Privacy policy

Welcome to Circular Nature and our website www.circularnature.de! With this privacy policy we inform you about the scope of the processing of your personal data (hereinafter “data”).

This Privacy Policy applies only to our website and not to linked websites that are not under our ownership or control.

In principle, we use your personal data only in accordance with applicable data protection laws, in particular the German Federal Data Protection Act (BDSG) and the General Data Protection Regulation (“DSGVO”), and only as described in this Privacy Policy.

What is personal data

Personal data is any information about personal or factual circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number, as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website. However, we reserve the right to use this information for other purposes as permitted or required by law or to assist in legal or criminal investigations. In this case, we will inform you again about this further data processing to the extent required by law and obtain your consent.

Responsible for data processing

Responsible for data processing in accordance with the provisions of the DSGVO and the BDSG is:

Circular Nature Cosmetics UG (limited liability).

Hofwiesenstrasse 93

D-74081 Heilbronn

Phone: +49 (0) 157 53 553 028

Email: info@circularnature.de

Instagram: https://www.instagram.com/circularnature/

Facebook: https://m.facebook.com/circularnature.de/

YouTube: https://www.youtube.com/channel/UCSj85gLqjyI7xSTVMJ00cGA/featured

Scope of the processing of personal data

As a matter of principle, we collect and use personal data from you only to the extent necessary to provide a functional website and our content and services, e.g. when you subscribe to our newsletter, register on our website or log in to an existing customer account, or when you order our products. The collection and use of your personal data is regularly done only with your consent. An exception applies in cases where prior consent is not possible for factual reasons and the processing of the data is permitted under applicable law.

Security

The security of your personal data is a high priority for us. Therefore, we protect your data stored with us by technical and organizational measures to effectively prevent loss or misuse by third parties.

To protect your personal data, it is transmitted in encrypted form. You can recognize this by the lock symbol that your browser displays when an SSL connection is established. In order to ensure permanent protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state of the art.

These principles also apply to companies that process and use data on our behalf and according to our instructions.

Purposes of processing and legal basis

We collect, process and use your personal data for the following purposes:

Establishment and implementation of contractual relationships;

Sending newsletters;

Marketing measures;

Customer satisfaction surveys and analyses;

product reviews;

Customer service and support;

To process orders for our online offering of our products.

The processing of your personal data may be based on the following legal bases:

Consent: The data subject has unambiguously consented to the processing of personal data for a specific purpose (Art. 6 (1) a) GDPR).

Contract: Processing is necessary for a contract or because you have asked us to take certain steps before entering into a contract (Art. 6 (1) b) GDPR).

Legal obligation: processing is necessary for us to comply with legal requirements (other than contractual obligations) (Art. 6 (1) c) DSGVO).

Legitimate interests: Processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless there is an important reason for protecting your personal data that overrides those legitimate interests (Art. 6 (1) f) DSGVO).

Duration of storage and routine deletion of personal data.

We process and store your personal data only for the period of time necessary to fulfill the purpose for which it is stored, or if required by law or regulation. After discontinuation or fulfillment of the purpose, your personal data will be deleted or blocked.

In the event of blocking, deletion will take place as soon as legal, statutory or contractual retention periods do not conflict with this, there is no reason to assume that deletion will impair your legitimate interests and deletion does not cause disproportionate effort due to the special nature of the storage.

Data processing on our website

Hosting

The hosting service provider used by us for the operation of this website is netcup GmbH, Daimlerstraße 25. 76185 Karlsruhe, Germany. In doing so, netcup GmbH processes inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, prospective customers and visitors to our website and services on the basis of our legitimate interests in the efficient and secure provision of the website and services in connection with the provision of the contractual services and the conclusion of the contract for our services, including but not limited to our services).

Collection of access data and log files

We, or Netcup GmbH, collect data on every access to our website on the basis of our legitimate interest. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. to clarify abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Cookies use

We use so-called cookies on our website. Cookies are small text files that are placed on your respective device (PC, smartphone, tablet, etc.) and stored by your browser. You can find more information in our Cookie Policy. The legal basis for the use of cookies is your consent (Art. 6 (1) a) DSGVO) and our legitimate interest (Art. 6 (1) f) DSGVO).

Transmission of information

We use your data to send the information you ordered about our offer and other promotions from us to the e-mail address you provided.

a) Subscription to the newsletter on our website

On our website there is a possibility to subscribe to a free newsletter. If you register for the newsletter, the data (e-mail address) from the input mask will be transmitted to us or “MailChimp”, a newsletter delivery platform of the US provider Intuit Inc. The registration takes place via the so-called double opt-in procedure.

After registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with the email addresses of other people. For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy. If you sign up for our newsletter, which informs you about our latest products and services, the personal data you provide in this context (e-mail address) will be processed by us for the purpose of sending the newsletter. The legal basis for the newsletter is your consent (Art. 6 (1) a) DSGVO) and our legitimate interest (Art. 6 (1) f) DSGVO). You can revoke your consent at any time with effect for the future.

b) Shipping due to the sale of goods and canceled shopping carts.

If you purchase goods on our website or leave something in your shopping cart, we may also send you information about our own similar goods to the email address you provide without your consent. The legal basis for this data processing is our legitimate interest, because the promotion of similar or left-behind products through direct advertising is a legitimate interest for us as a company and operator of this website.

You can object to the processing of your personal data for the purpose of direct marketing at any time. We will then refrain from further processing for these purposes. You can send us your objection as described below. In addition, you can object to receiving such newsletters at any time in the future without giving any reason by unsubscribing via the unsubscribe link at the bottom of each newsletter or by contacting us.

The legal basis for the processing is therefore our legitimate interest (Art. 6 (1) f) DSGVO). Of course, you can unsubscribe from receiving our emails at any time, i.e. revoke your consent with effect for the future or object to the data processing. For this purpose, you will find a corresponding unsubscribe link in every mail or newsletter. You can also contact us at any time for a revocation.

Contacting, registering or ordering

a) Contacting us

If you contact us by e-mail, telephone or via social media, the data you provide will be stored by us on the basis of your consent and for the preparation or initiation of a contract, insofar as this is necessary to answer your questions (Art. 6 para. 1 a) DSGVO) and (Art. 6 para. 1 b) DSGVO). Your inquiry is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data generated in this context when the respective conversation with you has ended and your request has been conclusively clarified.

b) Registration

On our website, we offer you the opportunity to register by providing personal data. The data entered in the registration form will be transmitted to us and stored. The registration is necessary to set up your customer account, through which you can place orders and services. The processing of data for this registration thus serves the fulfillment of the usage contract or the implementation of pre-contractual measures (Art. 6 (1) b) DSGVO). You can delete your customer account at any time on our website either via the delete function in your account or by contacting us.

c) Storage of data in the user account.

For the conclusion and processing of contracts, we need contact information such as name, shipping and billing address and email address, as well as information about the payment method you have chosen. You can store this data in your user account. We also use your data to maintain our customer database so that only correct data is stored with us. To avoid typing errors and to ensure that the items you order reach you, we check your address for completeness and accuracy when you enter it.

Following your order, you will receive a corresponding order confirmation as well as other documents that we should provide to fulfill our legal information obligations for an effective conclusion of a contract with you (Art. 6 (1) c) DSGVO) and (Art. 6 (1) b) DSGVO).

d) Guest order

You have the possibility to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to re-enter your data for each subsequent order.

We collect, process and use the data you provide in the context of a guest order for the purpose of processing the contract. We store the data you provide for the period of processing and handling your order. After that, your data will be deleted, unless you decide to activate your customer account within 14 days after your order. Data that we have to store due to legal, statutory or contractual retention obligations will not be deleted, but blocked so that the data cannot be used for other purposes. The processing of the data serves the fulfillment of the contract with you (Art. 6 (1) b) DSGVO).

e) Order Confirmation/Shipping Confirmation.

In order to process the contract and provide you with our services, e.g. the webshop or the shipment of a package, we use your contact details to send you registration confirmations, order confirmations, contract documents or information on payment processing. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary to fulfill our legal information obligations for an effective conclusion of a contract with you (Art. 6 (1) c) DSGVO) and (Art. 6 (1) b) DSGVO).

f) Other

Based on our legal obligation (Art. 6 (1) c) DSGVO) and our legitimate interest (Art. 6 (1) f) DSGVO), we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behavior on our website, e.g. to maintain data security in the event of attacks on our information technology systems (Art. 6 (1) f) DSGVO). This also happens insofar as we are legally obliged to do so, e.g. due to official or court orders, and in order to assert our rights and claims as well as for legal defense (Art. 6 (1) f) DSGVO).

Disclosure of personal data to third parties

Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and contractually obliged to comply with data protection regulations.

a) Transfer within affiliated companies

We share your personal data with affiliated companies for the purpose of concluding and processing contracts for offers on our website. In particular, this is necessary so that you can use all of our offers. If you contact us with questions, complaints or returns as well as other complaints, they also have access to your order data in order to process your request.

b) Disclosure to service providers

For the operation and optimization of our website and our services as well as for the processing of contracts, various service companies are active on our behalf, e.g. for central IT services or the hosting of our website, for the payment and delivery of products or order processing or for the dispatch of newsletters, to which we pass on the data required for the performance of the task (e.g. name, address).

Some of these companies work for us as part of order processing and may therefore use the transmitted data exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection measures at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.

In contrast to order processing, in the following cases we transmit order processing data to third parties for their own use:

In the case of delivery of goods to the necessary logistics companies (currently DHL) and the postal service provider specified in the order.

In case of payment of goods to the payment service provider specified in the order (currently PayPal). Please note! We do not collect and store payment information such as credit card numbers or bank details during the payment process. You transmit this information only directly to the respective payment service provider.

c) Disclosure to other third parties

We will disclose your data to third parties or government agencies within the scope of applicable data protection laws if we are legally obligated to do so, e.g. due to official or court orders, or if we are entitled to do so, e.g. because this is necessary to prosecute criminal offenses or to exercise and enforce our rights and claims.

Data transfer to third countries

If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal data in accordance with Article 44 of the GDPR. In doing so, we ensure that the transfer is generally permitted and that the specific requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional safeguards, supplementary technical and organizational measures such as encryption or anonymization).

Your rights

According to the GDPR, you have the following rights:

You have the right to request confirmation as to whether the data in question is being processed, and to receive information about that data, as well as further information and a copy of the data in accordance with Article 15 of the GDPR.
You have pursuant to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that inaccurate data be corrected.
Pursuant to Article 17 of the GDPR, you have the right to request the immediate erasure of the data concerning you, or alternatively, pursuant to Article 18 of the GDPR, to request the restriction of the processing of the data.
You have the right to obtain the data concerning you that you have provided to us, in accordance with Article 20 of the GDPR, and to request its transfer to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 of the GDPR.
You have the right to revoke your consent pursuant to Article 7 (3) of the GDPR with effect for the future.
You have the right to object at any time to the future processing of data concerning you in accordance with Art. 21 of the GDPR. The objection may be directed in particular against the processing for direct marketing purposes.

Request for access to personal data

For the avoidance of doubt, you have the right to request confirmation from us at any time as to what information we hold about you and to request that we amend, update or delete such information.

In addition, we have the following options: Ask you to confirm your identity, or ask you for more information about your request and, to the extent permitted by law, refuse your request. (In this case, however, we will explain the reasons for the refusal).

However, the above rights may be limited in certain circumstances, for example, if fulfilling your request would result in personal data being disclosed to another person, if you request us to delete data that we are legally required to retain, or if we have a compelling legitimate interest in retaining the data.

We will inform you if this is the case and then use your data only for these purposes. If you want us to stop processing your personal data, you may not be able to continue using our services.

If you wish to access this personal information or exercise any of the above rights, you should make a written request and provide proof of your identity.

Any communication from us in connection with your above rights will be provided to you free of charge. However, in the case of requests that are manifestly unfounded or excessive, particularly due to their repetitive nature, we may charge a reasonable fee or refuse to process the request, taking into account the administrative costs of providing the information or communications or taking the requested action.

Update your information

If you believe that the information we hold about you is inaccurate or that we are no longer authorized to use it, and you wish to request its correction or deletion, or object to its processing, you may do so in your account or by contacting us. For your protection and the protection of all our users, we may ask you for proof of identity before we can respond to the above requests.

Note that we may deny requests for certain reasons, such as if the request is unlawful or if it may violate another user’s trade secrets or intellectual property or privacy. In addition, we may not be able to honor certain requests to object to the processing of personal data, particularly if those requests would no longer allow us to provide our service to you.

Social media

Based on our legitimate interest (Art. 6 (1) f) DSGVO), we are present on various “social media” platforms (Facebook, Instagram, YouTube) to communicate with our customers, interested parties and users registered there and to inform them about our offers there. We would like to point out that you use these platforms and their functions at your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behavior and the resulting interests. For example, advertising can be placed within and outside the platforms that presumably corresponds to your interests. For this purpose, cookies are usually stored on your computer. Independently of this, data that is not collected directly from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and have logged in there).

Google Analytics

We use Google Analytics, a service of Google Inc. This means that the collected data may be transmitted to a Google server in the USA, whereby the IP addresses are anonymized by means of IP anonymization so that an assignment is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when visiting this website: https://tools.google.com/dlpage/gaoptout?hl=de. The legal basis for this processing is our legitimate interest Art. 6 (1) f) DSGVO.

Links to other providers

Our website also contains – clearly recognizable – links to websites of other companies. Insofar as these are links to websites of other providers, we have no influence on their content. Therefore, we cannot assume any guarantee or liability for these contents. The respective provider or operator of the sites is always responsible for the content of these sites.

The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements, we will remove such links immediately.

Personal information and children

Our Services are directed to individuals 18 years of age or older. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a parent or guardian through direct offline contact.

Data Breaches/Notification

Databases or records containing personal information may be breached inadvertently or through unlawful intrusion. Once we learn of a data breach, we will notify all affected individuals whose personal information may have been compromised and describe in the notification the steps that will be taken to address the harm caused by the data breach. Notification will be made as soon as possible after the discovery of the breach.

Changes

In order to ensure that our data protection declaration always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection declaration has to be adapted due to new or revised offers or services. If you have any questions or comments about our privacy policy or wish to exercise your rights under applicable law, please contact us using the contact details below: