PRIVACY POLICY

1. Data privacy information
2. This privacy policy informs you about the processing of your personal data in connection with the use of our website and the functionalities made available through it, e.g. the possibility to contact us. For security reasons and to protect the transmission of personal data and other confidential contents (e.g. orders or inquiries to the responsible person), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

2. Responsible person and data protection officer
(1) Die für die Verarbeitung Ihrer Daten gemäß der Datenschutz-Grundverordnung („DS-GVO“) Verantwortliche ist die Gelita Health GmbH („Gelita Health“), Uferstraße 7, 69412 Eberbach, Tel: 0 62 71 – 84-1605, Fax: 0 62 71 – 84-1650, E-Mail: service.health@gelita.com.
(2) Data protection officer is Jürgen Heck, Datenschutz@gelita.com.

3. Purpose, legal basis and duration of the processing of personal data
(1)During the informational use of the website, the following data is collected by us: log data, such as the IP address currently used by your computer, date and time of the request, information about the browser you are using (description of type, language and version), the operating system of your computer, the pages you viewed, GMT time zone difference, access status/http status code, amount of data transferred in each case and the website from which the request originated. Gelita Health stores this data with its provider in a log file. The data is deleted immediately as soon as the purpose or legal basis for storage ceases to apply. The IP address is anonymized and deleted after 8 weeks. The legal basis for this data processing is our legitimate interest according to Art. 6 (1) f) GDPR to provide you with a functioning website.
(2) During the order processing we collect data in addition to the data mentioned in paragraph 3 (1): first name and surname, address, e-mail address, content of the ordered products, payment data. The legal basis for the processing is Art. 6 (1) b) GDPR, in order to process the fulfilment of the purchase of goods to be concluded with you. The data will be deleted, as far as they are used for accounting purposes, after 10 years or 6 years (§ 147 German Tax Code, § 257 German Commercial Code). In particular, if you select your desired product(s), place them in the shopping cart and call up the shopping cart to view the selection, we collect data in addition to the data mentioned in item 3 (1): Content of the ordered products. If you log in to your customer account, we collect the following data in addition to the data mentioned in section 3 (1): Customer name, e-mail, password . If you order as a guest, we collect the following data in addition to the data mentioned in section 3 (1): no more data. In the course of processing the order we collect in addition to the data mentioned in number 3 (1): Invoice and delivery information, i.e. first name and surname, invoice address, delivery address, e-mail, payment information]. You have the possibility to choose between different payment methods:

a. (6) It is possible to pay with the payment service Paypal. PayPal makes it possible to make online payments to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process is automatically transmitted to PayPal. In addition to the data mentioned in paragraph 3 (1), this is regularly the following: first name and surname, e-mail, payment amount, payee. The purpose of this transmission is the payment of the shopping cart as well as the identity and credit check. PayPal may also pass on your data to third parties if this is necessary to fulfill the contractual obligations. For this purpose Paypal has taken specific measures to ensure the protection of your personal data. In particular, if your personal data is transferred within companies affiliated with PayPal, the binding company rules approved by the relevant supervisory authorities apply. PayPal’s privacy policy can be viewed at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/. The legal basis for data processing is Art. 6 para. 1 b) GDPR. b) DSGVO.

b. It is possible to make the payment by credit card. The processing is carried out by the payment service provider Stripe Payments, to whom we pass on the information you provide during the ordering process together with the information about your order (first name and surname, address, credit card number, verification number, invoice amount, currency and, if applicable, transaction number). Your data will be passed on for payment of the purchase price and for the purpose of payment processing with Stripe Payments. For more information about Stripe’s privacy policy please refer to the URL https://stripe.com/de/privacy#translation. Legal basis for the data processing is art. 6 para. 1 b) GDPR. (3) When using the protected customer area, the following data will be processed by us in addition to the data mentioned in item 3 (1): e-mail address. If product purchases are made, the following data will also be processed by us in addition to the data mentioned in number 3 (1): first name and surname, delivery and invoice address, e-mail address, content of the ordered products including purchase prices, payment data including the payment method used. The legal basis for this processing is the user relationship concluded with you in accordance with Art. 6 (1) b) GDPR. We process your personal data from the protected customer area as long as you have a customer profile with us. You can unsubscribe by sending us an e-mail to service.health@gelita.com. From the receipt of the e-mail, we will delete your personal data concerning your user profile within fourteen (14) days. The data from the product purchases, as far as they are used for accounting purposes, will be deleted after 10 years or 6 years (§ 147 German Fiscal Code, § 257 German Commercial Code ).

4. Recipient
(1) Within the scope of informational use, employees of Gelita Health are granted access to your personal data who are responsible for the technical administration, maintenance and further development of the website. In this context, we also transfer your personal data to external service providers, in particular to our logistics partners and the agencies responsible for the dispatch warehouse and order processing. Within the scope of order processing, their employees also receive access to your data.
(2)  Within the scope of using the protected area, employees of Gelita Health are granted access to your personal data, who are responsible for processing the respective transaction. In this context, we also transfer your personal data to external service providers, in particular to our logistics partners and the agencies responsible for the dispatch warehouse and order processing. Within the scope of order processing, their employees also receive access to your data.
(3) The personal data necessary for order processing will only be passed on to external service providers to the extent necessary for order processing. The service providers will only act in accordance with our instructions and have been contractually obliged to comply with the data protection regulations in accordance with Art. 28 GDPR .
(4) Gelita Health will not transfer your personal data to a third country outside the EU.

5. Your rights
(1) You can contact Gelita Health either in writing or by email [service.health@gelita.com] to exercise the following rights:

  • Information about your data in order to check and verify it.
  • Receiving a copy of your personal data.
  • Correction, cancellation or limitation of processing, including the right to complete incomplete or incorrect data by means of supplementary communication.
  • Right to object to the processing.
  • You may receive your provided data in a structured, common and machine-readable format and transfer them to another responsible person, provided that you have given your consent to the processing or the processing is based on a contract.
  • To revoke any consent you may have given at any time.

(2) You also have a right of appeal to a supervisory authority in connection with the processing of your personal data. To exercise this right of appeal, you can either contact the supervisory authority responsible for your place of residence or work or the supervisory authority responsible for the Gelita Health headquarters.

6. Use of cookies
(1) We use cookies on our website to make visiting our website attractive and to enable the use of certain functions. These are small text files that are stored on your computer. They serve as identification marks. We transfer these to the hard disk of your computer using your web browser and can read the cookies during each visit to our websites. Cookies cannot execute programs or transfer viruses to your computer. Cookies can contain data that enable the recognition of the device being used. A distinction is made between session cookies, which are deleted again as soon as you close your browser, and permanent cookies (so-called persistent cookies), which are stored beyond the individual session. With regard to their function, a distinction is made between:

–Necessary Cookies: These are mandatory to navigate the website, use basic functions and ensure the security of the website.
–Performance Cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur when using the website.
–Advertising Cookies, Targeting Cookies: These serve the purpose of offering the website user needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers.
–Sharing Cookies: These serve to improve the interactivity of our website with other services (e.g. social networks).

Any use of cookies that is not absolutely technically necessary represents data processing that is only permitted with your express and active consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. Please refer to the help function of your web browser for instructions on how to instruct your browser to display new cookies, not to accept new cookies or to disable cookies. Please note that you may not be able to use all the functions of this website if you do so.

7. No automated decision making and/or profiling
With the exception of the data processing described in clauses 9, 10, 11 and 12, we do not process your personal data for automated decision making and/or profiling.

8. No obligation to provide personal data
For you as a customer, there is basically no legal or contractual obligation to provide us with your personal data; however, it may be that we can only provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case within the scope of the products offered by us, you will be informed separately.