create reports about its activities and to share them with other Google services. Google may use the data collected on the websites to contextualize and personalize the ads of its own advertising network. Google has limited ability to use and share the information collected by Google Analytics about your visits to the Websites.

The current terms of use as well as explanations regarding the data protection of Google Analytics can be found in Google's privacy policy and the terms of use of Google Analytics.

Google Tag Manager

We use the Google Tag Manager on our websites. The Google Tag Manager is a service of Google Inc. Please also see our general notes on the use of Google services.

Google Tag Manager allows us to integrate various codes and services on our website in an orderly and simplified manner. Google Tag Manager implements the tags or "triggers" the embedded tags. When a tag is triggered, Google may collect and process information (including personal data). In doing so, Google may transfer the information to a server outside the European Union, including the United States.

In particular, the following personal data are processed by Google Tag Manager:

-Online identifiers (including cookie identifiers)

-IP address

For more information about Google Tag Manager, see Google's Privacy Policy and Terms of Service.

Google reCAPTCHA

Google reCAPTCHA is a service from Google that allows website operators to check whether a user on their site is a human or a bot. Our websites use Google reCAPTCHA. Please see our general notes on the use of Google services.

The reCAPTCHA deployment is designed to ensure that bots do not automatically interact on the website, thus protecting individual web pages from spam software and abuse by non-human visitors. reCAPTCHA collects personal data from website visitors to determine whether the actions on the visited website originate from humans. The IP address and other data required by Google for the reCAPTCHA service are sent to Google. In addition to login data, this can include mouse and keyboard behavior and JavaScript objects, for example. According to Google, the IP address is not merged with other data from Google, unless the visitor is logged in with his Google account while using reCAPTCHA.

With the integration of Google reCAPTCHA on our websites, your data will be collected and stored by Google. Since we cannot prevent Google from starting to collect and process data before you answer the reCAPTCHA request, we also ask you for your consent to our use of the Google reCAPTCHA service as part of our cookie consent request. The reCAPTCHA script will only be loaded if you give your consent. For security reasons, we can only offer our service, which integrates the reCAPTCHA function, if you answer the reCAPTCHA query.

For more information about Google reCAPTCHA, please see Google's Privacy Policy and Terms of Service.

(Google) YOUTUBE

From time to time, we embed YouTube videos in our Webshop to better inform you about some of our products and services. This service is provided by Google ("Provider"). Therefore, please also note our general notes on the use of Google services here.

For videos from YouTube that are embedded on our site, the extended data protection mode, which is provided by YouTube itself, is activated. According to the provider, this means that no information about website visitors is collected and stored by YouTube unless they play the video.

When you play a video embedded on our site, your data is collected and stored by YouTube. Before playing the video, you will receive a corresponding notice about the processing of your data.

When a YouTube video is played, the IP address and other credentials of the website visitor are transmitted to YouTube, including information about which of our websites the user has visited.

However, this information cannot be assigned to a specific website visitor unless the visitor has logged in to YouTube or another Google service (e.g. Google+) or is permanently logged in before viewing the page.

When playback of an embedded video is started by clicking on it, YouTube only stores cookies on the user's device via the extended data protection mode, which do not contain any personal data unless the website visitor is currently logged in to a Google service.

Legal basis for data processing

Starting the playback of an embedded YouTube video by active action of the website visitorit is considered by us as consent to the possible transfer of data to YouTube (Google) through the advance information of the website visitor and the use of the extended data protection mode, Art. 6 para. 1 lit. a GDPR.

For more information, see YouTube's privacy policy.

DYNATRACE

Dynatrace, a service provided by Dynatrace LLC, headquartered in Waltham, Massachusetts, USA, provides insights into the performance of the respective web application and the navigation of the users of our web store. Dynatrace collects data such as W3C timings, button clicks, link clicks, JavaScript errors, browser types, and geographic regions. This allows us to improve respective offers and fix functional problems. Dynatrace uses different cookies for this purpose, which you can find in the cookie list below.

Legal basis for data processing

Data that we collect via cookies or similar in connection with the use of Dynatrace services, we process only with your express consent (Art. 6 para. 1 lit. a GDPR), which we obtain in advance via our cookie banner. Your consent isvoluntary, and you can revoke or restrict it at any time by changing your settings in the Cookie Settings in the footer of the website accordingly.

For more information about Dynatrace, please see their privacy policy.

METRICSThe Hut.com Limited

To analyze the reach and performance of our Webshop, we use "metrics" from our contractual partner The Hut.com Limited. Through the use of such cookies, we can, for example, count the visits to our website and track from which other websites a redirection to our website took place. This analysis tells us which parts of our website are the most popular, which are the least used, and how visitors move around our websites. This allows us to improve the performance of the website and optimize the content. We also try to measure the reach and success of marketing measures.

Legal basis for data processing

Data that w e collect via cookies or similar in connection with the use of metrics, we process only with your express consent (Art. 6 para. 1 lit. aGDPR), which we obtain in advance via our cookie banner. Your consent is voluntary and you can revoke or restrict it at any time by changing your settings in the Cookie Settings in the footer of the website accordingly.

For more information on Metrics from The Hut.com Limited, click Privacy Policy - The Hut Group (THG)

COOKIE LISTING (COOKIE LIST)


MINORS

It is important to BABOR to protect the online privacy of minors. Our offer and our websites are generally not directed at minors (under 18). If you believe that we have inadvertently received personal data from a minor before the age of 18, please contact us at datenschutz@babor.de.

INFORMATION/QUESTIONS ON DATA PROTECTION

Please feel free to contact us at any time using the contact details above or via datenschutz@babor.de to request information about the personal data you have provided to us, to correct it or to delete it.We may not be able to honor a request to access, amend or delete information if we believe that doing so would violate a law or legal requirement, the information is not accurate, or we are not legally required to do so.

CHANGES TO OUR PRIVACY NOTICE AND COOKIE POLICY

BABOR is committed to posting any changes to the Privacy Policy on this page. Therefore, please visit this page regularly for the latest information on data protection.