Privacy policy

Hello and welcome to our beautiful website. Our data protection declaration gives you an overview of the type, scope and purpose of the collection and processing of personal data when you visit and use our website, the associated websites, functions and content as well as external online presentations.

Our data protection declaration is based on terms used by the European General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG-neu). You can view the relevant definitions (Art. 4 GDPR) e.g. at https://dejure.org/gesetze/DSGVO/4.html.

We would like to point out that every data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of your data against access by third parties is not possible.

How do we collect your data?

Your data is collected when you communicate it to us. An example of this is filling out a contact form. With your consent when you visit our website, our IT systems will continue to automatically record your technical data such as your Internet browser, operating system or the time the page was accessed.

What do we use your data for?

We collect and process your data in order to guarantee you error-free use of our website and also to analyze the behavior of the users of our website.

What rights does the GDPR grant you regarding your data?

You have the right to receive information about the origin, recipient and purpose of the personal data concerning you. You also have the right to have this data corrected or deleted. The right of revocation also gives you the option of revoking your consent at any time. In addition, under certain circumstances, you can request that the processing of your personal data be restricted. Finally, you have the right to lodge a complaint with the competent supervisory authority.

§1 Information about the collection of personal data
  • Personal data is all data that can be related to you personally, e.g. B. Name, address, email addresses, user behavior.
  • Responsible according to Art. 4 Para. 7 EU General Data Protection Regulation (GDPR) is:

BaLu Trading GmbH
Represented by:  Alexander Balster
Giesweg 23
44149 Dortmund
E-Mail: info@vegavegan.de
Phone: +49 231 72989753
Web: https://vegavegan.de


When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions . We delete the data arising in this context after the storage is no longer necessary, or restrict the processing if there are statutory storage obligations.

  • If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We also state the specified criteria for the storage period.

§2 Collection of personal data when visiting our website
  • If you only use the website for informational purposes, i.e. if you do not transmit any information to us, we only collect the personal data that your browser transmits to our server.
  • If you want to view our website, we collect the following data that is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f) GDPR):
  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access Status/HTTP Status Code
  • Amount of data transmitted in each case
  • Website from which the request comes
  • browser
  • Language and version of browser software
  • Operating system and its interface
  • Websites from which the user's system accesses our website
  • Websites accessed by the user's system via our website
  • IP address;
  • The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
  • Purpose of data processing: The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session. Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing according to Art. 6 Para. 1 lit. f) GDPR also lies in these purposes.
  • Unless we have stated otherwise in this data protection declaration, personal data will only be stored for as long as is necessary for the respective purpose.

§3 Legal basis for processing
  • 6 Paragraph 1 lit. a) GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 paragraph 1 letter b) GDPR.
  • The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.
  • If our company is subject to a legal obligation that requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Article 6 (1) (c) GDPR.
  • In some cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6(1)(d) GDPR.
  • In addition, processing operations could be based on Art. 6 Para. 1 f) GDPR.Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the person concerned do not prevail. Such processing operations are permitted to us because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if the data subject is a customer of the person responsible (recital 47 sentence 2 DSGVO).
  • If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is conducting our business for the benefit of all our employees and our shareholders.

§4 Your rights

You have the following rights towards us in relation to your personal data:

  • 15 DSGVO the right to request confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data.
  • 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
  • 17 DSGVO the right to demand that the data in question be deleted immediately, or alternatively to demand a restriction of the processing of the data in accordance with Article 18 DSGVO.
  • 20 GDPR the right to request that you receive the relevant data that you have provided to us in a structured, common and machine-readable format and to request its transmission to other responsible parties.
  • 77 DSGVO the right to lodge a complaint with the competent supervisory authority.

§5 Your right to revoke the processing of your data

If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation affects the admissibility of the processing of your personal data after you have given it to us.

§6 Your right to object to the processing of your data
  • If we base the processing of your personal data on a balancing of interests, you can object to the processing. This is the case if the processing is not necessary in particular to fulfill a contract with you, which is shown by us in the following description of the functions. If you exercise such an objection, we ask that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing
  • You can of course object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection using the following contact details:

BaLu Trading GmbH
Giesweg 23
44149 Dortmund
Germany
Telephone: +49 231 72989753
Email: info@vegavegan.de

§7 Your right to erasure of data
  • The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR.Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements, provided the data are not deleted because they are required for other, legally permissible purposes , their processing is restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
  • According to legal requirements in Germany, storage takes place in particular for 6 years in accordance with Section 257 (1) HGB (books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) AO ( books, records, management reports, accounting vouchers, commercial and business letters, documents relevant to taxation, etc.).

§8 Contact
  • If you have any questions, we offer you the opportunity to contact us using a form provided on the website. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. At the time the message is sent, the following data is also stored: the user's IP address, date and time of registration. Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.
  • Alternatively, it is possible to contact us via the email address provided. In this case, the user's personal data transmitted with the e-mail will be saved.
  • In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.
  • Data processing for the purpose of contacting us takes place in accordance with Article 6 Paragraph 1 Sentence 1 lit. b) GDPR in order to be able to process your request.
  • The personal data collected by us for the use of the contact form will be automatically deleted after your request has been dealt with.

§9 Use of cookies
  • We use cookies on our site. These are small files that your browser creates automatically and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not damage your end device and do not contain viruses, Trojans or other malicious software.
  • Information is stored in the cookie that arises in connection with the specific end device used. However, this does not mean that we are immediately aware of your identity.
  • The use of cookies serves on the one hand to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our site.
  • In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specific period of time. If you visit our site again to make use of our services, it will automatically be recognized that you have already been with us and what inputs and settings you have made so that you do not have to enter them again.
  • On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer (see Section 5).These cookies enable us to automatically recognize when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined period of time.
  • The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes and for ad control evaluation is Art. 6 Para. 1 lit. a) or Art. 6 Para. 1 lit. f) GDPR.
  • Most browsers automatically accept cookies. However, you can configure your browser in such a way that no cookies are stored on your computer or that a message always appears before a new cookie is created.

§10 Tracking Tools
  • The tracking measures we use are carried out on the basis of Article 6 (1) sentence 1 lit. f) GDPR. With the tracking measures used, we want to ensure that our website is designed to meet needs and is continuously optimized. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
  • The respective data processing purposes and data categories can be found in the corresponding tracking tools.

§11 Web Analysis and Optimization
  • The web analysis (also referred to as "reach measurement") serves to evaluate the flow of visitors to our online offer and can include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can, for example, recognize at what time our online offer or its functions or content are used most frequently or invite you to reuse them. We can also understand which areas need optimization.
  • In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online offer or its components. For these purposes, so-called user profiles can be created and stored in a file (so-called "cookie") or similar processes can be used for the same purpose. This information can include, for example, content viewed, websites visited and elements used there and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this can also be processed depending on the provider.
  • The IP addresses of the users are also saved. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (e.g. e-mail addresses or names) are stored in the context of web analysis, A/B testing and optimization, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective process.
  • Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

§12 Piano
  • We use the analysis service of the service provider Klaviyo Inc, 225 Franklin St, Boston, MA 02110, USA (hereinafter "Klaviyo") to analyze user behavior in our online shop. For this purpose, cookies are set, with the help of which various user data are recorded, such as your IP address, device data, browser information, search terms and URLs that led to the website and interactions with our online shop (usage data). This is done in order to analyze the individual use of the online shop and to connect it to a user account that may be available to you. Such exists if you have already placed an order with us, have a customer account and/or have subscribed to our newsletter. We also use Klaviyo to market our products, primarily through personalized newsletters with product suggestions.
  • The legal basis for data processing is our legitimate interest in accordance with Article 6 (1) sentence 1 lit. f) GDPR.
  • Further information on data protection at Klaviyo can be found at https://www.klaviyo.com/privacy and at https://www.klaviyo.com/privacy/dpa .

§13 Provision of the online offer and web hosting
  • In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes we can use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
  • The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer that arises in the course of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or on websites.
  • E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information regarding the e-mail dispatch (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for SPAM detection purposes. We ask you to note that e-mails are generally not sent in encrypted form on the Internet. As a rule, e-mails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and receipt on our server.
  • Collection of access data and log files: We ourselves (or our web hosting provider) collect data for each access to the server (so-called server log files). The address and name of the retrieved websites and files, date and time of retrieval, amounts of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP Addresses and the requesting provider belong.
  • The server log files can be used for security purposes, e.g., to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure server utilization and stability

§14 Cloud Services
  • We use software services accessible via the Internet and running on the servers of their providers (so-called "cloud services", also referred to as "software as a service") for the following purposes: document storage and administration, calendar management, e-mail Mailing, spreadsheets and presentations, exchanging documents, content and information with designated recipients or posting web pages, forms or other content and information, as well as chatting and participating in audio and video conferences.
  • In this context, personal data can be processed and stored on the servers of the providers, insofar as these are part of communication processes with us or are otherwise processed by us, as set out in this data protection declaration. This data can include, in particular, master data and contact details of users, data on transactions, contracts, other processes and their content. The providers of the cloud services also process usage data and metadata, which they use for security purposes and to optimize the service.
  • If we use the cloud services to provide forms or similar documents and content for other users or publicly accessible websites, the providers may place cookies on the users' devices for web analysis purposes or to save user settings (e.g. in the case of media control) to remember, save.
  • Notes on legal bases: If we ask for consent to use the cloud services, the legal basis for processing is consent. Furthermore, their use can be part of our (pre)contractual services, provided that the use of cloud services has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient and secure administration and collaboration processes).

§15 Plug-ins and embedded functions and content
  • We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be graphics, videos or social media buttons and articles, for example (hereinafter uniformly referred to as "Content").
  • The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content or functions. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and the operating system, websites to be referred to, the time of the visit and other information on the use of our online offer, as well as being linked to such information from other sources.
  • Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data is processed on the basis of our legitimate interests (ie interest in efficient, economical and recipient-friendly services) processed. In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

§16 Use of social media plug-ins
  • We currently use social media plug-ins: LinkedIn, Instagram. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can identify the provider of the plug-in by the marking on the box above its initials or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider be informed that you have accessed the corresponding website of our online offer. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (in the case of US providers). Since the plug-in provider uses cookies in particular to collect data, we recommend that you delete all cookies using the security settings of your browser before clicking on the grayed-out box.
  • We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
  • The plug-in provider stores the data collected about you as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. With the plug-ins we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for using the plug-ins is Article 6 Paragraph 1 Sentence 1 Letter f) GDPR.
  • The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and e.g. B. link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
  • Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers communicated below.There you will also receive further information on your rights in this regard and setting options to protect your privacy

  • LinkedIn plugins and content:

LinkedIn plugins and content- This can include content such as images, videos or text and buttons with which users can share content from this online offer within LinkedIn. Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.instagram.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Possibility of objection (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

  • Instagram plugins and buttons:

Instagram plugins and buttons - This can include, for example, content such as images, videos or text and buttons with which users can share content from this online offer within Instagram. Service Provider: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; Website: https://www.instagram.com;Privacy Policy: https://help.instagram.com/519522125107875.

§17 Presences in social networks (social media)
  • We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
  • We would like to point out that user data may be processed outside of the European Union. This can result in risks for users, for example because it could make it more difficult to enforce user rights.
  • Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of usage behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
  • For a detailed description of the respective forms of processing and the possibility of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.
  • Also in the case of requests for information and the assertion of data subject rights, we would like to point out that these can most effectively be asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.

§18 data protection information in the application process
  • We only process applicant data for the purpose and as part of the application process in accordance with legal requirements. Applicant data is processed to fulfill our (pre)contractual obligations within the scope of the application process within the meaning of Article 6 Paragraph 1 Letter b) GDPR Article 6 Paragraph 1 Letter f) GDPR if the data processing is required, for example, within the framework of legal procedure becomes necessary for us (§ 26 BDSG).
  • By submitting the application to us, the applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this data protection declaration
  • Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated as part of the application process, they are also processed in accordance with Art. 9 Para. 2 lit. b) GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants as part of the application process, their processing also takes place in accordance with Art. 9 Para. 2 lit are required).
  • In the event of a successful application, the data provided by the applicants can be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the data of the applicants will be deleted. Applicant data is also deleted if an application is withdrawn, which applicants are entitled to do at any time.
  • The deletion takes place, subject to a justified revocation by the applicant, after a period of six months, so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act.
  • As part of the application, we offer applicants the opportunity to be in our "applicant pool" for a period of two years on the basis of consent within the meaning of Article 6 (1) (b) and Article 7 GDPR to be included. The application documents in the applicant pool will only be processed in the context of future job advertisements and the search for employees and will be destroyed at the latest after the deadline. The applicants are informed that their consent to being included in the applicant pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future and declare an objection within the meaning of Art. 21 DSGVO.

§19 Order data processing and transfer to third parties
  • In some cases, we use external service providers to process your data. If, as part of our processing, we disclose data to other people and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties, as to payment service providers, pursuant to Article 6 Paragraph 1 Letter b) GDPR is required for the fulfillment of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.) .
  • If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR. These are carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
  • Furthermore, we can pass on your personal data to third parties if we offer participation in campaigns, competitions, the conclusion of contracts or similar services together with partners. You will receive more detailed information on this when you enter your personal data or below in the description of the offer.
  • If we process data outside of the European Union (EU) or the European Economic Area (EEA) (so-called.third country) or such happens within the framework of the use of third party services or disclosure or transmission of data to third parties, this only takes place if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of happens in our legitimate interests. Otherwise, we process or have data processed in a third country only if the requirements of Art. 44 et seq. GDPR are met.

§20 Commercial and business services
  • We process the data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the framework of contractual and comparable legal relationships and related measures and within the framework of communication with the contractual partners (or pre-contractual), e.g. to answer requests.
  • We process this data to fulfill our contractual obligations, to protect our rights and for the purposes of the administrative tasks associated with this information as well as the corporate organization. We only pass on the data of the contractual partners to third parties within the framework of the applicable law to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations or with the consent of the persons concerned. The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.
  • We inform the contracting parties which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by means of special markings (e.g. colours) or symbols (e.g. asterisks or similar), or personally.
  • We delete the data after statutory warranty and comparable obligations have expired, ie generally after 4 years, unless the data is stored in a customer account, e.g. for as long as it has to be stored for legal archiving reasons (e.g. for tax purposes usually 10 years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications of the order, generally after the end of the order.
  • Insofar as we use third-party providers or platforms to provide our services, the terms and conditions apply in the relationship between the users and the providers.

§21 Planning, organization and auxiliary tools
  • We use services, platforms and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organisation, administration, planning and the provision of our services. When selecting third-party providers and their services, we observe the legal requirements.
  • In this context, personal data can be processed and stored on the servers of third-party providers. Various data may be affected by this, which we process in accordance with this data protection declaration. This data can include, in particular, master data and contact details of users, data on transactions, contracts, other processes and their content.
  • If users are referred to the third-party providers or their software or platforms as part of communication, business or other relationships with us, the third-party providers can process usage data and metadata for security purposes, for service optimization or for marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.
  • Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent.Furthermore, their use can be part of our (pre)contractual services, provided that the use of third-party providers has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.
  • Third party providers used:
    • Service provider for sending newsletters
    • Service provider for optimizing our website
    • Service provider for the destruction of data carriers
    • Service provider for advertising measures and advertising optimization
    • IT service provider
    • law enforcement agencies
    • Lawyers

§22 data security
  • When you visit the website, we use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
  • We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments.

§23 Integration of the Trusted Shop Trustbadge
  • The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and to offer Trusted Shops products to buyers after an order has been placed.
  • This serves to protect our overriding legitimate interests in optimal marketing by enabling secure shopping in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided as part of an order processing by a CDN provider (Content Delivery Network). Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on data protection at Trusted Shops GmbH can be found at https://www.trustedshops.de/impressum/#datenschutz.
  • When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call, amount of data transferred and the requesting provider (access data) and documents the call. Individual access data is stored in a security database for analysis of security issues. The log files are automatically deleted no later than 90 days after creation.
  • Further personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered to use them. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data.Whether you are already registered as a buyer to use a product is automatically checked using a neutral parameter, the email address hashed using a one-way cryptographic function. value converted. After checking for a match, the parameter is automatically deleted.
  • This is necessary for the fulfillment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services in accordance with Article 6 (1) sentence 1 lit. f GDPR. Further details, including objections, can be found in the Trusted Shops data protection declaration linked above and in the Trustbadge.

§24 Updating and changing this data protection declaration
  • This data protection declaration is currently valid and has the status of November 2021.
  • Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can call up and print out the current data protection declaration at any time on the website at https://vegavegan.de/policies/privacy-policy.

.