Data protection

Rainbow Gesellschaft für Naturprodukte mbH
Klärchenstraße 11
22299 Hamburg
Germany

District Court Hamburg, HRB 31591
Represented by: Kurt Beer

Phone: +49 40 460 99 130
E-Mail: info@rainbow-naturprodukte.de

1.    Basic information on data processing and legal bases

1.1. This Privacy Policy explains the nature, scope and purpose of the processing of personal information within our online offering and the related websites, features and content (collectively referred to as "online offer" or "website"). The privacy policy applies regardless of the domains, systems, platforms, and devices (for example, desktop or mobile) on which the online offering is run.
1.2. The terms used, such as "Personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1.3. The personal data of the users processed in the context of this online offer includes stock data (eg, names and contact details), contract data (eg, services used, names of clerks, payment information), usage data (eg, interest on our products) and content data (e.g. contact via e-mail).
1.4. The term "user" covers all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offer. The terms used, such as "Users" are to be understood gender-neutral.
1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that users' data will only be processed if they have a legal permit. That is, in particular, if the data processing for the provision of our contractual services (eg processing of orders) and online services required or required by law, a consent of the users exists, as well as our legitimate interests (ie interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 (1) lit. GDPR, in particular in the range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of third-party services.
1.6. Please note that the legal basis of the consents Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the performance of contractual measures Art. 6 para. 1 lit. b. GDPR, the legal basis for processing in order to fulfill our legal obligations Art. 6 para. 1 lit. c. GDPR, and the legal basis for processing in order to safeguard our legitimate interests Art. 6 para. 1 lit. f. GDPR is.

2. Security measures

2.1. We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
2.2. The security measures include in particular the encrypted transmission of data between your browser and our server.

3. Disclosure of data to third parties and third parties

3.1. A transfer of data to third parties is only within the scope of legal requirements. We will only pass users' data on to third parties if this is the case, for example. on the basis of Art. 6 para. 1 lit. b) GDPR is required for contract purposes or based on legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR on the economical and effective operation of our business operations.
3.2. If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with applicable law.

4. Contact

4.1. When contacting us (via e-mail), the information provided by the user to process the contact request and its processing acc. Art. 6 para. 1 lit. b) GDPR processed.
4.2. The details of the users can be stored in our merchandise management system or comparable inquiry organization.

5. Collection of access data and logfiles

5.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR Data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
5.2. Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data whose further retention is required for evidential purposes are excluded from the erasure until the final clarification of the incident.

6. Rights of users

6.1. Users have the right, upon request, to obtain free information about the personal data that we have stored about them.
6.2. In addition, users have the right to correct inaccurate data, restrict the processing and deletion of their personal data, if applicable, to assert their rights to data portability and, in the event of unlawful processing, to file a complaint with the appropriate regulatory authority.
6.3. Likewise, users can revoke consent, generally with implications for the future.

7. Deletion of data

7.1. The data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with any statutory storage requirements. Unless the users' data are deleted because they are required for other and legally permitted purposes, their processing will be restricted. That the data is blocked and not processed for other purposes. This applies, for example for data of the users, which must be kept for commercial or tax reasons.
7.2. According to legal requirements the storage takes place for 6 years according to § 257 Abs. 1 HGB (german commercial code) (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) as well as for 10 years according to § 147 Abs. 1 AO (germal fiscal code) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

8. Right of objection

Users may object to the processing of their personal data in accordance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.

9. Changes to the privacy policy

9.1. We reserve the right to change the privacy policy in order to adapt it to changing legal situations, or to changes in the service and data processing. However, this only applies to declarations of data processing. If users' consent is required or elements of the privacy policy contain provisions of the contractual relationship with the users, the changes are only made with the consent of the users.
9.2. Users are requested to inform themselves regularly about the content of the privacy policy.